[00:00:16] gluster only actually has read-write shares [00:00:27] if you want read-only you need to enable gluster's NFS support [00:00:34] yuck [00:00:54] doesn't gluster/nfs have issues with the newest nfs and ldap around it freaking out on users 'missing' or something? [00:01:11] I reacall a cloud provider talking about an issue relating to that which forced them back an nfs version. [00:01:23] well, I'm definitely seeing issues with the global dumps nfs share [00:01:43] though I'm wondering if that was due to some upgrade issue [00:02:04] I'm thinking of wiping all of the data in that, and having it re-sync [00:02:51] Tbh my main issue with nfs apart from it sucking in performance and randomly crapping out is it's a huge gaping SPOF for the entire cluster access wise and could in theory take a load of stuff down. Which probably makes me paraniod but gluster feels safer for the current use, even if proxied over nfs to the endpoint. [00:07:13] hi, how do I sudo inside my instance, so I can install gcc and perl packages? [00:07:21] `sudo`? [00:08:31] I get reported to the authorities when I do taht [00:09:18] I'm using the labsconsole passwd (that's ldap, right?) [00:09:28] Ryan_Lane: Do you think it's acceptable to enfore 1 user to 1 db for mysql rather than permit free creation of anything (which makes cp hard)? [00:09:33] gribeco: what instance? [00:09:38] bots-salebot [00:09:47] 'Edit conflict:' oh thanks wiki [00:09:49] just thanks [00:09:56] "gribeco is not allowed to run sudo on bots-salebot. This incident will be reported." [00:11:35] 1sec [00:11:50] no problem, thanks =) [00:12:01] try now [00:12:14] we have a slightly restricted sudo policy on bots [00:12:23] seems I didn't add that instance to the general group [00:12:46] it's still prompting me for a passwd, end then returning the same error message [00:12:57] 1sec [00:13:23] now? [00:13:51] same thing [00:13:55] hmm [00:14:29] Says you can't type [00:14:41] ok now says not authorized [00:14:42] hmm [00:14:57] I just tried a bad password to be sure that was not the problem [00:15:09] Logout, back in and try again. [00:15:12] I get the normal "Sorry, try again." when I do that [00:15:15] ok [00:15:36] It should be updated and I just restarted nslcd so it should be asking opendj again... [00:16:24] Failed. [00:16:29] yup [00:16:30] Woot [00:16:58] Ryan_Lane: Any ideas why sudo ldap isn't playing ball after adding a host to the default sudo policy for a project? [00:17:15] I assume you're trying sudo ls looking at the log [00:17:23] yes [00:17:32] cache [00:17:34] probably [00:17:42] I think sudo-ldap also caches [00:17:46] bleh [00:17:50] I hate caches sometimes [00:18:37] gribeco: Are you running anything currently? [00:18:43] Doesn't look like it from the process list. [00:18:49] no, it's okay to restart the instance [00:18:57] Cool, try it in a few [00:19:08] ok [00:19:29] And here boys and girls is how to clear a cache with a sledge hammer and just hope it isn't welded to your floor boards already. [00:20:23] It's back up by the way. [00:20:51] nope still failed. [00:20:56] yeah [00:21:03] * Damianz wonders if creating a new policy works [00:21:33] Try now? [00:21:37] I don't have anything valuable inside the istance, it's okay to terminate/re-create if necessary [00:21:46] I'll be surprised if creating a new policy works... [00:22:08] still bad [00:22:42] Aside from waiting a while I'm out of ideas then [00:23:09] ok, let's give it a while [00:24:40] Damianz: it caches on the filesystem [00:25:12] Any idea where? It's pretty much impossible to strace the process as it exits too quick [00:25:22] sec [00:26:32] /var/lib/sudo/ < as it's empty, wth is the point of creating a dir for each user.. [00:27:03] dunno [00:28:07] hmm [00:28:11] gribeco: try now just for kicks? [00:28:58] Apparently -K should clear up user creds... no idea if that applies to rights as well. [00:28:58] * gribeco is still getting kicked [00:29:13] sec [00:29:44] * Damianz looks at Ryan's internet history and sees 30 google searches =D [00:29:58] is it failing immediately, or asking you to keep retry your password? [00:30:07] Damianz: actually, I'm just working on a bunch of things at the same time ;) [00:30:18] it is failing on the 1st attempt, after entering the correct passwd [00:30:21] ok [00:30:34] That's no fun [00:30:39] (it fails differently with a bad passwd) [00:30:49] Fails with sudo: pam_unix(sudo:auth): authentication failure; then sudo: gribeco : user NOT authorized on host ; [00:31:09] DENIED. [00:32:14] I enabled debugging [00:32:18] gribeco: try now [00:32:33] * Damianz imagins the computer holding up a sign with 'tits or GTFO' [00:32:37] ah [00:32:39] I see the problem [00:32:42] this is a new instance [00:32:50] It is [00:33:00] access rules on opendj? heh [00:33:00] OpenStackManager is adding the i- name into LDAP [00:33:16] the instance's host name is bots-salebot [00:33:16] not the name [00:34:02] hm [00:34:09] not terribly sure how to fix this [00:34:11] I don't really see why we can't kill i-* and use name as the hostname and name.region.wmflabs as the fqdn to save confusion [00:34:30] old instances are still using the i- names [00:34:38] I *might* be able to fix that [00:34:52] we could just change the hostname of the instance [00:34:58] ugh [00:35:13] not easily [00:35:21] it's set through dhcp [00:35:27] urgh [00:35:40] seriously, why would you set that though dhcp. it's not like you're going to change it [00:35:51] well, actually, in this situation, it's helpful [00:35:59] because we probably do want to rename all of the older instances [00:37:12] This probably explains half my issues with getting nagios/snmp traps to match up hostname wise on a sidenote :P That's a work in progress that I probably need to revise my pending change for... though maybe switching to fqdns would switch this too. [00:38:00] well, this does use fqdns [00:38:09] the hostname of the system needs to match what's in LDAP, though [00:38:30] ah [00:38:56] gribeco: until I get this worked out, what do you need installed? [00:39:14] stupid nova changing the damn host name every fucking release [00:39:15] a bunch of perl packages, some have external dependencies like gcc [00:39:25] ah. hm. [00:39:29] even easier [00:39:30] * Damianz wonders back to reading about symptoms and side effects while trying to remember what he was going to do in puppet [00:39:35] manual policy on the host [00:40:00] Ryan_Lane: Well at least they give you the tools to manage your ip ranges, I mean look on the bright side of user friendlyness. [00:40:37] gribeco: ok, you can sudo on there now [00:40:45] Damianz: :D [00:41:37] yay! [00:43:15] you know what would be sort of nice [00:43:20] project subgroups [00:43:31] which you could apply classes and sudo policies to [00:44:07] so you could have a subgroup of database, web, app and just add an instance to a group and bamn all classes/security groups/sudo polciies apply and magic ponies shit rainbows [00:44:52] you're asking for a unicorn :) [00:45:14] that really wouldn't be very easy to do [00:45:59] nope, you'd either have to path nova or write a load of supporting code ontop of it. Nice thought though for some things and saves typing. [00:46:14] I'd happily take a 'clone' option that lets me create a new instance with the same settings as an existing one though. [00:46:32] yes [00:46:37] that's