[00:00:22] Coren: How? [00:03:51] http://ca1.php.net/manual/en/book.session.php [00:05:46] Coren: I mean how can a session prevent abuse? [00:05:54] Without requiring authentication I mean. [00:06:53] The same way relying on an IP would have? I mean, it depends entirely on your code, knowing "uniques" doesn't prevent abuse on its own. [00:36:38] Coren: An IP is much harder to fake than a session. [02:22:05] https://wikitech.wikimedia.org/wiki/Nova_Resource:Proposals/Documentation [02:22:08] https://wikitech.wikimedia.org/wiki/Nova_Resource:Proposals/Documentation [02:35:39] jeremyb: ? [02:40:17] scfc_de: that's for Pharos. we moved from #wikimedia-tech [02:40:48] scfc_de: https://wikitech.wikimedia.org/wiki/New_Project_Request/proposals says completed but it's not in ldap? [02:41:04] i think addshore messed up [02:41:13] Pharos was interested in that project [02:41:39] a kind of incubator for project scopes/models rather than just new langs for existing projects [02:42:24] in the case of e.g. wikivoyage you have some existing infra/community to demonstrate how it would work. but some projects don't already have a home [02:43:18] https://wikitech.wikimedia.org/w/index.php?title=Nova_Resource:Proposals says it was deleted in November. So Pharos should probably file a new request/reset the old one. [02:46:56] ahhh [03:53:36] petan|home: You maintain the huggle whitelist, right? [06:20:04] Hi someone around? [06:43:06] physikerwelt: I'm looking at your issue now [06:44:30] It's definitely a bug on our end, not sure what yet [06:47:35] physikerwelt: should be fixed [07:07:23] andrewbogott: I just checked https://wikitech.wikimedia.org/w/index.php?title=Special:NovaProject&action=configureproject&projectname=math [07:07:36] the shared storage option is checked [07:07:49] 'cause I checked it an hour ago :) [07:07:51] Things should work now [07:08:15] oh there is a different error now err: /Stage[main]/Base::Puppet/Exec[puppet snmp trap]/returns: change from notrun to 0 failed: No such file or directory - /home/physikerwelt [07:08:53] and another problem that might be realted I can login with the ip only but not with the hostname [07:09:27] I'll create a new instance... maybe the problem is that the instance was created after the setting was changed [07:13:18] Sure -- if the new instance is also broken save it and I'll log in and look. [07:13:35] There is a race condition where sometimes new instances can'd write to /home. A few minute wait and a reboot generally fixes that. [07:14:38] ok I could run puppetd -tv from the root user now [07:21:33] physikerwelt: So… working? [07:22:40] actually it seems to work http://ganglia.wmflabs.org/latest/?r=20min&cs=&ce=&c=math&h=math2&tab=m&vn=&mc=2&z=medium&metric_group=ALLGROUPS [07:23:23] do I have to do something specific to get the monitoring service running? [07:25:14] running puppet again prints the notice notice: /Stage[main]/Ganglia_new::Monitor::Service/Service[ganglia-monitor]/ensure: ensure changed 'stopped' to 'running' notice: Finished catalog run in 43.70 seconds [07:40:10] You shouldn't have to do anything. I don't know whether or not monitoring is working properly just now though. [08:10:03] ok bad luck [08:10:15] I found the the reason for the remaining error [08:10:16] err: /Stage[main]/Labs_vagrant/User[vagrant]/ensure: change from absent to present failed: Could not create user vagrant: Execution of '/usr/sbin/useradd -m vagrant' returned 12: useradd: cannot create directory /home/vagrant [08:10:49] obviously that doesn't work with a shared home folder [08:12:42] Damianz: i took what you said into account and will follow, thanks [08:13:56] matanya: ^^ did you mean me? [08:14:03] sorry [08:14:29] no, i meant the person i refered to :) [08:14:49] sorry... I just oversaw that [08:56:18] petan|wk: Poke? [08:56:47] . [08:57:00] petan|wk: You maintain the huggle whitelist, right? [08:57:09] yes [08:57:26] petan|wk: How do you prevent abuse? [08:57:38] Chuck Norris help with that [08:58:19] ..? [08:58:43] he reads the mind of people who are to abuse and kill them before [08:59:01] petan|wk: Ok, how do I hire him to do the same for my tools? [08:59:13] call him [08:59:22] like superman [09:00:15] petan|wk: And secondly, can wm-bot have functionality of !key is ./data/project/tool/script.py $1 [09:00:33] what do you mean [09:00:45] !key is ./data/project/tool/script.py $1 [09:00:46] You are not authorized to perform this, sorry [09:00:59] wm-bot: are you kidding me [09:00:59] Hi petan|wk, there is some error, I am a stupid bot and I am not intelligent enough to hold a conversation with you :-) [09:01:19] petan|wk: I.e. it will execute from the labs and message back the stdout. [09:02:14] yes it could have such a functionality but 1) it's not very secure 2) one would need to have write access to /data/project/ for this to work [09:02:56] wm-bot doesn't live on tools project wm-bota does though, and as you can see, wm-bota isn't very stable for that reason :P [09:03:00] @replag [09:03:00] Replication lag is approximately 00:00:00.6385410 [09:04:06] I mean, yes this is very simple to implement but as I said, it's pretty much insecure, I could do this for wm-bota though, surely NOT for wm-bot which is supposed to be production stable [09:04:39] petan|wk: 1) Less secure than our own webservice? 2) You mean it's only for labs people? [09:04:55] it would be more secure if that python script was executed as some special user or the tool itself, for that wm-bot would need to run as root though [09:05:14] a930913: define "our own webservice" [09:05:53] a930913: are you talking about wm-bot, the bot we have here in this channel, or software that wm-bot runs? [09:06:17] a930913: implementing this into this instance would be insecure, despite I could think of some secure solution [09:06:37] petan|wk: Insecure for wm-bot, or insecure for the labs are you talking about? [09:06:41] a930913: if you mean running your own instance of this bot that would do it just for your own purposes on tool labs, that is pretty simple [09:06:55] a930913: it's insecure for wm-bot [09:07:20] a930913: people could for example upload a python script that would kill wm-bots processes [09:07:37] petan|wk: Oh, I thought you meant for labs. [09:07:40] no [09:07:59] !log deployment-prep Restarted bits cache (CPU / mem overload) [09:08:00] Logged the message, Master [09:08:35] petan|wk: Isn't there the sudo bit or something? So it will only execute what it can run as the tool, not itself? [09:09:35] you mean setuid bit [09:09:45] that doesn't work for python very easily [09:10:00] for compiled binary that isn't interpreted it does though [09:10:14] Oh, because you run python, not the code. [09:10:33] So python people would have to wrap in in some bash? [09:10:34] a930913: I am wondering what you are trying to accomplish maybe it's already possible using other tools [09:10:44] no bash is also interpreted [09:10:54] you would need to use some real programming language, like c [09:11:59] a930913: you realize that you can already relay messages out of labs to irc using NetCat plugin? [09:12:03] maybe that is what you need [09:12:25] http://meta.wikimedia.org/wiki/Wm-bot#Relay_of_messages_from_scripts_and_other_tools [09:12:31] !relay is http://meta.wikimedia.org/wiki/Wm-bot#Relay_of_messages_from_scripts_and_other_tools [09:12:31] You are not authorized to perform this, sorry [09:12:34] meh [09:12:42] If you set the executable bit on a python, can't you execute it straight off? [09:12:50] petan|wk: I already have the relay. [09:12:52] !relay is http://meta.wikimedia.org/wiki/Wm-bot#Relay_of_messages_from_scripts_and_other_tools [09:12:52] Key was added [09:13:00] But no way of controlling it. [09:13:24] a930913: no, but there are some workarounds for this [09:13:55] physikerwelt: I changed the security groups for the 'math' project so that instances can be accessed from other eqiad instances. Previously things were set to pmtpa only, as per