[00:02:48] <Damianz>	 If I add a reviewer in gerrit do I spam them?
[00:03:24] <Ryan_Lane>	 I don't know if spam is the right word, but yes
[00:04:26] <Damianz>	 Well sorry for 'spamming' then :P
[00:04:49] <Damianz>	 I suppose technically you subscribed to it so it's not un-soliciated therefore not spam
[00:05:27] <Damianz>	 https://github.com/WhiteHouse/petition < oh shit, they use drupal
[00:05:31] <Damianz>	 Explains the state of the goverment
[00:32:37] <Damianz>	 oh diaf
[00:32:56] <Damianz>	 Ryan_Lane: Does the upgrade fix the stupid dns records missing issue? :)
[00:33:58] <Ryan_Lane>	 that's already fixed
[00:34:03] <Ryan_Lane>	 I put a live-hack in
[00:35:02] <Damianz>	 'fixed' doesn't seem so fixed
[00:35:15] <Ryan_Lane>	 maybe I missed some instances
[00:35:25] <Ryan_Lane>	 or are you talking about one that was deleted/recreated?
[00:35:33] <Damianz>	 Yeah
[00:35:43] <Damianz>	 It was there, deleted it, removed fine, created, no a record
[00:36:04] <Damianz>	 Alternativly a re-install with same config would be awesome :D
[00:36:06] <Ryan_Lane>	 currently there's no instances with broken ds
[00:36:08] <Ryan_Lane>	 *dns
[00:36:26] <Ryan_Lane>	 after the upgrade I can add the ability to resize instances
[00:36:28] <Ryan_Lane>	 and rename instances
[00:37:02] <Ryan_Lane>	 so reinstall with same config will be less necessary
[00:37:09] <Damianz>	 :D
[00:37:11] <Damianz>	 Weird...
[00:37:22] <Damianz>	 dig hostname = no A record, dig full hostname = A record
[00:37:26] <Damianz>	 Damn you pdsn packet cache
[00:37:28] <Ryan_Lane>	 also, if you use project storage rather than local storage, and use puppet them a reinstall with the same config is already possible ;)
[00:37:33] <Damianz>	 s/pdsn/pdns/
[00:37:50] <Ryan_Lane>	 dig requires fqdn
[00:37:53] <Ryan_Lane>	 host doesn't
[00:38:11] <Ryan_Lane>	 also. you'll love this
[00:38:14] <Ryan_Lane>	 hostnames will be instance names
[00:38:16] <Damianz>	 Well ssh doesn't work either ;P
[00:38:17] <Ryan_Lane>	 not instance ids
[00:38:30] <Ryan_Lane>	 which hostname isn't working right now?
[00:38:46] <Ryan_Lane>	 delete/recreate with the same name causes dns cache issues
[00:38:47] <Damianz>	 bots-cb-dev, might just be the cache though as I'm being impacient
[00:38:57] <Damianz>	 And yeah that would be awesome because id-xxxx is really un-useful :D
[00:39:05] <Damianz>	 err i- not id-
[00:40:03] <Ryan_Lane>	 yeah
[00:40:07] <Ryan_Lane>	 it'll still be that for puppet
[00:40:28] <Ryan_Lane>	 but, hostname -fqdn will be based on the instance name
[00:40:53] <Ryan_Lane>	 ok. gotta run
[00:41:11] <Damianz>	 sounds energetic
[00:41:12] <Damianz>	 have fun
[11:40:13] <^demon>	 A-ha! https://gerrit-review.googlesource.com/#/c/37660/ will make it into 2.5 :)
[11:40:17] * ^demon  does a happy dance

[11:40:39] <^demon>	 (got it in master last night)
[11:41:14] <saper>	 when is the closing bell?
[11:41:21] <saper>	 need to rebase my stuff :(
[11:41:52] <^demon>	 rc0 is out, so need to get it in master before rc1 prolly.
[11:42:29] <saper>	 ok
[11:42:31] <^demon>	 Dunno what the timeline is--Edwin is doing release management for this one.
[11:42:39] <saper>	 need to drop another project and do that
[15:13:21] <Platonides>	 why is it painfully slow to simply untar a file?
[15:33:10] <andrewbogott>	 paravoid:  Have a minute to answer puppet questions?
[15:38:14] <andrewbogott>	 I'm stumped by the fact that when I reference a class I get an error that it's unknown.  But when I include the manifest that defines the class, puppet instantiates the class before I'm ready.