planned, whenever I get time to do it [00:46:48] there's a difficulty with that too, though [00:46:57] puppt breaks builds at least [00:47:02] our puppet manifests make it pretty likely that an instance configured that way won't fully build [00:47:05] which btw I'd sorta like to remote that form [00:47:10] s/remote/remove/ [00:47:21] that's why I hid it in an "advanced" section, with a warning [00:47:48] I never noticed that heh [00:47:58] Is there a warning to say you can't change security groups after too? [00:48:31] no. probably should be [00:51:10] i am getting ssh debug output on my instance shell it seems [00:52:53] did you ssh with -vv [00:53:48] Damianz: duh, of course i did, i told andrew earlier to do that :p [00:54:03] no complaining then :P [00:55:46] Apologies for hijacking your thread ryan =\ [00:56:22] no worries. it's true [00:58:45] !log wikistats - upgrading mariadb packages (yeah:) [00:58:46] Logged the message, Master [01:03:35] grrrr wtf [01:03:45] Ryan_Lane: Don't suppose you're playing with ldap stuff right now? [01:03:50] I'm not [01:03:51] why? [01:04:09] bots-sql2 won't let me login to ssh, 1 and 3 work fine [01:04:10] * Damianz frown [01:05:36] Weird and annoying, I wonder if it's doing the strange nfs thing again [01:13:39] hmm [01:13:51] what's the line betwean module and just banging it in a role class [01:14:13] it's allmost not worth even venturing into a module as these classes are so tiny but then role seems the wrong place [01:18:04] well, the classes will get larger [01:18:10] and we want everything to be a module [01:19:39] Even stuff that's just including other classes? [01:39:55] Damianz: including whicb classes? [01:40:03] everything that isn't a role class should be a module [01:40:14] role classes should only include classes from modules [01:40:28] with variables to modify behavior [01:40:49] node entries should include role classes. and set variables that can modify them [01:44:07] So what I'm doing really should then be in a role class [01:44:08] meh [01:44:13] it's going in a module for now [02:40:34] what's a rouge PhpMyAdmin install? vs non-rogue [02:43:02] You've never seen a red powdered PhpMyAdmin install? It looks like someone tried to circumcise you with bolt cutters after about a day due to all the exploits that get collected in your temp dir. [02:43:31] lol [02:43:32] ok [02:44:29] a recent version of phpMyAdmin installed intentionally w/ a reasonably-good password is OK, no? [02:48:57] * GChriss checks /tmp [02:49:30] Even an up to date version I'd suggest putting in a non-standard path behind http auth.. it's rather common for it to get exploited sadly [03:08:16] meh so my classes totally don't work, I'll revise these tomorrow I guess [03:14:51] Ryan_Lane: So I figured out the way not to do it in puppet :P [03:57:48] Seems like Gluster has its own conversion rates or something. 135MB on local storage = 163GB on Gluster, wtf?! [09:43:56] paravoid: hi :) I got an instance not responding… i--0000049c / integration-wikibugs has been assigned 10.4.0.249 but is unreachable from bastion1. 10.4.0.54 reports the destination as being unreacheable. [09:44:14] (in pmtpa) [09:45:11] maybe it is not acquiring an IP from the DHCP server (pool exhausted?) or some routing is wrong [09:45:27] other instances are reachable (such as 10.4.0.231) [10:21:55] !log bots giving rights to Mardetanha for the project [10:21:56] Logged the message, Master [10:22:13] Good you have your slaves :)) [10:25:51] 10/03/2012 - 10:25:51 - Created a home directory for mardetanha in project(s): bots [10:30:43] 10/03/2012 - 10:30:43 - User mardetanha may have been modified in LDAP or locally, updating key in project(s): bots [10:31:06] !log centralauth Created instance centralauth-mysql [10:31:07] Logged the message, Master [10:31:18] !log centralauth Installed mysql-server [10:31:19] Logged the message, Master [10:32:47] !log centralauth Install memcached on centralauth-frontend [10:32:48] Logged the message, Master [10:33:18] !log centralauth Installed MediaWiki for the main wiki [10:33:20] Logged the message, Master [10:39:42] petan: is there a reason gcc is not installed on bots-3? [10:42:18] I'm going to go ahead and install it [10:42:57] !log bots installed gcc on bots-3 [10:42:58] Logged the message, Master [11:46:24] Damianz who removed labs nfs? [11:46:27] I mean bots [11:46:37] there used to be nfs server [11:46:42] how does it work now? [11:46:50] documentation plis [13:32:55] @infobot-detail ping [13:32:55] Info for ping: this key was created at N/A by N/A, this key was displayed 25 time(s), last time at 10/2/2012 12:39:22 PM (1.00:53:33.1341650 ago) [13:33:41] @infobot-detail petan [13:33:41] Info for petan: this key was created at N/A by N/A, this key was displayed 0 time(s), last time at N/A [13:33:50] :o [13:34:42] !ping [13:34:42] pong [13:39:29] Change on 12mediawiki a page Developer access was modified, changed by Das Schäfchen link https://www.mediawiki.org/w/index.php?diff=590153 edit summary: [13:45:15] quit [13:45:22] damn [14:20:13] hi Damianz. I'd like to obtain access to the bots project on WMFLabs, can you help me please ? [14:20:47] 10/03/2012 - 14:20:47 - Created a home directory for quentinv57 in project(s): bastion [14:20:58] 10/03/2012 - 14:20:58 - Creating a home directory for quentinv57 at /export/keys/quentinv57 [14:21:32] Quentinv57 I can [14:21:41] ah, thank you petan [14:21:54] I'll be really happy if you could do it [14:22:05] !log bots adding Quentinv57 [14:22:07] Logged the message, Master [14:22:46] done [14:22:59] wait a minute for scripts to finish [14:23:08] thanks petan, but I'll need some help [14:23:14] ok [14:23:17] I don't know what's my LDAP password [14:23:25] same as wiki [14:23:29] and I don't know how to use the bots projects (ie if there are rules, etc) [14:23:35] !bots [14:23:35] http://www.mediawiki.org/wiki/Wikimedia_Labs/Create_a_bot_running_infrastructure proposal for bots [14:23:38] eeh [14:23:40] !project bots [14:23:41] https://labsconsole.wikimedia.org/wiki/Nova_Resource:bots [14:23:42] this one [14:24:07] yes, there are some rules, + labs rules [14:24:15] okay [14:24:20] I'll take a look at this [14:24:26] basic rule is don't try to break others stuff :) don't steal passwords, etc [14:24:43] environment is still in beta [14:24:53] lot of stuff will differ in "production" version [14:24:54] and do other people on the bots projects access my files ? [14:25:03] yes, they can [14:25:07] admins at least [14:25:19] hmm... so where / how can I store passwords ? [14:25:31] that's quite complicated right now [14:25:44] 10/03/2012 - 14:25:44 - User quentinv57 may have been modified in LDAP or locally, updating key in project(s): bastion [14:25:53] 10/03/2012 - 14:25:53 - Updating keys for quentinv57 at /export/keys/quentinv57 [14:26:39] most safe way is to enter password each time you start the bot in terminal [14:26:45] petan, that's impossible to be the owner of a file so only me as access to it ? [14:27:06] unfortunately I can't prompt the password because some are using crontab [14:27:10] yes, but it's possible to have a file which only admins and you can access [14:27:23] ah, that's cool, that's what I need [14:27:37] anyway, admins are people working for the foundation ? [14:27:41] it would need to be either on bots-1 or a new instance for that [14:27:53] no, admins