[00:48:19] <wikibugs>	 10PAWS, 10pywikibot-core, 5Patch-For-Review: Install developer requirements into PAWS - https://phabricator.wikimedia.org/T120860#1871821 (10jayvdb) 5Open>3Resolved a:3yuvipanda
[00:51:18] <wikibugs>	 6Labs, 10Labs-Infrastructure: Groups for project are created in ldap but getent cannot see them on user VMs (disallowing ssh, etc) - https://phabricator.wikimedia.org/T121064#1871826 (10Andrew) a:3MoritzMuehlenhoff I feel like https://gerrit.wikimedia.org/r/#/c/258355/2 is an improvement regardless.  But, ye...
[03:04:57] <wikibugs>	 6Labs, 10MediaWiki-Special-pages, 10wikitech.wikimedia.org, 7Regression, 7Wikimedia-log-errors: Special:MovePage throws MWException "Hook SMWParseData::onTitleMoveComplete has invalid call signature" - https://phabricator.wikimedia.org/T120218#1872062 (10bd808) >>! In T120218#1848897, @bd808 wrote: > Lik...
[03:05:08] <wikibugs>	 6Labs, 10MediaWiki-Special-pages, 10wikitech.wikimedia.org, 7Regression, 7Wikimedia-log-errors: Special:MovePage throws MWException "Hook SMWParseData::onTitleMoveComplete has invalid call signature" - https://phabricator.wikimedia.org/T120218#1872063 (10bd808) a:3ori
[03:05:16] <wikibugs>	 6Labs, 10MediaWiki-Special-pages, 10wikitech.wikimedia.org, 7Regression, 7Wikimedia-log-errors: Special:MovePage throws MWException "Hook SMWParseData::onTitleMoveComplete has invalid call signature" - https://phabricator.wikimedia.org/T120218#1872064 (10bd808) 5Open>3Resolved
[03:10:16] <wikibugs>	 6Labs, 10wikitech.wikimedia.org, 7Wikimedia-log-errors: Hook SMWParseData::onTitleMoveComplete has invalid call signature; Parameter 3 to SMWParseData::onTitleMoveComplete() expected to be a reference, value given - https://phabricator.wikimedia.org/T118649#1872086 (10bd808)
[03:10:18] <wikibugs>	 6Labs, 10MediaWiki-Special-pages, 10wikitech.wikimedia.org, 7Regression, 7Wikimedia-log-errors: Special:MovePage throws MWException "Hook SMWParseData::onTitleMoveComplete has invalid call signature" - https://phabricator.wikimedia.org/T120218#1872087 (10bd808)
[03:39:55] <Coren>	 YuviPanda: Lemme read backscroll (just back from Kendō)
[03:42:36] <Coren>	 YuviPanda: The PAM changes shouldn't affect this; that's just libnss-ldap and that wouldn't change.  Do you have a specific example I can look at to dig into?
[03:50:55] <YuviPanda>	 Coren: hey
[03:51:06] <YuviPanda>	 Coren: yes, tools.quarry (service group) and project-mediawiki-vagrant
[03:51:16] * Coren goes and look.
[03:51:46] <YuviPanda>	 Coren: https://phabricator.wikimedia.org/T121064 has more info, but tldr is the groups are there on LDAP but getent and PAM don't see it
[03:52:07] <YuviPanda>	 Coren: ldaplist -l project mediawiki-vagrant and getent group | grep mediawiki-vagrant exhibit this clearly
[03:54:22] <Coren>	 Ah, I see the confusion.
[03:54:53] <Coren>	 ldaplist -l projects gives you the ou=projects,dc=wikimedia,dc=org entry, but that's not where the group is.
[03:55:43] <Coren>	 If the group had been created, you'd see it in 'ldaplist -l group project-mediawiki-vagrant
[03:56:25] <Coren>	 Your tools.quarry, otoh, works right - it was created after the patch right?
[03:57:07] <Coren>	 YuviPanda: Check 'ldaplist -l group project-quarry' for comparison.
[03:57:29] <Coren>	 So, when the project was created, the /project/ record was created, but the matching /group/ failed.
[03:58:16] <YuviPanda>	 ah
[03:58:18] <YuviPanda>	 I see
[03:58:21] <YuviPanda>	 so it's back on OSM
[03:58:24] <YuviPanda>	 rather than openldap
[03:58:26] * Coren nods.
[03:58:32] <YuviPanda>	 Coren: can you comment on the ticket to that effcet?
[03:59:05] <Coren>	 Sure.  It's pretty bad handling on OSM, since it doesn't rollback when it hits an error. Failing to create the group should lead to the project being removed otherwise you're suck in this zombie state.
[03:59:38] <YuviPanda>	 Coren: yeah, there is a 'TODO: Handle failure gracefully' there from years ago
[04:02:55] <Coren>	 I can create the group "manually" to fix the half-broken project though.
[04:03:12] <Coren>	 But it's not going to fix the failure mode that led there.
[04:03:51] <wikibugs>	 6Labs, 10Labs-Infrastructure: Groups for project are created in ldap but getent cannot see them on user VMs (disallowing ssh, etc) - https://phabricator.wikimedia.org/T121064#1872136 (10coren) From what I can see, what happened in the case of mediawiki-vagrant is that:  * the //project// ldap entry (`cn=mediaw...
[04:10:02] <wikibugs>	 6Labs, 10Labs-Infrastructure: Groups for project are created in ldap but getent cannot see them on user VMs (disallowing ssh, etc) - https://phabricator.wikimedia.org/T121064#1872137 (10coren) If we wanted to be //really// robust, what adding or removing a member of a project //should// do is: * grab the list...
[04:17:12] <wikibugs>	 6Labs, 10Labs-Infrastructure: Project entries are created in ldap but not the posix group entry (disallowing ssh, etc) - https://phabricator.wikimedia.org/T121064#1872139 (10coren)
[04:18:50] <wikibugs>	 10PAWS, 5Patch-For-Review: PAWS network error: - https://phabricator.wikimedia.org/T120561#1872142 (10yuvipanda) This hasn't happened since ^ fixes.