https://wikitech.wikimedia.org/wiki/Labs_Eqiad_Migration_Howto#Security_Groups [09:13:57] a930913: ok so you need a way to control something in labs using wm-bot let me think of that [09:14:47] a930913: do you really need it to execute something? or are you fine just with tcp message from wm-bot to some labs instance / port [09:15:23] andrewbogott: thank you [09:15:36] you need your tool living on tool labs to receive the information, so tcp message wouldn't be enough, you can't listen on tools project it's forbidden... mhm [09:15:42] physikerwelt: are you running into other problems currently? The last puppet run I checked looked clean to me [09:15:46] petan|wk: For instance, at the moment, I have wm-bot messaging my channel every five minutes, but that inhibits conversation, so being able to run !notify 60m and get it to do stuff in the labs would be useful. [09:16:08] Yes I can not use labsvagrant https://bugzilla.wikimedia.org/show_bug.cgi?id=62470 [09:16:59] a930913: ok this is probably possible I just need to think of a secure way to do this [09:17:49] petan|wk: Any message passing like redis could do it, but ideally it'd be passive. [09:18:02] andrewbogott: for some reason the labs-vagrant role does not run `sudo labs-vagrant provision` [09:18:04] you mean active? [09:18:19] because message to redis is pretty much the "passive" thing :P [09:18:38] physikerwelt: do you know if this is different between pmtpa and eqiad? I know nothing about labs-vagrant, have never used it... [09:18:47] petan|wk: But redis would mean actively listening for a message. [09:19:05] Ideally the message would be running a (passive) file. [09:19:06] from your tools point of view yes [09:20:10] you can already do this actively [09:20:17] if your channel is publicly logged [09:20:18] I don't know and I can not find out since we can not create new instances on pmtpa [09:20:27] you can select the message from sql database with channel logs [09:20:35] petan|wk: Well, wm-bot is always going to actively send the message, it's a matter of not having to actively check for said message. [09:20:42] physikerwelt: so you were not using it before? [09:20:52] andrewbogott: hey I need your help [09:21:04] andrewbogott: something happened to instance "bots-labs" I am trying to find out what it was [09:21:08] andrewbogott: I can't ssh there [09:21:10] andrewbogott: did you change that the user folders should be shared? [09:21:26] physikerwelt: in eqiad users folders are always shared I believe. [09:21:31] petan|wk: looking... [09:21:40] andrewbogott: labs-vagrant creates a local folder /home/vagrant [09:22:02] physikerwelt: it won't be local since /home is an nfs mount... [09:22:07] this user is the vagrant user (not a real user) that should not be shared [09:23:01] physikerwelt: so... [09:23:22] the role tries fails while executing [09:23:22] Execution of '/usr/sbin/useradd -m vagrant' returned 12: useradd: cannot create directory /home/vagrant [09:23:33] I guess the puppet class will need to be changed somehow? I would think that that would've been broken in most projects in pmtpa as well. [09:23:59] petan|wk: what project? [09:24:17] petan|wk: I see a bots-labs instance in pmtpa in project 'bots' is that what you're talking about? [09:24:35] andrewbogott: maybe you can comment that in https://bugzilla.wikimedia.org/show_bug.cgi?id=62470 [09:25:59] andrewbogott: yes [09:26:24] andrewbogott: it will be in pmtpa until https://bugzilla.wikimedia.org/show_bug.cgi?id=62234 get fixed [10:04:54] a930913: what is that [10:04:59] AV [10:05:16] Anti Vandal. [10:05:28] yes you can help of course [10:05:51] petan|wk: I mean you help with the browser version. [10:07:03] (03CR) 10Hashar: [C: 031] grrrit: Allow filtering based on branches [labs/tools/grrrit] - 10https://gerrit.wikimedia.org/r/116996 (owner: 10AzaToth) [10:07:05] I already don't even have the time for real huggle + I don't know javascript even a bit [10:07:57] Hehe. I thought as much. [10:07:58] (03CR) 10Hashar: [C: 031] grrrit: Pass betacluster