are people working for foundation as well as some volunteers [14:28:00] admins of bot project, I mean [14:28:32] ah... I don't want to be perceived as a paranoid, but I hope they are trusted [14:28:49] I hope so as well, given that I run bunch of bots there :) [14:28:50] because if my bots account would be compromised it sucks :/ [14:29:12] so that's okay to store my bot passwords on this server ? [14:29:16] there is so low number of people that it wouldn't be hard to track who it was... [14:30:40] atm only admins of bots are: me, Ryan Lane, mutant e, jeremyb, rich smith, Thehelpfulone and Damianz [14:30:46] 10/03/2012 - 14:30:46 - User quentinv57 may have been modified in LDAP or locally, updating key in project(s): bots [14:32:32] petan, okay, so that's cool [14:33:23] petan, should I access the bot project through the bastion server, or should I connect elsewhere ? [14:33:31] bastion [14:34:51] Quentinv57 I just created a new instance which should be first of "semi-secure" instances, that means instance where people have restricted access, and where it should be harder to get access to you files (impossible to non-root's) I think you could try that one [14:35:08] if you read the bots proposal you would see the architecture we want in future [14:35:10] !bots [14:35:10] http://www.mediawiki.org/wiki/Wikimedia_Labs/Create_a_bot_running_infrastructure proposal for bots [14:35:11] okay, thanks a lot [14:35:24] how can I acccess this instance ? [14:35:33] wait a moment... [14:42:20] How does which bit work? public_html stuff? [14:42:56] !log bots root: installing updates on nr1 [14:42:57] Logged the message, Master [14:43:44] Damianz, figured out :P [14:43:50] Damianz you could tell me before killing nfs [14:43:54] I had some cron jobs in that [14:44:16] oh, oops. sorry I checked if it had anything important export wise on [14:44:39] np [14:44:54] I'm trying to get some base puppet classes together for bots that should clean up the apache/sql servers as they currently have scripts for backups etc in project storage with crons to run them. [14:45:01] ok [14:45:08] is there some base class for public_html [14:45:11] ? [14:45:15] how do I set it up [14:45:28] not at the moment [14:45:33] ok [14:45:48] user dirs should get auto created, there's a cronjob on bots-apache1 that runs a python script that does an ldapsearch and creates the dirs. [14:46:11] Also does some other stuff like fixing ownership and chmoding removed members to 0 for the purposes of if we ever need to do that. [14:47:30] Quentinv57 you should be able to login to bots-nr1 now, if you can't sudo su, everything should be safe :P [14:47:54] nr1 is a non-sudo for members box? [14:48:22] yes [14:48:24] (which btw we can't add new servers currently due to nova changing the hostnames in ldap so sudo-ldap doesn't see the host is allowed) [14:48:27] it's like "no root" [14:48:43] Damianz umm [14:48:49] Damianz what exactly you mean [14:48:53] sudo policy doesn't work? [14:48:55] it did [14:49:09] It works if you select all (like the admin group in bots) [14:49:33] For the default group that has specific hosts allowed, you can't add a new instance to the list due to a hostname mismatch until Ryan fixes it in OSM. [14:50:15] petan, excuse me, you'll say I'm a noob, but I don't understand how to log in to a project on WMF Labs [14:50:28] ssh to bastion then ssh to the instnace [14:50:50] Damianz does it mean, users will get all root, or noone get root [14:51:01] Quentinv57 ssh to bastio, then ssh bots-nr1 [14:51:06] !bastion [14:51:06] http://en.wikipedia.org/wiki/Bastion_host; lab's specific bastion host is: bastion.wmflabs.org which should resolve to 208.80.153.194; see !access [14:51:08] !access [14:51:08] https://labsconsole.wikimedia.org/wiki/Access#Accessing_public_and_private_instances [14:51:22] It means if we add bots-5 even if we add it to the policy normal users won't be able to sudo. [14:51:28] Admins still will [14:51:37] Damianz ok that's good [14:51:44] better than if all had root :P [14:51:49] yeah [14:54:46] !log bots petrb: created public_html :P [14:54:48] Logged the message, Master [14:55:02] !log bots petrb: created on nr1, of course [14:55:04] Logged the message, Master [14:55:22] Quentinv57 let me know if you needed any help with setting up access to instance [15:05:48] 10/03/2012 - 15:05:48 - Deleting home directory for wikidata in project(s): wikidata-dev [15:10:49] 10/03/2012 - 15:10:49 - Deleting home directory for wikidata in project(s): wikidata-dev [15:10:59] !tunnel [15:11:04] @search tunnel [15:11:04] Results (Found 1): putty, [15:12:11] * jeremyb waves [15:14:19] hey [15:14:26] jeremyb did you get the email [15:15:26] !security | Quentinv57 [15:15:26] Quentinv57: https://labsconsole.wikimedia.org/wiki/Help:Security_Groups [15:15:33] ah nvm [15:15:36] !ssh | Quentinv57 [15:15:36] Quentinv57: https://labsconsole.wikimedia.org/wiki/Help:SSH [15:15:42] this one [15:15:47] 10/03/2012 - 15:15:47 - Deleting home directory for wikidata in project(s): wikidata-dev [15:20:46] @seenrx Ryan [15:20:47] petan: Last time I saw Ryan_Lane they were quiting the network N/A at 10/3/2012 7:31:45 AM (07:49:01.3662520 ago) (multiple results were found: Ryan_Lane1) [15:20:47] 10/03/2012 - 15:20:47 - Deleting home directory for wikidata in project(s): wikidata-dev [15:20:59] 10/03/2012 - 15:20:58 - Updating keys for quentinv57 at /export/keys/quentinv57 [15:21:38] @seenrx Ryan.*1 [15:21:39] petan: Last time I saw Ryan_Lane1 they were quiting the network N/A at 9/21/2012 5:19:28 PM (11.22:02:10.4323370 ago) [15:24:29] <^d> LocalDiskRepositoryManager is a misleading class name when it also manages remote repos over ssh :p [15:24:37] <^demon> Silly gerrit. [15:25:48] 10/03/2012 - 15:25:48 - Deleting home directory for wikidata in project(s): wikidata-dev [15:25:59] lololol [15:30:49] 10/03/2012 - 15:30:49 - Deleting home directory for wikidata in project(s): wikidata-dev [15:33:36] petan: which mail? [15:33:44] regarding wm-bot [15:33:50] i think not? [15:34:14] how do you advise i search for it? or where did you send it to / from? [15:35:49] 10/03/2012 - 15:35:48 - Deleting home directory for wikidata in project(s): wikidata-dev [15:35:52] I sent it to tuxmachine mail [15:36:26] *now* i see it [15:36:33] 8ish hrs ago [15:36:37] I am just wondering why I sent it to Damianz when he is not listed in that config file :D [15:37:11] you sent something to me? :P [15:37:15] XD [15:38:03] petan: so... you're saying there's no canonical store? [15:38:16] simple english plis [15:38:18] we can't just delete the derived data and run something to regenerate? [15:38:26] canonical = one storage for both? [15:38:31] no [15:38:32] no [15:38:47] but it's pretty simple to delete it from both :> [15:38:50] i mean 1 that's the authoritative "master" version [15:38:58] the "regenerate" process would be complicated [15:39:10] well it depends on how it works... [15:39:31] technically I could create some "master" but I don't know if such a simple thing is worth of such a thing [15:39:33] if one is actually derived from the other then it's not complicated to rerun the derivation. i think [15:39:54] I know what you mean, but it seems to me too complicated for simple irc logs [15:40:02] oh hey he did email me :P [15:40:05] ok [15:40:10] It was lost in the spam of 'toolserver is broken' emails [15:40:13] regenerate