[05:01:48] <wikibugs>	 10PAWS, 10pywikibot-core: "Open in browser" option does not work in PAWS - https://phabricator.wikimedia.org/T120632#1872175 (10yuvipanda) 5Open>3Resolved a:3yuvipanda Links is installed now
[05:23:03] <wikibugs>	 6Labs, 10Labs-Infrastructure: Project entries are created in ldap but not the posix group entry (disallowing ssh, etc) - https://phabricator.wikimedia.org/T121064#1872186 (10chasemp) Well that makes the getent behavior more clear thanks
[05:43:35] <YuviPanda>	 Coren: 15s lag to ssh now on tools-worker-02 :'(
[09:04:17] <wikibugs>	 6Labs, 10MediaWiki-extensions-Newsletter: Create a larger newsletter-test instance in labs - https://phabricator.wikimedia.org/T120516#1872447 (1001tonythomas) I am sorry bd808, but the result is still negative :(    ``` mwvagrant@newsletter-test:/srv/mediawiki-vagrant$ chgrp -R wikidev /srv/mediawiki-vagrant...
[09:08:24] <tonythomas>	 I still want help here with https://phabricator.wikimedia.org/T120516#1872447 ! 
[09:08:32] <tonythomas>	 someone please look into the same :( 
[10:38:36] <wikibugs>	 10Tool-Labs-tools-Other: Migrate https://toolserver.org/~bawolff/en-wn-editor-stats.php to Tool Labs - https://phabricator.wikimedia.org/T60867#1872619 (10Liuxinyu970226)
[10:38:45] <wikibugs>	 10Tool-Labs-tools-Other: Migrate http://toolserver.org/~dispenser/* to Tool Labs - https://phabricator.wikimedia.org/T68868#1872620 (10Liuxinyu970226)
[10:38:52] <wikibugs>	 10Tool-Labs-tools-Other, 6Commons: Do something with globalusage account on Toolserver - https://phabricator.wikimedia.org/T63827#1872621 (10Liuxinyu970226)
[10:38:56] <wikibugs>	 10Tool-Labs-tools-Other, 6Commons: Move contests from toolserver to tool labs - https://phabricator.wikimedia.org/T63826#1872623 (10Liuxinyu970226)
[10:39:34] <wikibugs>	 10Tool-Labs-tools-Erwin's-tools: Migrate https://toolserver.org/~erwin85/categorycount.php to Tool Labs - https://phabricator.wikimedia.org/T62869#1872625 (10Liuxinyu970226)
[10:39:49] <wikibugs>	 10Tool-Labs-tools-Erwin's-tools: Migrate http://tools.wmflabs.org/erwin85/catanalyzer.php to Tool Labs - https://phabricator.wikimedia.org/T62868#1872626 (10Liuxinyu970226)
[10:40:03] <wikibugs>	 10Tool-Labs-tools-Erwin's-tools: Migrate https://toolserver.org/~erwin85/contribs.php to Tool Labs - https://phabricator.wikimedia.org/T62870#1872628 (10Liuxinyu970226)
[10:40:30] <wikibugs>	 10Tool-Labs-tools-Erwin's-tools: Migrate https://toolserver.org/~erwin85/randomarticle.php to Tool Labs - https://phabricator.wikimedia.org/T62871#1872630 (10Liuxinyu970226)
[10:41:03] <wikibugs>	 10Tool-Labs-tools-Erwin's-tools: Migrate https://toolserver.org/~erwin85/relatedchanges.php to Tool Labs - https://phabricator.wikimedia.org/T62872#1872631 (10Liuxinyu970226)
[10:41:17] <wikibugs>	 10Tool-Labs-tools-Erwin's-tools: Migrate https://toolserver.org/~erwin85/shortpages.php to Tool Labs - https://phabricator.wikimedia.org/T62873#1872633 (10Liuxinyu970226)
[10:42:26] <wikibugs>	 10Tool-Labs-tools-Other: Migrate to Tool Labs: https://toolserver.org/~dungodung/list.html - https://phabricator.wikimedia.org/T63037#1872644 (10Liuxinyu970226)
[11:03:13] <Merlissimo>	 Coren or YuviPanda: can you delete job 241037. that's a bot running on dewiki currently making mass unwanted edits . operater is currently unavailable and this why the bot may work again tomorrow, which is not that case if i would block it
[11:03:46] <Merlissimo>	 https://de.wikipedia.org/wiki/Benutzer_Diskussion:Sitic#Botproblem_bei_Sumdisc_-_Bot_aktualisiert_gerade_in_Dauerschleife
[11:10:52] <wikibugs>	 10PAWS, 10pywikibot-core: svnversion failed - https://phabricator.wikimedia.org/T120268#1872705 (10jayvdb) fwiw, the version checking can also be disabled with `config.log_pywiki_repo_version = False` (sensible) and revising the `config.user_agent_format` to not include a dynamic version (not sensible).  The `...
[11:56:36] <wikibugs>	 6Labs, 10Wikimedia-Labs-General, 10DBA, 6operations, 7Tracking: (Tracking) Database replication services - https://phabricator.wikimedia.org/T50930#1872856 (10jcrespo)
[11:56:39] <wikibugs>	 6Labs, 10Tool-Labs, 10DBA: labs db inconsistent data - https://phabricator.wikimedia.org/T119841#1872854 (10jcrespo) 5Open>3Resolved templatelinks ``` root@iron:~$ mysql -A -h s$SHARD-master $DATABASE -e "SELECT count(*) FROM $TABLE" +----------+  | count(*) |  +----------+  |  2398600 | +----------+ roo...