[15:44:48] <paravoid>	 shoot
[15:50:12] <andrewbogott>	 paravoid:  By 'shoot' do you mean 'go ahead and ask the question'?  Because I just did :)
[15:51:01] <andrewbogott>	 I think my general question is, "Is it OK for me to think of puppet as having classes and objects and distinguishing between them, just like in any other OO language?"
[15:54:14] <paravoid>	 no :)
[15:54:46] <andrewbogott>	 Damn.
[15:55:14] <andrewbogott>	 I've been reading the puppet language guide again but am still unclear on when a class is merely defined and when it is actually… instantiated.
[15:55:34] <andrewbogott>	 Partly because the docs seem to use the word 'declare' to mean 'instantiate'...
[15:56:02] <andrewbogott>	 All I want right now is to be able to /refer/ to the name of a class, without having to first cause that class to actually create all of the files that it creates.
[15:57:31] <andrewbogott>	 paravoid:  http://pastebin.com/AKvmnF12  <- doesn't work because puppet doesn't know what gerrit::jetty is.
[15:58:14] <paravoid>	 is there a class gerrit:jetty?
[15:58:29] <paravoid>	 if so, it needs to be $declared first for that manifest to work
[15:58:34] <paravoid>	 and by $declared I mean "include"
[15:58:53] <andrewbogott>	 Right, but when I include it, puppet goes ahead and does everything that the class does.
[15:58:55] <andrewbogott>	 Before I'm ready.
[15:59:09] <andrewbogott>	 Creates files and such.  
[15:59:58] <andrewbogott>	 …hence my confustion between 'define' and 'instantiate'.  I want puppet to know about gerrit:jetty but I don't want to actually create one yet.
[16:01:38] <andrewbogott>	 paravoid:  Here is gerrit::jetty:  http://pastebin.com/M57nKXUW
[16:02:27] <paravoid>	 I don't understand what you're trying to achieve
[16:02:34] <paravoid>	 class foo { } makes the class known to puppet
[16:02:44] <paravoid>	 but if you don't include it it won't do anything
[16:02:54] <paravoid>	 and hence before => on something that's included does not make sense
[16:03:01] <paravoid>	 you're saying "before" something that will never happen
[16:03:14] <andrewbogott>	 OK.
[16:04:00] <andrewbogott>	 I want gerrit::jetty to happen after the 'labs' class is created.
[16:04:08] <andrewbogott>	 So maybe my problem is just misunderstanding what 'before' does.
[16:04:25] <andrewbogott>	 I thought that it was the same as 'require' only reordered.
[16:04:37] <paravoid>	 you want all the stuff in gerrit::jetty to happen after all the stuff in labs happened?
[16:05:16] <andrewbogott>	 Well… gerrit::jetty creates files from templates, and those templates do variable lookups on role::gerrit::labs.
[16:05:27] <andrewbogott>	 So I need role::gerrit::labs to be defined beforehand.
[16:05:45] <andrewbogott>	 I'm refactoring code (not mine) which does things in the wrong order, hence all the template refs from gerrit:jetty are broken.
[16:06:03] <paravoid>	 template expansion happens at the end iirc
[16:06:10] <paravoid>	 so it shouldn't matter
[16:06:19] <paravoid>	 but that's wrong nevertheless
[16:06:19] <andrewbogott>	 really?
[16:06:24] <andrewbogott>	 Dammit, I wonder what's happening then
[16:06:36] <paravoid>	 role::gerrit::labs should call gerrit::jetty parameterized
[16:06:56] <paravoid>	 the templates in gerrit::jetty should not reference variables off role::gerrit::labs
[16:07:00] <paravoid>	 it might work, but it's a layering violation
[16:07:03] <paravoid>	 of our structure
[16:07:15] <paravoid>	 we're supposed to layer role classes on top of "base" classes
[16:08:08] <andrewbogott>	 ok.  So, gerrit:jetty should take parameters from role:gerrit::labs…  and then the templates used by gerrit:jetty should refer to values in gerrit:jetty that were filled in by those params.
[16:08:10] <andrewbogott>	 Yes?
[16:10:25] * Damianz  yawn

[16:11:09] <andrewbogott>	 paravoid:  It may be that my problem is assuming that the existing code is "probably mostly right" rather than "probably completely messed up."