means to recreate whole file, that is problem with poor IO we have [15:40:47] 10/03/2012 - 15:40:47 - Deleting home directory for wikidata in project(s): wikidata-dev [15:40:51] nah, i don't think it's a problem with IO [15:40:56] anyway, whatever ;) [15:41:10] it would be if I had to recreate whole log file everytime someone post a message to channel :PO [15:41:28] there is about 60 channel where this bot is in [15:41:31] * channels [15:41:52] this is useful: http://bots.wmflabs.org/~petrb/db/systemdata.htm :D [15:42:18] I forgot to mention that [15:43:43] well that would be fairly crazy. not what i mean... [15:43:51] anyway, whatever [15:45:47] 10/03/2012 - 15:45:47 - Deleting home directory for wikidata in project(s): wikidata-dev [15:50:49] 10/03/2012 - 15:50:49 - Deleting home directory for wikidata in project(s): wikidata-dev [15:51:43] <^demon> "Host keys for any destination SSH servers must appear in the user’s ~/.ssh/known_hosts file, and must be added in advance, before Gerrit starts. If a host key is not listed, Gerrit will be unable to connect to that destination, and replication to that URL will fail." [15:51:48] <^demon> Well that explains a lot :) [15:55:50] 10/03/2012 - 15:55:49 - Deleting home directory for wikidata in project(s): wikidata-dev [16:00:29] paravoid: how did you handle that grub issue with the instance that wasn't booting previously? [16:00:50] 10/03/2012 - 16:00:50 - Deleting home directory for wikidata in project(s): wikidata-dev [16:00:59] <^demon> Ryan_Lane: Can I get that sudo to manganese now? [16:01:12] do you want me to just add the ssh host? [16:01:35] <^demon> Yeah, let's try that first. [16:01:40] <^demon> "github.com,207.97.227.239 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==" [16:01:54] <^demon> To ~gerrit2/.ssh/known_hosts [16:02:15] restarting gerrt [16:02:28] ^demon: it's easier to just ssh there [16:02:30] it'll add itself [16:02:51] <^demon> Or ssh as gerrit. [16:02:53] <^demon> Either works. [16:03:01] damn it [16:03:07] did you push the fix in for the config file? [16:03:21] <^demon> I pushed it, did you merge it? [16:03:23] <^demon> Ib8ca6ef6 [16:03:25] git@github.com:mediawiki/core.git [16:03:26] link? [16:03:32] well [16:03:34] can't do it now [16:03:37] what's the right value? [16:03:57] <^demon> git@github.com:${name} [16:05:45] 10/03/2012 - 16:05:44 - Deleting home directory for wikidata in project(s): wikidata-dev [16:06:07] well, I don't see replication errors [16:06:22] <^demon> Yeah, but not seeing any results on github's side yet. [16:06:25] <^demon> I'll keep poking [16:06:33] hmmrg puppet why you hate so much [16:06:36] <^demon> Actually, it might be pushing right now. [16:06:46] <^demon> Initial object push is gonna suck :) [16:07:14] <^demon> Ugh [16:07:17] <^demon> Wtf is going on [16:07:17] ? [16:08:05] <^demon> That stuff might be downtime related, I'll poke Roan about it [16:08:16] which stuff? [16:08:18] <^demon> No, seems weird. [16:08:23] bad pack? [16:08:27] <^demon> Yeah [16:08:31] * Ryan_Lane nods [16:10:47] 10/03/2012 - 16:10:47 - Deleting home directory for wikidata in project(s): wikidata-dev [16:10:47] hmm, what's the point of apache_site in puppet? Looks like you're specifying the config manually mostly and it doesn't accept supporting options =\ [16:12:18] we should consider switching to the upstream module, if it's better [16:12:23] which it very likely is [16:15:50] 10/03/2012 - 16:15:49 - Deleting home directory for wikidata in project(s): wikidata-dev [16:17:26] <^demon> http://p.defau.lt/?DK3AK32bJKinwPtqGNpGBQ :\ [16:17:34] <^demon> Not seeming to do much at the moment. [16:20:51] 10/03/2012 - 16:20:51 - Deleting home directory for wikidata in project(s): wikidata-dev [16:22:57] <^demon> Whoohoo \o/ [16:23:01] <^demon> https://github.com/mediawiki/core is mostly there :) [16:23:04] hello, what's the diference of projects and instances? [16:23:14] ones a project, ones an instance [16:23:42] thanks, now i got it! :P [16:25:23] instances live in projects [16:25:50] 10/03/2012 - 16:25:49 - Deleting home directory for wikidata in project(s): wikidata-dev [16:30:47] 10/03/2012 - 16:30:47 - Deleting home directory for wikidata in project(s): wikidata-dev [16:31:59] Damianz: thanks. so in order to run bots on labs i need to be in an instance of bots proj, right? [16:32:23] !log bots installed rlwrap on bots-4 [16:32:24] Logged the message, Master [16:32:25] We have shared instances in bots unless you have a rather memory/cpu hungry bot [16:34:59] but in that case, in order to control my bots i'm the only one who can? [16:35:44] 10/03/2012 - 16:35:44 - Deleting home directory for wikidata in project(s): wikidata-dev [16:36:30] <^demon> Ryan_Lane: It finally is working :) [16:36:48] yep [16:37:23] <^demon> Couple of things I want to tweak to make it nicer, but yay. [16:40:47] 10/03/2012 - 16:40:47 - Deleting home directory for wikidata in project(s): wikidata-dev [16:45:49] 10/03/2012 - 16:45:49 - Deleting home directory for wikidata in project(s): wikidata-dev [16:46:42] bah. stupid gluster [16:49:05] <^demon> Ryan_Lane: Can you merge https://gerrit.wikimedia.org/r/#/c/26353/ so we don't get bitten by a future puppet run/gerrit restart again? [16:50:50] 10/03/2012 - 16:50:50 - Deleting home directory for wikidata in project(s): wikidata-dev [16:51:52] Alchimista: 'only one' no, we're working on a production side but currently anyone has access to everything on bots-{1..4} [16:52:02] * Damianz stabs puppet, I will make you work [16:52:17] Damianz: :D [16:52:22] welcome to my pain [16:52:48] It's all your fault for making me want to puppetize the base of bots :P [16:52:53] heh [16:53:06] Also it's whoever's fault that wrote some of these bizzare duplicate out of date definitions that I'm just ignoring [16:53:25] ^demon: merged [16:53:33] <^demon> ty [16:54:56] Damianz: that's my big doubt. You mean that if i run a bot on labs, anyone can use my bot account? [16:55:09] 'depends' [16:55:45] 10/03/2012 - 16:55:45 - Deleting home directory for wikidata in project(s): wikidata-dev [16:55:51] labs-home-wm: diaf [16:59:07] depens on what? is it possible to have several users controling totally a bot, or just one controling it? (when i say control, i mean when and how it runs, and wich code he runs) [17:00:04] The entire idea is collaberation so others can modify/view your code, potential run it if you have the credentials saved even if it's in your homedir (which it shouldn't be). [17:00:46] 10/03/2012 - 17:00:46 - Deleting home directory for wikidata in project(s): wikidata-dev [17:04:25] Damianz: Regarding 'duplicate out of date definitions' -- I encourage you to add comments stating as much! [17:05:05] comments? I was thinking nuke with fire... some of the define's just make no sense and restrict you from doing some stuff and really shouldn't exist there. [17:05:30] Damianz: If you have the inclination, fixing them is way better! [17:05:45] need more motivation to do that :P [17:05:47] 10/03/2012 - 17:05:47 - Deleting home directory for wikidata in project(s): wikidata-dev [17:06:08] Everytime I look at the manifests my head explodes due to the abuse of whitespace [17:06:24] Right, which is why I suggest comments as a short-term option. [17:07:19] [warn] NameVirtualHost *:80 has no VirtualHosts < seriously apache, it does [17:09:09] I find myself wanting