messages to QA [labs/tools/grrrit] - 10https://gerrit.wikimedia.org/r/116997 (owner: 10AzaToth) [10:07:58] * a930913 wonders if anyone has any time anywhere these days. [10:07:58] (03CR) 10Hashar: [C: 04-1] "I dont think all repos should spam #wikimedia-dev" [labs/tools/grrrit] - 10https://gerrit.wikimedia.org/r/117662 (owner: 10AzaToth) [10:13:06] hashar: got a better idea? [10:15:44] AzaToth: yeah do not send bug branches notification all to -dev ? [10:16:00] grr [10:16:04] my english is crappy this morning [10:16:25] just leave them to their own channels [10:16:33] i.e. a change to pywikibot goes to #pywikibot [10:16:51] hashar: but do everything have a channel? [10:17:02] well by default it is sent to -dev already isn't it ? [10:17:07] no [10:17:43] perhaps it's the firehose channel... [10:17:48] no clue :-] [10:17:51] #mediawiki-feed [10:17:56] I would rather avoid having more spam added to -dev [10:18:07] specially for random extensions we (wmf) dont really care [10:18:08] about [10:19:02] does everything end up in the firehose channel? [10:19:22] seems so [10:20:46] hashar: Was just afraid that some people might make a commit request somewhere who is missed by everyone [10:21:30] AzaToth: you cam follow a project [10:22:52] AzaToth: plus that would ping the bug [10:22:58] and folks can always ask for review [10:23:14] (03Abandoned) 10AzaToth: grrrit: Send all bug commits to #wikimedia-dev [labs/tools/grrrit] - 10https://gerrit.wikimedia.org/r/117662 (owner: 10AzaToth) [10:23:46] ok, /me understand [10:24:14] hashar: /j #mediawiki-feed [10:24:24] good if you like schpaan [10:24:26] m [10:25:02] but... shouldn't it be #wikimedia-feed? [10:25:30] no idea [10:25:35] I dont care honestly :-] [10:25:53] I am most probably going to leave #wikimedia-dev entirely due to the spam occurring there :] [10:26:22] you mean people actually speaking? [10:26:44] if bots == people [10:26:47] heh [10:27:03] yea, it's a bit too spammy [10:28:54] hashar: perhaps default should be changed [10:29:08] at least that should remove all random extensions from -dev [10:33:35] (03PS1) 10AzaToth: grrrit: switch default channel [labs/tools/grrrit] - 10https://gerrit.wikimedia.org/r/117839 [10:35:09] hashar: ↑ [10:35:39] maybe ;-] [10:35:48] you wanna talk about it on wikitech-l maybe [10:35:58] to get more folks to bike shed about it hehe [10:36:24] bike shed? [10:36:54] a bike shed is where you park bikes [10:37:08] I know [10:37:14] don't know the verb though [10:37:17] if you were to build a nuclear station (a fairly complicated subject), nobody would cast their voice regarding the power plant [10:37:37] but everyone will have a different opinion regarding the color of the bike shed to be build next to the nuke station [10:37:43] ah [10:38:17] http://encyclopedia.thefreedictionary.com/Color+of+the+bikeshed is relevant :] [10:38:29] we made it a verb "to bikeshed" [10:39:19] a.k.a. BS [10:41:36] (03CR) 10AzaToth: [C: 031] grrrit: switch default channel [labs/tools/grrrit] - 10https://gerrit.wikimedia.org/r/117839 (owner: 10AzaToth) [10:41:39] * a930913 wonders why "hashar"+"bikeshed" rings a bell... [10:43:18] Hmm, might be confusing with a "hamish". [10:43:18] hashar: I can't +2 on https://gerrit.wikimedia.org/r/#/c/116996/3 [10:43:35] https://www.youtube.com/watch?v=a8fHgx9mE5U open source in explained with lego [10:55:19] a930913: +1 for more and better anti-vandalism tools as gadgets & Co (or MediaWiki extensions for that matter). Requiring some OS and installing external programs raises the bar for participation significantly. [11:09:02] scfc_de: Not to mention the security implications of passwords in third party applications. [11:09:04] !log deployment-prep Deleting http://simple.wikipedia.beta.wmflabs.org/wiki/MediaWiki:Robots.txt [11:09:06] Logged the message, Master [12:45:40] eww, scfc_de, got a nasty bug in Special:NovaProxy :/ [12:49:52] addshore: ? [12:50:16] if you view 2 projects at once all of te prexies get duplicated into the second