[00:05:28] <Krenair>	 Platonides, is there even a certificate for that domain?
[00:08:16] <Jhs>	 i have no idea. the only thing is that it's bothering me that some tools are only returning http links and not https, since i'm not logged in when i go to http links
[00:08:44] <Jhs>	 to me it doesn't matter if it has a certificate, i just want my https links :P
[00:19:31] <Platonides>	 Krenair, I think there's a certificate for *.wmflabs.org, but only on a few machines
[00:19:39] <Platonides>	 Jhs, why would you be logged in there?
[00:19:51] <Platonides>	 wmflabs is not in SUL
[00:20:00] <Jhs>	 Platonides, not there. 
[00:20:06] <Krenair>	 We use a *.*.wmflabs self-signed cert for wikitech-test.wmflabs.org
[00:20:21] <Jhs>	 but some tools return links to wikipedia pages, and when i click them i am not logged in
[00:20:37] <Jhs>	 e.g. http://bots.wmflabs.org/~bene/items_by_cat.php?lang=no&cat=Kirker+i+S%C3%B8r-Tr%C3%B8ndelag&missing=on
[00:20:39] <Krenair>	 It's invalid, but works if you really just want HTTPS without checking the identity of the host
[00:20:45] <Platonides>	 there's https everywhere
[00:21:05] <Jhs>	 Platonides, the browser addon?
[00:21:08] <Platonides>	 yes
[00:21:14] <Platonides>	 I can't suggest a better fix...
[00:21:55] <Platonides>	 well, I guess mediawiki could give you a http cookie to make it redirect you to https
[00:22:40] <Jhs>	 thanks, that works beautifully
[00:22:44] <Platonides>	 but that wouldn't really give security
[00:22:49] <Jhs>	 i knew of its existence before, but never actually tried it
[00:22:50] <Platonides>	 oh, fine :)
[00:23:04] <Jhs>	 guess i forgot to try it out. but i just did, and it works great :D
[00:23:39] <Platonides>	 I'm glad it was so easy to 'fix' your problem :)
[00:23:57] <Jhs>	 :)
[00:24:53] <Platonides>	 good night!
[01:48:18] <jeremyb_>	 Ryan_Lane: Krenair: wow, i never would have imagined someone was thinking password hashes. :(
[01:48:33] <jeremyb_>	 he couldn't possibly have read Ryan_Lane's earlier mail on that thread and though that, right?
[01:49:11] <Krenair>	 I can see how you would easily misunderstand from the word 'salt' alone
[01:49:20] <Krenair>	 But the rest of the context...
[01:50:17] <jeremyb_>	 i mean he's even subscribed to wikitech-l afaik
[01:50:33] <jeremyb_>	 but who knows how much he reads. i certainly don't read everything on that list
[10:12:21] <Wikinaut>	 Ryan_Lane: good morning, master
[10:15:03] <Wikinaut>	 openid: _instead_ of insane ignoring-verfication-failures, we could think of supply data curl option CURLOPT_CAINFO 
[10:16:16] <Wikinaut>	 and CURLOPT_CAPATH . see CURLOPT_CAINFO 	The name of a file holding one or more certificates to verify the peer with. This only makes sense when used in combination with CURLOPT_SSL_VERIFYPEER. 	Requires absolute path.
[10:16:17] <Wikinaut>	 CURLOPT_CAPATH 	A directory that holds multiple CA certificates. Use this option alongside CURLOPT_SSL_VERIFYPEER. 
[10:16:30] <Wikinaut>	 http://www.php.net/manual/en/function.curl-setopt.php
[10:17:07] <Wikinaut>	 as optional key in $wgOpenIDForceProviders array .
[11:30:37] <petan>	 @notify addsleep
[11:30:37] <wm-bot>	 This user is now online in #huggle so I will let you know when they show some activity (talk etc)
[16:17:25] <petan>	 addshore
[16:17:41] <petan>	 bnr1 is down o.O
[16:18:22] <petan>	 no it's not...
[16:21:18] <petan>	 @notify ceradon
[16:21:18] <wm-bot>	 I will notify you, when I see ceradon around here
[16:21:23] <petan>	 @seen ceradon
[16:21:23] <wm-bot>	 petan: Last time I saw ceradon they were quitting the network with reason: Quit: http://www.kiwiirc.com/ - A hand crafted IRC client N/A at 3/17/2013 3:03:57 PM (01:17:25.5907590 ago)
[16:24:35] <labs-logs-bottie>	 !log bots petrb: killing hang addshore processes from 1
[16:24:39] <labs-morebots>	 Logged the message, Master
[16:26:17] <petan>	 Coren is there a way to temporarily disable queue for certain host so that new jobs can't be submitted there but existing can continue running
[16:30:08] <scfc_de>	 Merlissimo: ^
[17:05:24] <labs-logs-bottie>	 !log bots petrb: qdeploying postfix
[17:05:29] <labs-morebots>	 Logged the message, Master
[17:15:25] <petan|wk>	 @notify ceradon
[17:15:25] <wm-bot>	 I will notify you, when I see ceradon around here
[17:19:14] <petan|wk>	 !log bots replaced exim4 and setup local delivery so that mail now works on local system
[17:19:16] <labs-morebots>	 Logged the message, Master
[17:19:26] <petan|wk>	 !log this will be very useful when debuggin problems with SGE
[17:19:26] <labs-morebots>	 this is not a valid project.
