[00:00:03] <andrewbogott>	 I'll start over again... maybe it's busted because I built it while everything was failing.
[00:00:28] <Ryan_Lane>	 could be
[00:00:53] <Ryan_Lane>	 I need to make the build process less error prone
[00:01:40] <Ryan_Lane>	 when we switch away from a central puppet master it should be slightly more reliable
[00:01:49] <Ryan_Lane>	 the puppet master was likely dead when this tried to build
[00:09:51] <Ryan_Lane>	 andrewbogott: having any more luck?
[00:09:58] <andrewbogott>	 yep, can log in now.
[00:10:05] <Ryan_Lane>	 ah. good
[00:10:12] <Ryan_Lane>	 is ldap working?
[00:10:15] <Ryan_Lane>	 do: id laner
[00:10:18] <andrewbogott>	 It's good 'cause I was running out of synonyms for 'large'
[00:10:25] <Ryan_Lane>	 if you get my account back with groups, it's working
[00:10:39] <Ryan_Lane>	 it will only do that if you run it as root
[00:11:22] <andrewbogott>	 I think it's working... I got back a great big record, can't testify to its accuracy.
[00:11:42] <Ryan_Lane>	 accuracy isn't important.
[00:11:50] <Ryan_Lane>	 it would tell you my account didn't exist otherwise
[00:15:59] <andrewbogott>	 tell me again how to make apt not complain about ganglia-monitor?
[00:22:56] <Ryan_Lane>	 ummm
[00:22:59] <Ryan_Lane>	 sec
[00:23:16] <Ryan_Lane>	 adduser --system --ingroup ganglia --home /var/lib/ganglia ganglia
[00:23:46] <Damianz>	 Bah
[00:23:46] <Ryan_Lane>	 bah. the scheduler I want to use doesn't exist in diablo
[00:23:57] <andrewbogott>	 thanks
[00:24:21] * Damianz  goes to figure out how to port a normal schema into an ldif.

[00:24:29] <Ryan_Lane>	 normal schema?
[00:24:39] <Ryan_Lane>	 you mean openldap -> sun?
[00:25:00] <Ryan_Lane>	 I have a script for this somewhere
[00:25:49] <Damianz>	 Mhm
[00:25:50] <Ryan_Lane>	 hm. seems simple scheduler will at least pick a host that has the least number of instances running
[00:25:56] <Ryan_Lane>	 lemme try to find that
[00:26:19] <Ryan_Lane>	 https://blogs.oracle.com/Ludo/entry/updated_schema_convert_py_script
[00:26:24] <Damianz>	 Don't feel like going though a 600 schema file by hand to put it into an ldif to load lol
[00:26:41] <Ryan_Lane>	 that'll convert it for you
[00:26:44] <Damianz>	 :D
[00:26:49] * Damianz  gives Ryan_Lane a cookie

[00:26:49] <Ryan_Lane>	 some of the schema may come by default
[00:27:14] <Ryan_Lane>	 heh. I'm useful occasionally, eh?
[00:27:54] <Damianz>	 A little, sometimes :P
[00:28:18] <Damianz>	 Now just fix the freenode servers xD
[00:28:23] <Ryan_Lane>	 heh
[00:28:30] <Ryan_Lane>	 I'm going to try to change our scheduler
[00:28:33] <Ryan_Lane>	 let's hope it works ;)
[00:28:42] <Ryan_Lane>	 I think the max_cores option is going to be way too low
[00:32:07] * Damianz  takes the cookie off Ryan_Lane

[00:32:10] <Damianz>	 404 blog post ftl
[00:32:11] <Damianz>	 :P
[00:33:26] <Damianz>	 http://ludopoitou.wordpress.com/2009/07/31/updated-schema-convert-py-script-for-opends/ works though :D
[00:33:34] <Ryan_Lane>	 heh
[00:33:46] <Ryan_Lane>	 scheduler seems to be in place, now to try to create an instance :)
[00:34:59] <Ryan_Lane>	 well, it was scheduled on the preferred node
[00:35:42] <Ryan_Lane>	 and it's running. well, time to make that the new scheduler :)
[00:39:21] <Ryan_Lane>	 that should keep things alive longer :)
[00:39:36] <Ryan_Lane>	 so, whenever we get the new node in, all new instances will be created on that for a while
[00:40:03] <Ryan_Lane>	 unfortunately, the hardware is different sizes, so the new node won't be properly assigned more instances
[00:40:18] <Ryan_Lane>	 we'll need to switch hardware, or switch to a better scheduler
[00:58:09] <Damianz>	 Hmm
[02:20:51] <Krinkle>	 Ryan_Lane: You there? I'd like to take this time to see if I can get a CVNBot working on Labs, but not sure where to start. I need to get a bunch of files uploaded somehow (SFTP possible?) and ssh into the bots project to run them. Where to start ?
[02:21:20] <Ryan_Lane>	 would be good to talk to petan, since he's been running the bots project
[02:21:31] <Ryan_Lane>	 sftp works
[02:21:31] <Krinkle>	 he's approved this and added me to the project
[02:21:44] <Krinkle>	 but I mean in general the login stuff and accessing the instance
[02:21:51] <Ryan_Lane>	 https://labsconsole.wikimedia.org/wiki/Help:Access#Using_ProxyCommand_ssh_option
[02:22:03] <Ryan_Lane>	 https://labsconsole.wikimedia.org/wiki/Help:Access#Accessing_public_and_private_instances
[02:22:20] <Ryan_Lane>	 proxycommand should let you scp directly to the instance
[02:22:33] <Krinkle>	 So I use both of those sections or either?
[02:23:04] <Krinkle>	 there was something about forwarding that wasn't secure or something for people that use their key elsewhere?
[02:23:05] <Ryan_Lane>	 well, agent forwarding won't let you connect directly
[02:23:09] <Ryan_Lane>	 but….
[02:23:11] <Ryan_Lane>	 I have to go, actually
[02:23:18] <Ryan_Lane>	 I need to catch a bus in like 5 mintues
[02:23:22] <Krinkle>	 ok, go!
[02:23:49] * Ryan_Lane  waves

[02:23:59] <Krinkle>	 petan: you there? :)
[02:32:55] <Krinkle>	 Okay, I've pasted the proxy config and got into ssh bots.wmflabs.org 
[02:32:56] <Krinkle>	 nice
[02:50:13] <Krinkle>	 Hm.. mono/xbuild aren't available on the bots instance
[02:50:29] <Krinkle>	 Anyone around able to get that package on there?
[02:50:37] <Krinkle>	 the CVNBot uses it
[02:50:41] <Krinkle>	 (don't ask why)
[03:04:31] * jeremyb  waves

[03:05:22] <jeremyb>	 Krinkle: i can help with the proxycommand stuff if you like
[03:05:47] <jeremyb>	 oh, you're in
[03:05:59] <jeremyb>	 i wonder why it's named bots. what a horrible name
[03:07:04] <jeremyb>	 oh, huh, it doesn't exist. i guess it's an extra name for a node
[03:08:58] <jeremyb>	 aha, https://labsconsole.wikimedia.org/wiki/Special:NovaAddress
[03:11:03] * jeremyb  grumbles

