[00:02:32] RECOVERY Current Load is now: OK on parsoid-roundtrip3.pmtpa.wmflabs 10.4.0.62 output: OK - load average: 4.21, 4.06, 4.79 [00:06:44] andrewbogott, if I set role::mediawiki-install::labs, do i need to set things like webserver::php5? [00:06:58] techman224: Nope, it should pull in all the dependencies it needs. [00:12:02] 12/28/2012 - 00:12:01 - Updating keys for mwang at /export/keys/mwang [00:12:53] RECOVERY Current Load is now: OK on ve-roundtrip2.pmtpa.wmflabs 10.4.0.162 output: OK - load average: 3.50, 3.80, 4.58 [00:21:33] 12/28/2012 - 00:21:32 - Updating keys for hazard-sj at /export/keys/hazard-sj [00:29:30] andrewbogott, I think mysql is not working [00:30:10] techman224, how so? [00:30:35] andrewbogott, I get an error when running puppet [00:30:49] "Could not start Service[mysql]: Execution of '/etc/init.d/mysql start' returned 1: at /etc/puppet/manifests/mysql.pp:78" [00:31:15] mysql didn't start [00:32:23] RECOVERY Free ram is now: OK on aggregator1.pmtpa.wmflabs 10.4.0.79 output: OK: 846% free memory [00:36:53] techman224: I'm looking. I don't know why this failed, it worked for me yesterday [00:37:12] andrewbogott, I gave you sudo access [00:37:19] thx [00:44:06] techman224: better? [00:45:04] running puppet [00:45:50] all successful [00:46:34] mediawiki is installed [00:46:42] techman224: I don't know what was wrong, really. I just uninstalled mysql-common and let puppet reinstall and reconfigure. [00:49:34] andrewbogott, it's installed in http://titleblacklist-main.pmtpa.wmflabs/srv/mediawiki [00:50:52] that's great! You have proxying working so that you can access it? [00:54:07] Yes, using https://labsconsole.wikimedia.org/wiki/Help:Access#Accessing_web_services_using_a_SOCKS_proxy [00:55:49] you're a quick study :) [00:55:56] andrewbogott, strange, it seems everything is being proxied [00:56:08] I'm http://en.wikipedia.org/wiki/User:10.64.0.138 [00:57:53] yeah [00:57:58] you need to do split tunneling [01:00:51] how do I do that? [01:01:04] fox proxy or such [01:01:26] !htmllogs [01:01:26] experimental: http://bots.wmflabs.org/~wm-bot/html/%23wikimedia-labs [01:01:40] any gerrit admins lurking? Matthew Flaschen would like merge access to https://gerrit.wikimedia.org/r/#/admin/groups/392,members - can you just add him or does it need to go through mediawiki.org? [01:06:52] PROBLEM Total processes is now: WARNING on bots-salebot.pmtpa.wmflabs 10.4.0.163 output: PROCS WARNING: 177 processes [01:11:53] RECOVERY Total processes is now: OK on bots-salebot.pmtpa.wmflabs 10.4.0.163 output: PROCS OK: 99 processes [01:19:49] I only what the proxy for *.wmflabs [01:19:54] *want [01:29:53] RECOVERY Total processes is now: OK on parsoid-spof.pmtpa.wmflabs 10.4.0.33 output: PROCS OK: 150 processes [01:58:50] Hey Damianz [02:19:37] Thehelpfulone, are you there? [02:31:43] andrewbogott_afk, still here? [02:40:23] RECOVERY Free ram is now: OK on bots-sql2.pmtpa.wmflabs 10.4.0.41 output: OK: 20% free memory [02:53:23] PROBLEM Free ram is now: WARNING on bots-sql2.pmtpa.wmflabs 10.4.0.41 output: Warning: 14% free memory [03:13:25] !log titleblacklist Initial wiki setup has been completed [03:13:28] Logged the message, Master [03:14:34] PROBLEM Free ram is now: WARNING on dumps-bot3.pmtpa.wmflabs 10.4.0.118 output: Warning: 19% free memory [04:35:53] PROBLEM Current Load is now: CRITICAL on xn--tekruo-t1a.pmtpa.wmflabs 10.4.1.60 output: Connection refused by host [04:36:33] PROBLEM Current Users is now: CRITICAL on xn--tekruo-t1a.pmtpa.wmflabs 10.4.1.60 output: Connection refused by host [04:37:13] PROBLEM Disk Space is now: CRITICAL on xn--tekruo-t1a.pmtpa.wmflabs 10.4.1.60 output: Connection refused by host [04:37:53] PROBLEM dpkg-check is now: CRITICAL on xn--tekruo-t1a.pmtpa.wmflabs 10.4.1.60 output: Connection refused by host [04:38:03] PROBLEM Free ram is now: CRITICAL on xn--tekruo-t1a.pmtpa.wmflabs 10.4.1.60 output: Connection refused by host [04:39:23] PROBLEM Total processes is now: CRITICAL on xn--tekruo-t1a.pmtpa.wmflabs 10.4.1.60 output: Connection refused by host [04:46:32] RECOVERY Current Users is now: OK on xn--tekruo-t1a.pmtpa.wmflabs 10.4.1.60 output: USERS OK - 0 users currently logged in [04:47:12] RECOVERY Disk Space is now: OK on xn--tekruo-t1a.pmtpa.wmflabs 10.4.1.60 output: DISK OK [04:47:52] RECOVERY dpkg-check is now: OK on xn--tekruo-t1a.pmtpa.wmflabs 10.4.1.60 output: All packages OK [04:48:02] RECOVERY Free ram is now: OK on xn--tekruo-t1a.pmtpa.wmflabs 10.4.1.60 output: OK: 895% free