the puppet-equivalent of robots.txt -- some way to tell puppet "Hands off this file!" [17:09:23] I presume that such a thing does not exist and I just have to turn off puppet entirely [17:10:20] yes [17:10:26] or chattr +i file [17:10:26] =D [17:10:31] make puppet shit blood [17:10:49] 10/03/2012 - 17:10:48 - Deleting home directory for wikidata in project(s): wikidata-dev [17:11:35] I assume that chatter +i will have roughly the same effect as turning off puppet, only with a much bigger logfile [17:15:43] 10/03/2012 - 17:15:43 - Deleting home directory for wikidata in project(s): wikidata-dev [17:16:22] probably [17:16:34] I'd assume it would get to that part of the maifest and bail due to dep issues [17:18:20] Ryan_Lane: Just so you know there still seems to be security group issues betwean project instances. Can't get to bots-sql2:3306 from bots-apache-test [17:18:36] is that a new instance? [17:19:01] I wonder why ubuntu is so slow with their openstack releases [17:19:02] yes [17:19:10] how old/ [17:19:12] I made it last night to work on puppet stuff [17:19:16] ah [17:19:18] pretty old then [17:19:23] >.> [17:19:29] under 24hours old [17:19:30] there's apparently a fix for this [17:19:42] well, 24 hours is *way* too long for this to apply [17:19:49] hell, an hour is [17:19:57] really a few minutes is too long [17:20:08] unless you commented out the cronjob again? :P [17:20:26] which cron [17:20:31] this is openstack that does this [17:20:43] aww no fun [17:20:48] 10/03/2012 - 17:20:48 - Deleting home directory for wikidata in project(s): wikidata-dev [17:20:49] * Damianz pokes puppet to install mysql [17:22:50] stupid home directory creation bot [17:22:55] I really need to kill that thing off [17:23:12] * Damianz ++++ that suggestion [17:23:22] Ryan_Lane, https://gerrit.wikimedia.org/r/#/c/26407/ [17:23:31] Please look into it when you get time :) [17:23:43] adminxor: Oooh sexy [17:24:00] oh wow [17:24:03] that's all logs [17:24:06] might want to use the fqdn though [17:24:22] adminxor: can we make that not send auth logs? [17:24:36] Sure, I can fix that [17:24:43] hmm that one works [17:24:45] and yeah, should use i-000003a9.pmtpa.wmflabs (the fqdn) [17:25:05] I was not sure which logs to keep and what to send, so that's why. [17:25:11] * Ryan_Lane nods [17:25:11] so these manifests suck but work, woow [17:25:18] Damianz: :D [17:25:27] Okay. Sure [17:25:48] 10/03/2012 - 17:25:47 - Deleting home directory for wikidata in project(s): wikidata-dev [17:26:15] Ryan_Lane: I know right now when I push the changes up you're going to tell me to move it around :P [17:26:44] Also, I saw a puppet class Base::Remote_Logs or something like that. It's included in Base class too. [17:26:46] But, does it really work? It does not for my instances though. [17:27:29] I think that's for production syslog logs [17:27:46] I think rsyslog is included by default in ubuntu [17:27:53] yep [17:28:57] though I guess it's needed for requires :) [17:29:20] ok. added comments to the review [17:29:24] And my puppet stuff is a straight copy from that one :D [17:29:28] Thank you! [17:29:29] which are basically the same ones in here :) [17:29:42] I will make the changes as you wanted and get back to you. [17:30:14] thanks [17:30:36] https://gerrit.wikimedia.org/r/#/c/26441/ feel free to note the 500 ways that sucks ass [17:30:48] 10/03/2012 - 17:30:47 - Deleting home directory for wikidata in project(s): wikidata-dev [17:31:08] since I've now moved it from a module back to a single file, which really sucks but I couldn't get a wrapping role class to work without puppet complaining about dublicates [17:31:27] I really wish our apache stuff was actually capable of managing apache settings :( [17:34:23] Change on 12mediawiki a page Developer access was modified, changed by VernoWhitney link https://www.mediawiki.org/w/index.php?diff=590231 edit summary: [17:34:24] adminxor: actually... [17:34:35] you should modify base::remote-syslog [17:34:48] there's a case statement for labs and production [17:35:05] you should add a default to the project list [17:35:34] Okay [17:35:35] Is it just me that thinks all the case statements suck and we should just have 1 config file that's loaded based on the realm and everything uses those vars? [17:35:43] So we don't have to edit like 50 files on 1 small change [17:35:46] 10/03/2012 - 17:35:46 - Deleting home directory for wikidata in project(s): wikidata-dev [17:35:55] Damianz: we're moving to roles for that purpose [17:38:11] would be nice [17:38:31] I kinda like databags in chef where you can just randomly have groups of gropus with different versions of stuff [17:40:50] 10/03/2012 - 17:40:50 - Deleting home directory for wikidata in project(s): wikidata-dev [17:43:20] Ryan_Lane, if a wiki is created with $wgGroupPermissions['*']['createaccount'] = false; is it possible for a user to become a sysop in the first place? [17:45:46] 10/03/2012 - 17:45:45 - Deleting home directory for wikidata in project(s): wikidata-dev [17:45:52] andrewbogott: isn't some user created by default? [17:46:14] Hm, probably. [17:46:49] that user should be bureaucrat by default as well [17:46:57] so, they can create additional users using the default user [17:47:18] <^demon> User created at install time has +sysop and +bcrat [17:47:26] <^demon> (Assuming you're using the mw installer...) [17:47:30] RIght now puppet doesn't create any users, but it does run the scripted mw install, probably that sets up a user with all the privs [17:47:33] yep [17:48:00] yeah, so it should likely do that, with a random password that is put somewhere the user can get at it [17:48:16] if a default password is used, it kind of defeats the purpose :) [17:48:39] also, puppet can manage a main file [17:48:39] New patchset: DamianZaremba; "Adding ignored option" [labs/nagios-builder] (master) - https://gerrit.wikimedia.org/r/26487 [17:48:44] It is definitely a default password, atm :) [17:49:08] the main config file can include another file, via include_once [17:49:15] Change merged: DamianZaremba; [labs/nagios-builder] (master) - https://gerrit.wikimedia.org/r/26487 [17:49:18] that file can be included last [17:49:28] Change on 12mediawiki a page Developer access was modified, changed by Das Schäfchen link https://www.mediawiki.org/w/index.php?diff=590246 edit summary: /* User:Das Schäfchen */ [17:49:30] so that people can override defaults that are managed by puppet [17:49:40] oh! I didn't know about include_once, I will read up. [17:50:01] php has include, include_once, require, require_once, etc. [17:50:26] <^demon> You almost always want _once. [17:50:33] yep [17:50:42] <^demon> And require() is just include() or die() [17:50:47] 10/03/2012 - 17:50:47 - Deleting home directory for wikidata in project(s): wikidata-dev [17:50:53] yep, we don't want require here [17:51:01] since the file most likely won't exist most of the time [17:51:14] New patchset: DamianZaremba; "+x" [labs/nagios-builder] (master) - https://gerrit.wikimedia.org/r/26488 [17:51:16] <^demon> Does include() spout an E_WARN when the target DNE? [17:51:20] Oh, I mean, wait… I'm confused. [17:51:22] I think so [17:51:27] Change merged: DamianZaremba; [labs/nagios-builder] (master) - https://gerrit.wikimedia.org/r/26488 [17:51:29] OK, I see what you mean. [17:51:32] so we may also want to touch the file [17:51:35] so that