[16:11:32] <paravoid>	 yes what you said above is correct
[16:12:05] <paravoid>	 you might want to use gerrit::jetty from role::gerrit::foo in the future 
[16:12:19] <paravoid>	 which could parametize gerrit::jetty a bit differently
[16:12:29] <paravoid>	 and role::gerrit::foo should have nothing to with role::gerrit::labs
[16:12:54] <Damianz>	 paravoid: If you have some free time later I managled https://gerrit.wikimedia.org/r/#/c/21307/ up last night, I'll be surprised if it works :)
[16:12:55] <paravoid>	 am I making any sense?
[16:13:00] <andrewbogott>	 Yeah, in fact there are three different role:gerrits defined already, so I'm already forced to do that part right :)
[16:13:08] <Damianz>	 Also it would be cool if someone merged https://gerrit.wikimedia.org/r/#/c/21297/ so nagios will get fixed and become useful again.
[16:14:21] <andrewbogott>	 paravoid:  And, I was already confused/annoyed at the circularity of the existing code, so it's reasurring that you regard that as unacceptable.
[16:14:33] <paravoid>	 right
[16:15:00] <paravoid>	 well defined layers help readability/debuggability too
[16:15:14] <paravoid>	 I can only guess how messed up that must be
[16:15:17] * andrewbogott  nods

[16:15:47] <andrewbogott>	 I'm an incrementalist by nature, so I often find myself mired in tarpits not of my own making when I should just be starting from scratch.
[16:16:17] <andrewbogott>	 Well, especially when working in a language that I barely understand :(
[16:28:18] <^demon>	 andrewbogott: That tarpit was even worse before ;-)
[16:28:58] <andrewbogott>	 Yeah, it's clear that I need to rise to your level of boldness when refactoring :)
[16:30:03] <^demon>	 Be bold [when updating puppet manifests] :)
[17:21:42] <andrewbogott>	 ^demon:  The more I look at this the less I know.
[17:22:17] <andrewbogott>	 What does it mean that gerrit::instance is defined /inside/ the 'gerrit' class, whereas gerrit::jetty is declared outside the class but with the explicit gerrit:: prefix?
[17:22:50] <^demon>	 That shouldn't make a difference, afaik. A lot of that stuff is old.
[17:23:04] <andrewbogott>	 hm...
[17:23:06] * andrewbogott  tries rearranging

[17:24:25] <^demon>	 Might be nice to just move it all inside gerrit.
[17:25:47] <andrewbogott>	 I just moved jetty inside but it didn't help, I still get Invalid resource type gerrit::jetty
[17:25:50] <andrewbogott>	 wtf?
[17:26:33] <^demon>	 If you move it inside but don't rename, it'd be gerrit::gerrit::jetty?
[17:26:41] <andrewbogott>	 I moved and renamed.
[17:26:45] <^demon>	 Hrm.
[17:26:52] <andrewbogott>	 Why can it find puppet::instance but not puppet::jetty?
[17:26:59] <andrewbogott>	 I must be making some dumb syntactic mistake
[17:27:24] <andrewbogott>	 http://pastebin.com/GfV93Jwb <- obvious syntactic mistake?
[17:30:00] <^demon>	 I've never seen it done like that--with the instance passed to the other classes.
[17:30:18] <andrewbogott>	 ok, but it's not getting as far as caring about the param is it?
[17:30:18] <^demon>	 I have no idea anymore--I'm in way over my head.
[17:31:01] <andrewbogott>	 Adding the instance as a param is an attempt to follow paravoid's advice, earlier.
[17:31:21] <andrewbogott>	 But I'm stuck at roughly the same place as before, which is that puppet keeps claiming to have never heard of puppet::jetty
[17:33:13] <andrewbogott>	 paravoid:  <tiny>help?</tiny>
[18:01:56] <andrewbogott>	 Ryan_Lane:  Because I'm asking everyone… here is my current puppet puzzle:  http://pastebin.com/JJEzPRHD
[18:15:06] <Ryan_Lane>	 andrewbogott: because one is a definition and the other is a class
[18:15:15] <Ryan_Lane>	 you invoke paramaterized classes differently
[18:15:26] <Ryan_Lane>	 class { "class::name":
[18:15:51] * andrewbogott  looks for an example

[18:17:29] * Damianz  pokes Ryan_Lane and wonders if he wants to merge a change into puppet

[18:18:24] <andrewbogott>	 Ryan_Lane:  OK, that makes sense, and seems to get me unstuck (or, rather, back to the problem I had before, at least.)
