[12:34:38] <Deathlasersonlin>	 please unblock me
[12:34:42] <Deathlasersonlin>	 u
[12:34:42] <Deathlasersonlin>	 n
[12:34:43] <Deathlasersonlin>	 b
[12:34:44] <Deathlasersonlin>	 l
[12:34:44] <Deathlasersonlin>	 o
[12:34:45] <Deathlasersonlin>	 c
[12:34:46] <Deathlasersonlin>	 k
[12:34:47] <Deathlasersonlin>	 m
[12:34:48] <Deathlasersonlin>	 e
[12:34:51] <Deathlasersonlin>	 p
[12:34:51] <Deathlasersonlin>	 l
[12:34:52] <Deathlasersonlin>	 e
[12:34:53] <Deathlasersonlin>	 a
[12:34:54] <Deathlasersonlin>	 s
[12:34:54] <Deathlasersonlin>	 e
[12:35:39] <Deathlasersonlin>	 u
[12:35:40] <Deathlasersonlin>	 n
[12:35:41] <Deathlasersonlin>	 b
[12:35:41] <Deathlasersonlin>	 l
[12:35:42] <Deathlasersonlin>	 o
[12:35:43] <Deathlasersonlin>	 c
[12:35:43] <Deathlasersonlin>	 k
[12:35:48] <Deathlasersonlin>	 m
[12:35:49] <Deathlasersonlin>	 e
[12:35:49] <Deathlasersonlin>	 u
[12:35:50] <Deathlasersonlin>	 n
[12:35:51] <Deathlasersonlin>	 b
[12:35:51] <Deathlasersonlin>	 l
[12:35:52] <Deathlasersonlin>	 o
[12:35:54] <Deathlasersonlin>	 c
[12:35:54] <Deathlasersonlin>	 k
[12:35:55] <Deathlasersonlin>	 m
[12:35:56] <Deathlasersonlin>	 e
[12:35:57] <Deathlasersonlin>	 u
[12:35:57] <Deathlasersonlin>	 n
[12:35:58] <Deathlasersonlin>	 b
[12:35:59] <Deathlasersonlin>	 l
[12:35:59] <Deathlasersonlin>	 o
[12:36:00] <Deathlasersonlin>	 c
[12:36:01] <Deathlasersonlin>	 k
[12:36:01] <Deathlasersonlin>	 m
[12:36:02] <Deathlasersonlin>	 e
[12:36:04] <Deathlasersonlin>	 p
[12:36:05] <Deathlasersonlin>	 l
[12:36:06] <Deathlasersonlin>	 e
[12:36:06] <Deathlasersonlin>	 a
[12:36:07] <Deathlasersonlin>	 s
[12:36:08] <Deathlasersonlin>	 e
[12:36:09] <Deathlasersonlin>	 u
[12:36:10] <Deathlasersonlin>	 n
[12:36:11] <Deathlasersonlin>	 b
[12:36:12] <Deathlasersonlin>	 l
[12:36:13] <Deathlasersonlin>	 o
[12:36:15] <Deathlasersonlin>	 c
[12:36:16] <Deathlasersonlin>	 k
[12:36:17] <Deathlasersonlin>	 m
[12:36:17] <Deathlasersonlin>	 e
[12:36:18] <Deathlasersonlin>	 p
[12:36:19] <Deathlasersonlin>	 l
[12:36:20] <Deathlasersonlin>	 e
[12:36:21] <Deathlasersonlin>	 a
[12:36:22] <Deathlasersonlin>	 s
[12:36:24] <Deathlasersonlin>	 e
[17:00:15] <paravoid>	 Ryan_Lane: hi :)
[17:00:19] <Ryan_Lane>	 howdy
[17:00:25] <Ryan_Lane>	 I have a giant change to push in. heh
[17:00:32] <Ryan_Lane>	 it's not 100% complete
[17:00:38] <paravoid>	 so, virt1005, 1007 & 1008 are ready
[17:00:43] <paravoid>	 I reformatted 1005
[17:00:48] <Ryan_Lane>	 cool
[17:00:57] <paravoid>	 then I had a look at 1007 & 1008 and they looked recently provisioned and untouched
[17:01:06] <paravoid>	 so I just purged gluster, dist-upgraded them and rebooted them
[17:01:16] <paravoid>	 so, I cheated :)
[17:01:18] <Ryan_Lane>	 heh
[17:04:12] <Ryan_Lane>	 I had to rework all the ldap puppet stuff for the openstack stuff too
[17:05:07] <paravoid>	 ?