[03:13:35] <jeremyb>	 Krinkle: bots.wmflabs.org is bots-apache1.pmtpa.wmflabs (an rfc 1918 non-publicly-routable IP); you should ssh to the *.*.wmflabs. (private IP) via bastion not directly to the the bots.wmflabs.org address
[03:14:18] <Krinkle>	 hm.. difference?
[03:14:47] <Krinkle>	 seemed to work thoguh
[03:14:52] <Krinkle>	 haven't done anything yet
[03:14:54] <jeremyb>	 it did so in fact
[03:15:14] <jeremyb>	 port 22 probably shouldn't be forwarded. so if the box is ever fixed so that it's no longer forwarded you won't be able to get in
[03:16:41] <Krinkle>	 wait, so the SFTP is not going to the same as port 80 and/or ssh ?
[03:16:55] <jeremyb>	 hold on a sec
[03:17:04] <Krinkle>	 I uploaded a html file via sftp, and saw it listed in ssh, and accessed via bots.wmflabs.org
[03:17:13] <Krinkle>	 on port 80
[03:17:14] <jeremyb>	 also just good practice so that it's the same way to access that box as other labs boxes. and so that when you ssh to it you're not just sshing to "bots.wmflabs.org" (which is not obviously bots-apache1 at a glance and once you learn that it is you might later forget)
[03:18:02] <jeremyb>	 now, i assumed CVNbot was some kind of persistent process that 1) made edits or 2) made reports to IRC
[03:18:11] <jeremyb>	 does it have a web component?
[03:18:11] <Krinkle>	 2)
[03:18:14] <Krinkle>	 no
[03:18:26] <jeremyb>	 so, then i think it doesn't belong on the apache box?
[03:18:34] <Krinkle>	 Well, that depends
[03:18:43] <Krinkle>	 So for now, no.
[03:19:20] <Krinkle>	 But if CVN is really migration to Labs (which we plan to), then it does need to be on an apache host since there will be an API (web component) interfacing with the bots database, as well as a control panel for staff members of CVN to start/stop the bot
[03:19:34] <Krinkle>	 and for php/apache to be able to kill the process, it needs to be on the same machine, right?
[03:19:55] <Krinkle>	 jeremyb: so bots has multiple instances?
[03:20:05] <Krinkle>	 ah I see
[03:20:09] <Krinkle>	 https://labsconsole.wikimedia.org/wiki/Special:NovaInstance
[03:20:13] <jeremyb>	 https://labsconsole.wikimedia.org/wiki/Nova_Resource:Bots#Instances_for_this_project
[03:20:24] <jeremyb>	 welcome to semantic MW ;)
[03:20:51] <Krinkle>	 so now it makes sense why not to ssh to bots.wmflabs.org but to bots-apache
[03:21:00] <jeremyb>	 bots-apache1*
[03:21:04] <Krinkle>	 yes
[03:21:18] <Krinkle>	 but that doesn't have a public hostname, so how to use SFTP on that?
[03:21:20] <jeremyb>	 Krinkle: you could have one box do passwordless ssh to the other box...
[03:21:33] <Krinkle>	 I heard about that
[03:21:37] <Krinkle>	 forwarding ssh keys
[03:21:39] <Krinkle>	 right?
[03:21:42] <jeremyb>	 not forwarding
[03:21:56] <Krinkle>	 proxying
[03:22:00] <jeremyb>	 i'm talking about for one to kill something on a different box (unattended)
[03:22:11] <jeremyb>	 for you to log in now is unrelated
[03:22:24] <Krinkle>	 oh, for CVN
[03:22:47] <jeremyb>	 Krinkle: [this is now for you to log in:] ryan linked to https://labsconsole.wikimedia.org/wiki/Help:Access#Using_ProxyCommand_ssh_option before. did you read it? (i wrote it so i can certainly help you set it up if you hit a bump)
[03:22:52] <jeremyb>	 Krinkle: what OS?
[03:23:02] <Krinkle>	 basically the control panel needs output of 'ps -f -u <cvn account>' and ability to kill things by PPID
[03:23:23] <Krinkle>	 jeremyb: I did #Using_ProxyCommand_ssh_option
[03:23:29] <Krinkle>	 I have that in my config file
[03:23:41] <Krinkle>	 I assume that's why I was able to login to bots at all, or was that possible without it?
[03:23:46] <Krinkle>	 before I had to go through bastion first
[03:23:52] <Krinkle>	 and then use LDAP password to get to a projet
[03:23:56] <Krinkle>	 but that's no longer possible
[03:24:12] <Krinkle>	 BRB
[03:28:29] <jeremyb>	 Krinkle: so you should now be able to `ssh bots-apache1.pmtpa.wmflabs` ?
[03:29:18] <jeremyb>	 Krinkle: idk what this business about using an LDAP password to ssh into a machine. can't remember a time when that was required, sounds fishy
[03:29:41] <Krinkle>	 jeremyb: directly from my own shell?
[03:29:47] <jeremyb>	 Krinkle: yes
[03:30:18] * jeremyb  hopes Krinkle is not in europe atm ;P

[03:30:50] <Krinkle>	 worked
[03:30:52] <Krinkle>	 I am
[03:33:29] <jeremyb>	 hah
[03:35:19] <jeremyb>	 Krinkle: so, you have to decide where to put this stuff. or you can make a new box to play around with or puppetize with
[03:35:54] <jeremyb>	 Krinkle: you should now be able to rsync, sftp, scp, and plenty of other things directly from your local shell
[03:36:13] <Krinkle>	 I use SFTP from my FTP client though, not from shell
[03:36:23] <jeremyb>	 Krinkle: might work...
[03:36:27] <Krinkle>	 basically having 2 connections open
[03:36:30] <Krinkle>	 works :)
[03:36:39] <Krinkle>	 used it for prototype.wikimedia and toolserver.org as well
[03:36:46] <jeremyb>	 filezilla or ducky or what?
[03:36:49] <Krinkle>	 I use Panic Coda
[03:37:01] <jeremyb>	 no, i was saying might work with proxycommand
[03:37:12] <Krinkle>	 Excellent code editor with nice terminal, (local) file browser, and (s)ftp clieint
[03:37:53] <Krinkle>	 I assume Coda uses shell in the background since it always works flawlessly if I only enter a hostname
[03:38:02] <Krinkle>	 the local shell that is, with my config and all loaded
[03:38:33] <Krinkle>	 jeremyb: yeah
[03:39:35] <jeremyb>	 so, there was talk about this labs conference but idk if it ever happened
[03:40:16] * jeremyb  still doesn't really understand what the workflow's supposed to look like for stuff that eventually goes to prod