[18:18:35] <Ryan_Lane>	 Damianz: which change?
[18:19:42] <Damianz>	 https://gerrit.wikimedia.org/r/#/c/21297/
[18:19:46] <Damianz>	 fixes the ip for nrpe
[18:20:07] <Damianz>	 Also can we actually delete the test branch now :P 
[18:21:01] <Ryan_Lane>	 I thought it was already ficed
[18:21:03] <Ryan_Lane>	 *fixed
[18:21:12] <Ryan_Lane>	 120 isn't correct?
[18:21:28] <Damianz>	 I don't believe so
[18:21:33] <Ryan_Lane>	 it is
[18:21:36] <Ryan_Lane>	 it definitely is
[18:21:39] <Damianz>	 Really?
[18:21:41] <Ryan_Lane>	 10.4.0.120
[18:21:44] <Ryan_Lane>	 I'm on the system right now
[18:21:51] <Ryan_Lane>	 ahhhh
[18:21:58] <Ryan_Lane>	 wait no
[18:21:59] <Damianz>	 Sure it's the right one
[18:22:13] <Ryan_Lane>	 120 is the correct address, though
[18:22:37] <Damianz>	 hmm mk
[18:22:53] <Ryan_Lane>	 5666 is allowed from 10.4.0.0/24
[18:22:58] <Ryan_Lane>	 in the security groups
[18:23:16] <Damianz>	 allowed_hosts=10.4.0.120 should be right then
[18:23:21] <Ryan_Lane>	 yes
[18:23:48] <Damianz>	 So why do I see no traffic from that host to an instance and/or why is nrpe not connecting to the instance properly
[18:24:59] <Ryan_Lane>	 I'm thinking nrpe is not running properly on the server, maybe
[18:25:08] <Ryan_Lane>	 because I just just connectivity and it's working
[18:25:18] <Ryan_Lane>	 (No output returned from plugin) 
[18:25:21] <Damianz>	 That could be a valid reason
[18:25:22] <Ryan_Lane>	 that's not the same as can't connect
[18:25:31] <Ryan_Lane>	 I just restarted nagios3 on the server
[18:27:47] <Damianz>	 Hmm I'll check it in a while then, weird though as it's not /all/ servers just a large chunk of them
[18:28:03] <Damianz>	 2012-08-24 18:27:43] Warning: Return code of 127 for check of service 'Free ram' on host 'nagios' was out of bounds. Make sure the plugin you're trying to run actually exists.
[18:28:10] <Damianz>	 would explain something though
[18:28:19] <Ryan_Lane>	 yeah
[18:28:20] * Damianz  didn't realise the log was actually open now

[18:28:22] <Ryan_Lane>	 that somehow went away
[18:28:28] <Ryan_Lane>	 but the other checks shoudl work
[18:28:35] <Ryan_Lane>	 it was lost in the test->prod merge
[18:28:49] <Damianz>	 Ah, yeah that went more messy than it should have done :P
[18:29:30] <Damianz>	 Hmm, what timezone is this box actually in?
[18:29:50] <Damianz>	 It's like utc but I'd of thought sf
[18:30:36] <Damianz>	 Oh I seee
[18:31:06] <Damianz>	 Ryan_Lane: Looks like the syntax for check_nrpe is wrong, looking at status info anyway.
[18:31:26] <Ryan_Lane>	 it's utc
[18:31:29] <Ryan_Lane>	 all are in utc
[18:31:48] <Ryan_Lane>	 the servers are in tampa, why would they be in sf time? :)
[18:31:51] <Damianz>	 <3 utc
[18:32:03] <Ryan_Lane>	 our servers are global, so utc is the only time that makes any sense
[18:32:07] <Damianz>	 tampa is near enough sf, you do realise our entire country is like downtown for you? :P
[18:32:31] <^demon>	 Near as in "3 timezones away?"
[18:32:33] <Ryan_Lane>	 sf -> tampa is the equivalent of one side of europe to the other. heh
[18:33:49] <Damianz>	 At least they're not in russia :)
[18:34:30] <RoanKattouw>	 Hah
[18:34:34] <RoanKattouw>	 It's actually significantly farther
[18:34:41] <RoanKattouw>	 SF-Tampa is 2,393 miles
[18:34:48] <RoanKattouw>	 Belfast-Istanbul is 1,856 miles
[18:35:12] <Damianz>	 hmm
[18:35:21] <RoanKattouw>	 Lisbon-Moscow works, that's 2,436
[18:35:24] <RoanKattouw>	 *2,437 mi
[18:35:32] <^demon>	 RoanKattouw: WHY DO YOU KNOW THESE THINGS?