[12:19:26] <wm-bot>	 Change on 12wikitech.wikimedia.org a page Nova Resource:Tools/Access Request/Mr.Ibrahem was created, changed by Mr.Ibrahem link https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools/Access_Request/Mr.Ibrahem edit summary: Created page with "{{Tools Access Request |Justification=to work in Arabic Wikipedia |Completed=false |User Name=Mr.Ibrahem }}"
[12:24:00] <wm-bot>	 Change on 12wikitech.wikimedia.org a page Nova Resource:Tools/Access Request/Mr.Ibrahem was modified, changed by Mr.Ibrahem link https://wikitech.wikimedia.org/w/index.php?diff=225370 edit summary: 
[12:56:14] <wm-bot>	 Change on 12wikitech.wikimedia.org a page Nova Resource:Tools/Access Request/Mr.Ibrahem was modified, changed by Tim Landscheidt link https://wikitech.wikimedia.org/w/index.php?diff=225382 edit summary: 
[14:06:57] <andrewbogott>	 Coren, chasemp, regarding https://phabricator.wikimedia.org/T121064 — is one of you working on that so I don’t have to?
[14:07:24] <Coren>	 andrewbogott: I already offered to take it and I see clearly how to fix it.  Can do this morning if you want.
[14:07:46] <andrewbogott>	 I’m not in a rush, as long as I know it’s not up to me.  Thanks!
[14:07:46] <wikibugs>	 6Labs, 10Labs-Infrastructure: Project entries are created in ldap but not the posix group entry (disallowing ssh, etc) - https://phabricator.wikimedia.org/T121064#1873153 (10coren) a:5MoritzMuehlenhoff>3coren Ima do the changeset.
[14:07:57] <chasemp>	 andrewbogott: I was looking at it now but am less clear on the exact fix
[14:07:59] <chasemp>	 :)
[14:08:24] <andrewbogott>	 chasemp: I think the fix is pretty much the patch you wrote except in the group entry as well as the project entry
[14:08:39] <wikibugs>	 6Labs, 10Tool-Labs: Implement metrics for tool labs (under NDA?) - https://phabricator.wikimedia.org/T121233#1873155 (10valhallasw) 3NEW
[14:26:11] <chasemp>	 Coren: you are putting that up then?
[14:36:44] <Coren>	 chasemp: Yeah, I'm writing it now.
[14:37:36] <chasemp>	 kk
[14:39:12] <Coren>	 chasemp: Well, I'm trying to write it but not having much luck.  Every bit where I thought I needed to make a fix already _has_ the fix.
[14:39:53] <Coren>	 chasemp: I'm no longer certain /why/ the group was not created - obviously it didn't (because it's not there anymore) but afaict the code isn't trying to create the group empty anymore.
[14:40:32] <chasemp>	 what do you mean by anymore, no changes have been made
[14:40:38] <chasemp>	 or are you hotfixing it and seeing no change?
[14:41:09] <Coren>	 chasemp: No, I'm looking at OpenStackNovaProjectGroup.php...
[14:41:37] <Coren>	 Oh!  https://gerrit.wikimedia.org/r/#/c/258355/2 was abandonned, but I still had it cherry-picked!
[14:41:44] <chasemp>	 ok yes
[14:41:51] <chasemp>	 but the group I made during that patch
[14:41:54] <chasemp>	 still has no group
[14:42:15] <chasemp>	 root@terbium:~# ldaplist -l group | grep gtest
[14:42:22] <chasemp>	 so that couldn't have the been full deal
[14:42:36] <Coren>	 Hm.  That should have worked.  Was debugging turned on so we know what failed?
[14:43:42] <chasemp>	 No at the time we switched gears becaues I didn't understand the group/project-group distinction
[14:43:58] <Coren>	 Oh... interesting.  I look at the project objects that got created and /they/ don't have members either.
[14:44:30] <Coren>	 Oh, no, ignore me.  Typo.
[14:45:04] <Coren>	 So they definitely have the members; which means the group should have had them when created, which means it should have worked.  So there is another issue that prevents the group from being created too.
[14:45:33] <jynus>	 I think I may, at some point, upgrade labsdb to mariadb 10.1, that will give us proper role/group support and row-binlog-format-based filtering
[14:50:54] <chasemp>	 Coren: what is the they having members, (this is horrific nomenclature) but is it the group (which you find by ldaplist using project) or the project group which you find using ldaplist using group (which seems to not exist for any of the test groups I tried with or without the patch)
[14:51:58] <Coren>	 chasemp: Let's make sure we don't get confused anymore. The ldap object which is under 'ou=projects,dc=wikimedia,dc=org', that is an 'extensibleObject', and that is named $project we shall call 'project'
[14:52:26] <chasemp>	 agreed then
[14:52:45] <Coren>	 chasemp: The object under 'ou=groups,dc=wikimedia,dc=org' that is a 'prosixgroup' and that is named 'project-$project' we'll call the group.  :-)
[14:53:23] <chasemp>	 the group is never created with or without my test patch yesterday
[14:53:27] <chasemp>	 agreed?
[14:53:34] <Coren>	 It appears so.
[14:53:42] <chasemp>	 the project is created in both cases
[14:53:49] <Coren>	 Also correct.
[14:53:58] <jynus>	 !log restarting and configuring S1:codfw mysqls (db2016,34,42,48,55,62,69,70)
[14:53:58] <labs-morebots>	 restarting is not a valid project.
[14:54:12] <Coren>	 Now, our current working hypothesis was that the /only/ reason the group wasn't getting created is because it had to members at creation.
[14:54:27] <Coren>	 But I'm pretty sure the patch fixed /that/.
[14:54:48] <jynus>	 ups, wrong channel
[14:54:52] <Coren>	 And I can confirm that the project /was/ created with users.