[03:41:30] <jeremyb>	 i.e. dev somewhere (maybe labs) and then test somewhere (in testlabs or your own project or where?) and then send to prod
[03:43:22] <jeremyb>	 also, there's otto's recent thread about merging changes that have been approved to a different branch. do they get reapproved? e.g. send to operations/puppet:test first and then operations/puppet:production
[03:44:24] <Krinkle>	 petan: jeremyb: redesigned hacky frontpage index.html http://bots.wmflabs.org/
[03:44:37] <Krinkle>	 at least it looks somewhat decent now
[03:44:41] <jeremyb>	 where's the old?
[03:45:34] <Krinkle>	 <html><head></head><body><center><font size=8>Bots project</font><img src="http://upload.wikimedia.org/wikipedia/commons/6/65/Wikimedia_labs_small_logo.png></center></body>
[03:46:17] <Krinkle>	 I assume you can parse that
[03:46:25] <Krinkle>	 (back on white, Times new roman)
[03:46:27] <jeremyb>	 approximately
[03:46:38] <jeremyb>	 idk what size=8 means. 8pt ?
[03:46:47] <Krinkle>	 something like that
[03:46:55] <Krinkle>	 could've just been <p> no idea why not
[03:47:12] <jeremyb>	 not h2?
[03:47:24] <Krinkle>	 8 is small for an h2
[03:47:32] <Krinkle>	 8 is more like <small>
[03:48:48] <Krinkle>	 !log bots redesigned front-page of http://bots.wmflabs.org/
[03:49:22] <Krinkle>	 ok….
[03:49:48] <Krinkle>	 jeremyb: you wouldn't happen to know which bots deals with logs and where to add myself?
[03:51:10] <jeremyb>	 !SAL
[03:51:15] <jeremyb>	 hrmm
[03:51:41] <jeremyb>	 !log
[03:51:45] <jeremyb>	 !log foo bar
[03:53:30] <jeremyb>	 labs-morebots
[03:54:08] <jeremyb>	 22 08:14:20 -!- labs-morebots [~labs-more@208.80.153.192] has quit [Ping timeout: 252 seconds]
[04:00:53] <jeremyb>	 !morebots
[04:00:53] <wm-bot>	 source code http://svn.wikimedia.org/viewvc/mediawiki/trunk/tools/adminlogbot/
[04:02:02] <Krinkle>	 jeremyb: http://bots.wmflabs.org/content_old.html
[04:02:35] <jeremyb>	 ahh, not horrible. yours is prettier ;)
[04:05:46] <jeremyb>	 ssmollett: ping?
[04:14:17] <jeremyb>	 !log bots bots-2:~$ sudo service adminbot restart
[04:14:18] <labs-morebots>	 Logged the message, Master
[04:14:22] <jeremyb>	 Krinkle
[04:14:34] <Krinkle>	 !log bots Redesigned front-page at http://bots.wmflabs.org/
[04:14:35] <labs-morebots>	 Logged the message, Master
[04:14:38] <Krinkle>	 yay :)
[04:14:54] <jeremyb>	 what a horrible msg: Feb 23 04:13:02 i-0000009c nslcd[7440]: [dfa1fc] failed to bind to LDAP server ldap://virt0.wikimedia.org:389: Invalid credentials: Success
[04:17:04] <jeremyb>	 !log bots UTC: 22 08:14:20 -!- labs-morebots [~labs-more@208.80.153.192] has quit [Ping timeout: 252 seconds]
[04:17:05] <labs-morebots>	 Logged the message, Master
[04:18:06] <jeremyb>	 well, something's wrong when i schlaf before europe but it's happening ;)
[04:18:15] <jeremyb>	 Krinkle: welterusten!
[04:18:27] <Krinkle>	 bye!
[08:38:03] <Sid-G>	 Is labs down right now?
[08:49:28] <petan|wk>	 Sid-G: no
[08:50:59] <Sid-G>	 http://www.downforeveryoneorjustme.com/http%3A//beta.wmflabs.org/ says so petan
[08:51:14] <Sid-G>	 plus I cant get through to http://hi.wikipedia.beta.wmflabs.org/
[08:51:37] <petan|wk>	 true
[08:51:58] <petan|wk>	 !log deployment-prep fixing the squid
[08:52:06] <labs-morebots>	 Logged the message, Master
[09:13:09] <petan|wk>	 Sid-G: done
[09:15:52] <Sid-G>	 petan|wk: thnx :)
[09:18:16] <whym>	 could I have all mediawiki namespace pages copied to http://ja.wikipedia.beta.wmflabs.org?
[09:18:26] <petan|wk>	 sec
[09:26:55] <whym>	 petan|wk: thanks, no rush
[09:27:46] <whym>	 petan|wk: wait, I was intending to ask copying ja.wikipedia.org pages to ja.wikipedia.beta.wmflabs.org
[09:30:31] <whym>	 petan|wk: you're importing from a different language
[09:30:51] <petan|wk>	 done
[09:31:03] <petan|wk>	 really?
[09:31:21] <petan|wk>	 wait a moment the pages I imported are wrong?
[09:32:09] <petan|wk>	 I imported mw space from ja.wikipedia.org
[09:36:50] <whym>	 petan|wk: I don't know the language, but from googling it seems tewiki was imported
[09:38:01] <petan|wk>	 oh
[09:38:43] <Sid-G>	 petan|wk: Gadgets just went bust at hi again
[09:42:06] <petan|wk>	 whym: what is your username there
[09:42:13] <petan|wk>	 whym: can you nuke all the pages there?
[09:42:55] <whym>	 petan|wk: my username is 'whym'
[09:43:03] <whym>	 but i don't think we have to delete
[09:43:20] <whym>	 they were imported into the main namespace because of localisation
[09:44:22] <petan|wk>	 ok
[09:45:06] <petan|wk>	 running again
[09:46:36] <petan|wk>	 Sid-G: how?
[09:46:56] <Sid-G>	 petan|wk:Happened yesterday too. Reedy fixed it, but its back
[09:47:06] <Sid-G>	 petan|wk:no gadgets tab in prefs
[09:47:12] <Sid-G>	 gadget scripts not loaded
[09:47:31] <Sid-G>	 yesterday it happened on all langs btw
[09:48:16] <Sid-G>	 e.g: check out http://en.wikipedia.beta.wmflabs.org/wiki/Special:Gadgets
[09:48:37] <whym>	 petan|wk: thanks, working fine :)
[09:49:25] <petan|wk>	 Sid-G: I updated to trunk now
[09:49:27] <petan|wk>	 that may be it
[09:50:38] <Sid-G>	 petan|wk: Not working still. Btw, yesterday Reedy said trunk was fine while deployment wasn't
[09:50:44] <petan|wk>	 Sid-G: fixed
[09:51:08] <Sid-G>	 right, and i just got logged out
[09:51:33] <Sid-G>	 so that happens everytime a change is made in trunk?
[09:52:27] <Sid-G>	 ok, the pref panel's back
[09:52:31] <OrenOf>	 if I add some puppet defs - how do I get them to appear in the console ?
[09:54:44] <petan|wk>	 OrenOf: good one
[09:55:07] <petan|wk>	 someone know?
[09:55:22] <petan|wk>	 Sid-G: no it's because of fucked up config
[09:55:34] <petan|wk>	 I need someone from ops to fix it
[09:56:24] <petan|wk>	 !g
[09:56:24] <wm-bot>	 https://gerrit.wikimedia.org/r/$1
[09:57:21] <Sid-G>	 petan|wk:Confirmed, gadgets are working
[10:26:54] <Tpt>	 Hello, I'm admin of the Frensh wikisource and I would like to use the http://wikisource-dev.wmflabs.org in order to test the configuaration of some extensions before installation in Wikisource. Zaran has say me to ask here. What I've to do ?
[10:29:10] <petan|wk>	 wait :)
[10:29:30] <petan|wk>	 wikisource-dev should have what config
[10:29:36] <petan|wk>	 same as wikisource?
[10:29:42] <petan|wk>	 oh
[10:29:43] <petan|wk>	 wait
[10:29:46] <petan|wk>	 now I get it
[10:30:03] <petan|wk>	 !accountreq | Tpt 
[10:30:03] <wm-bot>	 Tpt : in case you want to have an account on labs, please contact someone who is in charge of doing that: Ryan.Lane, m.utante or ssmolle.tt
[10:30:31] <petan|wk>	 you need to have an account on labs to create a new site
[10:31:03] <petan|wk>	 Tpt: however I could just install it on deployment
[10:34:02] <Tpt>	 petan|wk: Thanks. I want to use a test wiki in order to show to the community how work the extensions before take the decision of the installation. I'll ask to Ryan.Lane, m.utante or ssmolle.tt /
[10:35:05] <Tpt>	 wikisource-dev is created in order to test new version of proofreadPages extensions.
[10:35:52] <Tpt>	 But Zaran has said me that it can also be used in order to test others extensions.
[10:36:43] <petan|wk>	 what I meant is I can install it to fr.wikisource.beta.wmflabs.org
[10:36:56] <petan|wk>	 so that you wouldn't need to set up a site for that
[10:40:20] <Tpt>	 A, ok. Sorry I haven't understood that. Install it to fr.wikisource.beta.wmflabs.org looks like very good but I would like to do myself the configuration in the localSettings.
[10:41:50] <petan|wk>	 ok, you can send me a configuration and I will apply it, or just wait for someone to give you access to labs
[10:44:32] <Tpt>	 petan|wk: Thanks a lot, I'll wait for someone.
[10:54:37] <petan|wk>	 Tpt: just to make it clear you will start a new wiki?
[10:54:56] <petan|wk>	 on separate db
[14:47:04] * jeremyb  waves petan|wk

[14:49:43] * jeremyb  pokes petan|wk

[14:50:00] * jeremyb  grumbles at crashed firefox

[15:39:29] <hexmode>	 petan: petan|wk: ping for jeremyb ;)
[16:00:03] * jeremyb  spies a hexmode ;)

[16:00:15] <petan|wk>	 yes
[16:00:52] <petan|wk>	 jeremyb
[16:00:53] <petan|wk>	 jeremyb
[16:00:54] <petan|wk>	 jeremyb
[16:00:54] <petan|wk>	 jeremyb
[16:01:11] <petan|wk>	 !ping
[16:01:12] <wm-bot>	 pong
[16:01:18] <jeremyb>	 hi wm-bot
[16:01:30] <jeremyb>	 did a conference ever happen?
[16:01:33] <petan|wk>	 yes
[16:01:42] <petan|wk>	 gimme a sec
[16:01:50] <jeremyb>	 are there logs or docs or timestamps to look at?
[16:01:57] <petan|wk>	 !logs
[16:02:00] <petan|wk>	 tpoic
[16:02:02] <petan|wk>	 topic
[16:02:07] <petan|wk>	 there is a link
[16:02:08] <petan|wk>	 ;)
[16:02:16] <jeremyb>	 i have my own channel logs. but i need to know when to look at
[16:03:37] <OrenOf>	 if I add some puppet defs - how do I get them to appear in the console ?
[16:04:24] <petan|wk>	 jeremyb: saturday
[16:04:31] <OrenOf>	 also (how) can we I invoke a definition from the command line ?
[16:04:50] <petan|wk>	 OrenOf: you need to wait for someone to come
[16:04:51] <jeremyb>	 petan|wk: the most recent saturday?
[16:04:54] <petan|wk>	 yes
[16:05:01] <petan|wk>	 !labsconf
[16:05:01] <wm-bot>	 http://etherpad.wikimedia.org/LabsIrcConf
[16:05:09] <jeremyb>	 ahh
[16:05:26] <OrenOf>	 petan - not the messiah I hope
[16:06:19] <jeremyb>	 petan|wk: Krinkle may have some questions about what box to use within the bots proj
[16:06:31] <jeremyb>	 petan|wk: also, i booted labs-morebots last night
[16:07:17] <Krinkle>	 jeremyb: petan|wk: actually, when going though the logs I see petan created a brand new instance for me/CVN
[16:07:24] <Krinkle>	 petan|wk: whoever it didn't say which one
[16:07:27] <Krinkle>	 I think bots-4?
[16:07:36] <Krinkle>	 (that was the last one created at time he logged that)
[16:19:28] <petan|wk>	 Krinkle: I don't remember
[16:19:34] <petan|wk>	 you can actually use any instance you want :)
[16:19:44] <petan|wk>	 however 1-3 is loaded a bit
[16:20:02] <petan|wk>	 I was going to create some more instances now
[16:20:12] <petan|wk>	 if you want I can create also 5
[16:24:00] * aude  waves

[16:26:35] <aude>	 petan|wk: what kind of bots are on labs?
[16:27:23] <petan|wk>	 various :)
[16:27:28] <petan|wk>	 wm-bot
[16:27:36] <petan|wk>	 log bot
[16:27:37] <petan|wk>	 etc
[16:27:55] <aude>	 petan|wk: irc bots or wikipedia bots?
[16:27:59] <petan|wk>	 both
[16:28:33] * aude  is using toolserver for my upload bot