memory [04:49:22] RECOVERY Total processes is now: OK on xn--tekruo-t1a.pmtpa.wmflabs 10.4.1.60 output: PROCS OK: 84 processes [04:50:53] RECOVERY Current Load is now: OK on xn--tekruo-t1a.pmtpa.wmflabs 10.4.1.60 output: OK - load average: 0.05, 0.54, 0.56 [05:45:04] Is there anyone here familiar with FoxyProxy? [05:56:32] RECOVERY Current Load is now: OK on parsoid-roundtrip7-8core.pmtpa.wmflabs 10.4.1.26 output: OK - load average: 4.84, 4.73, 4.96 [06:30:54] PROBLEM Total processes is now: WARNING on parsoid-spof.pmtpa.wmflabs 10.4.0.33 output: PROCS WARNING: 157 processes [06:32:24] PROBLEM Total processes is now: WARNING on vumi-metrics.pmtpa.wmflabs 10.4.1.13 output: PROCS WARNING: 151 processes [06:32:54] PROBLEM Total processes is now: WARNING on parsoid-roundtrip4-8core.pmtpa.wmflabs 10.4.0.39 output: PROCS WARNING: 151 processes [06:35:54] RECOVERY Total processes is now: OK on parsoid-spof.pmtpa.wmflabs 10.4.0.33 output: PROCS OK: 150 processes [06:47:53] RECOVERY Total processes is now: OK on parsoid-roundtrip4-8core.pmtpa.wmflabs 10.4.0.39 output: PROCS OK: 147 processes [06:52:22] RECOVERY Total processes is now: OK on vumi-metrics.pmtpa.wmflabs 10.4.1.13 output: PROCS OK: 147 processes [07:23:52] PROBLEM Total processes is now: WARNING on parsoid-spof.pmtpa.wmflabs 10.4.0.33 output: PROCS WARNING: 152 processes [09:34:33] PROBLEM Current Load is now: WARNING on parsoid-roundtrip7-8core.pmtpa.wmflabs 10.4.1.26 output: WARNING - load average: 4.85, 5.32, 5.16 [09:44:33] RECOVERY Current Load is now: OK on parsoid-roundtrip7-8core.pmtpa.wmflabs 10.4.1.26 output: OK - load average: 5.27, 4.88, 4.98 [10:39:52] PROBLEM Total processes is now: WARNING on parsoid-spof.pmtpa.wmflabs 10.4.0.33 output: PROCS WARNING: 152 processes [10:49:52] RECOVERY Total processes is now: OK on parsoid-spof.pmtpa.wmflabs 10.4.0.33 output: PROCS OK: 150 processes [11:38:53] PROBLEM Total processes is now: WARNING on parsoid-spof.pmtpa.wmflabs 10.4.0.33 output: PROCS WARNING: 152 processes [12:20:07] Hello all! Somebody here? ;) [12:22:34] DrTrigon: just look around. if you don't see any people, obviously not... ;-) [12:28:24] Danny_B|backup: ;)) ...ok the correct question would have been: "Somebody awake and aware that (s)he is logged in?" ... [12:29:33] PROBLEM Current Load is now: WARNING on parsoid-roundtrip7-8core.pmtpa.wmflabs 10.4.1.26 output: WARNING - load average: 4.58, 5.01, 5.04 [12:30:09] ...I have a question related to cron(tab) and how to run jobs? Can you help? [12:30:57] DrTrigon: you asked about somebody _there_ (from your point of view _here_) so i was assuming that you can look around in your room and see if somebody is there... ;-) [12:31:52] DrTrigon: nope, sorry, i can't help with anything on labs... [12:32:48] Danny_B|backup: ...aa I see - to early in the morning HERE (at least I feel so) in order to understand you... ;))) [12:33:07] ...to bad - so I have to wait some hours... :) [12:34:34] RECOVERY Current Load is now: OK on parsoid-roundtrip7-8core.pmtpa.wmflabs 10.4.1.26 output: OK - load average: 4.83, 4.94, 5.00 [12:36:53] PROBLEM Total processes is now: WARNING on parsoid-spof.pmtpa.wmflabs 10.4.0.33 output: PROCS WARNING: 152 processes [14:04:29] Damianz, are you lurking? I'm trying to svn update on bots-3 for pywikipedia and I get a [14:04:29] svn: Can't open file '.svn/lock': Read-only file system [14:04:29] error [14:05:08] Is it on your home? [14:05:31] box needs rebooting, didn't really want to kill beet's bots though [14:05:44] yes it should be in my home folder [14:05:59] ah, if I go to bots-4 should it work? [14:06:16] or is it the whole bots? [14:06:17] yes [14:06:21] bots-4 will work [14:06:25] but that won't update bots-3 [14:06:30] 3 is on a seperate mount [14:06:36] I'll reboot 3 in a min [14:07:19] ok thanks [14:10:44] should be ok now [14:13:27] Cannot write to “logstash-1.1.5-monolithic.jar” (Success). -.