[14:55:14] <chasemp>	 so our assumption is if the empty group denial was the only issue then https://gerrit.wikimedia.org/r/#/c/258355/2/nova/OpenStackNovaProjectGroup.php would have solved it
[14:56:31] <Coren>	 Yes, so long as $user->userDN actually has a valid cn (which I have no reason to think it doesn't in this context)
[14:57:38] <Coren>	 So the root cause remains 'the group isn't getting created'; maybe I should try to create a group for one of your gtest*-temp project with the creds of osm?  This way I'll get an actual error message from ldap
[14:58:06] <chasemp>	 that's a good next step and actually my re-patch this AM was goign to have a failure on invaid user-userDN
[14:58:11] <chasemp>	 so I'll follow through with it I guess
[14:58:15] <chasemp>	 and we can reorient
[14:58:20] <chasemp>	 because wtf man
[14:58:34] <Coren>	 Lemme do the manual test first so we can catch the real reason it says no.
[14:58:44] <chasemp>	 please
[15:10:14] <Coren>	 chasemp: I added the project-gtest1-temp group with exactly one member (uid=rush,ou=people,dc=wikimedia,dc=org) and ldap was happy to accept it.
[15:10:44] <Coren>	 marc@tools-bastion-01:~$ getent group project-gtest1-temp
[15:10:45] <Coren>	 project-gtest1-temp:*:52779:rush
[15:13:10] <Coren>	 chasemp: `ldaplist -l group project-gtest1-temp` will show you the exact object.
[15:15:41] <Coren>	 chasemp: So it looks like the patch doesn't work as intended despite looking like it should - having a member seems to suffice to create the group.
[15:17:42] <Coren>	 chasemp: (more data points: done with novaadmin credentials, from silver - so this should be exactly what OSM does)
[15:22:06] <Coren>	 chasemp: So, I'm a little nonplussed atm.  As far as I can tell, that patch is exactly right and does the very thing I've just confirmed worked.  So why didn't it?
[15:26:46] <wikibugs>	 6Labs, 10Labs-Infrastructure: Project entries are created in ldap but not the posix group entry (disallowing ssh, etc) - https://phabricator.wikimedia.org/T121064#1873244 (10coren) So now I'm getting a bit confused.  Adding the following record to ldap (manually, with novaadmin creds from silver) worked: ```20...
[15:27:13] <chasemp>	 not sure yet :)
[15:27:50] <Coren>	 I added that new info to the task.
[15:28:18] <chasemp>	 tx
[15:28:20] <chasemp>	 thoughts on https://gerrit.wikimedia.org/r/#/c/258462/1/nova/OpenStackNovaProjectGroup.php
[15:28:32] * Coren looks
[15:29:45] <Coren>	 That's suitably paranoid; and covers the only case I can think of that'd make the group addition fail.  
[15:31:36] <Coren>	 Can you to a quick look at https://gerrit.wikimedia.org/r/#/c/258448/ while you're around gerrit so we can quite the silly not-alarms?
[15:32:12] <Coren>	 (+1'ed yours)
[15:35:33] <chasemp>	 is the role in site.pp only applied to one of them or soemthing?
[15:39:10] <Coren>	 No, it's applied to all of them but only the active fileserver has the right settings for ldap to work.
[15:49:16] <Coren>	 chasemp: I go get me some quick breakfast.  Be back shortly.
[15:56:24] <bd808>	 !log newsletter Added myself (BryanDavis) to project to debug MediaWiki-Vagrant issues
[15:56:26] <labs-morebots>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Newsletter/SAL, Master
[16:16:26] <Coren>	 chasemp: Any luck?
[16:41:42] <wikibugs>	 6Labs, 5Patch-For-Review: Create labs baremetal subnet? - https://phabricator.wikimedia.org/T121237#1873345 (10Andrew) 3NEW
[16:43:15] <chasemp>	 Coren: a bit I think I got it working but I had a transient failure and I'm not sure why
[16:43:20] <chasemp>	 andrewbogott: Coren YuviPanda
[16:43:22] <chasemp>	 https://phabricator.wikimedia.org/diffusion/EOST/browse/master/nova/OpenStackNovaProject.php;34972f145cb96b9b9fd3511de7378d1fb4c3d49d$141-149
[16:43:30] <chasemp>	 why do a preemptive delete on a group that we know doesn't exist?
[16:43:41] <chasemp>	 and why depend on that delete opreation's success?
[16:44:11] <chasemp>	 I know it fails as when I debug it I can see that failing and I had a failed project creation I can't duplicate with https://gerrit.wikimedia.org/r/#/c/258462/1/nova/OpenStackNovaProjectGroup.php only
[16:44:42] <andrewbogott>	 chasemp: I don’t know, but i would guess that ‘delete’ is a proxy for ‘empty'
[16:44:48] <chasemp>	 so I'm confused as to the //why// of the heavy handed deletion of what shouldn't exist and teh dependence on that deletion to create
[16:44:53] <andrewbogott>	 to avoid re-use of existing groups and accidentally providing access.
[16:45:28] <andrewbogott>	 Do you know for a fact that the delete fails if the group didn’t exist?
[16:46:54] <chasemp>	 it returns an exception 'ldap_delete(): Delete: No such object","'
[16:47:00] <andrewbogott>	 ok
[16:47:05] <chasemp>	 seen on line 12628
[16:47:09] <chasemp>	 in /tmp/wiki.log
[16:47:13] <chasemp>	 for my testing w/ gtest4
[16:47:17] <chasemp>	 but here is the nuts part
[16:47:31] <chasemp>	 I can't recreate the failure now tho it failed...
[16:49:15] <andrewbogott>	 chasemp: I think that createProject() used to create the group which was later deleted.  But now the creation in createProject() fails (due to empty) so the subsequent delete fails
[16:49:22] <andrewbogott>	 I can’t explain why the code is organized that way though
[16:50:25] <andrewbogott>	 Did you already patch OpenStackNovaProjectGroup::createProjectGroup to add a member on creation?
[16:52:57] * Coren fails to parse that code flow.