[17:19:32] <petan|wk>	 !log bots this will be very useful when debuggin problems with SGE
[17:19:34] <labs-morebots>	 Logged the message, Master
[17:21:43] <Ryan_Lane>	 petan|wk: it's very likely that puppet is going to break what you did
[17:21:56] <Ryan_Lane>	 also, direct mail almost always gets marked as spam
[17:21:57] <petan|wk>	 arrrgh
[17:22:06] <petan|wk>	 Ryan_Lane:  but this is localhost mail
[17:22:17] <Ryan_Lane>	 legal also doesn't want us storing mail
[17:22:17] <petan|wk>	 so that when system send a mail to root I can type # mail
[17:22:19] <petan|wk>	 to read it
[17:22:41] <petan|wk>	 what? how is reading system emails connected to legal?
[17:22:54] <petan|wk>	 these are mails from cron and daemons not people
[17:23:07] * Ryan_Lane  nods

[17:23:47] <petan|wk>	 is it possible to override this puppet config?
[17:23:53] <Ryan_Lane>	 not really
[17:23:59] <Ryan_Lane>	 it's in our base classes
[17:24:01] <petan|wk>	 or replace exim4 with postfix globaly - it's 20 times better
[17:24:06] <Ryan_Lane>	 hahahahaha
[17:24:09] <Ryan_Lane>	 dude. come on now
[17:24:11] <Ryan_Lane>	 it's email
[17:24:21] <petan|wk>	 postfix is seriously better
[17:24:25] <Ryan_Lane>	 no. it's not.
[17:24:29] <petan|wk>	 than exim?
[17:24:31] <Ryan_Lane>	 they are MTAs
[17:24:36] <petan|wk>	 yes, both are
[17:24:39] <Ryan_Lane>	 it doesn't matter what's being used
[17:24:48] <Ryan_Lane>	 we could use sendmail and it wouldn't matter
[17:25:07] <petan|wk>	 ok so how am I supposed to read system mails when that's the only way of reading logs from SGE?
[17:25:08] <Ryan_Lane>	 anyway, what's needed is a proper relay
[17:25:20] <petan|wk>	 sge produces only emails nothing else
[17:25:33] <petan|wk>	 if it had a nice log I would be happy
[17:25:48] <Ryan_Lane>	 and mark and paravoid have both mentioned they'd make one, when they got time
[17:26:01] <petan|wk>	 ok first step could be to disable that creepy alias of root
[17:26:14] <petan|wk>	 I hate when people from ops come here blaming us from spamming your inbox
[17:26:18] <petan|wk>	 it should never have been set up like that
[17:26:36] <petan|wk>	 almost no one on labs even knows it's redirected to your box
[17:26:56] <Ryan_Lane>	 the issue is that it goes to our normal relay
[17:27:02] <petan|wk>	 yes, indeed
[17:27:17] <Ryan_Lane>	 so, like I mentioned, the solution is to make a proper relay
[17:27:18] * Ryan_Lane  shrugs

[17:27:33] <petan|wk>	 I think the best solution would be to keep local inboxes - just as default ubuntu has so that 0 inboxes would get spammed
[17:27:44] <petan|wk>	 I don't want this emails to go to any real email
[17:27:49] <petan|wk>	 I want to keep them on that box
[17:28:09] <petan|wk>	 so that anyone with sudo can read them
[17:29:24] <petan|wk>	 getting 100000 mails from SGE is what noone wants
[17:29:25] <scfc_de>	 I'd prefer that as well as otherwise you always have some lag between when the mail was sent and when it can be read.
[17:30:01] <scfc_de>	 (But any kind of relay is better than /dev/null.)