- [14:17:05] works, thanks [14:20:23] PROBLEM Free ram is now: WARNING on dumps-bot2.pmtpa.wmflabs 10.4.0.60 output: Warning: 19% free memory [17:45:54] Has anyone got FoxyProxy working? [17:57:31] techman224: yes, in firefox [17:57:37] techman224: it doesn't work in chrome [17:58:10] Ryan Lane, how do you get it to work for .wmflabs? [17:58:56] techman224: did you see: https://labsconsole.wikimedia.org/wiki/Help:Access#Troubleshooting_the_proxy ? [17:59:39] specifically the part about network.proxy.socks_remote_dns in about:config? [18:00:59] Ryan_Lane, I was trying to use chrome, but it didn't work [18:01:15] last time I tried foxyproxy in chrome it didn't work either [18:07:30] <^demon> Ryan_Lane: So, it turns out if a user's logging in to gerrit for the *first* time, they can auth with their e-mail instead of cn. [18:08:27] <^demon> And then their gerrit external_id is an e-mail addy, instead of their cn. This isn't inherently bad for gerrit, but it's a) inconsistent and b) actually breaks git-review (doesn't git-review suck?) [18:11:39] ugh [18:11:52] what happens if they then log in with their cn later? [18:12:27] <^demon> Dunno. I tried logging in with e-mail (since mine's tied to cn as it should be), but it didn't work. [18:13:23] <^demon> I'm curious why gerrit would do that, we have accountPattern = (&(objectClass=person)(cn=${username})) [18:13:47] <^demon> Maybe a bug. Maybe a "feature" [18:14:34] Ryan_Lane, I've set network.proxy.socks_remote_dns, but it's still not working [18:14:58] techman224: this is using firefox? [18:15:05] techman224: also, did you set up patterns? [18:15:40] Ryan_Lane, i'm using firefox and I'm using patterns [18:15:52] https://labsconsole.wikimedia.org/wiki/MediaWiki:Foxy-proxy-labs?action=raw [18:16:26] set your mode to use labs specifically [18:16:35] what are you trying to access inside of labs? [18:16:57] Ryan_Lane, instances [18:17:01] try visiting this: http://testing-amf.pmtpa.wmflabs/ [18:17:35] Ryan_Lane, no luck [18:17:52] when you ssh into bastion, you are using -D? [18:18:06] Ryan_Lane, yes, ssh techman224@bastion.wmflabs.org -D 8080 [18:18:17] does this work when you don't use foxy proxy, but set your proxy settings directly? [18:18:41] Ryan_Lane, yes it works if I route everything through [18:18:59] maybe the patterns are wrong... [18:22:26] Ryan_Lane, are you checking them? [18:22:53] techman224: hm. it seems my rules use 8082, not 8080 [18:23:17] Ryan_Lane, that's why. [18:24:41] You might want to change that [18:25:23] does it work now? [18:26:01] I changed the docs to reference 8082 [18:28:51] Ryan_Lane, still not working [18:29:10] Still works if I route everything [18:29:51] oh [18:29:55] it seems these are just pattens [18:30:03] it doesn't define the proxy itself [18:30:09] did you go into the foxyproxy rules? [18:30:39] you need to set localhost:8080 as your host and port [18:30:51] well, localhost as the host, and 8080 as the port [18:30:57] I'm going to change the docs back to 8080 [18:33:42] It works now [18:34:45] ah, great [18:34:55] I should probably expand the docs on foxyproxy to specify that [18:35:00] * Damianz stabs puppet to death [18:36:31] there we go, added more info to the foxyproxy information [18:37:21] Ryan_Lane, now it stopped working [18:37:27] o.O [18:41:02] I don't know what happened [18:41:56] I think it's still trying not to use the proxy [18:42:32] Everytime I try to connect to my instance the fox blinks the default. [18:44:17] hi guys [18:47:22] Ryan_Lane, any luck yet? [18:48:00] techman224: does this work? http://testing-amf.pmtpa.wmflabs/ [18:48:37] Ryan_Lane, nope, in fact, I think it never worked, it was just cached [18:48:55] it couldn't have been cached if it never worked ;) [18:49:01] when I turn the proxy on for everything [18:49:13] ah, it works when you turn on the proxy for everything? [18:49:21] Yes [18:49:26] then the pattern is wrong [18:49:54] my pattern is: ^https?://.*\.pmtpa\.wmflabs/.*$ [18:49:59] and marked as a regular expression [18:50:40] I have a similar one for the zone that isn't up yet: ^https?://.*\.eqiad\.wmflabs/.*$ [18:51:26] Ryan_Lane, it's working now [18:51:32] I'm using ^https?://.*\.pmtpa\.wmflabs/.*$ [18:51:42] ok. let me update the patterns on the wiki [18:52:15] Ryan_Lane, FYI, when trying http://testing-amf.pmtpa.wmflabs/, I'm getting "The proxy server is refusing connections" [18:53:02] but it's working for your instances? [18:53:25] Ryan_Lane, yes [18:53:33] well, that makes no sense ;) [18:56:42] PROBLEM Free ram is now: CRITICAL on dumps-bot1.pmtpa.wmflabs 10.4.0.4 output: Critical: 5% free memory [19:35:38] hi [19:36:37] 12/28/2012 - 19:36:37 - Updating keys for itu at /export/keys/itu [19:37:47] ok, im in .... [19:51:54] 12/28/2012 - 19:51:54 - Updating keys for mwang at /export/keys/mwang [19:53:09] !log titleblacklist root www directory set to use /srv/mediawiki folder using mod_rewrite in sites_available [19:53:12] Logged the message, Master [20:37:04] 12/28/2012 - 20:37:04 - Updating keys for mwang at /export/keys/mwang [20:42:43] !log titleblacklist Installed