[16:53:11] <andrewbogott>	 everything after if ( !$this->projectGroup->loaded or $this->projectGroup->isVirtual() ) {
[16:53:19] <andrewbogott>	 is handling weird error cases, and handling them badly
[16:53:20] <wikibugs>	 6Labs, 10MediaWiki-extensions-Newsletter: Create a larger newsletter-test instance in labs - https://phabricator.wikimedia.org/T120516#1873383 (10bd808) I added myself to the project and logged in to see if I could figure out what was going on. `vagrant status` showed a created but halted LXC container. `vagra...
[16:53:27] <andrewbogott>	 Probably that code has been dormant for years
[16:53:47] <andrewbogott>	 Best to figure out why it’s getting traversed now rather than pay attention to its brokenness
[16:54:35] <bd808>	 !log newsletter Removed myself (BryanDavis) from project after working on T120516
[16:54:38] <labs-morebots>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Newsletter/SAL, Master
[16:54:54] <chasemp>	 andrewbogott: ok thanks and yeah, sorry had to brb for a sec kids and blood and chaos for a moment
[16:59:38] <chasemp>	 andrewbogott: this what makes sense to me atm https://gerrit.wikimedia.org/r/#/c/258462/2/nova/OpenStackNovaProject.php
[17:02:12] <chasemp>	 I hotfixed w/ https://gerrit.wikimedia.org/r/#/c/258462/
[17:02:13] <chasemp>	 now
[17:02:15] <chasemp>	 and it works for me
[17:03:13] <chasemp>	 project-gtest7:*:52794:novaadmin,rush
[17:03:44] <chasemp>	 I can't make heads or tails of that preemptive depend on deletion stuff and maybe there is an edge case there that we are naively (imo) guarding against
[17:04:03] <chasemp>	 but more probabaly based on comments etc it is arranged crufty from changes over time
[17:09:16] <Coren>	 chasemp: Yeah, I agree.  I can't really make heads or tails of that as it stands.
[17:10:00] <chasemp>	 hotfix is in if you want to take a swing at it
[17:10:08] <chasemp>	 I have to be away in a bit for an hour or so fyi
[17:11:40] <Coren>	 I'm sure there was once a reason to delete-and-recreate.  Maybe the hint is in that "... or is a virtual static group" debug message above.
[17:26:16] <andrewbogott>	 Coren: I commented inline saying roughly that
[17:27:11] <Coren>	 Not that I know what a virtual static group is supposed to /be/ in that context.
[17:55:31] <Coren>	 andrewbogott, chasemp: I've tracked down what it was, and isVirtual() can never be true anymore.
[17:55:49] <andrewbogott>	 cool, then we can excise that whole code block I think
[17:56:07] <Coren>	 Pretty sure s/can/should/ even.  :-)
[17:57:40] <ostriches>	 Gerrit's gonna restart in a few mins, pushing a config change. Plz don't panic.
[18:13:03] <Coren>	 chasemp: Are you writing the get-rid-of-isvirtual code or should I?
[18:24:40] <Coren>	 andrewbogott: Split into https://gerrit.wikimedia.org/r/#/c/258488/ and https://gerrit.wikimedia.org/r/#/c/258462
[18:30:04] <bd808>	 YuviPanda: https://phabricator.wikimedia.org/M128
[18:49:11] <Coren>	 andrewbogott: chasemp: i'z lunch. bbiab
[18:52:21] <andrewbogott>	 me too
[19:03:04] * YuviPanda reads backscroll
[19:03:10] <YuviPanda>	 Merlissimo: did that get sorted?
[19:06:05] <wikibugs>	 10Tool-Labs-tools-Other: Migrate https://toolserver.org/~bawolff/en-wn-editor-stats.php to Tool Labs - https://phabricator.wikimedia.org/T60867#1873932 (10Bawolff) >>! In T60867#1482788, @Ricordisamoa wrote: >>>! In T60867#606068, @Bawolff wrote: >> Don't worry, its on my todo list.  That was several years ago....
[19:38:42] <YuviPanda>	 Merlissimo: I see that the job with that number is already gone
[19:41:54] <YuviPanda>	 jynus: would <3 if we can upgrade to mariadb 10.1 :D
[19:44:00] <jynus>	 YuviPanda, do you have a special interest on it, or just because I mentioned the roles?
[19:44:37] <YuviPanda>	 jynus: I've a special interest in getting tools-db to mariadb, since some applications I want to run require mysql 5.6+ or mariadb 10+
[19:45:01] <YuviPanda>	 jynus: what I really want for labsdb is 10.2, which has ANALYZE. that'll allow users to actually tune their queries, since EXPLAIN does not work right no
[19:45:03] <YuviPanda>	 *now
[19:45:05] <jynus>	 tools actually would be the esiest
[19:45:17] <jynus>	 its slave is in 10 already, we only need to failover
[19:45:35] <jynus>	 10.2, is that a thing?
[19:45:49] <jynus>	 10.1 is still a bit unstable
[19:46:15] <YuviPanda>	 jynus: yeah, it's not a thing yet
[19:46:17] <YuviPanda>	 afaict
[19:46:25] <jynus>	 and I think EXPLAIN FOR connection would work already
[19:46:38] <YuviPanda>	 yea but is hard to do right
[19:46:40] <jynus>	 whatever is the mariadb syntax
[19:46:41] <YuviPanda>	 wait
[19:46:43] <YuviPanda>	 https://mariadb.com/kb/en/mariadb/analyze-statement/
[19:46:45] <YuviPanda>	 it's in 10.1
[19:46:47] <YuviPanda>	 actually
[19:46:48] <jynus>	 yep
[19:46:50] <YuviPanda>	 not 10.2!