project when viewing them [12:50:21] *the proxies [12:51:08] http://grab.by/v0du [12:52:00] That doesn't look right indeed :-). [13:04:31] Coren: Can you provide me some information about the hardware used for virt100x servers in eqiad (datasheet) [13:05:23] scfc_de: shall I bother fileing a bug or leave it to you? :) [13:06:06] addshore: You found it, you report it :-). [13:06:11] :P [13:06:42] Coren: I want to add some (nerdish) info to https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools/Overview [13:47:36] instance signwriting-ase10 has puppet administratively disabled. The command 'puppet Puppet configuration client --enable' reports unknown subcommand 'Puppet'. How can I reenable puppet? [13:53:16] scfc_de: for your convenience https://bugzilla.wikimedia.org/show_bug.cgi?id=62478 :P [14:12:01] Coren: ping [14:18:43] A proxy we are running, is for some reason running horribly slow! I do not know what the reason is. andrewbogott recently helped us change to a better proxy. I wonder if somebody could somebody look into this form me? The URL of the wiki is http://drmf.wmflabs.org/wiki/Main_Page [14:19:33] * addshore also appears to be having the above problem when his proxy is working :P [14:20:30] Right now I'm trying to edit a page and it's taken more than 5 minutes and I still can't see the Wikitext. [14:25:50] Howie: best bet is probably to file a bug [14:27:22] addshore: I've never done that before. How do you do that? [14:27:38] ah! After 10 minutes, I can finally see my Wikitext. [14:29:12] Howie: https://bugzilla.wikimedia.org/enter_bug.cgi?product=Wikimedia%20Labs [14:41:00] addshore: ok, I just submitted it. [15:03:18] I have a question: a tool using the new eqiad.wmflabs should be reachable through http://tools.wmflabs.org/mytoolname/ ? (I have also used "webservice start") [15:04:20] rotpunkt: ask. btw what's your tools name? [15:04:44] "personabot" [15:06:51] rotpunkt: what does qstat say? I can't find your tools httpd in http://tools-eqiad.wmflabs.org/?status [15:08:08] it works now, I didn't know of tools-eqiad.wmflabs.org, I was using http://tools.wmflabs.org [15:09:10] thanks, cya! [15:11:02] rotpunkt: yw. Now I see that you didn't migrate yet ;) [15:15:59] @hedonlil will http://tools-eqiad.wmflabs.org and http://tools.wmflabs.org be merged at the end of the migration? [15:16:13] rotpunkt: yep [15:17:05] ok, thanks again [15:18:11] rotpunkt: if you migrate your tool to eqiad it will be automatically proxied [15:18:18] rotpunkt: http://lists.wikimedia.org/pipermail/labs-l/2014-March/002160.html [15:20:47] actually I started writing the tool on eqiad.wmflabs.org because I started using labs yesterday [15:21:26] and Coren pointed me to it [15:22:35] so I have nothing at tools-login.wmflabs.org [15:27:03] btw great sw environment, congratulation to all [15:29:18] rotpunkt: ah my fault, I was looking for instead of for migration status, so everything is fine [15:30:12] @hedonil ok, thanks for checking [15:34:43] eqiad is too slow! [15:54:14] liangent: in what way? :P [15:57:10] addshore, Coren, andrewbogott_afk: what's the latest, best way to do mediawiki dev/get demo instances? still needs it's own dedicated projects/instances? how about docker?? :) [15:57:39] (last comment meatpuppeted by jeremyb) [15:58:12] !petan-build [15:58:13] make -j `getconf _NPROCESSORS_ONLN` deb-pkg LOCALVERSION=-custom [15:58:26] addshore: eqiad appears slower than pmtpa [15:58:47] as in network latency [16:01:07] Hi, is there somebody who can empty the cache of one of Magnus Manske’s tools? [16:01:17] It doesn’t seem working. [16:02:17] hei Coren, do you already have a schedule for the bugs blocked by the eqiad migration? relevant for me: Java Servlets (https://bugzilla.wikimedia.org/show_bug.cgi?id=54845), crosswiki joins [16:54:50] ireas: i read over that bug and it looks like something that mostly is something any user could work on? [16:55:01] (java) [16:55:27] jeremyb, I don’t know. In the first office hour, Coren told that