TitleBlacklist extension from git and checked-out patch at https://gerrit.wikimedia.org/r/#/c/40774/ [20:42:46] Logged the message, Master [20:44:58] !log bots installed liblua5.1-0-dev on bots-4 [20:45:00] Logged the message, Master [20:45:50] Ryan_Lane, where did the mediawiki install on nova-precise1 come from? Puppet, installed by hand, copied from virt0, ?? [20:46:07] installed by hand [20:46:12] using puppet should be fine [21:04:48] I have a question related to cron(tab) and how to run jobs... any volunteer? ;) [21:07:59] you can use cron [21:19:10] DrTrigon: what's the question? [21:23:11] Ryan_Lane: Whats "the correct way" of using cron in order to keep infinitely running jobs alive? Or may be more general, whats "the correct way" of staring jobs? Is there a queue? [21:23:27] cron is fine [21:23:47] it would be ideal if the crons were documented on the project page [21:23:55] so that we know how things are running [21:24:24] we may have a queue at some point, but I think it won't be necessary for most things [21:24:52] shared resources aren't as much a problem in labs as they are on toolserver [21:24:52] I wrote a "watchdog" script which is started by cron once per hour and checks if the process belongign to the pid is still alive... but I am not that experienced in bash scripting and might have messed something up... [21:25:02] database queries will be a problem at some point, though [21:25:18] (ok I see... ;) [21:26:09] db queries are more of a problem for replicas [21:26:19] tbh bots has a cron killing long running queries currently ;) [21:26:22] Damianz: that's what I mean [21:26:31] oh, does it? [21:26:36] yeah [21:26:38] good to know [21:26:44] or it did, if the server hasn't been installed [21:26:51] really need to sort puppet out for those boxes [21:26:53] heh [21:27:25] Damianz: so my watchdog and the killer do "fight" against each other... ?!? [21:27:29] ;)) [21:28:27] well mine runs https://gerrit.wikimedia.org/r/#/c/26441/36/modules/labs-bots/files/mysql/querykiller.pl every min IIRC [21:28:34] so 5min = long [21:28:38] which for bots... it is [21:28:39] Ryan_Lane: ...so generally speaking; I am doing what I am supposed to...? [21:28:49] yep [21:29:11] imo 6min for a mysql query on those crap servers is more than enough :D not had anyone complain in the past 3month either [21:29:17] Ryan_Lane: good. thanks a lot!!! [21:29:27] DrTrigon: you're welcome [21:29:54] Damianz: I have the strong impression that my bot on bots-4 runns longer than 5mins without beeing killed... good or bad? [21:30:06] db queries? [21:30:10] possibly, doubtful [21:30:17] no irc bot [21:30:22] that's fine [21:30:29] no! it is an irc bot. [21:30:29] we need to re-install those boxes to precise and give more ram and disk to them [21:30:34] he's talking about individual queries against the database [21:30:41] Damianz: yeah [21:30:44] don't do process tracking [21:30:48] aaa I see! ok! [21:30:49] though that WOULD be cool [21:30:53] actually for nr instances I want to [21:31:02] nr instances? [21:31:03] in the control stuff we should track ram/cpu time and disk usage per bot [21:31:07] root only [21:31:12] or actually [21:31:13] no root [21:31:17] but allow 'infinite' too, please... ;))) [21:31:19] except me/petan/you etc [21:31:53] but eventually we should have auto restart/migrate stuff if you suddenly go from 1% memory usage to 99% memory usage because that's evil and you can have your own instance [21:31:53] then another thing; I have a puppet module to be installed on bots-apache01 [21:32:07] Ryan_Lane: Btw you seen ZeroRPC? It's freaking cool, sadly lacking auth though [21:32:18] zerorpc? [21:32:26] yeah [21:32:32] zerorpc.dotcloud.com [21:32:54] rpc ontop of zeromq that lets you use python stuff remotly like it's local with stacktraces and stull brought over transparently [21:32:58] heh [21:32:59] stuff* [21:33:05] with no auth that's incredibly dangerous :) [21:33:09] yeah [21:33:13] but with auth, that's awesome [21:33:34] you can have salt kind of act like this [21:33:38] with auth [21:33:47] yeah [21:33:54] difference with salt is you have to write modules [21:34:01] it would be really interesting to have this integrated with salt [21:34:05] this lets you take /any/ python module/function etc, expose as rpc and boom [21:34:09] so freaking cool [21:34:16] yeah it would [21:34:20] pretty sure you could do it [21:34:28] yeah [21:34:50] well, everything needs to go through the master in salt [21:34:56] it looks like this