[16:28:39] <aude>	 scripts
[16:28:48] <petan|wk>	 I moved all my bots from ts here
[16:28:56] <aude>	 would labs be appropriate for that?
[16:29:05] <petan|wk>	 you access db?
[16:29:10] <aude>	 i'm not storing lots of data
[16:29:14] <petan|wk>	 hm
[16:29:17] <aude>	 access?
[16:29:28] <petan|wk>	 if it's less than 20gb it shouldn't be problem
[16:29:37] <aude>	 yeah, it's small
[16:29:47] <petan|wk>	 you could move it here
[16:29:49] * aude  fetches images by url and uploads them

[16:30:00] <aude>	 and has a database with metadata, but it's small
[16:30:05] <petan|wk>	 ok
[16:30:16] * aude  wants to learn how labs works :)

[16:30:29] <petan|wk>	 !help
[16:30:29] <wm-bot>	 !documentation for labs !wm-bot for bot
[16:30:33] <petan|wk>	 !docs
[16:30:33] <wm-bot>	 View complete documentation at https://labsconsole.wikimedia.org/wiki/Help:Contents
[16:30:43] <aude>	 i've read that
[16:30:51] <petan|wk>	 basically just use @search
[16:30:55] <petan|wk>	 @search instance
[16:30:55] <wm-bot>	 Results (found 4): instancelist, instance-json, access, instance, 
[16:31:21] <petan|wk>	 @search Ryan
[16:31:21] <wm-bot>	 Results (found 3): account, accountreq, Ryan, 
[16:31:33] <aude>	 i have an account but not on any projects yet
[16:31:41] <petan|wk>	 let me add you to one
[16:31:52] <aude>	 can't log into bastion
[16:32:17] <aude>	 when gluster is added, we'll be doing a maps project :)
[16:33:09] <labs-home-wm>	 02/23/2012 - 16:33:09 - Creating a home directory for aude at /export/home/bots/aude
[16:33:20] <petan|wk>	 ok
[16:33:27] <petan|wk>	 you should be able to get to it
[16:33:39] * aude  trying :)

[16:34:09] <labs-home-wm>	 02/23/2012 - 16:34:08 - Updating keys for aude
[16:38:24] <aude>	 petan|wk: do i have to login to bastion first?
[16:40:14] <petan|wk>	 yes
[16:41:37] <aude>	 petan|wk: then i need to be added to bastion project?
[16:41:46] <petan|wk>	 definitely
[16:42:02] <aude>	 Permission denied (publickey).
[16:42:04] <aude>	 :(
[16:42:22] <petan|wk>	 done
[16:42:26] <petan|wk>	 you are in
[16:42:36] <aude>	 good 
[16:42:39] <petan|wk>	 try it
[16:42:41] * aude  tries again

[16:42:46] <petan|wk>	 should work
[16:43:12] <labs-home-wm>	 02/23/2012 - 16:43:12 - Creating a home directory for aude at /export/home/bastion/aude
[16:43:27] <petan|wk>	 !log bastion given access to aude to labs
[16:43:31] <labs-morebots>	 Logged the message, Master
[16:43:41] <aude>	 it works! :)
[16:43:43] <aude>	 thanks
[16:43:46] <petan|wk>	 yw
[16:43:57] <petan|wk>	 !nagios | aude 
[16:43:57] <wm-bot>	 aude : http://nagios.wmflabs.org/nagios3
[16:44:12] <labs-home-wm>	 02/23/2012 - 16:44:12 - Updating keys for aude
[16:44:19] <petan|wk>	 !ping |        petan
[16:44:20] <wm-bot>	 petan: pong
[16:44:25] <petan|wk>	 !ping | petan
[16:44:25] <wm-bot>	 petan: pong
[16:44:32] <petan|wk>	 !ping | petan  
[16:44:32] <wm-bot>	 petan  : pong
[16:44:35] <petan|wk>	 ah...
[16:46:29] <petan|wk>	 you should work on bots-5 instance
[16:47:17] <aude>	 just was going to ask that
[16:47:19] <petan|wk>	 !log bots created a bots-5 instance
[16:47:20] <labs-morebots>	 Logged the message, Master
[17:06:01] <chrismcmahon>	 petan:  I heard that you have installed Mediawiki on a labs instance successfully.  Is there anything written down about doing that?
[17:26:02] <labs-home-wm>	 02/23/2012 - 17:26:02 - Creating a home directory for jgreen at /export/home/testlabs/jgreen
[17:26:10] <labs-home-wm>	 02/23/2012 - 17:26:10 - Creating a home directory for jgreen at /export/home/bastion/jgreen
[17:27:02] <labs-home-wm>	 02/23/2012 - 17:27:02 - Updating keys for jgreen
[17:27:11] <labs-home-wm>	 02/23/2012 - 17:27:11 - Updating keys for jgreen
[17:42:25] <labs-home-wm>	 02/23/2012 - 17:42:25 - Creating a project directory for otrs
[17:42:25] <labs-home-wm>	 02/23/2012 - 17:42:25 - Creating a home directory for jgreen at /export/home/otrs/jgreen
[17:43:23] <labs-home-wm>	 02/23/2012 - 17:43:23 - Updating keys for jgreen
[17:49:55] <preilly>	 anybody around that can create a labs account?
[18:48:25] <labs-home-wm>	 02/23/2012 - 18:48:24 - Creating a home directory for laner at /export/home/otrs/laner
[18:49:22] <labs-home-wm>	 02/23/2012 - 18:49:22 - Updating keys for laner
[18:51:32] <aude>	 petan|wk: bots-5 is pending, what does that mean?
[18:55:26] <Ryan_Lane>	 did you just create it?
[18:55:31] <Ryan_Lane>	 I broke labs
[18:55:41] <Ryan_Lane>	 I'm fixing it right now :)
[18:57:23] <methecooldude>	 Ryan_Lane: Gz :P
[18:57:28] <aude>	 petan|wk created it
[18:57:36] <aude>	 okay if it's broken
[18:57:50] <Ryan_Lane>	 this is related to the scheduler change I made yesterday that I mentioned in the labs-l post
[18:57:51] * aude  worried i was doing something wrong

[18:58:57] <ottomata>	 hi labs
[18:59:15] <ottomata>	 anyone know how I can git checkout a branch so I can see code changes locally, before it is approved in git
[18:59:22] <ottomata>	 someone committed to their branch
[18:59:24] <ottomata>	 i need to review
[18:59:32] <ottomata>	 but I want to read and run the code locally
[18:59:36] <Ryan_Lane>	 yes
[18:59:41] <Ryan_Lane>	 lemme show you irl
[18:59:43] <Ryan_Lane>	 it's easier
[18:59:44] <ottomata>	 oook!
[19:04:28] <Ryan_Lane>	 ok. let's see if these instances will schedule now
[19:04:56] <Ryan_Lane>	 seems not
[19:05:24] <koolhead17|away>	 hi all
[19:05:43] <Ryan_Lane>	 !log bots deleting bots-5, it was stuck in a pending state thanks to the scheduler change
[19:05:44] <labs-morebots>	 Logged the message, Master
[19:07:25] <koolhead17|away>	 hi Ryan_Lane 
[19:07:30] <Ryan_Lane>	 howdy
[19:09:28] <koolhead17|away>	 Ryan_Lane, am awesome. got nod to play with essex/precise from next week :)
[19:09:54] <koolhead17|away>	 but the great news is there is major change in keystone API upstream
[19:09:54] <Ryan_Lane>	 cool
[19:10:04] <Ryan_Lane>	 yeah, they rewrote keystone
[19:10:11] <Ryan_Lane>	 I helped some with the LDAP implementation
[19:10:11] <koolhead17|away>	 and there are awesome bug everywhere
[19:10:39] <koolhead17|away>	 so have to wait until its inside the repo
[19:10:59] <Ryan_Lane>	 yeah. I'm waiting till precise is ready for testing
[19:11:02] <koolhead17|away>	 Ryan_Lane, it means all the curl examples  for APIs will change
[19:11:15] <koolhead17|away>	 alpha coming on 30th i suppose
[19:11:20] <Ryan_Lane>	 so, I'm waiting for nova rc
[19:12:48] <koolhead17|away>	 well in that case i will probably finish up my automated script for oneiric/diablo multinode 
[19:13:16] <koolhead17|away>	 also thinking to check logs of the channel and compile some everyday asked questions in FAQ
[19:13:17] <koolhead17|away>	 :)
[19:14:01] <Krinkle>	 Ryan_Lane: New description for Labs: Wikimedia VPS hosting, XXXXXL
[19:14:12] <Ryan_Lane>	 heh
[19:14:24] <Ryan_Lane>	 it's so much more than a VPS, though :)
[19:14:28] <Krinkle>	 yeah
[19:14:41] <Krinkle>	 someone made the comparison in a private channel, laughed a bit :)
[19:14:46] <Ryan_Lane>	 heh
[19:16:06] <koolhead17|away>	 hosting!! :P
[19:16:36] <koolhead17|away>	 Ryan_Lane, btw saw soren`s mail?
[19:16:53] <koolhead17|away>	 nova is too heavy 
[19:16:54] <Ryan_Lane>	 which one?
[19:17:20] <koolhead17|away>	 running 4 nova PTL
[19:17:31] <Ryan_Lane>	 ah. haven't read it yet
[19:18:27] <koolhead17|away>	 you should, it sounds interesting and release duration to be minimized
[19:25:00] <chrismcmahon>	 interesting. Ryan_Lane is there a reason I suddenly can't ssh to an instance from bastion after 'ssh -A' to bastion?
[19:25:17] <Ryan_Lane>	 is your agent still forwarded?
[19:25:24] <Ryan_Lane>	 on bastion: ssh-add -l
[19:27:42] <chrismcmahon>	 actually Ryan_Lane more detail, I created another instance.  I can ssh to the old instance but not to the new instance from bastion
[19:27:54] <Ryan_Lane>	 when did you create the new one?
[19:27:58] <chrismcmahon>	 just now
[19:28:36] <Ryan_Lane>	 it takes a while to fully build
[19:28:39] <Ryan_Lane>	 what's the instance name?
[19:28:46] <chrismcmahon>	 'secondinstance'
[19:28:47] <Ryan_Lane>	 what does the console log say?
[19:28:53] <chrismcmahon>	 checking... 
[19:28:58] <Ryan_Lane>	 heh, you should use more descriptive names ;)
[19:29:52] <chrismcmahon>	 Ryan_Lane: I'll dispose of these once I know what I'm doing :)
[19:29:58] <chrismcmahon>	 last 4 lines of console are: 
[19:30:00] <chrismcmahon>	 Finished puppet run
[19:30:00] <chrismcmahon>	 Feb 23 19:28:35 i-0000015b dhclient: DHCPREQUEST of 10.4.0.43 on eth0 to 10.4.0.1 port 67
[19:30:00] <chrismcmahon>	 Feb 23 19:28:35 i-0000015b dhclient: DHCPACK of 10.4.0.43 from 10.4.0.1
[19:30:01] <chrismcmahon>	 Feb 23 19:28:35 i-0000015b dhclient: bound to 10.4.0.43 -- renewal in 46 seconds.
[19:30:37] <chrismcmahon>	 and I'm in, seems like just a delay, thanks
[19:31:08] * Ryan_Lane  nods