[18:35:43] <RoanKattouw>	 ^demon: Cause I'm looking them up as I type
[18:35:50] <Damianz>	 I've just realised... bleh I was right
[18:36:04] <Damianz>	 Dublin office *is* closer to me than the London office *profit*
[18:36:14] <Damianz>	 By about 13miles...
[18:37:13] <^demon>	 RoanKattouw: It's more fun when I imagine you just spouting off distances between two arbitrary locations like anyone should know it :p
[18:37:48] <Damianz>	 I was thinking more stood infront of a huge map with a pointy stick wearing nerdy glasses like old school news
[18:39:28] <Damianz>	 "Analyzing CFEngine Logs with Splunk" < bad subject to read quickly
[18:40:36] <^demon>	 CF? As in...ColdFusion?
[18:41:19] <Damianz>	 Nah, it's a config management system written in I believe C
[18:41:51] <^demon>	 Ah, much better. I was like...people still use ColdFusion?
[18:42:09] <Damianz>	 Linode still uses ColdFusion, never liked it personally
[18:42:43] <StevenW>	 Yo Lane. Can I have a wikitech account?
[18:42:59] <Damianz>	 lol
[18:43:00] <StevenW>	 http://wikitech.wikimedia.org/view/Event_tracking <- my team wants help with docs like these
[18:43:13] <Damianz>	 Why does "Yo Lane" sounds like the start of a rap song
[18:43:17] <^demon>	 "Adobe claims that people are continuously adopting it, but the general attitude seems to be that Adobe is full of shit in that regard."
[18:43:25] <Damianz>	 LOL
[18:43:26] <StevenW>	 Everything I say sounds like a rap song, dawg.
[18:43:46] <StevenW>	 ;)
[18:43:47] <^demon>	 StevenW: E-mail address? Account name?
[18:43:58] <StevenW>	 swalling@wikimedia.org, Steven Walling
[18:44:25] <^demon>	 "A randomly generated password for Steven Walling has been sent to swalling@wikimedia.org."
[18:44:33] <StevenW>	 You're a prince among men.
[18:44:40] <Damianz>	 I really need to stop eating on my bed when I have a perfectally good desk and couch. Damn crumbs
[18:45:05] <^demon>	 StevenW: Have fun :)
[18:48:54] <Damianz>	 Hmm, can you have multiple alternative accounts on wikipedia without breaking the sockpuppet rules?
[19:04:39] <andrewbogott>	 Ryan_Lane, paravoid:  The gerrit::jetty class (created here http://pastebin.com/Zs7GHETJ) creates files from templates, and those templates need access to variables defined in the 'instance' that is passed into the jetty class.
[19:04:45] <andrewbogott>	 Any idea what scope.lookupvar magic will get me that?
[19:05:12] <Ryan_Lane>	 you should make those local variables
[19:05:26] <Ryan_Lane>	 meaning, in the manifest, pull the variables from the class into local variables
[19:05:58] <andrewbogott>	 You mean, make them local to the jetty class?
[19:06:18] <Ryan_Lane>	 yes
[19:06:27] <andrewbogott>	 And then how do I refer to them in the template?
[19:06:34] <Ryan_Lane>	 as local variables :)
[19:06:54] <andrewbogott>	 Oh, so, just ${varname}
[19:07:09] <andrewbogott>	 I can't do something like ${instance::varname}?
[19:07:12] <Ryan_Lane>	 well, <%= varname %>
[19:07:41] <andrewbogott>	 clearly I need to read the template docs
[19:07:44] <Ryan_Lane>	 heh
[19:08:23] <Damianz>	 I was nearly impressed with how well erb can handle hases/arrays. Though it was annoying that it seemed to randomly sort the keys causing template changes when the data was the same.
[19:08:25] <andrewbogott>	 But, my question about looking inside $instance (which is a local variable) still stands.  Possible?
[19:11:16] <Ryan_Lane>	 why not just pass the variables into the jetty class?
[19:11:41] <Ryan_Lane>	 you're passing them into the instance class, right?
[19:12:18] <^demon>	 Prolly could get rid of the common class so we don't have to pass through that.