has direct connections [21:35:12] yeah [21:35:23] though, when salt supports proper clustering (if ever) that's not really an issue [21:35:26] so, there'd be some level of indirection [21:35:40] not that indirection is actually a problem [21:35:47] it's just pub/sub anyway [21:35:51] like understanding clusters as well as clustering would make salt awesome for cross site delegation of masters with redundancy [21:37:18] I have a puppet module to be installed on bots-apache01, what do with it? ;) [21:37:46] afaik it's not setup in puppet yet, but get it in gerrit and it can get assigned as a class... can allways move later [21:37:57] DrTrigon: it needs to be pushed into gerrit [21:38:21] into operations/puppet repo in the modules directory [21:38:23] which one? what path? [21:38:30] ;)) [21:38:52] Do I have access there? What file? [21:39:05] everyone can push into any repo in gerrit [21:39:12] labs and gerrit are integrated [21:39:26] ...yes, of course... ;) [21:39:46] git clone https://gerrit.wikimedia.org/r/p/operations/puppet [21:40:24] thanks! ...give me some minutes... ;) [21:40:26] btw.: when will there be user git repos available? [21:40:28] * Ryan_Lane nods [21:40:35] we'll need to review it before it gets merged [21:41:00] user repos or puppet module? [21:41:16] puppet module [21:41:41] we still need to work out how we'll handle bot and tool repos [21:41:43] 12/28/2012 - 21:41:43 - Updating keys for russblau at /export/keys/russblau [21:41:45] ^demon: any opinion there? [21:41:53] ^demon: my thought is a repo per bot or tool [21:41:56] and not user repos [21:43:02] that's fine too! at least 1 repo per user ;)) [21:43:15] Ryan_Lane: puppet: http://pastebin.com/3AK4vF5B [21:43:16] well, per bot, or tool ;) [21:43:23] I'm mixed tbh [21:43:34] if we're handling deps in puppet and deployment in salt that's annoying [21:43:46] though salt ftw for deployment and control really [21:43:49] Damianz: why? [21:44:13] hm. I think it would be better to have a bots module [21:44:14] Ryan_Lane: Duplication of effort, using sates for package deps would make more sense for re-usability but then breaks from prod [21:44:28] and a manifest inside of that called "packages" [21:44:30] I was going for everything under labs-bots:: or such, but then updating code sucks [21:44:36] and package conflicts are insane in puppet [21:44:41] inside of packages we'd have all packages needed, listed by dependency on bot [21:44:47] yay for not being able to define a package twice on a server -.- [21:44:52] yes. stupid [21:44:58] puppet is a pain in the ass in that regard [21:45:13] ideally we'd have a base for the server (like I have) [21:45:25] then each bot would be under like bots::bot with it's setup [21:45:28] oh, we need to merge your stuff in ;) [21:45:44] but it also depends on if we're going PaSS style or just single not bleh [21:45:56] PaSS would be ftw for bots really, but then supporting deps is harder [21:45:58] or easier [21:46:01] depending how you see it [21:46:11] and yeah.... should merge it and start using it so we can migrate boxes about :P [21:46:14] PaaS? [21:46:19] <^demon> Ryan_Lane: Hadn't really thought about it. Whatever authors want is fine by me really. [21:46:25] platform as a service [21:46:32] ^demon: I'd very much like to avoid per-user [21:46:40] in this case I'm refering to labs as more IaSS than PaSS... though labs is really PaSS [21:46:41] <^demon> Oh yes. That would suck. [21:46:42] <^demon> A lot. [21:46:45] it inhibits collaboration [21:46:46] or weill be when we support stuff really [21:46:55] <^demon> Well that, and it'd be a pain in the ass to maintain. [21:46:58] Damianz: what's PaSS? [21:47:01] <^demon> And I don't want to be stuck maintaining it. [21:47:05] agreed [21:47:09] Ryan_Lane: [21:46:25] platform as a service [21:47:19] PaaS not paSS [21:47:22] I just can't type [21:47:23] heh [21:47:32] ok, that's why I was confused :) [21:47:32] <^demon> Ryan_Lane: So, less repos is probably better. Maybe group them by type? [21:47:35] I know what PaaS is :) [21:47:42] <^demon> bots/irc, bots/editing, whatever. [21:47:46] typing is hard with a broken finger [21:47:49] well.... [21:47:52] that's problematic in a way [21:48:05] idaelly we'd kill ops/puppet imo [21:48:11] because then you need to deal with +2 and merge rights [21:48:12] have a repo per module, everything is module [21:48:18] 1 repo with glue and submodules [21:48:18] Damianz: that's too hard :( [21:48:25] heh it's how I do it :P [21:48:33] <^demon> People