[17:37:57] <petan|wk>	 also, Merlissimo is there a way to limit total memory usage per all jobs - not per 1 task
[17:38:22] <petan|wk>	 in SGE there is a way to limit memory per task but I need to drop queue when memory usage on 1 box exceed some value
[17:38:38] <petan|wk>	 total memory usage not of 1 task but of all taska
[17:38:40] <petan|wk>	 tasks
[17:39:51] <petan|wk>	 or Coren
[17:40:31] <petan|wk>	 exactly what I was predicting happened - one box got OOM, I would like to sort it out gracefully instead of Coren's way (killing)
[17:43:15] <petan|wk>	 by somehow flagging that box as unusable for job submitting so that no more jobs get submitted there
[17:43:27] <petan|wk>	 until this problem is solved
[17:45:54] <scfc_de>	 petan|wk: Do you mean hard limits or the limits supplied by users?
[17:46:32] <petan|wk>	 I don't know the difference
[17:46:50] <petan|wk>	 what I need is that if Xmb of ram is used the box is no longer used to launch new tasks
[17:47:02] <petan|wk>	 of total ram, not of ram per task
[17:47:12] <petan|wk>	 for example, one node has 8gb or
[17:47:15] <petan|wk>	 of ram
[17:47:23] <petan|wk>	 so that when 7.8 is used no more jobs go there
[17:47:32] <petan|wk>	 that's what I would like to set
[17:47:49] <petan|wk>	 but only limits I found are per task
[17:48:03] <petan|wk>	 I need per node
[17:49:56] <scfc_de>	 I thought that SGE does this by itself.  Toolserver has the ressource "virtual_free", but I don't know how the admin setup is done (cf. https://wiki.toolserver.org/view/SGE#Mandatory_resources).
[17:50:18] <petan|wk>	 it aparently doesn't do that itself :/
[17:50:25] <petan|wk>	 it only watches load
[17:50:29] <petan|wk>	 it doesn't care about ram
[17:52:07] <scfc_de>	 A quick google suggests that you need to define a consumable resource, and then specify its consumption per job.
[17:52:27] <labs-logs-bottie>	 !log bots petrb: somehow apache was installed to ibnr1 and no one logged it - next time log it and discuss before, deleting
[17:52:32] <labs-morebots>	 Logged the message, Master
[17:53:17] <Ryan_Lane>	 petan|wk: local inboxes are a great way for us to run out of disk space
[17:53:37] <Ryan_Lane>	 reading mail on a system sucks
[17:53:50] <Ryan_Lane>	 almost no one actually does it
[17:53:54] <Ryan_Lane>	 no one cleans it up
[17:54:21] <scfc_de>	 petan|wk: http://jeetworks.org/node/93
[17:54:47] <petan|wk>	 Ryan_Lane: that's problem of sysadmins of these boxes - they should configure their system properly
[17:54:53] <Ryan_Lane>	 hahaha
[17:54:59] <petan|wk>	 if there are no problems they will never have more than 1mb of mails per year
[17:55:04] <Ryan_Lane>	 I don't expect people to do things "right"
[17:55:08] <Ryan_Lane>	 I know better
[17:55:28] <petan|wk>	 scfc_de: thanks
[17:55:33] <Ryan_Lane>	 and no. it's not a problem for them
[17:55:35] <Ryan_Lane>	 it's a problem for me
[17:55:37] <addsleep>	 petan|wk: apache was on ibnr1? O_o
[17:55:44] <petan|wk>	 addsleep:  yes
[17:55:53] <Ryan_Lane>	 if their instances all eat all of their disk space, we're fucked
[17:56:55] <Ryan_Lane>	 local mail is a poor workaround to the problem
[17:57:09] <Ryan_Lane>	 a proper relay. that's the correct solution
[17:57:14] <addsleep>	 and petan|wk I tried to use complex values to restrict the spread of jobs on oge but they didnt seem to do anything when I tried.
[17:57:27] <petan|wk>	 aha :/
[17:57:54] <petan|wk>	 Ryan_Lane: but where do you want to relay that mail?
[17:58:04] <petan|wk>	 I don't want to receive million of mails to my personal box
[17:58:05] <Ryan_Lane>	 to projectadmins
[17:58:11] <Ryan_Lane>	 then stop using SGE?
[17:58:15] <petan|wk>	 eh
[17:58:18] <petan|wk>	 tell that to coren :>
[17:58:38] <Ryan_Lane>	 or make SGE not send you emails for everything?
[17:59:26] <scfc_de>	 SGE doesn't do that, BTW.
[17:59:28] <Ryan_Lane>	 I sure as hell don't want millions of emails writing to the local disks
[18:00:06] <Ryan_Lane>	 that would be such a huge waste of IO
[18:01:12] <saper>	 I give SGE explicit flags (-m be) to send me mail
[18:01:25] <petan|wk>	 scfc_de: whatever we are using then, it does that. Instead of writing log files it sends an email for every log entry
[18:01:58] <saper>	 No manual entry for qsub.