[19:12:49] <andrewbogott>	 Ryan_Lane:  At the moment, the instance class generates a bunch of things
[19:13:34] <Ryan_Lane>	 it's likely best to have all the config in the role
[19:13:43] <Ryan_Lane>	 that way you can pass it in where needed
[19:13:56] <andrewbogott>	 Maybe.  Trying to share some of the config work between multiple roles.
[19:14:25] <Ryan_Lane>	 see how I'm doing it in the ldap role
[19:14:33] <Ryan_Lane>	 I put the config in a separate class
[19:14:40] <Ryan_Lane>	 then I can reference it from multiple places
[19:16:07] <andrewbogott>	 I'm sure your design suggestions are right, but I still want to know the answer to my question :)
[19:16:20] <andrewbogott>	 The docs say I can do it but then don't really say how :(
[19:16:24] * andrewbogott  reads more

[19:24:32] <Ryan_Lane>	 there's a scope lookup
[19:24:35] <Ryan_Lane>	 inside of templates
[19:24:42] <Ryan_Lane>	 the docs used to recommend it
[19:24:45] <Ryan_Lane>	 they don't any more
[19:25:31] <Damianz>	 "Lance Armstrong takes drugs and wins the hardest bike race in the world 7 times. Programmers take drugs and what do we get? Node.js."
[19:29:29] <^demon>	 s/Node.js/Ruby/
[19:30:53] <Damianz>	 I think node falls into the same group as ruby :D
[20:20:48] <Platonides>	 how to mount project storage?
[20:31:54] <andrewbogott>	 Ryan_Lane:  I imagine, perhaps foolishly, that scopes are nested.  So, scope lookup gets things from the global scope, but I am wondering about whether the local scope itself has subscopes.  local::subscope::variablethatisinsubscope
[20:32:15] <andrewbogott>	 um… also maybe I should be saying 'namespace' instead of 'scope' :(
[20:47:59] <Ryan_Lane>	 Platonides: it's automount
[20:48:11] <Ryan_Lane>	 Platonides: just access inside of /data/project
[20:48:16] <Ryan_Lane>	 it'll mount itself
[20:49:39] <Platonides>	 bash: cd: /data/project: No such file or directory
[20:52:13] <wm-bot>	 Change on 12mediawiki a page Developer access was modified, changed by Sumanah link https://www.mediawiki.org/w/index.php?diff=575510 edit summary: /* User:Nbprithv */ 
[20:52:19] <Damianz>	 https://fbcdn-sphotos-h-a.akamaihd.net/hphotos-ak-ash3/575763_383677978346951_1587375987_n.jpg
[20:53:03] <wm-bot>	 Change on 12mediawiki a page Developer access was modified, changed by Sumanah link https://www.mediawiki.org/w/index.php?diff=575512 edit summary: /* User:Solon */ 
[20:53:44] <wm-bot>	 Change on 12mediawiki a page Developer access was modified, changed by Sumanah link https://www.mediawiki.org/w/index.php?diff=575514 edit summary: /* User:Euloiix */ 
[20:59:47] <Platonides>	 Ryan_Lane, it doesn't automount
[21:00:43] <Ryan_Lane>	 Platonides: which instance?
[21:00:59] <Platonides>	 sube
[21:01:14] <Platonides>	 I created it a few hours earlier
[21:03:32] <Platonides>	 so it shouldn't have broken...
[21:03:59] <Platonides>	 OTOH, if at some point automountng broke, old instances may have continued running
[21:05:30] <Ryan_Lane>	 ok. gimme a min
[21:06:18] <Ryan_Lane>	 hm
[21:06:21] <Ryan_Lane>	 auth failed
[21:06:27] <Ryan_Lane>	 I wonder if the script is failing
[21:07:01] <Platonides>	 this process is running: /usr/sbin/automount -DGSERVNAME=projectstorage.pmtpa.wmnet -DSERVNAME=labs-nfs1...
[21:07:18] <Platonides>	 and there's also /usr/sbin/glusterfs
[21:08:04] <Platonides>	 there's a waiting time when I do a ls of /data/project
[21:08:17] <Platonides>	 so I guess it's trying to access but failing
[21:08:47] <Platonides>	 could this be related? [514.012471] svc: failed to register lockdv1 RPC service (errno 97)
[21:10:30] <Platonides>	 I have now six copies of /usr/sbin/glusterfs --volfile-id=/tor-project --volfile-server=projectstorage.pmtpa.wmnet /data/project
[21:10:42] <Platonides>	 seems there's one spawned each time I try to access it
[21:18:02] <Platonides>	 seems to be a simple /bin/mount call in the background
[21:19:58] <Platonides>	 why is it called with -f (aka. --fake) ?
