[12:06:52] <arturo>	 !log admin [codfw1dev] restart rabbitmq, tofu shows error talking to the designate API
[12:06:57] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Admin/SAL
[15:44:26] <Iluvatar>	 Hello, all! Please approve my oauth client on beta-meta… and unblock my test account (TestUserTest) :) https://meta.wikimedia.beta.wmflabs.org/wiki/Special:OAuthListConsumers?name=&publisher=&stage=0
[16:17:20] <bd808>	 Iluvatar: {{done}} and {{done}} -- https://meta.wikimedia.beta.wmflabs.org/wiki/Special:Log?page=User%3ATestUserTest
[16:18:05] <bd808>	 Iluvatar: adding a user page for that TestUserTest account would be a nice thing to do
[16:25:28] <Iluvatar>	 bd808: thanks, thanks, done. One more question. Do you think localhost as a callback is ok? In terms of security and existing guidelines? The client is not confidential (PKCE).
[16:28:37] <Iluvatar>	 Or is it better to use url of some tool on toolforge as callback?
[16:31:12] <bd808>	 Iluvatar: I guess I need to know more to say strongly one way or the other. If you are actually making a thing for other users to authenticate to then HTTPS is important. We approve a lot of grants for local development tied to localhost without TLS though.
[16:32:03] <bd808>	 If this is actually a bot then I would suggest using an owner-only grant instead of a normal grant so you do not need to do any web handshake to setup the authentication.
[16:36:12] <wm-bot>	 !log bd808@tools-bastion-12 tools.wikibugs Restarting gitlab job after reports of missed IRC output and `ValueError("Chunk too big")` in logs
[16:36:15] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.wikibugs/SAL
[16:40:17] <Iluvatar>	 bd808: thanks! Yes, for other users. I want to dev app for controlling of our (three maintainers) bots on Toolforge (php as proxy to convert external requests to internal toolforge API). and figure out how to interact with Wikimedia’s API from Android (rollbacks, edits, etc).
[16:40:32] <Iluvatar>	 Ok, toolforge as callback.
[17:15:50] <Joutbis>	 Hi, I have a tool that was running under a python 3.5 webservice and today I decided to upgrade to 3.11. However, one of the dependencies is Flask-uWSGI-WebSocket, and then pip tries to reinstall uwsgi, which fails. I have tried the instructions in https://pypi.org/project/Flask-uWSGI-WebSocket/ but that gives an error, too. Any ideas, anyone?
[17:18:15] <bd808>	 Joutbis: can you share the specific errors you are seeing in a pastebin? It is hard to help without more context.
[17:22:54] <Joutbis>	 https://pastebin.com/KBnWtfdw
[17:28:43] <Joutbis>	 I'd be happy to go with the standard uwsgi, but right now I get the following errors when I try to start the webservice: https://pastebin.com/TZifLAKp
[17:46:46] <wm-bb>	 <lucaswerkmeister> I doubt that’s related to uWSGI
[17:47:03] <wm-bb>	 <lucaswerkmeister> apparently flask’s app.py hasn’t imported the setupmethod decorator since https://github.com/pallets/flask/commit/0ec7f713d6
[17:47:38] <wm-bb>	 <lucaswerkmeister> (but I have a feeling the flask maintainers would argue that it was never part of flask’s public interface and flask_uwsgi_websocket shouldn’t have been importing it from there)
[17:49:16] <wm-bb>	 <lucaswerkmeister> if there’s no newer version of flask_uwsgi_websocket available, you might have to try forking it (though the github repo linked on pypi is gone :/) or pin an older version of flask…
[17:51:58] <bd808>	 https://pypi.org/project/Flask-uWSGI-WebSocket/#history -- last release was in 2018. This looks pretty abandoned. :/
[17:52:53] <Joutbis>	 OMG
[17:53:10] <bd808>	 https://github.com/zeekay/flask-uwsgi-websocket has been touched more recently. You might try an instal from the github source I guess
[17:53:30] <Joutbis>	 OK, I'll try. Thanks a lot
[17:53:33] <wm-bb>	 <lucaswerkmeister> ah, so the link in pypi is just wrong
[17:53:39] <wm-bb>	 <lucaswerkmeister> that’s better than no github repo at all, yay ^^
[17:53:42] <wm-bb>	 <lucaswerkmeister> good luck!