[18:02:00] <saper>	 perfect
[18:02:47] <saper>	 scfc_de: remember you asked me about local mail delivery if it's still broken
[18:03:29] <petan|wk>	 addsleep:  howcome your jobs were running on -1
[18:03:35] <petan|wk>	 when there was no entry in qstat
[18:03:53] <petan|wk>	 looks like your jobs went out of control somehow
[18:04:02] <petan|wk>	 maybe a bug in sge?
[18:04:03] <petan|wk>	 :o
[18:04:04] <addsleep>	 petan|wk: no idea...
[18:04:21] <scfc_de>	 saper: On Toolserver?
[18:04:24] <addsleep>	 my only cron is the cron on gs, so unless you messed something up when you edited it ;p
[18:04:25] <petan|wk>	 + if you do ps -ef on bnr1 you will see dozen of jobs that aren't supposed to run
[18:04:34] <saper>	 scfc_de: yes...
[18:04:34] <petan|wk>	 addsleep: nope lol
[18:04:41] <petan|wk>	 addsleep: I was just commenting / uncommenting etc
[18:04:55] <scfc_de>	 Which host?  DaBPunkt needs to restart aliasd then probably.
[18:05:42] <saper>	 scfc_de: no, I am not sure it's broken at all.. didn't test
[18:06:14] <scfc_de>	 saper: Ah, you mean some JIRA issue with River?
[18:07:25] <scfc_de>	 saper: https://jira.toolserver.org/browse/TS-955 ?
[18:10:03] <petan|wk>	 addsleep: almost no task is on bnr1 and it's overloaded :/
[18:10:14] * addsleep  goes to check

[18:11:58] <addsleep>	 109 processes...
[18:12:37] <addsleep>	 oh wait
[18:12:41] <addsleep>	 i was on bastion xD
[18:32:03] <saper>	 scfc_de: updated with https://jira.toolserver.org/browse/TS-955?focusedCommentId=22948#comment-22948
[18:53:06] <petan|wk>	 addsleep: did you fix it? log thigs
[19:04:38] <petan|wk>	 addsleep: ur too sleepy
[19:30:27] <petan|wk>	 !ping
[19:30:27] <wm-bot>	 pong
[19:49:47] <Wikinaut>	 Ryan_Lane: I think I have found a small problem with your OpenID patch two weeks ago. Can we talk ?
[22:36:48] <DixonD>	 Hi!
[22:37:50] <DixonD>	 Can anybody help to find out how to start working with wikilabs? I guess the Bots project is the most appropriate for me
[22:39:38] <Platonides>	 Hi DixonD
[22:40:04] <Platonides>	 you can create an account at https://wikitech.wikimedia.org/wiki/Main_Page
[22:40:28] <Platonides>	 you then need to be added to the bots project
[22:40:35] <Platonides>	 and also generic access to labs
[22:40:36] <DixonD>	 I have an account already
[22:41:01] <Platonides>	 can you connect to bastion?
[22:41:20] <DixonD>	 I have no idea(
[22:41:28] <Platonides>	 that's probably a no :P
[22:41:46] <DixonD>	 :)
[22:41:52] <Platonides>	 what's your username?
[22:42:02] <DixonD>	 DixonD
[22:43:02] <Platonides>	 I think you need to make a shell request
[22:44:26] <Platonides>	 !account
[22:44:26] <wm-bot>	 in order to get an access to labs, please type !account-questions and ask Ryan, or someone who is in charge of creating account on labs
[22:44:31] <Platonides>	 !account-questions
[22:44:31] <wm-bot>	 I need the following info from you: 1. Your preferred wiki user name. This will also be your git username, so if you'd prefer this to be your real name, then provide your real name. 2. Your preferred email address. 3. Your SVN account name, or your preferred shell account name, if you do not have SVN access.
[22:44:42] <Platonides>	 this is the old system...
[22:45:08] <Platonides>	 I see a ?Labslogbot creating requests, but it didn't make one for you
[22:45:14] <Platonides>	 and I don't know how to force it
[22:45:26] <Platonides>	 or a document
[22:45:41] <Platonides>	 you could create a page like those at https://wikitech.wikimedia.org/wiki/Category:Shell_Access_Requests manually
[22:46:11] <Platonides>	 I guess outstanding requests it will be checked by Ryan at some point
[22:46:20] <Platonides>	 I'm afraid I don't have karma to give you shell
[22:46:49] <DixonD>	 Ok, I'll do it that way
[22:46:52] <DixonD>	 thanks
[22:47:39] <Platonides>	 this may be the form: https://wikitech.wikimedia.org/wiki/Special:FormEdit/Shell_Access_Request
[22:48:17] <Platonides>	 the manual seemed to be https://wikitech.wikimedia.org/wiki/Help:Getting_Started
[23:04:50] <addsleep>	 petan|wk: nope, had to go back to work :P