[00:36:47] hi, as part of https://phabricator.wikimedia.org/T272713 we want to roll out envoy for our internal wdqs cluster (envoy is already set up for public cluster). in order to do that, I'll need to get a `global_cert` provisioned for `wdqs-internal.discovery.wmnet` [00:37:33] anyone here familiar with the process to request new certs? (haven't found much documentation on wikitech) [00:38:00] also let me know if this isn't the right channel for this, felt like a traffic thing but wasn't totally sure [00:39:20] ryankemper: I believe, within production, the thing still used is https://wikitech.wikimedia.org/wiki/Cergen [00:40:25] tldr is you write a spec yaml and run it on the puppetmaster, it dumps files out into the private repo there, then you can reference them from puppet proper to install them within the service [00:40:50] if you wanted to update that page with a pointer to the envoy-specific stuff, that would be appreciated :) [00:41:56] oh perfect! thanks for the pointer [00:42:25] cool I'll take a swing at that and update with the envoy-specific stuff once I've got it figured out [00:42:54] sounds good -- hopefully existing tls terminator examples are helpful [00:43:37] re: cergen, there is Soon(tm) going to be a deployment of `cfssl` that will let certs be generated and fetched via API, but I think it is not ready yet? [00:45:07] some detail at https://docs.google.com/presentation/d/1x7txkwOxqc2C3W_p3yz_w7XwUcxh6m9_/edit if you're curious [15:39:29] bblack: when you get some time, I'd like your opinion/input on https://phabricator.wikimedia.org/T271415#6747364 [17:02:20] 10Domains, 10Traffic, 10Analytics-Radar, 10SRE, and 2 others: Don't set cookies in traffic layer for non-user facing domains (avoid false third-party cookie warning) - https://phabricator.wikimedia.org/T262996 (10Krinkle) [17:02:35] 10Domains, 10Traffic, 10Analytics-Radar, 10SRE, 10Wikimedia-General-or-Unknown: Don't set cookies in traffic layer for non-user facing domains (avoid false third-party cookie warning) - https://phabricator.wikimedia.org/T262996 (10Krinkle) [17:02:37] 10Domains, 10Traffic, 10Analytics-Radar, 10SRE, 10Wikimedia-General-or-Unknown: Don't set cookies in traffic layer for non-user facing domains (avoid false third-party cookie warning) - https://phabricator.wikimedia.org/T262996 (10Krinkle) [19:05:55] 10Traffic, 10SRE, 10serviceops, 10Wikimedia-production-error: Cyberbot is getting a lot of 502 errors, or blank responses when querying the API - https://phabricator.wikimedia.org/T273003 (10CDanis) It seems the User-Agent being used is `Peachy MediaWiki Bot API Version 2.0 (alpha 8)` (which ideally should... [19:06:51] 10Traffic, 10SRE, 10serviceops, 10Wikimedia-production-error: Cyberbot is getting a lot of 502 errors, or blank responses when querying the API - https://phabricator.wikimedia.org/T273003 (10Legoktm) [21:13:17] 10Traffic, 10SRE, 10serviceops, 10Wikimedia-production-error: Cyberbot is getting a lot of 502 errors, or blank responses when querying the API - https://phabricator.wikimedia.org/T273003 (10Legoktm) Have you made any changes to the bot recently? `lang=irc 11:09:36 Cyberpower678: does Cyberbot... [21:15:28] 10Traffic, 10SRE, 10serviceops, 10Wikimedia-production-error: Cyberbot is getting a lot of 502 errors, or blank responses when querying the API - https://phabricator.wikimedia.org/T273003 (10Cyberpower678) No changes have been made to the bot whatsoever. I believe it only does maxlag on write requests, li... [21:21:24] 10Traffic, 10SRE, 10serviceops, 10Wikimedia-production-error: Cyberbot is getting a lot of 502 errors, or blank responses when querying the API - https://phabricator.wikimedia.org/T273003 (10Legoktm) p:05Triage→03Medium