[15:17:25] <inflatador>	 small CR to add wdqs1025 as a dsh target if anyone has time to look. Should help clear out those puppet alerts. https://gerrit.wikimedia.org/r/c/operations/puppet/+/1102874
[15:18:29] <jhathaway>	 inflatador: +1ed
[15:19:28] <inflatador>	 jhathaway Thanks
[15:26:25] <volans>	 klausman: do you think that given ores has been migrated to k8s we can delete the sre.ores.roll-restart-workers cookbooks as not anymore useful?
[15:26:52] <klausman>	 Yes, I think so. Want me to make a patch?
[15:27:11] <volans>	 that woyld be great, thx, I guess the whole directory can go
[15:27:26] <klausman>	 Yeah, probably.
[15:28:08] <volans>	 klausman: you ca use T379259 :D
[15:28:08] <stashbot>	 T379259: Outdated cookbooks cleanup - https://phabricator.wikimedia.org/T379259
[17:42:36] <ottomata>	 Hi again _joe_ !  still looking for review of https://gerrit.wikimedia.org/r/c/operations/puppet/+/1063224/1/hieradata/common/mediawiki.yaml 
[17:42:37] <ottomata>	 Let me know if there is someone else I could ask for review, and/or maybe a timeline on when you think you could get to it?  
[21:08:59] <inflatador>	 this is more of a releng question, but I think they're on a team outing so here goes: we're getting connection failures trying to connect from the trusted runner docker env to a net-new service running on dse-k8s-eqiad cluster: https://gitlab.wikimedia.org/repos/data-engineering/blunderbuss/-/jobs/412211 . Is outbound access to WMF infra expected to work from this env?
[21:18:14] <inflatador>	 FWiW, it looks like we merged a patch today that should allow access ( https://gerrit.wikimedia.org/r/c/operations/puppet/+/1101925 ) . And I confirmed that I can reach the new service from the gitlab runner hosts...but I guess from within the containers it must be a different story
[21:18:47] <inflatador>	 anyway, y'all don't spend too much time tracking this down. Just curious if anyone happened to know
[21:39:06] <inflatador>	 Following up...puppet laid down the rules from the above patch, but ferm didn't actually load them, even when I reloaded. I had to restart ferm on `gitlab-runner2004` to get it to work. Is it OK to restart ferm on all the other gitlab runners or should I wait for releng to give the OK?
[21:39:11] <inflatador>	 this is not an emergency FWiW
[21:53:55] <inflatador>	 I'm not taking action until I hear from releng...this can wait
[21:58:38] <ottomata>	 _joe_:  FYI I got a review from Scott so you are off the hook ;) ty!
[22:02:42] <jelto>	 inflatador: it should be fine to restart ferm on all six trusted runners. I'll try to improve the puppet code so ferm is restarted automatically.
[22:05:31] <inflatador>	 jelto thanks for getting back, will do now. Re: puppet code I think a reload is usually enough for ferm, not sure why it didn't work this time ;(
[22:07:17] <inflatador>	 jelto OK, ferm restarted on all runners and the rule is loaded now: `    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            10.2.2.91            tcp dpt:30443`
[22:08:13] <inflatador>	 thanks again for getting back so soon
[22:10:29] <jelto>	 Great I'm glad this is unblocked. I'll check the puppet code tomorrow