[19:46:51] <YuviPanda>	 so we'll get that with 10.1
[19:47:03] <YuviPanda>	 my interest in a 10.1 upgrade just shot up through the roof into the stratosphere
[19:47:35] <jynus>	 I do not know if it will work for what you want
[19:47:49] <jynus>	 but it will fix the dependency on statement based replication
[19:47:58] <jynus>	 and with that 95% of the replication problems
[19:48:21] <YuviPanda>	 +1
[19:48:29] <YuviPanda>	 how much work do you think it'll take, jynus
[19:48:34] <jynus>	 I will have to test it though, I do not trust very new releases
[19:48:43] <jynus>	 ^this is the main problem
[19:48:46] <YuviPanda>	 seems prudent for things like DBs
[19:48:53] <jynus>	 we do not want to go from something that has problems
[19:48:54] <YuviPanda>	 jynus: we can upgrade tools-db and use that as our test bed :)
[19:48:57] <jynus>	 to something that has more
[19:50:38] <YuviPanda>	 since it has no replication
[19:50:40] <YuviPanda>	 err
[19:50:43] <YuviPanda>	 no incoming replication at least
[19:51:30] <jynus>	 that is actually not an issue
[19:51:54] <jynus>	 replication from previous versions tends to work well
[19:52:06] <jynus>	 we replicate from 5.5 to 10
[19:52:31] <jynus>	 it is the compatibility that is risky for the tools, etc.
[19:53:03] <jynus>	 but yes, that would be the first place to implement it
[19:53:30] <YuviPanda>	 yeah
[19:53:45] <YuviPanda>	 I think that's an ok tradeoff. Getting ANALYZE would be worth it
[20:14:25] <Coren>	 jynus: Do you have a changelog as far as feature incompatibility?
[20:14:48] <Coren>	 And yes, YuviPanda is right that most users would be jumping up and down in joy at a working analyze.  :-)
[20:14:50] <jynus>	 Coren, no, that is the problem
[20:15:03] <jynus>	 obviously you have the official one
[20:15:17] <Coren>	 I take it you don't trust it to be complete then?
[20:15:22] <jynus>	 which I can search, but I heard some people complaining
[20:15:36] <jynus>	 about some bugs and suggesting waiting a bit
[20:16:05] <jynus>	 what I would do is do it opt-in at first
[20:16:34] <YuviPanda>	 mmm maybe we can add another labsdb replica with 10.2 :D
[20:16:39] <YuviPanda>	 err
[20:16:42] <YuviPanda>	 10.
[20:16:44] <YuviPanda>	 11
[20:16:46] <YuviPanda>	 10.1
[20:17:02] <jynus>	 if you have the hardware, YuviPanda :-)
[20:17:22] <jynus>	 I do not have new hardware for production either
[20:17:26] <YuviPanda>	 yeah
[20:17:35] <YuviPanda>	 maybe I can scrounge around and get budget for it
[20:17:42] <jynus>	 please do
[20:17:50] <YuviPanda>	 jynus: if you can think of a spec for what labsdb box would look like, I'll scrounge around for money
[20:18:14] <shinken-wm>	 PROBLEM - Puppet failure on tools-worker-08 is CRITICAL: CRITICAL: 100.00% of data above the critical threshold [0.0]
[20:18:16] <jynus>	 are you thinking of a replica?
[20:18:44] <jynus>	 or tools?
[20:18:48] <YuviPanda>	 jynus: replica
[20:19:01] <jynus>	 ok, I will go back to that ticket soon
[20:19:17] <YuviPanda>	 Coren: since you're root on this channel, can you give me root too? It's using my old typo'd cloak
[20:19:34] <YuviPanda>	 err
[20:19:36] <YuviPanda>	 op
[20:19:38] <YuviPanda>	 not root
[20:19:54] <YuviPanda>	 jynus: +1. Once I have a vague spec I can work with robh to get a number and then with a number scrounge around
[20:19:55] <Coren>	 YuviPanda: I'm pretty sure I can.  I haven't talked to chanserv in ages though, lemme look it up.  :-)
[20:21:25] <Coren>	 YuviPanda: I think you are magic, now.
[20:21:57] <YuviPanda>	 woo thanks
[20:22:22] <Coren>	 slash cs op #wikimedia-labs to ask it for the bit
[20:23:47] <YuviPanda>	 hmm
[20:23:49] <petan>	 or just
[20:23:50] <YuviPanda>	 no dice
[20:23:50] <petan>	 @op
[20:23:52] <YuviPanda>	 oh
[20:23:54] <YuviPanda>	 yes dice
[20:24:11] <YuviPanda>	 yup
[20:24:18] <YuviPanda>	 (it also de-ops me in one go too!)
[20:24:59] <petan>	 well if you leave the channel you lose all flags
[20:25:17] <petan>	 btw you can use wm-bot for most of stuff like this
[20:25:18] <petan>	 I think
[20:25:21] <petan>	 @kick petan
[20:25:58] <petan>	 yes, it works :P
[20:26:45] <YuviPanda>	 @kick petan
[20:26:56] <petan>	 thanks
[20:26:58] <YuviPanda>	 yup! :D
[20:27:11] <YuviPanda>	 yw!
[20:27:19] <petan>	 @kick wm-bot
[20:28:10] <petan>	 I was almost sure I made some code that would prevent that
[20:28:15] <shinken-wm>	 RECOVERY - Puppet failure on tools-worker-08 is OK: OK: Less than 1.00% above the threshold [0.0]
[20:29:03] <petan>	 it also support these hard-to-rememeber syntax quiets
[20:29:07] <petan>	 @q shinken-wm
[20:29:13] <petan>	 @unq shinken-wm
[20:29:29] <petan>	 or join-bans and so on
[20:29:36] <petan>	 @jb petan
[20:30:34] <Coren>	 andrewbogott: If you are back from lunch; I put tabs back.
[20:31:16] <Coren>	 I'm guessing we want to hot fix and not wait for a deployment train?
[20:32:59] <chasemp>	 I'm back here, thank for amending that
[20:33:09] <chasemp>	 AFA https://gerrit.wikimedia.org/r/#/c/258462/ now
[20:33:20] <chasemp>	 if you are in a position to dpeloy I say go
[20:33:33] <Coren>	 chasemp: No worries.  I ripped out the last part of that isVirtual() dangling bits.