it exists [17:51:48] ^demon: does it also need to start with Or just wrap the include in file_exists(). [17:51:49] ? [17:51:53] <^demon> Yes. [17:51:53] ah. right [17:51:57] that's a better idea [17:52:04] check for the file existence before including it [17:52:09] If a MW config encounters two settings that contradict each other, does it just observe the last one? [17:52:18] yep [17:52:25] because it's just variables being overridden [17:52:51] there's a few exceptions, like where values are being added to an arra [17:52:53] *array [17:53:01] OK, then this is probably easy. Puppet already has a main config that includes the config generated by mw install. So if I just include that file at the end of the puppetized file, then… simple. [17:53:07] we should just avoid settings like that, though [17:53:16] ah. cool [17:53:28] New patchset: DamianZaremba; "Whitespace fix + 1 more" [labs/nagios-builder] (master) - https://gerrit.wikimedia.org/r/26489 [17:53:32] Then admins can tinker with the mw-install-generated file, which will look like what they're expecting anyway. [17:53:40] I'll just add a comment to that effect. [17:53:41] Change merged: DamianZaremba; [labs/nagios-builder] (master) - https://gerrit.wikimedia.org/r/26489 [17:53:46] great. thanks [17:53:55] ok. coffee time. [17:55:40] Talking of passwords I'd kinda like to make the mysql class generate a random one and stash it in /root/.my.cnf rather than using puppet [17:55:49] 10/03/2012 - 17:55:49 - Deleting home directory for wikidata in project(s): wikidata-dev [17:56:47] * Damianz looks at labs-nagios-wm [17:57:17] !log nagios Implimented ignoring hosts in the rebuild script + restarted puppet/ircecho [17:57:18] Logged the message, Master [18:00:49] 10/03/2012 - 18:00:49 - Deleting home directory for wikidata in project(s): wikidata-dev [18:02:05] Damianz: yes, that would be ideal [18:02:11] I wanted to do the same [18:02:30] if you push it in, it'll get approved [18:05:32] RECOVERY Total processes is now: OK on bastion1 i-000000ba.pmtpa.wmflabs output: PROCS OK: 144 processes [18:05:43] 10/03/2012 - 18:05:43 - Deleting home directory for wikidata in project(s): wikidata-dev [18:10:07] I'll need to think up how to do the password, probably inline ruby then hmm, yeah I'd have to update that class. [18:10:19] I'll take a look at it in a while, need food [18:10:34] bots stuff seems to work so just needs tying/expanding before merging [18:10:48] 10/03/2012 - 18:10:48 - Deleting home directory for wikidata in project(s): wikidata-dev [18:15:49] 10/03/2012 - 18:15:49 - Deleting home directory for wikidata in project(s): wikidata-dev [18:20:45] 10/03/2012 - 18:20:45 - Deleting home directory for wikidata in project(s): wikidata-dev [18:24:33] hmm, I need a puppet run once option heh [18:25:49] 10/03/2012 - 18:25:49 - Deleting home directory for wikidata in project(s): wikidata-dev [18:30:50] 10/03/2012 - 18:30:50 - Deleting home directory for wikidata in project(s): wikidata-dev [18:35:46] 10/03/2012 - 18:35:45 - Deleting home directory for wikidata in project(s): wikidata-dev [18:40:45] 10/03/2012 - 18:40:45 - Deleting home directory for wikidata in project(s): wikidata-dev [18:45:49] 10/03/2012 - 18:45:49 - Deleting home directory for wikidata in project(s): wikidata-dev [18:47:29] labs-home-wm: no more of your spamming! :) [18:52:26] Dammit, I can't believe how fragile this shit is. Does puppet /ever/ do the same thing twice in a row? [18:53:02] yes, but not always in the same order [18:53:39] This one isn't even puppet's fault… twice in a row an apt call failed but as soon as I run it by hand it succeeds, no problems. [18:53:46] ah [18:53:50] that's really weird [18:54:39] <^demon> Ryan_Lane: https://gerrit.wikimedia.org/r/#/c/26455/ makes the gerrit service subscribe to replication.config and secure.config (so less manual restarts, yay) [18:54:42] RECOVERY dpkg-check is now: OK on mwreview-sectest i-0000049f.pmtpa.wmflabs output: All packages OK [18:55:05] <^demon> And https://gerrit.wikimedia.org/r/#/c/26495/ tweaks my github replication to only replicate branches and tags (rather than all refs/*) [18:55:16] * andrewbogott starts over [18:55:57] why is walling encouraging people to submit pull requests? [18:56:19] maybe he's a gerrit hater [18:56:22] he is [18:56:24] I know that [18:56:38] but encouraging people to submit pull requests is like encouraging them to be ignored [18:56:55] <^demon> Well, we already discussed on-list that we'll help people move them over. [18:57:00] <^demon> But yes, we shouldn't encourage it [18:57:14] <^demon> Not until we have an automated way of doing it [18:57:18] exactly [18:58:53] Dang it [18:58:58] I missed "pull requests welcome" [18:59:01] * RoanKattouw unretweets that [18:59:32] PROBLEM Free ram is now: CRITICAL on bots-sql2 i-000000af.pmtpa.wmflabs output: CHECK_NRPE: Socket timeout after 10 seconds. [19:01:02] Doing proper integration with github will suck for pull requests if we go to the extent of pushing comments back and auto closing reuqests. [19:01:19] <^demon> I've yet to find a way that treats them as equals. [19:01:28] <^demon> But at least automating the github -> gerrit part would be nice. [19:01:58] yeah, then comments/status/merge status would be good from the point of not having laods of looks like ignored stuff in gh. [19:03:35] I am getting a timeout trying to ssh to our instance [19:04:03] StevenW: which instance? [19:04:07] kubo [19:04:22] An interesting point would be matching users in gerrit which would end up with either a) opening up anon pull requests or b) having a single user opening the requests which sucks for tracking, [19:04:22] PROBLEM Free ram is now: WARNING on bots-sql2 i-000000af.pmtpa.wmflabs output: 928048 [19:04:27] works for me [19:04:32] StevenW: how are you trying to get to it? [19:04:40] ah, it's me. [19:04:47] get the same timeout trying bastion [19:05:12] PROBLEM Total processes is now: WARNING on wikistats-01 i-00000042.pmtpa.wmflabs output: PROCS WARNING: 193 processes [19:05:27] I need to work on getting some changes merged later to make labs-home-wm less lame. [19:05:30] * Damianz goes to f000d first [19:05:46] Damianz: meh, just ignore it [19:05:49] it'll be going away soon [19:06:01] I meant labs-nagios-wm [19:06:03] ^demon: I merged your change in [19:06:04] we have too many bots [19:06:06] ah [19:06:07] heh [19:06:26] need to check my changes still make sense before bugging for merging [19:06:27] <^demon> Ryan_Lane: THanks. [19:06:39] and catch up on the mailing list in regards to it [19:10:13] Change on 12mediawiki a page Developer access was modified, changed by LWelling link https://www.mediawiki.org/w/index.php?diff=590272 edit summary: [19:15:15] andrewbogott: which virt nodes in eqiad are you using right now? [19:15:56] Ryan_Lane: I don't need any of 'em any more. [19:16:01] ah ok [19:16:02] But, you'll need to reformat of course. [19:16:06] * Ryan_Lane nods [19:16:09] well, this is for asher [19:16:11] I mean, unless you crave further ceph benchmarking. [19:16:34] hm. no need for now [19:16:50] I talked to asher about ceph during the all-staff, our agreement was "It is on the verge of being fast enough, but still pretty unstable" [19:17:10] When the last version I tested (.41) moves out of beta it might be worth serious consideration. [19:18:30] * Ryan_Lane nods [19:18:39] I was thinking