[07:46:56] small clarification for the above cumin discussion. There are two separate aspects, one is how cumin selects the target hosts, that's with its backends and it's fairly flexible. A separate problem is how to tell cumin how to connect (user, key, etc..) to said targets. That's entirely delegated to an ssh config file ( https://man7.org/linux/man-pages/man5/ssh_config.5.html ) and that's [07:47:02] inherently less flexible as it has no access ... [07:47:04] ... to anything in openstack. [10:11:35] one problem with toolsdb is resolved (T427187)... [10:11:36] T427187: ToolsDB disk space usage growing too fast - https://phabricator.wikimedia.org/T427187 [10:11:47] ...but we have a new one :D (T428139) [10:11:47] T428139: [toolsdb] Transaction History Length growing too much - https://phabricator.wikimedia.org/T428139 [10:13:02] :/ [10:13:18] it seems to be caused by the tool dimastbkbot, I'd like to tag the maintainer in Phabricator but I'm not finding their phab username. is there a way to find phab usernames linked to SUL or LDAP accounts? [10:13:58] https://ldap.toolforge.org/user/dima [10:14:26] I'll try sending an email in the meantime [10:58:00] folks we have this network assigned in Netbox: https://netbox.wikimedia.org/ipam/prefixes/213/ [10:58:18] it seems like an old allocation, there is no route for it on the network at all so it's definitely not being used [10:58:53] I am tempted to remove it, it was added longer than the changelog retention I suspect from some of the earlier "add v6 to cloud services" work [10:58:59] unless anyone knows different? [11:00:31] codfw row A? yeah that sounds very unused [11:01:07] yeah I'll just delete it I think [12:28:58] can I get a review for https://gitlab.wikimedia.org/repos/cloud/toolforge/toolforge-deploy/-/merge_requests/1280? (cc dhinus) [12:40:33] thanks [12:42:51] is it ok if I open a task to iiab and cyberbot for the multi-backend proxies suggesting that it's a possible misconfiguration? [12:58:09] volans: sounds ok to me [12:58:16] thx [12:59:16] dhinus: do we think a Kyverno upgrade in Toolforge will require a scheduled maintenance and pre-announced window or can we do that anytime? [12:59:45] also, re the phab question, there are a bunch of people with Toolfroge access but no phab accounts, the (hard) requirement to create one during the application process is quite new [13:00:07] taavi: good question, I'm 80% optimistic we don't need a scheduled maintenance, but I also remember when kyverno broke everything :D [13:00:26] taavi: if they DO have an account, where would it show? [13:01:35] it depends on how they logged in to phabricator, since you can do that either with a SUL or with a developer account [13:04:37] is there a way to check from some UI? my phab account is linked, but it doesn't show in either ldap.toolforge.org or Special:CentralAuth [13:05:51] not easily [13:07:26] fair enough, I was hoping there was one and I didn't know about it :) [13:13:22] re: kyverno I would probably stay on the safe side and announce the maintenance [13:15:05] fair enough, I'll probably update toolsbeta today and let's do tools sometime early next week? [13:15:32] Can I get a second +1 for Amir's request here? https://phabricator.wikimedia.org/T428102 And Raymond_Ndibe are you around to fulfill that or shall I? [13:15:57] The context for that request is T427949 which is a wild ride [13:15:58] T427949: Uncompressed TIFFs on commons - https://phabricator.wikimedia.org/T427949 [13:15:59] * taavi would prefer to get the tools k8s upgrade (which depends on the kyverno upgrade) before i'm away for a few weeks at the end of the month [13:17:50] andrewbogott: +1'd [13:17:55] thx [17:28:50] taavi: I don't know that I'm going to work on it today but do you have an opinion about my trove/security-group question above? [17:30:42] andrewbogott: a separate network seems overkill if we can avoid it [17:30:53] oh good, that's what I think too :) [17:31:06] I'll check back if for some reason the bot approach doesn't work