[05:03:40] <springle>	 db1034 repooled as s7 logpager. pulled db1041 for upgrade (one of the remaining 5.5 boxes)
[05:05:26] <springle>	 infact the last s7 5.5 slave. cool, only s6 to do as we can risk master upgrades
[05:06:05] <springle>	 s/as/and/
[07:44:50] <moritzm>	 good morning! FYI, there has been a haproxy security release this weekend, but the versions running on dbproxy100[1-4] are not affected, the vulnerable code was introduced in 1.5
[07:45:40] <moritzm>	 I also noticed that db1023, db1024, db1033 and db1056 have haproxy installed, but no running haproxy processes, so that's probably some historic leftovers there
[08:01:59] <jynus>	 not historic, future
[08:03:48] <jynus>	 moritzm, not worried about T101758 and T104666 ?
[08:11:31] <moritzm>	 ok, haproxy on db1023, db1024, db1033 and db1056 is also not affected, so it's fine as well
[08:15:57] <moritzm>	 as for T104666, not sure about how the db privs are supposed to be separated, Sean can probably best comment on the history of that. it probably needs some systematic inventory of users/dbs/privs and what kind of access every group needs
[08:18:43] <jynus>	 it is intrinsicly grouped with access control from iptables
[08:22:11] <moritzm>	 yeah
[08:24:09] <jynus>	 what we would need is some kind of support to raise awarness, starting by the own ops
[08:24:25] <jynus>	 I would like to have our back on that
[08:30:17] <moritzm>	 maybe mention it in the ops meeting
[08:30:50] <jynus>	 I was thinking the same :-)
[08:32:02] <jynus>	 s: I think tendril db crashed again
[11:07:09] <moritzm>	 headsup: I'll install the python security updates on db* today (I had already updated db1007 as a canary on Friday w/o any problems)
[11:09:05] <jynus>	 yeah, most of userspace thinks there do not affect us
[11:09:10] <jynus>	 *things
[11:10:10] <jynus>	 only sacred thing there is kernel and mysqld, which its dependencies- and as low iops impact as possible
[11:10:23] <jynus>	 *with
[11:10:39] <jynus>	 I really appreciate, moritzm, the effor to communicate!
[11:16:04] <moritzm>	 yeah, for the db hosts it's limited to low level system services
[12:51:48] <jynus>	 I think I fixed db1047 lag issues... by (unknowingly) blocking research account there
[16:11:14] <jynus>	 ^to clarify, db1047 should be in the same state now as 24 hours ago (being the 1046 failover, all accounts accessible), only with less lag
[19:16:07] <jynus>	 I have fixed db2029 issues T104573
[19:32:45] <jynus>	 I've just created T104900 to keep track of all labsdb issues