[17:05:18] <Ryan_Lane>	 it's was all spaghetti coded in
[19:04:16] <gerrit-wm>	 New patchset: Ryan Lane; "Adding new class names for ldap passwords" [labs/private] (master) - https://gerrit.wikimedia.org/r/19515
[19:04:32] <gerrit-wm>	 Change merged: Ryan Lane; [labs/private] (master) - https://gerrit.wikimedia.org/r/19515
[19:08:41] <OrenBochman>	 Ryan_Lane: hi
[19:09:07] <OrenBochman>	 (how) can I access the ldap in labs?
[19:09:17] <Ryan_Lane>	 ldaplist, ldapseach, etc
[19:09:50] <OrenBochman>	 does it have the info of the dev team 
[19:10:10] <OrenBochman>	 i.e. if some one gets access to labs
[19:10:24] <OrenBochman>	 will i see them in the ldap
[19:10:29] <Ryan_Lane>	 yes
[19:10:33] <OrenBochman>	 ok great
[19:10:34] <Ryan_Lane>	 ldaplist -l passwd <username>
[19:10:52] <OrenBochman>	 my password ?
[19:11:05] <OrenBochman>	 ssh 
[19:11:12] <Ryan_Lane>	 eh?
[19:11:26] <OrenBochman>	 do I need to put in my ssh password ?
[19:12:06] <OrenBochman>	 for that to work or an ldap specific password
[19:12:19] <Ryan_Lane>	 you don't have an ssh password
[19:12:23] <Ryan_Lane>	 you have a wiki password
[19:12:34] <OrenBochman>	 ok I get it
[19:12:39] <Ryan_Lane>	 and for ldapsearch to work, you'll need to put in your full dn and password
[19:12:50] <Ryan_Lane>	 you can use ldaplist without a password, though
[19:13:10] <Ryan_Lane>	 you can find your dn for ldapsearch by using ldaplist byw
[19:13:12] <Ryan_Lane>	 btw
[19:13:15] <Ryan_Lane>	 ldaplist -l passwd oren
[19:13:42] <Ryan_Lane>	 ldapsearch -x -D '<yourdn>' -W '<search>'
[19:14:52] <OrenBochman>	 now if I want to hack gerrit
[19:14:59] <OrenBochman>	 is it puputised ?
[19:15:10] <OrenBochman>	 or should I set it up
[19:15:24] <OrenBochman>	 (I am guessing it is not)
[19:16:29] <Ryan_Lane>	 it kind of it
[19:16:31] <Ryan_Lane>	 *is
[19:16:35] <Ryan_Lane>	 ^demon: ^^
[19:16:42] <OrenBochman>	 nice
[19:16:54] <jeremyb>	 is bastion1 having issues or someone's doing network maint?
[19:17:06] <Damianz_>	 Ryan you're in SF right?
[19:17:07] <jeremyb>	 i just got like 20+ secs of lag on the shell
[19:17:13] <Ryan_Lane>	 Damianz_: yep
[19:17:23] <kaldari>	 I can't ssh to ee-prototype.pmtpa.wmflabs today
[19:17:26] <Damianz_>	 Is it just after 12 or is my timezone sensing totally off?
[19:17:29] <kaldari>	 Permission denied (publickey)
[19:17:33] <OrenBochman>	 am I allowed to add.remove people to the ldap ?
[19:17:40] <jeremyb>	 (on bastion1) itself, not even my own instance
[19:17:42] <Ryan_Lane>	 of course not
[19:17:45] <kaldari>	 Ryan_Lane: ^
[19:18:04] <Ryan_Lane>	 OrenBochman: no, of course not
[19:18:14] <OrenBochman>	 can you give me permission
[19:18:21] <Damianz>	 no
[19:18:24] <RoanKattouw>	 Damianz: The local time here is 12:18pm yes
[19:18:29] <OrenBochman>	 I will only add and remove one person - as a unit test
[19:18:37] <Damianz>	 OrenBochman: Setup opendj locally
[19:18:43] <Damianz>	 RoanKattouw: Cheers :)
[19:18:56] <RoanKattouw>	 jeremyb: Mind coming over to #wikimedia and banning a troll?
[19:19:04] <RoanKattouw>	 He just pinged you there, too :)
[19:19:40] <Damianz>	 It's weird dealing with people like 8hours behind you =/
[19:19:54] <OrenBochman>	 Damianz: It seems like it already is installed 
[19:19:55] <RoanKattouw>	 jeremyb: nm DeltaQuad has got it
[19:20:39] <Damianz>	 I'm not sure how broken the gerrit puppet stuff is or if opendj is puppetized but for a local/testing/development env ideally you should install everything via puppet on 1 box.