we should try to use it for project storage in eqiad [19:19:51] Sure. Setting up/configuring it wasn't too bad. I just ran into several of the same problems as with gluster -- getting it into inconsistent/impossible states. [19:20:52] oh. lame [19:21:00] it supports acls, right? [19:21:43] I'd like to make it a volume/sharefs system [19:21:48] we only have sharedfs right now [19:21:56] I can do that with ceph :) [19:22:05] hell, we could offer an object storage service too [19:22:44] I guess we could offer object storage with gluster too, but it pisses me off too much already. heh [19:23:11] I think ceph will do what we want. It's just, the longer we wait to switch the better :) [19:26:43] Tbf to ceph it's only really started to mature in the past <1year [19:43:02] StevenW: I completely disagree [19:43:26] StevenW: if we get one good pull request, and we have 50 that sit there for long periods of time, we end up losing volunteers [19:43:27] Well that's okay, because no one is asking you to reply to or merge pull requests. [19:43:41] many of which would have likely used gerrit with no issues [19:43:45] No we won't. Go look at the queue in popular projects. [19:44:01] Lots of concurrent pull requests or things that get swiftly axed. [19:44:53] our main repo is gerrit [19:44:58] things need to get merged into there [19:45:27] encouraging pull requests before we can handle them splits our workload into multiple tools [19:45:33] we won't be able to properly handle comments and such [19:45:39] and they won't be recorded in gerrit [19:45:58] we'll have a manual process for handling them [19:46:21] I think you're speaking in a pretty assured way about a possible risk that has not occurred yet, and isn't going to happen just because I tweet once. [19:46:38] your tweet specifically tells people to submit pull requests [19:47:07] someone recommended disabling them completely in the list [19:47:18] Did you see the responses? [19:47:24] we can't do that, so someone volunteers to handle the small number that may come in [19:47:31] There are people, myself included, willing to help handle requests. [19:48:01] are you going to relay review comments back and forth as well? [19:48:06] though obviously I'm handicapped, as a retarded product person. [19:49:25] meh. dealing with the technical part isn't difficult [19:50:28] Anyway, no one is saying we should use a workflow of manual back-and-forth between the two permanently. [19:50:46] right, but until we have an automated way, we should discourage its use, not encourage it [19:50:57] it increases our workload [19:51:09] we can't handle our current workload, increasing it is a bad idea [19:51:43] I maintain that part of the reason we cant handle our current workload is because our toolset sucks. But let's not rehash that debate. [19:52:00] bah. we couldn't do so before gerrit either [19:52:16] we can't handle the load because we limit core review to staff [19:52:28] it's our processes that are fucked up, not the toolset [19:52:43] I think even if it's temporarily painful, the ultimate goal of using either Gerrit or anything else is to facilitate contributions. People are already excited about being able to contribute in some way through Github, even if it's not perfect, and that's a Good Thing in my book. [19:52:48] openstack has more developers and higher review load than us, and they handle it perfectly well with Gerrit [19:52:51] <^demon> Until there's an automated way to get pull requests into our ecosystem, we should not be encouraging them (although we should still help people so we don't lose potential contributors). [19:52:53] True about process. [19:53:04] <^demon> Manually getting the patches into gerrit is a timesink, and will be every time. [19:53:31] it's only a Good Thing if we can properly support it [19:53:49] otherwise it's a Bad Thing that will eventually lose us contributors that would have used Gerrit, if we asked them to [19:54:57] in general we should *always* encourage people to use gerrit rather than github [19:55:02] even after we have automation in place [19:55:29] <^demon> Ryan_Lane: Last thing I've got for you today: https://gerrit.wikimedia.org/r/#/c/26455/ to make the gerrit service subscribe to replication.config and secure.config. [19:56:04] <^demon> Gracias. [19:56:18] merged and deployed [19:56:47] <^demon> Now we won't have to manually restart when we update those files :p [20:00:12] PROBLEM Total processes is now: CRITICAL on wikistats-01 i-00000042.pmtpa.wmflabs output: PROCS CRITICAL: 291 processes [20:00:28] !log dumps adding new member Nemo_bis [20:00:29] Logged the message, Master [20:00:51] 10/03/2012 - 20:00:51 - Created a home directory for nemobis in project(s): dumps [20:02:10] !log bastion adding new member Nemo_bis [20:02:11] Logged the message, Master [20:05:44] 10/03/2012 - 20:05:43 - User nemobis may have been modified in LDAP or locally, updating key in project(s): dumps [20:10:47] 10/03/2012 - 20:10:46 - User nemobis may have been modified in LDAP or locally, updating key in project(s): bastion [20:25:12] PROBLEM Total processes is now: WARNING on wikistats-01 i-00000042.pmtpa.wmflabs output: PROCS WARNING: 198 processes [20:26:51] ooh [20:29:59] Personally I think working on github<>gerrit is wasted compared to time on working to improve gerrit with tools/plugins and general workflow [20:30:06] mutante: shiny? [20:30:34] * Damianz goes to eat dinner now it's been delayed an hour by a phone call then notes to hammer nagios into an even better shape [20:31:20] Damianz: that was about the number of processes, for some reason there are way more instances of my scripts called by cron than expected.. i just killed all php [20:31:56] This is why I prefer something like celry to cron, cron will happily do bad things. [20:32:06] glad to know labs-nagios-wm is somewhat useful though [20:32:27] it is [20:32:54] you know, let's add a check for pending APT package installs [20:33:09] we just told people to keep their boxes updated [20:33:22] I'd like to fix it a little more first but yes I'm totally open for improving it :D [20:33:31] so we could as well have Nagios report it.. no? or will that cause too much Nagios output constantly [20:33:39] unattended upgrades should be in now (apart from puppetmaster::self boxes) [20:33:44] oh yeah, true [20:33:57] I'm trying to fix the broken dpkg alerts, free ram missing checks etc currently [20:34:08] they used to work, what happened [20:34:10] And need to check my change to fix puppet checks [20:34:21] 'fix' in the sense of boxes alerting [20:34:30] oh, yeah, i see [20:34:30] free ram is on boxes with puppetmaster::self that havn't been updated [20:34:47] the only disabled check is puppet which is pending a hostname change due to multi region support (working on it) [20:36:51] looking forward to an APT repo per project [20:37:45] looking forward to auto building pacakges in jenkins from gerrit and pushing them into per project repos =D [20:39:10] http://www.myplaceoryours.org.uk/wp-content/uploads/2009/04/work-in-progress.jpg < I wonder if we could get that under cc-by-sa for the labs logo heh [20:39:19] heh, first i would be fine with just putting my .deb in a repo somewhere [20:39:41] currently i scp / dpkg -i [20:39:54] you know, for that we could literally just tell puppet to add a line to include /data/project/repo/ and