[19:32:44] <koolhead17|away>	 Ryan_Lane, would love to know about about OS networking :) I dont see great guide anywhere :(
[19:34:05] <Ryan_Lane>	 we're using flatdhcp mode
[19:34:13] <Ryan_Lane>	 it uses dhcp to assign private IPs
[19:34:23] <Ryan_Lane>	 it uses NAT to assign floating IPs
[19:34:36] <Ryan_Lane>	 it does NAT using iptables, on the network-node
[19:34:53] <Ryan_Lane>	 you can configure it to run a network node on every compute node
[19:39:53] <koolhead17|away>	 Ryan_Lane, we are also working on flatdhcp only
[19:41:47] <Ryan_Lane>	 it's the only sane networking mode
[19:41:53] <Ryan_Lane>	 unless you *really* need project separation
[19:41:58] <Ryan_Lane>	 then vlan mode makes sense
[19:43:56] <koolhead17|away>	 hmm.
[19:48:37] <lemurph>	 Ryan_Lane, hey
[19:48:41] <Ryan_Lane>	 howdy
[19:48:47] <Ryan_Lane>	 lemurph: what did you want to help out with?
[19:49:25] <lemurph>	 Basically whatever you need, I'm interested in OpenStack and Puppet, but I'm pretty Junior in those regards.
[19:49:38] * Ryan_Lane  nods

[19:49:43] <Ryan_Lane>	 we need help with puppet, for sure
[19:50:06] <Ryan_Lane>	 we'd like to make a few services in an openstack style
[19:50:55] <lemurph>	 Ok
[19:55:47] <lemurph>	 What kind of services?
[19:58:42] <Ryan_Lane>	 sorry. in a million channels :)
[19:58:52] <Ryan_Lane>	 lemurph: we have a bots project
[19:58:53] <Ryan_Lane>	 !project bots
[19:58:53] <wm-bot>	 https://labsconsole.wikimedia.org/wiki/Nova_Resource:bots
[19:59:08] <Ryan_Lane>	 I'd like a scheduling service for the bots, that is api driven
[19:59:21] <Ryan_Lane>	 I'd like each bot to be packaged, and puppetized
[19:59:55] <Ryan_Lane>	 then, when a bot is launched, I'd like the scheduling service to pick the least loaded bots instance, and launch it there
[20:00:11] <Ryan_Lane>	 I'd like to be able to manually move a bot between instances
[20:02:28] <Ryan_Lane>	 we also need a mysql service
[20:02:47] <Ryan_Lane>	 openstack has red dwarf, but it still hasn't had a release
[20:03:06] <Ryan_Lane>	 and it isn't even an incubated project, I believe
[20:03:21] <Ryan_Lane>	 I'll talk with them some at the design summit, but we really badly need a mysql service and may not be able to wait
[20:04:15] <lemurph>	 I'd be able to help more with the mysql service I think, what does it need to do?
[20:05:41] <Ryan_Lane>	 it needs to be API driven
[20:05:46] <Ryan_Lane>	 and multi-tenant
[20:05:50] <Ryan_Lane>	 like an openstack project
[20:06:04] <Ryan_Lane>	 so, a user would be able to request a new database in their project
[20:06:14] <Ryan_Lane>	 and it would create one for them, and give them a username/password in it
[20:07:01] <Ryan_Lane>	 it should be quota'd, so that in a project only a certain number of databases can be created, and each database should be limited in size
[20:07:12] <Ryan_Lane>	 the quota should be manageable per project
[20:07:44] <Ryan_Lane>	 it needs keystone integration, since all openstack services require that
[20:16:54] <lemurph>	 What would be used to create this service? It sounds like a development project.
[20:52:34] <Ryan_Lane>	 lemurph: yeah, most of the openstack related stuff is development
[20:53:13] <Ryan_Lane>	 the puppet related work is turning our repo into modules, where possible, and ensuring they work on first run when an instance is built
[20:55:06] <lemurph>	 Such as, our new instance will be a webserver, so use the webserver module when it's created?
[20:56:08] <Ryan_Lane>	 yeah
[20:56:19] <Ryan_Lane>	 and it should build fully, and just work when it comes up
[20:56:29] <Ryan_Lane>	 right now a number of our configurations don't work on build
[20:56:39] <Ryan_Lane>	 and take a number of puppet runs to fully build
[20:56:46] <Ryan_Lane>	 because we have bad or missing dependencies
[21:02:34] <lemurph>	 That's something I'm okay at, and if there's already a template for each puppet module, fixing them would(should) be easier than creating a new one.
[21:05:11] <Ryan_Lane>	 heh. there's not really
[21:05:17] <Ryan_Lane>	 we have no modules right now at all
[21:06:58] <lemurph>	 Ok
[21:07:22] <Ryan_Lane>	 but, it's possible to fix the current repo before turning things into modules
[21:07:32] <Ryan_Lane>	 or do one at a time, starting with some of the easier ones
[21:09:05] <lemurph>	 Sounds good
[21:11:11] <ottomata>	 can I change my username to 'otto' in puppet?  
[21:11:18] <ottomata>	 i feel like I should do it sooner rather than later, 
[21:11:25] <ottomata>	 afaik, i'm only installed as aotto on stat1 right now
[21:12:09] <ottomata>	 (or, shoudl I ask # -ops?
[21:12:09] <ottomata>	 )
[21:16:10] <danakim>	 hey
[21:16:44] <danakim>	 I have created an instance in a project I am part of and I have no sudo rights on it. which makes running puppet a bit tricky :)
[21:17:00] <danakim>	 how would one add himself to the sudoers file?
[21:21:31] <koolhead17|away>	 visudo or something?
[21:22:36] <danakim>	 nope, I don't have any rights on that machine. I can not do any kind of system level changes
[21:23:33] <Platonides>	 maybe only project sysadmins have access there?
[21:23:45] <Platonides>	 seems a bit strange if you can create instances, though
[21:24:55] <Ryan_Lane>	 ottomata: your wiki user name, or your shell account name?
[21:25:08] <Ryan_Lane>	 danakim: which instance?
[21:25:18] <danakim>	 yeah. I thought that if I am able to create an instance it means I am a sysadmin for that project. My key did get installed on the box, so I am recognized as a member
[21:25:32] <Ryan_Lane>	 you should have sudo via your wiki password
[21:25:44] <danakim>	 Ryan_Lane: i-00000153
[21:25:45] <Ryan_Lane>	 which project and which instance?
[21:25:52] <danakim>	 puppet-cleanup project
[21:26:04] <Ryan_Lane>	 @search resource
[21:26:04] <wm-bot>	 No results found! :|
[21:26:15] <Ryan_Lane>	 !project bots
[21:26:15] <wm-bot>	 https://labsconsole.wikimedia.org/wiki/Nova_Resource:bots
[21:26:33] <danakim>	 the dns name is memcache-puppet
[21:26:45] <Ryan_Lane>	 !resource is https://labsconsole.wikimedia.org/wiki/Nova_Resource:botsa_Resource:$1
[21:26:45] <wm-bot>	 Key was added!
[21:26:56] <Ryan_Lane>	 !resource i-00000153
[21:26:56] <wm-bot>	 https://labsconsole.wikimedia.org/wiki/Nova_Resource:botsa_Resource:i-00000153
[21:27:01] <Ryan_Lane>	 bah
[21:27:23] <Ryan_Lane>	 !resource is https://labsconsole.wikimedia.org/wiki/Nova_Resource:$1
[21:27:23] <wm-bot>	 Key exist!
[21:27:26] <Ryan_Lane>	 !resource del
[21:27:26] <wm-bot>	 Successfully removed resource
[21:27:28] <Ryan_Lane>	 !resource is https://labsconsole.wikimedia.org/wiki/Nova_Resource:$1
[21:27:28] <wm-bot>	 Key was added!
[21:27:32] <Ryan_Lane>	 !resource i-00000153
[21:27:32] <wm-bot>	 https://labsconsole.wikimedia.org/wiki/Nova_Resource:i-00000153
[21:28:01] <Ryan_Lane>	 danakim: you can ssh into it?
[21:28:18] <danakim>	 yep, I can
[21:29:22] <Ryan_Lane>	 hm. where's the homedirectory bot?
[21:29:23] <labs-home-wm>	 02/23/2012 - 21:29:23 - Creating a home directory for laner at /export/home/puppet-cleanup/laner
[21:29:25] <Ryan_Lane>	 ah
[21:29:26] <Ryan_Lane>	 heh
[21:29:40] <Ryan_Lane>	 hm. can't ssh into it
[21:29:46] <Ryan_Lane>	 labs-home-wm: poke poke
[21:29:57] <Ryan_Lane>	 labs-home-wm: add my key, you
[21:30:21] <labs-home-wm>	 02/23/2012 - 21:30:21 - Updating keys for laner
[21:31:01] <Ryan_Lane>	 you sure you are typing the right password?
[21:31:04] <Ryan_Lane>	 it's working for me
[21:31:47] <Ryan_Lane>	 you're in the necessary group, and it's in sudoers.d
[21:31:53] <danakim>	 hm. its the ldap password?
[21:32:02] <Ryan_Lane>	 auth.log says the password is wrong
[21:32:10] <Ryan_Lane>	 your wiki password
[21:32:20] <danakim>	 let me try this again
[21:32:23] * Ryan_Lane  nods

