[12:48:05] hi, we need someone with +2 perms to merge this change to unblock the train: https://gerrit.wikimedia.org/r/c/operations/puppet/+/1266232 [16:59:33] > In 0 hour(s) and 2 minute(s): MediaWiki infrastructure (UTC late) (https://wikitech.wikimedia.org/wiki/Deployments#deploycal-item-20260401T1700) [16:59:40] Are people using this window? [16:59:53] I'm about to - what do you have in mind? [17:00:23] * swfrench-wmf switches over to -operations [19:15:40] I just reimaged a cloudelastic host and its IP changed. Looks like ferm didn't allow the new IP on the other cloudelastic hosts, even after running puppet. Restarting ferm fixed it, but just wondering if this is a known issue or if I did something wrong [19:17:15] inflatador: which rule? [19:19:03] taavi so the new cloudelastic IP is `10.64.133.3`. The iptables rules on the other hosts did not have an ACCEPT rule for that IP until after I restarted ferm. I had already run Puppet at that point [19:20:53] inflatador: I assume that's the opensearch-inter-node rule from https://gerrit.wikimedia.org/g/operations/puppet/+/production/modules/profile/manifests/opensearch/server.pp#95 ? [19:21:50] if so, this is a known issue with using @resolve as that indeed only resolves names as ferm is reloaded. switching srange to be a list of FQDNs will make puppet resolve the host list on the server side during each run which resolves this problem [19:22:32] That sounds like the problem indeed, thanks [19:22:54] so it sounds like I need to use a different function in that linked puppet code? [19:24:18] seems we're defining it here: https://gerrit.wikimedia.org/g/operations/puppet/+/production/modules/profile/manifests/opensearch/server.pp#93 [19:24:30] anyway, I can take a look at our options, thanks again [19:25:01] you can set 'srange => pick_default($all_opensearch_nodes, [$facts['networking']['fqdn']]),' and puppet will do the right thing [19:25:29] NICE! Will get a patch up shortly