[20:33:45] <chasemp>	 in a separate changeset?
[20:34:21] <Coren>	 chasemp: Aye: https://gerrit.wikimedia.org/r/#/c/258488/
[20:34:54] <chasemp>	 great and you caught https://gerrit.wikimedia.org/r/#/c/258488/2/nova/OpenStackNovaProjectGroup.php too
[20:35:21] <Coren>	 But since wikitech is a real wiki now, I thought we needed to do a "real" deploy in a normal window?
[20:35:31] <chasemp>	 ok that I don't know about
[20:35:43] <chasemp>	 It used to be it was outside of the deployment train afaik but now
[20:36:01] <chasemp>	 ask krenair?
[20:36:12] <Coren>	 Krenair: ^^ ?
[20:36:14] <Coren>	 :-)
[20:36:56] <YuviPanda>	 chasemp: Coren we can test it with a cherry-pick and then do a real deployment
[20:37:24] <chasemp>	 we have tested and I believe it's real deploy time
[20:37:32] <chasemp>	 we just hot patched it this am tho
[20:37:38] <chasemp>	 which if I'm hearing is entirely bad manners
[20:39:51] <YuviPanda>	 ah ok
[20:39:54] <Coren>	 chasemp: I think that qualifies as minor heresy.
[20:40:05] <YuviPanda>	 ya should've been a cherry-pick
[20:40:26] <YuviPanda>	 no SWAT Today since friday
[20:40:26] <Coren>	 chasemp: Or at the very least apostasy.  :-)
[20:40:40] <YuviPanda>	 so we should poke greg-g and then find someone versed in mediawiki-ese to deploy this for us
[20:40:59] <Krenair>	 Bit busy at the moment, chasemp, Coren 
[20:41:02] <Coren>	 greg-g is on vacation, ostriches is the current replacement.
[20:41:08] <chasemp>	 ok I'll ask
[20:41:09] <Coren>	 I'm already asking in -operations.
[20:41:12] <chasemp>	 ah
[20:47:34] <chasemp>	 Coren: you want me to do it or you got it?
[20:49:15] <Coren>	 chasemp: We gots the all clear; I can do it but I'd have to look up the docs.  If you do it, I'll look over your shoulder.
[20:50:08] <Coren>	 You +2 mine and I'll +2 yours.
[20:50:11] <Coren>	 :-)
[20:50:33] <chasemp>	 uh I was thinking do both here, ok give me a minute to make sure I'm right that I know what I'm doing
[20:50:36] <chasemp>	 been a bit
[20:51:22] <Coren>	 No, that's okay - I can do it too since it's no fresher in your memory than in mine.  I meant "yours...mine" so that we don't end up with self-+2s.  :-)
[20:51:40] <chasemp>	 oh I think in this case it's no worries as andrew gave it a +1
[20:53:25] <Coren>	 chasemp: Mergèd.
[20:56:07] <chasemp>	 Coren: twentyafterfour kindly offered 
[20:56:24] <Coren>	 That /is/ kind.  :-)
[20:57:03] <chasemp>	 great thanks for separating those commits out, see you in 3
[21:03:42] <grrrit-wm1>	 (03PS2) 10Yuvipanda: Move docker image to directly use Debian Jessie [labs/tools/grrrit] - 10https://gerrit.wikimedia.org/r/256781 
[21:03:46] <grrrit-wm1>	 (03CR) 10Yuvipanda: [C: 032] Move docker image to directly use Debian Jessie [labs/tools/grrrit] - 10https://gerrit.wikimedia.org/r/256781 (owner: 10Yuvipanda)
[21:04:46] <grrrit-wm1>	 (03Merged) 10jenkins-bot: Move docker image to directly use Debian Jessie [labs/tools/grrrit] - 10https://gerrit.wikimedia.org/r/256781 (owner: 10Yuvipanda)
[21:18:53] <Coren>	 andrewbogott: chasemp: Here or some other channel?
[21:18:57] <chasemp>	 find w/ me
[21:18:59] <andrewbogott>	 here’s fine
[21:18:59] <chasemp>	 fine even
[21:19:07] <andrewbogott>	 sorry about my clunky internet access.
[21:19:07] <chasemp>	 on the dhcp server I'm cool w/ what's simple
[21:19:10] <andrewbogott>	 I could hear surprisingly well
[21:19:26] <chasemp>	 if we we can hack in our needed options and have it handle dhcp for the mw sanely I"m good w/ it
[21:19:36] <chasemp>	 I feel no ideology about it at all
[21:20:01] <chasemp>	 but I don't understand what context nova-network needs to have to serve dhcp in this case I guess
[21:20:10] <chasemp>	 it seems like it should be simple maybe it is not
[21:20:13] <andrewbogott>	 It doesn’t need to — it just already does
[21:20:29] <andrewbogott>	 So — let me try to back up.
[21:20:35] <chasemp>	 what happens right now if promethium comes up and asks for dhcp?
[21:20:37] <andrewbogott>	 Imagine you’re me, and don’t know anything about networking.
[21:20:37] <chasemp>	 does it get an address
[21:20:47] <Coren>	 (Aside: fix deployed to Wikitech and tested to work)
[21:21:00] <andrewbogott>	 You have a black box that says NETWORKING really big on it, and when you plug something in, the right thing comes out
[21:21:18] <andrewbogott>	 So, I’m reaching out to plug my new thing into that box
[21:21:32] <andrewbogott>	 and you’re saying, don’t do that, all that happens in that box is <list of things that I can’t keep track of>
[21:21:45] <andrewbogott>	 so, I believe you.  But I already have that black box
[21:21:54] <andrewbogott>	 so what’s my motivation to pay attention to <long list>
[21:22:01] <andrewbogott>	 even if <long list> only has three items?