[21:34:22] <danakim>	 GG password store in chrome! sorry about this Ryan. I changed it when I had last time problems with creating instances from the labs console.
[21:34:30] <danakim>	 I thought that was the problem...
[21:34:34] <Ryan_Lane>	 heh
[21:34:37] <danakim>	 sorry again
[21:34:41] <Ryan_Lane>	 no worries
[21:34:42] * danakim  feels stupid

[21:47:33] <Ryan_Lane>	 !account-questions
[21:47:33] <wm-bot>	 I need the following info from you: 1. Your preferred wiki user name. This will also be your git username, so if you'd prefer this to be your real name, then provide your real name. 2. Your SVN account name, or your preferred shell account name, if you do not have SVN access. 3. Your preferred email address.
[21:50:34] <ottomata>	 Q:
[21:50:39] <ottomata>	 are labs instances puppetized?
[21:50:39] <Ryan_Lane>	 A:
[21:50:50] <Ryan_Lane>	 yes
[21:50:57] <Ryan_Lane>	 they use the test branch, for now
[21:51:16] <Ryan_Lane>	 eventually they'll all default to the test branch, but will be able to change to a project-specific branch
[21:51:28] <ottomata>	 if i don't see a node for my instance
[21:51:32] <ottomata>	 can I add it?
[21:51:38] <Ryan_Lane>	 the nodes are LDAP
[21:51:47] <Ryan_Lane>	 and can be modified via the labsconsole interface
[21:51:58] <ottomata>	 i mean 'node' in puppet
[21:51:59] <Ryan_Lane>	 in the instance list, there's an action to configure an instance
[21:52:16] <Ryan_Lane>	 that's the puppet classes and variables available to use on a node
[21:52:29] <ottomata>	 oh, hm...
[21:52:44] <Ryan_Lane>	 if you'd like to add a class or variable, you can do so in your project via "Manage Puppet Groups"
[21:53:09] <ottomata>	 hm
[21:53:13] <ottomata>	 do I need Nova credentials?
[21:53:20] <Ryan_Lane>	 is it saying you don't have any?
[21:53:24] <Ryan_Lane>	 if so, log out and back in
[21:53:25] <ottomata>	 yeah
[21:53:29] <Ryan_Lane>	 I still can't trigger that bug.
[21:54:08] <Ryan_Lane>	 it seems to hit people randomly, which I don't understand
[21:54:42] <Ryan_Lane>	 wait, is php storing sessions on the filesystem?
[21:54:50] <Ryan_Lane>	 that may actually be the issue
[21:54:56] <ottomata>	 buhhhwuhhwhoa
[21:55:24] <Ryan_Lane>	 bah. damn it
[21:55:25] <Ryan_Lane>	 it is
[21:55:32] <Ryan_Lane>	 well, everyone is about to lose their session :)
[21:56:33] <Ryan_Lane>	 I bet people's sessions were being eaten with a cleanup script
[21:56:40] <Ryan_Lane>	 oh great. now login isn't working for me
[21:56:42] * Ryan_Lane  sighs

