[10:01:42] <dcaro>	 Moring, tools-legacy-redirector has been stable since the changes :), I'll start with the puppet patches
[10:02:40] <dhinus>	 morning, nice one! you can assign me for reviews
[10:10:41] <arturo>	 🎉
[10:10:43] <arturo>	 nice work
[13:59:50] <dcaro>	 quick review for in-between tasks: https://gerrit.wikimedia.org/r/c/cloud/wmcs-cookbooks/+/1124377
[15:34:47] <_joe_>	 hi, I wanted to know what IP does toolsforge connect to our CDN from
[15:35:14] <_joe_>	 I know it could either be an internal IP if not NATted or one of the public range
[15:40:10] <taavi>	 _joe_: 172.16.0.0/21 (or 185.15.56.0/25)
[15:40:23] <_joe_>	 taavi: yeah that I already knew :D
[15:40:34] <_joe_>	 I was wondering if toolsforge used a specific IP
[15:40:56] <_joe_>	 or if it would be all internal IPs of the VMs
[15:40:58] <_joe_>	 or what
[15:41:09] <taavi>	 not really, each of the k8s workers has a specific ip but they're mixed up with all of the other Cloud VPS VMs
[15:41:23] <taavi>	 it would be relatively trivial to come up with a list of those, but no such one exists atm
[15:42:43] <_joe_>	 ack
[15:43:26] <bd808>	 This page has the ips on it, but like taavi said not in any really usable way -- https://openstack-browser.toolforge.org/project/tools
[15:45:54] <_joe_>	 that's enough as a start
[15:52:56] <dcaro>	 note that we create/remove workers relatively often, so the list changes a bit each time
[15:53:44] <dcaro>	 (good for live cross-reference, but not historical one)
[17:53:28] <Raymond_Ndibe>	 dcaro: are you still around? If not does anyone know how to set secret hiera data? I can’t recall how to do that again if it’s not on horizon
[17:53:52] <Raymond_Ndibe>	 I need to set the following hiera secret `profile::toolforge::k8s::secrets`
[17:53:54] <dcaro>	 Raymond_Ndibe: I'm around, what is it that you want to change?
[17:54:05] <dcaro>	 that's on the tools-puppetserver* server
[17:54:22] <dcaro>	 `tools-puppetserver-01.tools.eqiad1.wikimedia.cloud`
[17:54:45] <Raymond_Ndibe>	 Ok let me try that
[17:55:01] <dcaro>	 remember to `alias git=pgit`
[17:55:22] <dcaro>	 it's under /srv/git/labs/private
[17:55:55] <Raymond_Ndibe>	 Ok thanks let me try that
[23:03:07] <bd808>	 I may be doing something wrong, but I think I discovered today that if you have a CNAME in Designate that points to a record that has been deleted a DNS lookup will give you an NXDOMAIN result instead of telling you that there is a CNAME that points to a label that is itself an NXDOMAIN result.
[23:03:43] <bd808>	 on one hand this is kind of neat (getting right to the NXDOMAIN result), but on the other it is pretty confusing when debugging.
[23:04:17] <bd808>	 `echostore.svc.deployment-prep.eqiad1.wikimedia.cloud.` is the CNAME in question. It points to a deleted `deployment-echostore02.deployment-prep.eqiad1.wikimedia.cloud.` instance.