[19:20:43] <OrenBochman>	 should I set up my own ldap, git and garret then ... ?
[19:20:57] <Damianz>	 ^demon is the best person to talk to, I believe he has a project and is sorta fixing the puppet stuff.
[19:21:12] <Ryan_Lane>	 OrenBochman: if you are going to do ldap testing, you'll definitely need to set up ldap
[19:21:29] <Ryan_Lane>	 you should talk to ^demon about seting up gerrit
[19:21:37] <OrenBochman>	 I actualy want to integrate our ldap with gerrit
[19:21:45] <kaldari>	 Ryan_Lane: Benny is not able to ssh to ee-prototype either
[19:21:54] <Ryan_Lane>	 kaldari: yes, I'm looking at it
[19:21:58] <kaldari>	 thanks :)
[19:22:00] <OrenBochman>	 and I've chatted abit with ^demon - he says go on!
[19:22:04] <Ryan_Lane>	 OrenBochman: our gerrit *is* integrated with ldap
[19:22:17] <OrenBochman>	 since when ?
[19:22:31] <RoanKattouw>	 Since the beginning of time?
[19:22:37] <OrenBochman>	 ok
[19:22:50] <Ryan_Lane>	 do you want to fix the code so that ssh keys are pulled from ldap or something?
[19:22:57] <OrenBochman>	 yes
[19:22:59] <Ryan_Lane>	 or so that ldap groups can be added as reviewers?
[19:23:04] <OrenBochman>	 both
[19:23:15] <OrenBochman>	 but mostly # 2
[19:23:21] <Ryan_Lane>	 that stuff isn't working yet, but gerrit is configured with ldap
[19:24:42] <Ryan_Lane>	 crap
[19:24:55] <Ryan_Lane>	 my private repo change seems to have broken something
[19:24:59] <Ryan_Lane>	 annoying
[19:25:06] <OrenBochman>	 I got git and garret on my local machine but no ldap
[19:25:36] <OrenBochman>	 ok Ryan_Lane: I'll let u know if I need more help
[19:25:50] <^demon>	 Sorry, was on the phone.
[19:25:58] <OrenBochman>	 re
[19:26:08] <^demon>	 So yeah, gerrit is like half-puppetized for labs. I did a lot of the work, but I need Ryan to review & finish it.
[19:26:21] <gerrit-wm>	 New patchset: Ryan Lane; "Fix proxyagent password in labs" [labs/private] (master) - https://gerrit.wikimedia.org/r/19518
[19:26:26] <OrenBochman>	 ^demon:  does it run on tomcat ?
[19:26:34] <gerrit-wm>	 Change merged: Ryan Lane; [labs/private] (master) - https://gerrit.wikimedia.org/r/19518
[19:26:40] <OrenBochman>	 or another application server ?
[19:26:51] <Ryan_Lane>	 kaldari: thanks for reporting that, seems I had just broken something
[19:26:56] <^demon>	 No, it just runs on its internal jetty-based thing.
[19:26:58] <^demon>	 Which is proxied out via apache.
[19:27:09] <OrenBochman>	 jetty is even better for quick dev
[19:27:11] <^demon>	 You *can* run it on tomcat, but we don't.
[19:27:22] <OrenBochman>	 also we puptised solar on jetty
[19:27:30] <Ryan_Lane>	 I tried the tomcat route at first
[19:27:34] <OrenBochman>	 so you guys might want to look at that
[19:27:38] <Ryan_Lane>	 it's way easier to run via jetty
[19:27:41] <OrenBochman>	 it is more complex
[19:27:45] <OrenBochman>	 I agree
[19:27:45] <^demon>	 Ryan_Lane: Glad you didn't. Would've made it harder for me to help you :)
[19:27:50] <Ryan_Lane>	 gerrit is already puppetized
[19:27:55] <^demon>	 For prod.
[19:27:58] <Ryan_Lane>	 exactly
[19:27:59] <^demon>	 Labs is fubar'd
[19:28:04] <Ryan_Lane>	 it's poorly puppetized
[19:28:19] <^demon>	 Yeah. Which is why I've been bugging you to finish that manifest :)
[19:28:25] <OrenBochman>	 cant we re use it ?
[19:28:32] <^demon>	 Yeah, it just needed a lot of work.