[21:57:08] <ottomata>	 hah
[21:57:18] <ottomata>	 on labsconsole?
[21:57:21] <ottomata>	 i'm still logged in a think
[21:57:27] <Ryan_Lane>	 there we go
[21:57:28] <ottomata>	 yup
[21:57:41] <Ryan_Lane>	 maybe that bug will disappear now
[21:57:48] <ottomata>	 still there
[21:57:51] <ottomata>	 shoudl I log out/in
[21:57:51] <ottomata>	 ?
[21:57:56] <Ryan_Lane>	 well, I just switched to memcache
[21:57:57] <Ryan_Lane>	 yeah
[21:58:02] <Ryan_Lane>	 how did you trigger it?
[21:58:09] <Ryan_Lane>	 what recent actions did you do?
[21:58:11] <ottomata>	 heyyyyy
[21:58:12] <ottomata>	 yes
[21:58:13] <ottomata>	 better
[21:58:47] <Ryan_Lane>	 it may just be related to /tmp cleanup, but I guess we'll find out soon
[21:59:26] <ottomata>	 oo, i have to be a member of sysadmin role to configure the instance
[21:59:43] <Ryan_Lane>	 which instance are you trying to configure?
[21:59:47] <ottomata>	 https://labsconsole.wikimedia.org/wiki/Nova_Resource:I-000000e2
[21:59:49] <ottomata>	 analytics
[22:00:48] <Ryan_Lane>	 ah. yeah. you aren't a sysadmin
[22:01:09] <Ryan_Lane>	 drdee: are you ok with ottomata having sysadmin and netadmin in mobile-stats?
[22:01:32] <Ryan_Lane>	 ottomata: anyone with sysadmin rights can give it to you
[22:01:38] <ottomata>	 ok
[22:01:43] <ottomata>	 i'll get that
[22:01:46] <Ryan_Lane>	 I generally ask first :)
[22:01:51] <ottomata>	 so I understand:
[22:01:53] <ottomata>	 once i have access 
[22:01:55] <ottomata>	 i can configure my instance
[22:01:59] <ottomata>	 and add puppet 'groups' to it?
[22:02:11] <ottomata>	 ni
[22:02:12] <ottomata>	 no
[22:02:14] <ottomata>	 puppet class
[22:02:14] <ottomata>	 hm
[22:02:17] <Ryan_Lane>	 I can show you really quick
[22:02:22] <ottomata>	 k, coming over
[22:05:54] <Ryan_Lane>	 !project mobile-stats
[22:05:55] <wm-bot>	 https://labsconsole.wikimedia.org/wiki/Nova_Resource:mobile-stats
[22:07:57] <Ryan_Lane>	 I'm enabling LiquidThreads on labsconsole
[22:08:05] <Ryan_Lane>	 there's a possibility it'll die
[22:08:53] <Ryan_Lane>	 seems to be working
[22:15:46] <ottomata>	 hmm
[22:21:33] <Ryan_Lane>	 git push gerrit <commit-id>:refs/heads/tmp
[22:21:41] <Ryan_Lane>	 well, except your remote isn't gerrit ;)
[22:21:50] <Ryan_Lane>	 where tmp is the new branch
[22:22:06] <Ryan_Lane>	 you have to already have a commit to push
[22:22:15] <Ryan_Lane>	 you can't create a branch without a commit
[22:23:38] <RoanKattouw>	 The web interface does allow you to create a branch without a commit
[22:23:46] <Ryan_Lane>	 yep
[22:23:48] <RoanKattouw>	 But yeah this way they complement each other
[22:25:04] <Ryan_Lane>	 basing it off a commit makes a lot of sense, though
[22:25:49] <RoanKattouw>	 uhu
[22:26:42] <Ryan_Lane>	 so, reviewboard
[22:28:28] <Ryan_Lane>	 ugh
[22:28:30] <Ryan_Lane>	 it's like phabricator
[22:29:10] <Ryan_Lane>	 I think if we had to choose between the two, I'd go with phabricator, since it's php
[22:30:02] <RoanKattouw>	 We were saying last night that one of the first things we should do with Phabricator is hack in automated merging
[22:30:10] <RoanKattouw>	 i.e. automatically merge changes that have been approved
[22:30:18] <RoanKattouw>	 That shouldn't be all that hard to do
[22:30:36] <Ryan_Lane>	 yeah
[22:30:50] <Ryan_Lane>	 I hate that it's based on diffs :(
[22:31:55] <RoanKattouw>	 Yeah, git commit objects are so much nicer
[22:32:00] <Ryan_Lane>	 yeah
[22:32:08] <RoanKattouw>	 But it requires writing a git server wrapper in say c++
[22:32:29] <RoanKattouw>	 Depending on how much extended data is in Phabricator's diff format, those diffs might really just be weird serializations of commit objects
[22:32:31] <RoanKattouw>	 In which case it's fine
[22:32:54] <Ryan_Lane>	 I believe it's straight diffs
[22:33:07] <RoanKattouw>	 If we could change the backend so that recreating a commit from a diff would result in the same hash... that shouldn't be too hard to do using some of the lower-level git commands
[22:33:08] <Ryan_Lane>	 I say that because you can manually generate them
[22:33:18] <RoanKattouw>	 Right
[22:33:48] <Ryan_Lane>	 we'd need to wrap authn/authz around it too
[22:34:08] <RoanKattouw>	 ?
[22:34:13] <RoanKattouw>	 How so?
[22:34:22] <Ryan_Lane>	 user x, y, and z are allowed to merge
[22:34:25] <Ryan_Lane>	 others are not
[22:34:28] <RoanKattouw>	 Right
[22:34:36] <Ryan_Lane>	 otherwise it isn't gated
[22:34:37] <RoanKattouw>	 Yeah if you have automatic merging that needs to be taken into account
[22:34:45] <^demon>	 And make those on per-branch basis.
[22:34:48] <Ryan_Lane>	 yep
[22:34:55] <Ryan_Lane>	 we're basically re-creating gerrit's backend :D
[22:34:55] <^demon>	 (You're quickly adding complexity that gerrit already has)
[22:35:00] <RoanKattouw>	 The script that you use to merge approved revs (which we don't really want to use) also needs to respect permissions and approval status
[22:35:19] <RoanKattouw>	 Ryan_Lane: Well recreating parts of Gerrit's backend in a sane language wouldn't be too terrible
[22:35:25] <RoanKattouw>	 But potentially a shitload of work
[22:35:29] <^demon>	 Java's not totally insane. It could be worse.
[22:35:30] <Ryan_Lane>	 yes
[22:35:40] <RoanKattouw>	 It could be something like OCaml, true
[22:35:47] <^demon>	 Or ruby ;-)
[22:35:50] <Ryan_Lane>	 right now, we have openstack people to help
[22:36:36] <RoanKattouw>	 Yeah
[22:37:07] <^demon>	 Ryan_Lane: Do you know how receptive gerrit seems to be to 3rd party development?
[22:37:10] <Ryan_Lane>	 with phabricator do we have any other help?
[22:37:18] <Ryan_Lane>	 ^demon: they are receptive, but slow to act
[22:37:29] <RoanKattouw>	 At least another non-Google org is using it (OpenStack)
[22:37:41] <^demon>	 Lots of people are using it :p
[22:37:45] <Ryan_Lane>	 yeah
[22:37:57] <Ryan_Lane>	 we really need to host an openstack meetup in the office
[22:38:13] <Ryan_Lane>	 hell, we should host a gerrit oriented openstack meetup
[22:38:22] <RoanKattouw>	 YES
[22:38:29] <^demon>	 RoanKattouw: Are you doing a WM2012 presentation?
[22:38:33] <RoanKattouw>	 Or maybe #openstack-infra -oriented more generally
[22:38:38] <Ryan_Lane>	 yeah
[22:38:43] <RoanKattouw>	 ^demon: For VisualEditor yes. Maybe something else, haven't decided
[22:38:49] <RoanKattouw>	 ^demon: We could do something focused on git I guess?
[22:38:55] <^demon>	 http://wikimania2012.wikimedia.org/wiki/Submissions/Practical_Git_for_Wikimedians - I submitted that today
[22:39:08] <RoanKattouw>	 Aha!
[22:39:21] <RoanKattouw>	 Nice
[22:39:32] <RoanKattouw>	 Should probably also be run in Berlin (if you're coming)
[22:39:40] <^demon>	 Nope.
[22:40:04] <RoanKattouw>	 Meh; finals?
[22:40:12] <Ryan_Lane>	 I really need to submit something
[22:40:19] <Ryan_Lane>	 when is the last submission date?
[22:40:24] <RoanKattouw>	 March 18th?
[22:40:24] <Ryan_Lane>	 the 16th of next month?
[22:40:27] <Ryan_Lane>	 oh
[22:40:27] <Ryan_Lane>	 ok
[22:40:28] <RoanKattouw>	 I think
[22:40:31] <RoanKattouw>	 Well somewhere around that time
[22:40:38] <Ryan_Lane>	 I have a while, then
[22:40:43] <^demon>	 RoanKattouw: My 1 summer class I have to take to graduate starts the monday after berlin ends.
[22:40:50] <RoanKattouw>	 heh, yeah that's annoying
[22:41:04] <RoanKattouw>	 Hopefully they'll send Brion and myself so we can do a git tutorial there
[22:41:04] <^demon>	 And I'd rather not tempt the travel gods.
[22:41:15] <brion>	 wheeee
[22:41:49] <^demon>	 The tutorial I plan to do at WM2012 is going to be geared towards people who already understand git basics, but want to understand our workflow and how we're doing things.
[22:42:32] <RoanKattouw>	 Yeah
[22:43:27] <^demon>	 brion: Can we go back in time and have you guys move to git like 6 or 7 years ago? Converting a 10 year repo history is NP-hard.
[22:43:47] <^demon>	 :)
[22:43:57] <brion>	 heh
[22:45:18] <Ryan_Lane>	 and also write a sane code review tool for it?
[22:45:22] <Ryan_Lane>	 heh
[22:45:46] <Ryan_Lane>	 I guess we'd be using the mediawiki one for git if you guys switched to it way back then
[22:47:37] <^demon>	 Oh yippie.
[22:50:11] <brion>	 hey if you'd prefer to do your code reviews in notepad, i can go back in time and unwrite CodeReview :)
[22:50:13] <Ryan_Lane>	 seems the openstack guys have a bunch of work queued
[22:50:17] <Ryan_Lane>	 for gerrit and jenkins
[22:50:29] <Ryan_Lane>	 brion: I actually like the mediawiki codereview tool
[22:50:39] <brion>	 \o/
[22:50:49] <Ryan_Lane>	 it's interface is much better than gerrit
[22:50:57] <brion>	 that's a low bar ;)
[22:53:48] <Ryan_Lane>	 brion: indeed it is
[22:54:08] <Ryan_Lane>	 HP says they have 5 gerrit changes queued and waiting on legal to submit
[22:54:19] <Ryan_Lane>	 (HP is an openstack member)
[23:00:12] <^demon>	 Ryan_Lane: Are any of those changes ui fixes? 
[23:02:53] <Ryan_Lane>	 ^demon: probably all UI fixes
[23:03:14] <^demon>	 Well gerrit needs to hurry up then :)
[23:03:54] <^demon>	 Hmm. svn2git is choking on some of our release tags :\
[23:04:21] <^demon>	 All the old cvs2svn-generated ones are fine. They start messing up once brion started tagging manually with 1.6.0
[23:05:51] <Ryan_Lane>	 ^demon: HP lawyers need to hurry up, technically ;)
[23:06:00] <Ryan_Lane>	 they can't submit the changes until they are signed off on
[23:06:06] <Ryan_Lane>	 something to do with gerrit's CLA
[23:07:40] <^demon>	 Lawyers...
[23:07:46] <Ryan_Lane>	 yeah
[23:07:50] <Ryan_Lane>	 CLA's too
[23:07:59] <Ryan_Lane>	 they make things painful sometimes
[23:08:23] <^demon>	 And this is why we don't do contributor agreements.
[23:08:56] <jeremyb>	 Ryan_Lane: any idea if bdale's involved with this? (former debian project leader, current SPI president, HP open source guy)
[23:10:38] <Ryan_Lane>	 jeremyb: dunno
[23:17:53] * jeremyb  waves the Krinkle