this was blocked by the eqiad migration, but could be easily done afterwards. [16:56:23] Pharos: 10 16:02:17 < ireas> hei Coren, do you already have a schedule for the bugs blocked by the eqiad migration? relevant for me: Java Servlets (https://bugzilla.wikimedia.org/show_bug.cgi?id=54845), crosswiki joins [16:58:12] jeremyb, see https://meta.wikimedia.org/wiki/IRC_office_hours/Office_hours_2014-01-23#java-18-55-29 [16:59:59] jeremyb: A week or two after migration is over. Perhaps a bit earlier if things go well. [17:00:14] Coren: what's that? [17:00:37] jeremyb: Ah, nevermind, you were just repeating ireas's question. Pretend I was talking to him. [17:00:51] Coren: ok :) [17:00:58] Coren, okay, thanks! :) [17:01:03] Coren: but why can't it be done in pmtpa? [17:09:05] Coren: (and see also earlier question about mediawiki dev/demos) should that be tool per instance? [17:09:30] toolserver had a policy against running some 3rd party projects. does that apply at all on tools? [17:10:10] also, Pharos wanted his own wmflabs domain name. can you even do that with tools? [17:10:20] Define "3rd party project" in context. We're cool with allied/related projects as a rule (to wit: OSM) [17:10:36] i mean AIUI toolserver doesn't allow running mediawiki [17:11:09] (and against e.g. running your own joomla) [17:11:15] jeremyb: Yeah, you can run mediawiki iff there is no open registration (to avoid spam infestations). It's not ideal except for light testing though. [17:11:19] because they thought people wouldn't keep them updated [17:11:50] Other large things, we need to discuss on a case-by-case. Most times, you'll need a project. [17:12:05] Coren: not ideal how? [17:12:28] But the primary question is "is it related to Wikimedia"? [17:12:43] right, that's not a concern atm :) [17:12:52] jeremyb: Relatively low performance because of the shared infrastructure and per-user limits. [17:12:57] right [17:12:58] yes, it's for a beta of a possible future wikimedia wiki [17:13:23] Pharos: So then yeah, it's cool. You'll almost certainly want to set a project up for this though. [17:13:50] coren ... would reasonator.info qualify ? [17:13:52] Coren: in case you missed it, this is for an analogue to incubator but will support extra projects we don't already have. (apparently incubator only does new languages for existing projects) [17:15:16] GerardM-: ewwwwww. evil, evil, evil [17:15:23] jeremyb ... for any and all new projects, it is wise to consider the language policy [17:15:24] GerardM-: It might be wise to consider it, at least. Tools is really intended for low traffic or lightweight things; it makes development easier, but as things become more "prduction-like", there are benefits to having a separate project. [17:15:29] GerardM-: DON'T USE FRAMES!!!! [17:15:41] talk about evil [17:17:04] and jeremyb incubator does not do wikisource nor wikiversity [17:17:14] GerardM-: why? [17:17:34] incubator is weird, it's kind of narrower than it has to be [17:17:36] because any new project in a language needs the nod [17:18:02] well, it's amazing it has ASL though :) [17:20:14] :) American Sign Language ? [17:20:18] yes [17:20:37] it is my pet incubator project [17:20:40] https://en.wikipedia.org/wiki/SignWriting [17:21:13] GerardM-: kill the frames [17:24:24] is there a way to get apache back in eqiad tool labs? [17:25:28] Tpt_: you could run apache on grid same as lighttpd??? :D :D [17:26:13] jeremyb: on tool labs, not on custom labs instances. [17:26:46] Tpt_: i said nothing about custom instances [17:27:05] sorry, I've misinterpreted your answer :-( [17:28:15] to say the truth I don't manage to move my url rewrite rules from Apache to lighttpd [17:29:29] oh andrewbogott, did you see my email about the eqiad proxy being weird? [17:29:57] ottomata: Sorry, thought I responded. [17:30:15] Basically we're having some serious dns performance problems, which manifests as occasional few-minute outages. [17:30:22] I'm working on it but don't understand the problem very