[21:20:36] <Platonides>	 mkdir: cannot create directory `/data/project': No such file or directory
[21:20:39] <Platonides>	 this is crazy
[21:20:51] <Platonides>	 is it possible that the project storage folder itself is missing?
[22:37:14] <Ryan_Lane>	 Platonides: crap, sorry. I found a security vulnerabilty in something and needed to handle it upstream
[22:37:21] <Ryan_Lane>	 let me look at that issue again
[22:38:52] <Damianz>	 <Platonides> this is crazy < Damn you for putting that song in my head
[22:39:13] <Ryan_Lane>	 Platonides: the automount is failing because the server is rejecting it
[22:40:23] <Ryan_Lane>	 seems that it's in the auth.allow lsit
[22:40:25] <Ryan_Lane>	 *list
[22:40:45] <Platonides>	 whoops
[22:40:57] <Platonides>	 of course, security vulns are more important :)
[22:41:17] <Platonides>	 if you can see why the server doesn't like this instance...
[22:43:23] <Ryan_Lane>	 seems this is yet another fucking glusterfs bug
[22:44:10] <Platonides>	 lol
[22:44:50] <Ryan_Lane>	 occasionally it loses its shit and ignores new entries into the auth.allow list
[22:45:00] <Ryan_Lane>	 I hate this filesystem
[22:45:50] <Platonides>	 btw, I found /home (nfs) really slow
[22:45:57] <Ryan_Lane>	 yes
[22:46:04] <Ryan_Lane>	 it's on a single instance
[22:46:08] <Platonides>	 extracting a 17M tbz
[22:46:13] <Ryan_Lane>	 don't use home :)
[22:46:20] <Platonides>	 46m31.764s
[22:46:31] <Platonides>	 /tmp: 0m13.281s
[22:46:32] <Ryan_Lane>	 home should only be used for environment
[22:46:42] <Ryan_Lane>	 it'll eventually switch to glusterfs project storage
[22:46:50] <Ryan_Lane>	 right now it all goes to a single underpowered instance
[22:47:06] <Ryan_Lane>	 it was a temporary solution while we wanted for gluster to be stable
[22:47:08] <Platonides>	 now, when project storage works...
[22:47:11] <Ryan_Lane>	 and here we are. still waiting
[22:47:54] <Platonides>	 I'll try again tomorrow
[22:48:04] <Platonides>	 good night
[22:48:52] <Ryan_Lane>	 night
[22:49:25] <Ryan_Lane>	 I guess I can switch the servers to use iptables rather than gluster's broken auth.allow
[22:49:28] <Ryan_Lane>	 since it's always broken
[22:49:43] <Ryan_Lane>	 that's a lot of iptables rules, though
[22:51:05] <Ryan_Lane>	 andrewbogott: sooooo :)
[22:51:21] <Ryan_Lane>	 want to work on the gluster manage script some more?
[22:51:36] <Ryan_Lane>	 this may also be something you want to do in the gluster plugin for openstack
[22:51:37] <andrewbogott>	 sure.
[22:51:52] <Ryan_Lane>	 replace auth.allow with iptables rules
[22:51:59] <Ryan_Lane>	 back in a few mins
[22:52:11] <andrewbogott>	 'k
[23:11:20] <andrewbogott>	 Ryan_Lane:  Is it possible to have per-volume security using iptables?  Aren't all the volumes accessed via the same port?
[23:19:47] <Ryan_Lane>	 andrewbogott: back
[23:19:52] <Ryan_Lane>	 andrewbogott: each share uses a port
[23:20:21] <Ryan_Lane>	 now the question is, how do you get the port number...
[23:20:49] <Ryan_Lane>	 ugh. I locked gluster up on labstore1
[23:28:28] <andrewbogott>	 What's the specific problem with auth.allow?
[23:29:06] <Ryan_Lane>	 it doesn't work
[23:29:15] <Ryan_Lane>	 there's some bug with it
[23:29:20] <Ryan_Lane>	 it works for a while, then stops working
[23:29:26] <andrewbogott>	 Oh, perfect :(
[23:29:56] <Ryan_Lane>	 technically it just stops accepting changes to the list
[23:31:02] <andrewbogott>	 Any chance we could just have a cron restart gluster frequently?