[23:17:57] <Krinkle>	 hiya
[23:18:30] <jeremyb>	 Krinkle: so, did you find a home? bots-4?
[23:18:43] <Krinkle>	 Haven't tried logging into bots-4 yet
[23:18:48] <Krinkle>	 got other priorities right now
[23:19:16] <Krinkle>	 catching up on code review and bugzilla from last 2 weeks absence and mediawiki development
[23:20:39] <jeremyb>	 well FYI if you could get into other boxes the inside way instead of straight to the public address then this one should be no different. (you've already logged in to that project and now you can get through bastion too)
[23:21:10] <Krinkle>	 k, I'll try a straight log in and get out again
[23:22:21] <Krinkle>	 k worked
[23:22:42] <Krinkle>	 jeremyb: Is there a way I can avoid the fingerprint-warnings for every separate instance, or is that a good thing?
[23:22:51] <Krinkle>	 I know it's a good thing
[23:23:05] <Krinkle>	 but does it make sense to be able to whitelist stuff behind bastion.wmflabs ?
[23:23:46] <Krinkle>	 just wondering if there's a trick everybody is using that I just don't know about, it's ok if I should keep accepting them for each new instnace.
[23:26:28] <Ryan_Lane>	 well...
[23:26:32] <Ryan_Lane>	 we'd like to automate it
[23:26:34] <Ryan_Lane>	 but it's hard
[23:26:59] <Ryan_Lane>	 what I'd really like to do is have the instance's fingerprint added to DNS
[23:27:04] <Ryan_Lane>	 then have the instances configured to trust DNS
[23:27:10] <Ryan_Lane>	 that also requires dnssec, though
[23:27:38] <Ryan_Lane>	 and we can't use LDAP for DNS records then either, which means we need to write some more code
[23:36:14] <jeremyb>	 Krinkle: monkeysphere would do it...
[23:36:40] <Krinkle>	 I have no clue what you guys are talking about
[23:36:49] <Ryan_Lane>	 :D
[23:36:58] <Ryan_Lane>	 Krinkle: talking about managing ssh public keys
[23:37:03] <Krinkle>	 that much I figured
[23:37:04] <Ryan_Lane>	 so that labs users don't need to accept them
[23:37:15] <jeremyb>	 Krinkle: http://web.monkeysphere.info/
[23:37:19] <Ryan_Lane>	 it's possible to store the information in DNS, and let ssh pull it from there
[23:37:23] <Krinkle>	 but dnssec and monkey spheres are to exotic for me. 
[23:37:32] <jeremyb>	 too*
[23:37:39] <jeremyb>	 and it's one word ;)
[23:37:43] <Krinkle>	 I know
[23:37:43] <Ryan_Lane>	 dnssec signs the zone file
[23:37:46] <Krinkle>	 ;-)
[23:37:55] <Krinkle>	 Tell me if and when I need to do stuff, until than, happy shop talking :)
[23:38:03] <Ryan_Lane>	 :D
[23:38:12] <jeremyb>	 Krinkle: bake me a cake
[23:38:21] <Krinkle>	 got some browsers to crash, so I'm going back to work
[23:38:24] <jeremyb>	 with spherical components
[23:38:33] <Ryan_Lane>	 Krinkle: write dns support for bind-style zone files in our openstack dns driver
[23:38:36] <Ryan_Lane>	 then enable dnssec for it
[23:41:43] <jeremyb>	 Ryan_Lane: should be enough to just expose pub keys by API or some other public way and then have a script for people to run to update their known_hosts. or even use the same ssh hook that monkeysphere uses. (can look it up)
[23:42:32] <Ryan_Lane>	 that's a much more painful thing
[23:42:33] <jeremyb>	 Ryan_Lane: keys should be exposed somewhere in the web interface anyway even if we do dnssec. i can do the client side part...
[23:42:38] <Ryan_Lane>	 and it puts the burden on the end-user
[23:42:58] <Ryan_Lane>	 if we can publish the ssh keys, then we can also handle them in DNS too
[23:43:35] <jeremyb>	 how is it more painful? either way the end user has to do something. unless they do agent forwarding. but i'm of course against agent forwarding ;)
[23:43:53] <Ryan_Lane>	 how so? the instances would be pre-configured to trust DNS
[23:44:02] <Ryan_Lane>	 excluding the bastion node
[23:44:06] <jeremyb>	 i don't follow
[23:44:39] <Ryan_Lane>	 put the ssh fingerprint of the host into DNS
[23:44:45] <jeremyb>	 you have to configure your local box to get the fingerprint from DNS and to make sure it's doing dnssec verification
[23:44:46] <Ryan_Lane>	 configure ssh to trust it
[23:44:58] <Ryan_Lane>	 who cares about the local box?
[23:45:15] <Ryan_Lane>	 the only one it needs to know is the bastion instance
[23:45:17] <jeremyb>	 i do? everyone that's not doing agent forwarding does
[23:46:02] <Ryan_Lane>	 proxycommand stores all the keys locally?
[23:46:06] <Ryan_Lane>	 that's annoying
[23:46:16] <jeremyb>	 of course, how else would it work?
[23:46:38] <Ryan_Lane>	 via the server?
[23:46:42] <jeremyb>	 Krinkle's using proxycommand and he's the one who asked
[23:46:48] <jeremyb>	 Ryan_Lane: i don't follow
[23:46:53] <Ryan_Lane>	 it isn't difficult to trust dns for ssh
[23:47:01] <Ryan_Lane>	 it's one more line to add to the ssh config
[23:47:43] <jeremyb>	 so, what then, everyone has to run their own local DNS servers too? in order to get the wmflabs TLD
[23:48:04] <jeremyb>	 or is the WMF going to expose public recursors? ;-) ;-)
[23:48:12] <Ryan_Lane>	 hm
[23:48:19] <Ryan_Lane>	 meh
[23:48:26] <Ryan_Lane>	 I'll just continue to ignore the problem :D
[23:48:27] <jeremyb>	 anyway, i think my fix is fairly simple and globally applicable. we can have it work with no user action on bastion to cover the agent forwarders and with little work for everyone else
[23:48:46] <jeremyb>	 all you have to do is get the keys to somewhere where i can fetch them
[23:48:53] * Ryan_Lane  nods

[23:48:58] <Ryan_Lane>	 we have plans for it. it's unfortunately hard
[23:49:46] <jeremyb>	 can't you just ssh-keyscan from a trusted host? or do some magic with facter?
[23:50:13] <Ryan_Lane>	 you can't trust the instance
[23:50:29] <Ryan_Lane>	 which means you need to probe from the server
[23:51:00] <Ryan_Lane>	 I'd really love some way of pre-generating the ssh-keys, then injecting them
[23:51:06] <Ryan_Lane>	 it may be possible.
[23:51:20] <jeremyb>	 i don't follow. you can't trust what?
[23:51:36] <jeremyb>	 i'm not crazy about the pregeneration
[23:51:41] <Ryan_Lane>	 you can't let the instance update the server
[23:51:48] <jeremyb>	 you could parse it out of the console output
[23:51:59] <Ryan_Lane>	 yeah, that's nasty, though
[23:52:03] <jeremyb>	 what does that mean and why?
[23:52:09] <jeremyb>	 yes, it is nasty
[23:52:21] <Ryan_Lane>	 pre-generation of the ssh-keys is the best option
[23:52:26] <Ryan_Lane>	 what's wrong with that?
[23:52:41] <Ryan_Lane>	 generate on the server, and inject into the instance
[23:52:59] <jeremyb>	 well first of all it means that if there's a security update to change the way they're generated then you don't pick it up
[23:53:06] <Ryan_Lane>	 hell, if you delete and re-create an instance you can just re-inject the same key
[23:53:12] <jeremyb>	 but it just generally feels icky
[23:53:53] <Ryan_Lane>	 why? the server's ssh version may be more up to date than the instance's
[23:54:06] <Ryan_Lane>	 the instance builds using an image, that's possibly old
[23:54:17] <Ryan_Lane>	 it generates the keys, then updates itself
[23:54:49] <Ryan_Lane>	 then the server also always has direct access to the public kehys
[23:54:50] <Ryan_Lane>	 *keys
[23:57:10] <jeremyb>	 i'm not getting what's wrong with the ssh-keyscan
[23:58:05] <Ryan_Lane>	 where do you get the key from?
[23:58:06] <jeremyb>	 is it a timing thing? it should be successful any time the port's open and a quick failure when it's not open
[23:58:14] <jeremyb>	 from the network
[23:58:20] <jeremyb>	 ssh-keyscan -t rsa hostname
[23:59:12] <Ryan_Lane>	 because we delete and re-create instances with the same names
[23:59:13] <jeremyb>	 but i still don't understand why we can't trust the box about it's own key... (from above)
[23:59:26] <Ryan_Lane>	 and they should have the same key
[23:59:36] <jeremyb>	 should they really?
[23:59:47] <Ryan_Lane>	 hm. actually, I guess not