well yet. [17:30:49] Coren: if you have a sec [17:30:52] (14:04:32) hedonil: Coren: Can you provide me some information about the hardware used for virt100x servers in eqiad (datasheet) [17:31:22] hedonil: You should actually ask andrewbogott that; he's been working on the hardware side of the virtualization fence more than I. :-) [17:31:43] hedonil: I could go and poke at the servers to see, but he probably just knows outright. :_) [17:32:00] hedonil: the compute nodes are Cisco UCS C250 M1 [17:32:06] jeremyb: https://gist.github.com/Tpt/9469827 works fine with urls like http://ia-upload/commons/fill but not with urls like http://tools.wmflabs.org/ia-upload/index.php/commons/fill?iaId=image88aaTeatroOpal&commonsName=ddddd [17:32:20] andrewbogott: How about we work around the issue? We could do a caching nameserver /inside/ labs and point instances there? [17:32:28] hedonil: networking and scheduling and such is running on dell servers, I don't know the product line immedaitely. [17:32:32] jeremyb: I've the "The URI you have requested, http://tools.wmflabs.org/ia-upload/index.php/commons/fill?iaId=image88aaTeatroOpal&commonsName=ddddd, appears to be non-functional at this time." error [17:32:40] Coren: 'k. and take a look at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools/Overview if you're ok with that [17:32:47] Coren: Yes, I was reading a guide about how to delegate to a proper dedicated dns server. [17:33:00] But I still want to understand better… this really should be working as is. [17:33:04] jeremyb: The configuration is: https://gist.github.com/Tpt/9469827 [17:33:05] hedonil: I've kept an eye on it, and it has 8.7 points of cool. :-) [17:33:40] andrewbogott: One doesn't preclude the other; having a reliable server for endusers wouldn't harm debugging. [17:34:08] Coren, can you help me understand the problem just enough so I can ask on #openstack about it? [17:34:21] I will, meanwhile, dig up that doc about switching the server. [17:34:31] The issue is just that dnsmasq is overloaded? [17:34:56] Tpt_: sorry, don't really know lighttpd and can't look too much atm. maybe later [17:35:16] jeremyb: No problem. Thanks :-) [17:35:45] andrewbogott: Well, it /behaves/ as though it is overloaded (the issue shows when there are query peaks, and is clearly made worse by increased activity); but the actual absolute value of requests is quite low -- a DNS server should be able to serve a few hundred queries per minute without breaking a sweat. [17:37:02] Coren: and am I correct in my understanding that it's just the dnsmasq on labnet1001 that's caching dns for everyone? There's dnsmasq also running on the compute nodes but I can't tell how/if that's involved. [17:37:09] And also, it comes in bursts. I don't know how dnsmasq is implemented, but if it were a blackbox I'd have guessed it looked like garbage collection stalls. [17:37:41] andrewbogott: AFAICT, the one on the nodes just does DHCP; the one on labnet is the one that gets the dns queries. [17:37:56] Coren: ok, that fits with my understanding. [17:39:00] What I know is that in eqiad, releiving the pressure with local binds on projects which were heavy on DNS helped; also in pmtpa tools I put the local node names in /etc/hosts to avoid hitting DNS at all -- that helped a lot. [17:39:28] But, obviously, it sucks. [17:39:36] (Using /etc/hosts) [17:39:55] ok andrewbogott, thanks for the update, good luck! [17:40:06] andrewbogott: I would need some nerdish facts about the marvellous hardware (virt hosts, SAN fabrics) If you could find out, it would really be great. No priority. [17:40:29] hedonil: if you google that exact string you'll find the cisco spec at the top of the page [17:43:30] andrewbogott: google'd it already but I would need some more specific details. I know virt1001 has 24 Cores reported in ganglia [17:45:48] andrewbogott: or mybe you could provide me with an information about the Wikimedia guy/dept. who dealt with that hardware stuff in eqiad [17:50:32] hedonil: I don't know much beyond what ganglia knows. I'm not sure who does... [17:50:51] since the hardware was donated, and it was a couple of years ago. It's probably documented, somewhere... [17:52:01] andrewbogott: hmm. 