[19:28:43] <Ryan_Lane>	 can use puppetmaster::self :)
[19:28:44] <Ryan_Lane>	 heh
[19:28:54] <^demon>	 That's what I've done. But some stuff I'm not sure about still.
[19:28:57] <^demon>	 Like LDAP config.
[19:28:59] <Ryan_Lane>	 kaldari: fixed
[19:29:10] <^demon>	 And how to pull the database password when in labs.
[19:29:11] <kaldari>	 yay
[19:29:12] <Ryan_Lane>	 I just made a huge ldap change
[19:29:24] <Ryan_Lane>	 ^demon: private repo for that
[19:29:31] <OrenBochman>	 ok
[19:29:59] <OrenBochman>	 ^demon: which lab are you using for the gerrit  work ?
[19:30:11] <jeremyb>	 RoanKattouw: sorry, had some local computer issues after the other (bastion1?) issue
[19:30:24] <^demon>	 OrenBochman: gerrit project. gerrit-puppet-overhaul instance.
[19:30:28] <^demon>	 Let me add you if I haven't already.
[19:30:35] <OrenBochman>	 thanks
[19:31:11] <jeremyb>	 RoanKattouw: speaking of troll, scroll up to 12:34:22 UTC in here ;)
[19:31:43] <OrenBochman>	 is that the currently used gerrit - or a development instance ?
[19:31:49] <RoanKattouw>	 jeremyb: I wasn't in this channel at 4am sorry :)
[19:32:10] <^demon>	 OrenBochman: That instance is the one we're testing the puppet rewrite on.
[19:32:26] <jeremyb>	 RoanKattouw: 4am? oh, you're not CEST huh
[19:32:32] <^demon>	 "gerrit" is the instance that's running the live gerrit-dev.wmflabs.org
[19:32:33] <jeremyb>	 RoanKattouw: so that's 5:30am ?
[19:32:43] <^demon>	 And "gerrit-build" is a new instance with maven on it I set up for building gerrit.
[19:33:20] <RoanKattouw>	 Oh, right, DSG
[19:33:22] <RoanKattouw>	 *DST
[19:33:26] <RoanKattouw>	 It's UTC-7 here in summer, not UTC-8
[19:33:38] <RoanKattouw>	 jeremyb: I was in CEST until February, I live in PDT now
[19:34:17] <OrenBochman>	 I will probably want to build wars in my local maven based dev environment and test in gerrit project. gerrit-puppet-overhaul instance.
[19:34:48] <^demon>	 Step 1 is getting the puppet fixes done.
[19:34:52] <^demon>	 I'll poke at that a bit now.
[19:35:00] <OrenBochman>	 great
[19:35:15] <^demon>	 Step 2 is getting a build environment where we can maven package and then build the debian package from that.
[19:35:24] <OrenBochman>	 I got to go soon but I may have some time to look at ldap + gerrit code tommorow
[19:35:46] <jeremyb>	 RoanKattouw: right, i know *someone* moved, i just can never remember who. I'm open to mnemonics ;)
[19:35:55] <OrenBochman>	 are you working on gerrit's code or your own version
[19:36:01] <RoanKattouw>	 Oh lots of people moved recently
[19:36:13] <OrenBochman>	 i.e. local git or thier;s
[19:36:28] <RoanKattouw>	 There's like 4 or 5 European people here in the office that moved here in 2012
[19:36:40] <RoanKattouw>	 Or more
[19:36:49] <jeremyb>	 and how many reverse moves?
[19:36:53] <^demon>	 OrenBochman: Everything we're doing is using vanilla upstream. Anything I've fixed I've pushed there.
[19:37:09] <RoanKattouw>	 None that I know of this year
[19:37:14] <OrenBochman>	 is that a branch or an explression
[19:37:25] <jeremyb>	 RoanKattouw: try march last year? ;)
[19:37:31] <OrenBochman>	 ;-)
[19:37:46] * RoanKattouw  forgets who reverse-moved in March 2011

[19:37:58] <jeremyb>	 RoanKattouw: oh, *that* troll... he's become a regular. i think maybe he's just a spammer and not even a troll. (maybe he has no idea what wikimedia is?). anyway, i have a strong feeling that it's a completely manual process. he also always /msg's to ask why i banned after i ban
[19:38:03] <jeremyb>	 RoanKattouw: apergos!
[19:38:09] <RoanKattouw>	 Oh right
[19:38:35] <OrenBochman>	 btw is fixing ldap issues the top issue for gerrit ?