[17:55:58] <bd808>	 "You should rewrite your app" is not good tech support advice, but I can say that I have found https://quart.palletsprojects.com/ to be a pretty nice to use asyncio replacement for Flask. It is by the same author.
[17:56:30] <bd808>	 https://quart.palletsprojects.com/en/latest/how_to_guides/websockets.html
[17:57:10] <wm-bb>	 <lucaswerkmeister> (AFAIK work is underway to merge quart and flask together, even)
[18:13:46] <mutante>	 I have a floating IP in a cloud VPS project, it's associated with an instance. I can see it bound to the interface on the instance. I can ping that IP from external and get a response from the instance. I just can't speak http/https to it. Times out like firewall issue. I do have a security group though that allows 80 and 443 and it is also assigned to this instance.  What else could I have 
[18:13:52] <mutante>	 forgotten?
[18:14:38] <taavi>	 mutante: which IP? where are you sending the failing traffic from?
[18:14:39] <mutante>	 the name/IP in question would be http://gerrit.devtools.wmcloud.org/
[18:15:20] <mutante>	 taavi: ICMP from my home IP results in:  64 bytes from instance-gerrit-bullseye.devtools.wmcloud.org (185.15.56.70):
[18:15:27] <mutante>	 so that's the instance it is on
[18:15:41] <mutante>	 curl though just times out
[18:15:56] <taavi>	 > I can see it bound to the interface on the instance.
[18:15:58] <taavi>	 that's the issue
[18:16:08] <mutante>	 the security group is https://horizon.wikimedia.org/project/security_groups/e02a3bbb-9371-4f5a-9112-2edc7518c844/
[18:16:10] <taavi>	 a floating IP is practically a NAT that happens on the cloud vps openstack router
[18:16:15] <taavi>	 so you can't bind it on the interface directly
[18:16:21] <mutante>	 I did not do that though.. hmmm
[18:16:32] <mutante>	 it must be puppet doing that 
[18:16:33] <taavi>	 you probably have some misconfigured puppet code doing that
[18:16:37] <mutante>	 yea
[18:17:11] <mutante>	 the unfortunate part is that this means it's another thing that would some realm check or code that is only there for cloud
[18:17:12] <taavi>	 if you want a secondary IP on the instance, it needs to be allocated a second 172.16.x private IP, and then the floating IP can be mapped to that
[18:17:24] <taavi>	 I don't remember if that's self-service or not these days, but it's trivial from the openstack side
[18:21:40] <mutante>	 It does not seem like it's self-service, at least not under Network.
[18:22:14] <mutante>	 checks instance->interfaces
[18:22:57] <mutante>	 it shows the Loading... animation thingie
[18:24:15] <mutante>	 it does show 2 IPs under Instances -> overview though.. so maybe I am supposed to request a different floating IP and map it to this one
[18:24:52] <mutante>	 puppet would have to learn though there are 3 different IPs instead of 2 though if in cloud
[19:04:56] <Iluvatar>	 On the beta-meta, code verifier of OAuth does not pass validation (400: Failed to verify code verifier). Is this option disabled there? Is it a bug, a undocumented behaviour? Has anyone tried to get the access code? https://pastebin.com/5MAnUqvn
[22:10:17] <wm-bot>	 !log lucaswerkmeister@tools-bastion-13 tools.codex-playground deployed 97e9c92d2c (remove unsafe-eval from CSP)
[22:10:19] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.codex-playground/SAL
[22:21:35] <wm-bot>	 !log lucaswerkmeister@tools-bastion-13 tools.codex-playground deployed 6b47b97e70 (further restrict CSP)
[22:21:37] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.codex-playground/SAL