think submodules are hard. [21:48:35] we've talked about it [21:48:46] submodules are easy if you understand them [21:48:50] just forget svn [21:48:52] <^demon> Yes, well. [21:48:58] <^demon> People *think* they're hard. [21:49:02] oh btw [21:49:05] <3 puppet envs [21:49:07] we need to use them [21:49:10] makes sexy [21:49:39] Damianz: we need everything to be a module to use them [21:49:52] Damianz: we'd use envs if we could [21:50:05] <^demon> Ryan_Lane: So, re: repos, whatever bot authors want really doesn't bother me. But I'm vetoing repo-per-user for that. [21:50:08] really? [21:50:10] <^demon> Anything reasonable is fine. [21:50:22] I actually have all my manifests and everything under seperate env dirs [21:50:39] Damianz: you can't really use envs without modules [21:50:41] would suck for using them properly though [21:50:54] ^demon: yes, but I'd like repo per bot or repo per tool [21:51:10] otherwise we need to deal with +2 and merge rights [21:51:19] I'd say neither on force tbh [21:51:36] Damianz: ? [21:51:36] Like some bots (say cbng) are multiple bots and tools, which can run seperatly or together [21:51:42] <^demon> Ryan_Lane: Define "deal with?" [21:51:51] So in some cases multiple under 1 module makes sense, toher times seperate makes sense [21:51:59] I'd go for against owner module with 'their' bots under [21:52:02] though [21:52:05] ^demon: user A has a bot, and user B has a bot. they are in the same repo. who owns the repo? [21:52:26] maintainer [21:52:29] bots users have access [21:52:38] who's the maintainer? [21:52:57] well they might or might not be involved [21:53:04] what about 2 copies of the same bot for different wikis [21:53:06] if every bot has a repo, then they can manage their own bot [21:53:10] that should be 1 repo with 2 conifgs really [21:53:14] sucks duplicating code [21:53:18] true [21:53:32] though on the other hand [21:53:36] 1 bot has a hack, needs 2 repos [21:53:38] do we put it all in one repo, and let everyone have +2/merge [21:53:39] ? [21:53:51] allmost need github's lets use 1 repo that looks like 2 and diff from them :D [21:54:17] if you limit +2 for everything to project members that's kinda sane [21:54:23] since they can do everything anyway [21:54:29] so not reallt exposing security [21:56:08] <^demon> Only problem with putting things in a single repo is, if someone commits a huge file to their place in the tree, you still have to fetch giant objects you don't care about. [21:57:13] Ryan_Lane: Sorry for interrupting; does the puppet module http://pastebin.com/3AK4vF5B looks reasonable? [21:58:45] ^demon: yeah, that does suck [21:59:01] DrTrigon: not really. puppet will fail if the same package is defined more than once on a system [21:59:15] DrTrigon: if every bot lists its packages, we'll have conflicts [21:59:33] we should probably add these packages into Damianz's bots module [21:59:56] The main blocker for that module is decding if we're supporting it at base or per user [22:00:07] But due to package conflicts we're kinda forced to base [22:00:14] Messy for figuring out old, no longer required stuff tho [22:00:28] andrewbogott: mind a review? https://gerrit.wikimedia.org/r/#/c/41183/1 [22:00:41] Damianz: I'd prefer base [22:00:42] Sorry - I have to applogize right now - have to go for lunch - I will come back soon... (stay tuned! ;) [22:00:50] DrTrigon: ok. see ya [22:00:58] <^demon> Ryan_Lane: Benefit of single repo: we could have bots authors define their packages in some shared way, so puppet can pull that info from a single place. [22:01:03] <^demon> Might make *that* part easier. [22:01:05] Damianz: I'd like to document dependencies for bots [22:01:06] I'll copy them into mine and push up for review in a few [22:01:16] Ryan_Lane: Sorry but human docs suck ass [22:01:17] Damianz: cool, thanks [22:01:22] out of date as soon as they're saved [22:01:26] true [22:01:27] * Damianz is a fan of self documenting systems [22:01:38] but it's impossible to do this properly in puppet [22:01:43] yeah :( [22:01:46] I guess it's possible to use if defined [22:01:56] but that's so fucking ugly [22:01:57] that is just ugly and should do it by default [22:02:12] We could just do it all in salt... not really mature enough though [22:02:21] no. we're not using salt for that [22:02:30] you'll get me in trouble :) [22:02:35] :D [22:02:39] I promised not to use salt for states [22:02:47] 'hey we use this in labs', 'lets do it in prod!' [22:03:19] The really nice thing about