[23:31:23] <andrewbogott>	 I'm looking at ways to get the port for a given volume… but I fear we'll be treading on an unpublished (hence unstable) api
[23:33:19] <Ryan_Lane>	 no. that could cause serious issues
[23:34:23] <Ryan_Lane>	 for instance. gluster is locked up on labstore1 because I tried to do just that
[23:34:40] <Ryan_Lane>	 but, I'm pretty sure the shares always use a specific port
[23:35:04] <andrewbogott>	 Looks like they do.  I'm just not sure how to determine what it is.
[23:35:10] <Ryan_Lane>	 people in the #gluster channel are already doing it
[23:35:12] <Ryan_Lane>	 yeah
[23:35:14] <Ryan_Lane>	 that's the hard part
[23:35:25] <Ryan_Lane>	 I really wish I could get this damn service to start
[23:36:09] <andrewbogott>	 part of the handshake between the gluster client and server involves discovering the port.  So we can pretend to be a cluster client… that's where the 'unpublished api' comes in
[23:36:49] <Ryan_Lane>	 oh. awesome. a segfault?
[23:37:16] <Ryan_Lane>	 I bet it's defined in the brick config
[23:37:28] <Ryan_Lane>	 ugh. we'd need to do this on all nodes, too
[23:37:31] <Ryan_Lane>	 this sucks
[23:37:39] <andrewbogott>	 The brick port is different from the share port, though
[23:38:07] <andrewbogott>	 Um… isn't it?  Or does each share need its own private bricks?  I can't remember
[23:38:14] <Ryan_Lane>	 there's brick config per share
[23:38:53] <andrewbogott>	 Oh, which is written out someplace by 'gluster volume create'?
[23:39:21] <Ryan_Lane>	 yeah
[23:39:24] <Ryan_Lane>	 it's all in config files
[23:40:55] <andrewbogott>	 There are a config files in e.g. /etc/glusterd/vols/juju-home/bricks
[23:41:03] <andrewbogott>	 But each just says "listen-port=0"
[23:41:06] <Ryan_Lane>	 heh
[23:42:05] <andrewbogott>	 well, wait, a few of these config files have valid port #s in them.
[23:42:12] <andrewbogott>	 I wonder why some and not all or none...
[23:44:34] <andrewbogott>	 For each share I've looked at, there's a port specified for the brick on labstore2.  The port is marked as 0 for every other host.
[23:45:27] <Ryan_Lane>	 bah / was full on labstore1
[23:45:32] <Ryan_Lane>	 no wonder it wouldn't start
[23:45:44] <Damianz>	 lol
[23:45:45] <Ryan_Lane>	 maybe that's also the reason that auth.allow wasn't working
[23:46:00] * andrewbogott  holds breath

[23:46:04] <Ryan_Lane>	 I hope
[23:46:32] <Ryan_Lane>	 bah apple-q
[23:46:40] <andrewbogott>	 We need a quick fix, you're due at the pub in 10 minutes.
[23:46:56] <Ryan_Lane>	 heh
[23:47:23] <Ryan_Lane>	 seems the auth.allow was wiped when I restarted too
[23:47:33] <Ryan_Lane>	 the script is fixing that
[23:47:58] <andrewbogott>	 Gluster just throws away all its security settings when the server restarts?
[23:49:34] <Ryan_Lane>	 it shouldn't
[23:49:46] <Ryan_Lane>	 I have no clue what's up with this shitty filesystem
[23:50:32] <Ryan_Lane>	 maybe this has something to do with / filling on labstore1, though
[23:50:40] <Ryan_Lane>	 I'm going to restart services everywhere
[23:50:44] <Ryan_Lane>	 we need an alert on that
[23:52:25] <Damianz>	 Awesome I just managed to kill mysql with locks
[23:52:33] <Ryan_Lane>	 heh
[23:53:52] <Damianz>	 Turns out piping the raw feed of 3 wikis in there is a bad idea, time to use redis for the queue.
[23:59:23] <Ryan_Lane>	 andrewbogott: gluster volume status shows the port
[23:59:52] <andrewbogott>	 So it does!  I didn't know there was 'status' in addition to 'info'
[23:59:58] <Ryan_Lane>	 it's new