[19:38:58] <OrenBochman>	 or is there something more urgent which I should look into ?>
[19:39:09] <Ryan_Lane>	 not really. it's only a problem for the operations group mostly
[19:39:17] <Ryan_Lane>	 since the other groups are internal gerrit groups
[19:39:24] <Ryan_Lane>	 OrenBochman: ^demon would know best
[19:39:46] <OrenBochman>	 I  am asking him 
[19:40:02] <^demon>	 I haven't looked at it at all.
[19:40:05] <OrenBochman>	 since he now has to assign people repos himself
[19:40:13] <^demon>	 The keys issue is a PITA though.
[19:40:26] <Ryan_Lane>	 yeah. it is
[19:40:28] <OrenBochman>	 PITA == ?
[19:40:31] <jeremyb>	 Ryan_Lane: what problem? not being able to add ops as a reviewer?
[19:40:42] <^demon>	 OrenBochman: Pain In The Ass.
[19:40:49] <OrenBochman>	 I agree
[19:41:02] <OrenBochman>	 it slows other stuff down
[19:41:25] <OrenBochman>	 I'll have some time this week to look at it
[19:42:57] * jeremyb  will bbl

[19:42:59] <^demon>	 Ryan_Lane: https://gerrit.wikimedia.org/r/#/c/16971/ <3
[19:44:10] <Ryan_Lane>	 jeremyb: yes
[19:44:22] <Ryan_Lane>	 because gerrit expands groups into reviewers
[19:44:25] <Ryan_Lane>	 which is dumb
[19:44:38] <Ryan_Lane>	 gerrit should understand the concept of a group as a reviewer
[19:44:41] <jeremyb>	 "expands"?
[19:44:53] <jeremyb>	 does that mean it adds each member individaully?
[19:44:53] <Ryan_Lane>	 when you add a group, it adds the members
[19:45:36] <jeremyb>	 ...
[19:48:37] <jeremyb>	 well IMHO it doesn't need to be perfect, (or at least we don't have to wait for it to be) i'm happy to go with my original proposal. create a dummy account for "the wind" and let people ask the wind for review if they don't want to ask a specific person (or if they've already asked and waited for a specific person and now want to open it up to more reviewers)
[19:49:18] <jeremyb>	 then people looking for stuff to review can just go to the dashboard for that dummy user (after e.g. going through the dashboard for themself)
[19:49:45] <^demon>	 Dashboards are private in 2.5
[19:49:50] <jeremyb>	 ugh
[19:50:02] <jeremyb>	 we don't have a choice to make them public
[19:50:03] <jeremyb>	 ?
[19:50:23] <jeremyb>	 that seems like the kind of thing people could grow to rely on
[19:50:25] <^demon>	 Not that I know of. They were never really intended to be public.
[19:50:44] <^demon>	 Which is why they're based on totally opaque UIDs.
[19:51:23] <jeremyb>	 well they are presumably the same IDs that are used for those people in other places
[19:51:58] <^demon>	 No, they just use the index user id, like 1, 2, 3.
[19:52:20] <jeremyb>	 right...
[19:52:50] <^demon>	 For searching and such, you should use e-mail addresses or user names.
[19:52:57] <jeremyb>	 yeah
[19:57:04] <jeremyb>	 RoanKattouw: hah, now i know why you asked me in particular about the troll
[19:58:43] <RoanKattouw>	 I didn't notice you were opped
[19:58:50] <RoanKattouw>	 I just picked a name I knew off the access list
[19:59:03] <jeremyb>	 okey, nvm then
[20:11:51] <tfinc>	 Ryan_Lane: can you confirm if i'm a member of the 'bastion' project. i can't log into the bastion host
[20:12:48] <Ryan_Lane>	 what's your username?
[20:13:00] <Ryan_Lane>	 you aren't in bastion
[20:13:26] <tfinc>	 tfinc
[20:13:47] <Ryan_Lane>	 you are now
[20:14:07] <Ryan_Lane>	 your shell account name is tomasz
[20:14:14] <Ryan_Lane>	 wiki name is tfinc
[20:14:14] <Ryan_Lane>	 heh
[20:14:29] <tfinc>	 is that because my old svn account was 'tomasz' ?
[20:14:33] <Ryan_Lane>	 yes
[20:15:27] <tfinc>	 works for me. thanks for the clear docs on labs for this. i hopped on here asking about this after reading "Accessing public and private instances" :D
[20:15:35] <tfinc>	 documentation FTW
[20:19:12] <Ryan_Lane>	 heh
[20:19:18] <Ryan_Lane>	 yeah. nice to have docs :)