states is you can run them real time and have them enforce [22:03:24] yes [22:03:25] stupid hey I'm running, lets block [22:03:34] <^demon> Well, after a day of trying to find a way to do this, the answer is "you'll have to write a new api." [22:03:41] ^demon: for what? [22:03:54] <^demon> Gerrit crap. Last bit of cleanup to uuid that Shawn's asking for. [22:03:58] ah [22:04:08] I can't wait for 2.6 [22:04:42] <^demon> Me too. I've fixed all the bugs in the patch. Only thing left is a cosmetic fix that turns out to be a pita. [22:04:47] <^demon> oh well, life goes on. [22:04:51] :D [22:04:58] ^demon: You know you want to fork it :D [22:05:10] <^demon> What could would forking it do me? [22:05:10] LDAP stuff, right? [22:05:13] <^demon> Yes. [22:05:21] Fix all the things [22:05:26] So much room to play [22:05:30] * Damianz thinks of more meme lines [22:05:37] <^demon> Fixing things upstream is nice. [22:05:42] <^demon> Then people go "Thank you Chad." [22:06:01] Do they send you whiskey at christmas? [22:06:12] <^demon> No. [22:06:18] That sucks [22:06:27] <^demon> And on that note, it's 5 o'clock on a friday. Later folks. [22:06:31] bye ^demon [22:06:33] happy new year [22:06:35] * Damianz waves [22:16:50] Damianz: maybe a review from you? :) https://gerrit.wikimedia.org/r/#/c/41183/ [22:19:24] looks ok [22:23:26] So do you think stuff should be included under like https://gerrit.wikimedia.org/r/#/c/26441/38/modules/labs-bots/manifests/application.pp [22:26:13] yeah [22:26:27] should "latest" be used? [22:26:55] security updates are being applied by apt config [22:27:37] ok. let's see if I break labsconsole [22:28:14] ough [22:28:15] ouch [22:28:16] yeah [22:28:17] broken [22:34:12] probably [22:34:30] we could stick to a version but then we get into bot a needs meh, bot b needs meh 3 [22:34:36] though auto updating is probably bad [22:34:45] manually bumping versions across the board might be better [22:35:01] imo bots should live in virtualenvs anyway :D [22:37:23] heh [22:37:28] I disagree ;) [22:37:32] * Ryan_Lane hates virtualenv [22:39:39] makes depenandcy management easier [22:39:53] when you have dozens of apps tying them all to sys libs is a huge pita [22:43:12] bleh [22:43:26] I wasn't setting the username in the user object if one wasn't specified when creating the object [22:43:51] Damianz: yes, but it ensures that your apps are getting proper security updates [22:44:56] well sometimes you're running from head because packaging it takes forever [22:45:02] so that's a half invalid argument [22:45:23] I'm talking about ones maintained by the distor [22:45:25] distro [22:45:36] well, there's one bug fixed [22:46:34] Hello! I'm back again... if you have time to explain me the puppet thing...?! [22:46:45] DrTrigon: I think Damianz took care of you [22:46:59] DrTrigon: we have a large module that's waiting to be merged [22:47:13] we're including your packages in that [22:47:20] well it needs final testing again, merging, using on a new instance [22:47:22] ...so you integrated mine into that?! [22:47:34] yep [22:47:50] cool - thanks! I'll have a look! :) [22:48:03] DrTrigon: well, it needs to be merged first [22:48:17] might want to have those packages installed manually for now [22:48:34] do I have acces to that box? [22:48:45] I think that one is restricted [22:48:48] this is bots-1? [22:48:48] I'm kinda hoping that when we merge this we can just re-install the apache and mysql boxes and upgrade them/resize them at the same time [22:48:54] nr1 [22:48:57] Damianz: sounds sane to me [22:48:59] -1 is just full of crap [22:49:03] bots-nr1? [22:49:06] what's nr stand for? [22:49:08] Nop! It's bots-apache01 [22:49:10] no root [22:49:12] I think [22:49:13] ah [22:49:19] bots-apache1? [22:49:23] 01 is apache [22:49:28] it changed from 1 [22:49:34] someone re-installed it and broke it [22:49:35] why would these go on the apache box? [22:49:37] caused me pain [22:49:46] there's different files [22:49:47] userweb [22:49:49] application [22:49:50] db [22:49:52] or such [22:49:55] I need them for my web tools (cgi) [22:49:56] for server roles [22:50:02] we should add motd stuff into this too [22:52:41] Ryan_Lane: -ping- [22:52:52] * Ryan_Lane nods [22:53:00] Damianz: want to install, or want me to? [22:53:09] I don't necessarily know what to install where, though :D [22:53:11] if you could that would be great, about to hop in the shower [22:53:18] and cgi sucks, use gunicorn :D [22:53:27] (yeah we don't support that