dump stuff in there. [20:41:20] oh yeahh, just a local path as an repo in sources.list [20:41:27] deb file:/// [20:41:42] one step better than dpkg -i to me [20:43:31] I think being able to push a change into gerrit, have jenkins build it and dump it on a repo is the place to be long term [20:44:22] PROBLEM Free ram is now: WARNING on deployment-integration i-0000034a.pmtpa.wmflabs output: 854340 [20:47:52] Who broke gerrit :( [20:48:16] works for me ?! [20:48:23] * Damianz kicks it for randomly giving him 503 errors for like 5 refreshes [20:48:27] works again now [20:52:23] Ryan_Lane: I don't suppose it's possible to get 2 seperate 'project storage' mounts in 1 project? [20:53:34] Damianz: why do you need 2? [20:54:22] RECOVERY Free ram is now: OK on deployment-integration i-0000034a.pmtpa.wmflabs output: 504440 [20:54:56] I was thinking from the point of bots where we now have bots-nr1 which is suppose to be a more 'production' style box with no sudo as standard and puppetized. For project storage I think that should be seperate and any data stored under there placed by puppet and not accessible via normal users (which currently you could get another instance where soemone has sudo playing with it). [20:55:05] I assume the answer is 'make another project' [20:56:35] I think it would be more interesting to share a storage mount between two projects [20:56:54] funny, that was mentioned last night [20:57:42] Ryan_Lane: Also could you add me to the sysadmin group on the nagios project so I can create another instance to screw about with puppet on to try and get the mass hacks puppetized. [20:58:05] Platonides: it's possible, but not terribly easy [20:58:17] and only read/write [20:58:32] well, read-only is also possible, but also not easy [21:03:39] “I don’t know if anyone else has this problem, but every day when I wake up I have to take a tcpdump” lol twitter [21:19:53] Hey folks. I had some time away where my instance was deleted (*shakes fist at ori-l*). Now it appears that when I try to set up a new instance on labsconsole, I get a "no Nova credentials" error. What do? [21:20:55] halfak: Log out and back in [21:21:35] Awesome. Thanks. [21:26:54] RoanKattouw: can you allocate IPs in labs? [21:28:14] No I cannot [21:28:52] PROBLEM Current Load is now: CRITICAL on preilly i-000004a1.pmtpa.wmflabs output: Connection refused by host [21:29:09] RoanKattouw: okay thanks [21:29:32] PROBLEM Current Users is now: CRITICAL on preilly i-000004a1.pmtpa.wmflabs output: Connection refused by host [21:30:12] PROBLEM Disk Space is now: CRITICAL on preilly i-000004a1.pmtpa.wmflabs output: Connection refused by host [21:31:43] !log wikidata-dev wikidata-dev-3: Played with a wikidata user which is not finished yet but should break anything. [21:31:45] Logged the message, Master [21:32:48] Is there access to slave of enwiki from a labs instance yet? [21:33:06] ^^ Does anyone know? [21:33:46] halfak: database access? no [21:33:52] RECOVERY Current Load is now: OK on preilly i-000004a1.pmtpa.wmflabs output: OK - load average: 0.05, 0.45, 0.33 [21:34:32] RECOVERY Current Users is now: OK on preilly i-000004a1.pmtpa.wmflabs output: USERS OK - 1 users currently logged in [21:34:38] legoktm: Do you know of any progress on this front? [21:35:12] RECOVERY Disk Space is now: OK on preilly i-000004a1.pmtpa.wmflabs output: DISK OK [21:35:43] halfak: It was discussed on either toolserver-l or labs-l that it was being worked on, but I don't know more than that [21:36:11] legoktm: I guess I heard the same then. Thanks. [21:43:17] yawn [21:43:52] PROBLEM Current Load is now: CRITICAL on umn-snuggle i-000004a2.pmtpa.wmflabs output: Connection refused by host [21:44:32] PROBLEM Current Users is now: CRITICAL on umn-snuggle i-000004a2.pmtpa.wmflabs output: Connection refused by host [21:45:22] PROBLEM Disk Space is now: CRITICAL on umn-snuggle i-000004a2.pmtpa.wmflabs output: Connection refused by host [21:48:52] RECOVERY Current Load is now: OK on umn-snuggle i-000004a2.pmtpa.wmflabs output: OK - load average: 0.05, 0.51, 0.40 [21:49:32] RECOVERY Current Users is now: OK on umn-snuggle i-000004a2.pmtpa.wmflabs output: USERS OK - 0 users currently logged in [21:50:12] RECOVERY Disk Space is now: OK on umn-snuggle i-000004a2.pmtpa.wmflabs output: DISK OK [21:57:12] preilly: which project do you need an IP in? [21:58:04] * Damianz stretches [21:59:12] PROBLEM Free ram is now: WARNING on bots-2 i-0000009c.pmtpa.wmflabs output: 1724872 [22:04:29] I need an IP for mobile-sms [22:05:12] PROBLEM Total processes is now: WARNING on wikistats-01 i-00000042.pmtpa.wmflabs output: PROCS WARNING: 194 processes [22:09:48] ok [22:09:50] sec [22:10:12] RECOVERY Total processes is now: OK on wikistats-01 i-00000042.pmtpa.wmflabs output: PROCS OK: 101 processes [22:10:29] preilly: upped the quota [22:15:13] Ryan_Lane: any idea how to make SAL not transclude everything ? [22:15:21] these tocs are getting unmanable [22:15:26] unmanageble [22:15:31] which one? [22:15:35] I already trimmed the view of it with a container that inserts a scroll bar [22:15:36] the combined SAL? [22:15:41] e.g. https://labsconsole.wikimedia.org/wiki/Nova_Resource:Bots [22:15:43] ah [22:15:53] yeah. we really need a SAL extension [22:15:56] the view only shows 500px (I made that), but the TOC is still in sane [22:16:00] one that takes entries via api [22:16:03] (and the HTML as well fwiw) [22:16:19] sal page sucks ass [22:16:26] and displays the log entries based on options [22:16:43] Ryan_Lane: There isn't some SWM magic that allows tranclusing the first N sections? [22:16:49] hm [22:16:50] maybe [22:16:55] probably not, though [22:16:57] SWM just confuses me xD [22:16:57] I wouldn't know [22:17:04] SMW(!) [22:17:14] >.> [22:17:32] DynamicPageList can probably do it [22:17:48] * Damianz goes back to trying to figure out how the hell openid is suppose to be implimented [22:17:52] I should really just write a SAL extension [22:17:56] You've reached the The Semantic Wikimedia Foundation. To semantically capture knowledge :D [22:17:56] Damianz: :D [22:18:09] I hate the way we do SAL right now [22:18:28] Why are extensions so ugly [22:18:34] what do you mean? [22:18:47] Ryan_Lane: maybe take it off wikipages entirely, so that it takes like timestamp, channel, user, body. [22:18:54] and morebots writing to that through API [22:18:55] Krinkle: yeah. that's the idea [22:18:56] php ughly [22:19:03] yeah. write directly to the api [22:19:05] Special page like stuff [22:19:08] (for view) [22:19:09] it would store the log entry in the database [22:19:11] (and tranclusion) [22:19:15] yep [22:19:18] nice [22:19:23] next hackathon? [22:19:24] EVERYTIME THIS GUY CALLS THE SWITCH A ROUTER I WANT TO PUNCH HIM IN THE FACE [22:19:27] [22:19:29] Krinkle: yep [22:19:31] Damianz: :D [22:19:37] Ryan_Lane: when's your next? [22:19:42] Damianz: you sound like you are having a very ragey day [22:19:46] Krinkle: no clue [22:19:49] berlin? [22:19:49] Standard day [22:19:50] SF? [22:19:58] I lost track [22:20:03] it should be a fairly easy extension [22:20:37] It's wednesday already, that's enough reason to be in a bad mood :P [22:20:44] heh [22:23:22] PROBLEM Free ram is now: WARNING on deployment-integration i-0000034a.pmtpa.wmflabs output: 853432 [22:38:22] RECOVERY Free ram is now: OK on deployment-integration i-0000034a.pmtpa.wmflabs output: 506212