'k. so I'll start my intelligence crawler on da wikis & webs ;) [17:53:27] hedonil: could ask on wikimedia-operations as well… robh or cmjohnson might have details. [17:54:41] andrewbogott: thx. that's a trace [17:56:24] Coren: Option 4 on this page: http://docs.openstack.org/grizzly/openstack-compute/admin/content/existing-ha-networking-options.html ? [17:57:09] * hedonil is investigating [17:57:28] andrewbogott: Hi! I'm moving my tool to eqiad and I face and issue. I encounter errors like http://tools.wmflabs.org/ia-upload/commons/fill?iaId=champollionseinl01hart&commonsName=Hartleben+-+Champollionddd+sein+Leben+und+sein+Werk%2C+1906%2C+band+1 and I don't see how to get logs for these errors (they are not in error.log) [17:58:40] andrewbogott: That seems to only deal with the gateway aspects and not DNS at all. [17:58:54] Coren, oh, ok, nevermind then :( [17:59:24] Tpt_: I think that's a Coren question. [17:59:57] andrewbogott: Unless you have an issue with it, I'm going to setup a project for a caching bind and start testing pointing instances at it. [18:00:39] Coren: I don't object, but I also don't quite understand what that would look like... [18:00:42] you can show me once it's built :) [18:02:04] oh, so it's not there yet, coren? [18:02:21] gifti: What isn't there? [18:02:38] eqiad dns cache [18:03:02] Tpt_: I see no error when I follow that URL [18:04:06] Coren: strange. I've "The URI you have requested, http://tools.wmflabs.org/ia-upload/commons/fill?iaId=champollionseinl01hart&commonsName=Hartleben+-+Champollionddd+sein+Leben+und+sein+Werk%2C+1906%2C+band+1, appears to be non-functional at this time." as error [18:04:33] Tpt_: I don't; I'm getting a OAuth authorization screen [18:04:57] Coren: log into commons, then you'll see the same failure. [18:06:05] Nope. I'm getting an "upload book from internet archive" form thing after. [18:06:51] Coren: You should try to load now http://tools.wmflabs.org/ia-upload/commons/fill?iaId=champollionseinl01hart&commonsName=Hartleben+-+Champollionddd+sein+Leben+und+sein+Werk%2C+1906%2C+band+1 [18:07:09] (it's this form already filled) [18:07:10] Tpt_: In a meeting atm, I can't do much further debugging right now. [18:07:22] Tpt_: the first time I called that url it was ok, the second time it threw an error [18:07:51] I believe it's a PHP error but I don't manage to get logs [18:07:52] Tpt_: while url without querystring works fine http://tools.wmflabs.org/ia-upload/commons/fill [18:08:18] hedonil: I have the same behavior. [18:09:02] !newweb [18:09:02] https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools/Help/NewWeb [18:11:13] here is my .lighttpd https://gist.github.com/Tpt/9469827 [18:14:35] Coren: Can wikitech wiki accounts be renamed? (This is for an account that doesn't yet have shell) [18:14:51] andrewbogott: Ryan_Lane1: ^ [18:16:21] This is for rxy (Hosiryuhosi on wikitech wiki) [18:17:49] I found instructions for an admin on how to perform the rename, but is there a request page, or can he ask on irc? [18:22:35] Tpt_: seems to work now [18:23:02] hedonil: I've fallbacked to Tempa instance [18:23:33] * rollback, not fallback, sorry [18:23:47] Tpt_: same configuration in .lighttpd? [18:24:15] No, in Tempa it uses Apache. [18:25:38] Tpt_: and if you just do a webservice start in pmtpa (without modifying .lighhtpd) [18:28:12] It ever serve pages with Apache [18:28:52] Tpt_: yep. just see if the additional rewrite rules messed it up [18:35:49] hedonil: Sorry, I don't understand your last comment :-( [18:36:24] Tpt_: you have symlink for public_html and a rewrite rule [18:37:03] Tpt_: just to be curious, if you start webservice in tampa and see what happens [18:37:33] I've done it but I don't see how to disable Apache that continue to serve requests. [18:38:12]