really) [22:53:37] install those four python packages on apache01? [22:53:49] support what? [22:54:04] bots-apache01, yes please! :) [22:54:27] gunicorn based running of stuff [22:54:36] like how you normally deploy python stuff [22:54:45] does gunicorn support python? ;) [22:54:56] gunicorn is python [22:55:01] it's based off unicorn which is ruby [22:55:05] ;))) even BETTER! [22:55:41] sound more like "gnoe-unicorn", should be named pyunicorn... ;)) [22:55:49] "gnome-unicorn" [22:56:25] hah. these four packages pull in another 94 packages [22:56:40] lovely [22:57:34] so I haz like a salt-master setup, replicated with rsync and accessible over a vip controlled by VRRP... now just to write something that does more than test.ping [22:58:12] ...as noted 'matplotlib' is huge... (sorry) [22:58:17] heh [22:58:18] it's ok [22:59:28] (I have a bot script using opencv and a lot more exotic stuff to come... ;)) [22:59:56] so I can watch the merge status on https://gerrit.wikimedia.org/r/p/operations/puppet? is that correct? [23:00:39] cool you can go logstash -> statsd -> graphite [23:01:09] ?!? [23:03:02] log processor, stats collector, stats storage/grapher [23:03:07] access log handling ftw [23:09:57] While we are talking about the apache server; one very last question for today: what to do in order to be able to display .log (text/plain) files instead of downloading them when clicking on it?? [23:13:04] Ryan_Lane: ^^^? [23:13:24] it downloads them right now? [23:13:43] I haven't really looked at the webserver config [23:14:27] yeah... I tried 'SetType' and 'SetHandler' in .htaccess but nothing helped... [23:15:11] look e.g. at http://bots.wmflabs.org/~drtrigon/DrTrigonBot/ [23:19:09] Ryan_Lane: ...so what to do? :) [23:19:34] DrTrigon: they are loading properly for me [23:19:37] in the browser [23:19:38] not downloaded [23:20:01] firefox? [23:20:04] ues [23:20:06] *yes [23:21:12] strange... I always get 'application'... hmmm - no idea - but thanks anyway and a lot for all your help and time today!!! [23:21:36] yw [23:21:47] all pretty now =D [23:23:00] Damianz: thanks to you too (also for yesterday and so on)!!! :)) [23:23:09] np [23:23:11] greetings and have a nice day! [23:24:16] gitolite is truly awful at formatting the repo list over ssh [23:24:21] heh [23:29:10] Though really bastion would tell you that ish [23:32:24] OK -- I deleted the stuff that I know definitively to be obsolete, which turns out to have been most of it [23:32:32] I'll ping VE peeps re: the rest. [23:34:07] The disks thin provisioned? IIRC you can reclaim space but you basically have to dd the image to a new one [23:34:58] andrewbogott, Ryan_Lane: BTW, trying to get franny (username either 'franny' or 'fran'; can't remember) access to the editor-engagement machines has turned into a multi-day saga; she keeps getting 'permission denied'. I asked her to document everything carefully and file a bug or e-mail labs-l, but it may be a bit before that happens. [23:35:34] ori-l: Last I heard she could access most machines but not 'kubo' and you couldn't access that one either [23:35:42] ori-l: seems I need to take some additional steps to get the space back [23:35:52] ori-l: will it be ok to shutdown and restart the instance? [23:36:00] Ryan_Lane: yes, definitely. [23:36:05] ok [23:36:24] andrewbogott: ditto instance 'piramido', though I can now ssh into kubo, but franny still can't. [23:36:54] franny can access piramido but not kubo, now? [23:37:16] kubo is still screwed up [23:37:24] gluster is having issues with the homedirs for some reason [23:37:55] andrewbogott: franny can't access piramido, either. i believe she also tried to create another instance altogether and couldn't access it, either. [23:38:29] Ryan_Lane: there's nothing on kubo I couldn't re-create with a bit of work, so if it'd make your life easier to nuke that VM out of existence, that's cool with me. [23:38:47] well, I'd like to figure out why it's broken [23:38:50] ori-l: So she can't access anything? [23:38:57] andrewbogott: I don't think so, no. [23:39:53] ori-l: Hm, no access is a pretty different problem from partial access. If she can't get into anything then probably something needs to change on her end. [23:40:05] She can ssh into bastion [23:40:34] Yeah, but -- probably a key-forwarding issue. [23:41:01] yeah, could be. franny, whenever you get this, could you check? :) [23:43:52] PROBLEM host: ve-roundtrip2.pmtpa.wmflabs is DOWN address: 10.4.0.162 CRITICAL - Host Unreachable (10.4.0.162)