[21:22:32] <chasemp>	 ok what are the three items?
[21:22:51] <andrewbogott>	 1)  serving up the right IP address for the right host to dhcp
[21:23:02] <andrewbogott>	 2) routing and/or natting
[21:23:32] <andrewbogott>	 (I don’t know if 2 is one thing or two things or zero things, and neither do any of us I think)
[21:23:46] <andrewbogott>	 3) floating ips which, sure, we don’t have to have them, but the black box already does them
[21:23:46] <chasemp>	 it's 2 things
[21:23:52] <andrewbogott>	 ah, great
[21:23:54] <andrewbogott>	 so then 2)routing
[21:23:55] <andrewbogott>	 3) natting
[21:24:01] <chasemp>	 but they should come together more or less
[21:24:22] <chasemp>	 alright but assuming we can easily have the existing dhcp serve for this new server
[21:24:36] <chasemp>	 none of the other two should require any nova-network context as I understand them now
[21:24:53] <chasemp>	 so I'm asking, where do we get for doing some hacks in nova-network 
[21:24:53] <andrewbogott>	 that may be so.  I know for sure that if nova-network goes down that they stop happening :)
[21:25:03] <chasemp>	 well yeah sure
[21:25:11] <chasemp>	 taht's not like, relevant to this is it?
[21:25:17] <wikibugs>	 6Labs, 10MediaWiki-Vagrant, 15User-bd808: Create "mediawiki-vagrant" project - https://phabricator.wikimedia.org/T120982#1874320 (10bd808) 5Resolved>3Open Reopening. The project had to be deleted to work around a wikitech LDAP problem that has now been fixed.
[21:25:19] <wikibugs>	 6Labs, 7Tracking: New Labs project requests (tracking) - https://phabricator.wikimedia.org/T76375#1874323 (10bd808)
[21:25:36] <chasemp>	 I mean to be fair I said I wanted a day or two in order to look at this so I could communicate well on what our optoins seem to be
[21:25:44] <andrewbogott>	 sure
[21:25:46] <chasemp>	 and instead today you kind dove into it and I just don't know 
[21:25:52] <andrewbogott>	 but what’s the harm in trying a trivial approach in the meantime?
[21:25:59] <chasemp>	 what is the trival approach?
[21:26:30] <Coren>	 andrewbogott: My point is, making the metal host work when it sits outside the dhcp pool is a known problem with very simple solution; and I fear trying to hack it in nova-network has the potetntial to be brittle.  What if openstack decides it needs to update the record when $x happens and we loose the hack?
[21:26:54] <chasemp>	 shrinking the dhcp pool has to be trivial
[21:26:59] <chasemp>	 I think I've even seen the setting
[21:27:04] <chasemp>	 when we looked at the labnet1001/1002 issue
[21:27:14] <wikibugs>	 6Labs, 7Tracking: New Labs project requests (tracking) - https://phabricator.wikimedia.org/T76375#799552 (10bd808)
[21:29:18] <wikibugs>	 6Labs, 10Attribution-Generator, 6TCB-Team, 15User-bd808: Create labs projects for lizenzhinweisgenerator - https://phabricator.wikimedia.org/T120925#1874332 (10bd808) Deleted and recreated the project to work around LDAP problems left by T121064.
[21:29:43] <andrewbogott>	 So — this is moot, since I’m taking monday off
[21:29:53] <andrewbogott>	 I would love to be proved wrong, and having the routing/natting issues turn out to be trivial
[21:29:55] <andrewbogott>	 So, have at!
[21:30:54] <chasemp>	 I think I missed previously, is it that in your mind having dhcp from the existing dhcp server requires a database entry or the pseudo-VM hack?
[21:31:11] <andrewbogott>	 nah, not necessary, we can hack around it by adding a separate table to dnsmasq
[21:31:36] <wikibugs>	 6Labs, 10Labs-Infrastructure, 5Patch-For-Review, 5WMF-deploy-2015-12-15_(1.27.0-wmf.9): Project entries are created in ldap but not the posix group entry (disallowing ssh, etc) - https://phabricator.wikimedia.org/T121064#1874344 (10bd808) I deleted the `mediawiki-vagrant` project, recreated it and spun up...
[21:31:46] <chasemp>	 ok
[21:32:10] <chasemp>	 so two things, the routing is more or less trivial and not really handled by openstack persay because it's a route on the core routers
[21:32:16] <chasemp>	 and then attached networks for the labnet box
[21:32:23] <bd808>	 victory! thanks for fixing the ldap project bug guys
[21:32:26] <chasemp>	 I think
[21:32:54] <chasemp>	 so assuming that is true, and the SNAT stuff us just by vlan out of the box so we get it for free that seems like all the integration required to get that far
[21:33:14] <chasemp>	 I agree that if that doesn't work out we are at the make this hw seem like a vm place
[21:33:18] <chasemp>	 so that we aren't reinventing teh wheel
[21:33:45] <Coren>	 bd808: Heh.  It was annoying us too, but I'm glad it solved your issue.  :-)
[21:34:07] <andrewbogott>	 chasemp: it should be easy enough to find out :)
[21:34:20] <chasemp>	 agreed so that's where I'm at mentally
[21:35:55] <chasemp>	 andrewbogott: do we know now if promethium boots and asks for an IP...does it get one?
[21:36:12] <andrewbogott>	 I don’t know — I’ll try it now
[21:36:17] <chasemp>	 what I mean is, is the openstack dhcp stuff already doing it by pre-assigned MAC from a DB
[21:36:44] <chasemp>	 we could argue actually, especially having our own pxe server
[21:36:47] <chasemp>	 we just want to do dhcp in general
[21:38:34] <andrewbogott>	 openstack dhcp stuff already doing it by pre-assigned MAC from a DB <- you mean in general or for promethium in general?
[21:43:51] * andrewbogott wonders if he fell off the internet again
[21:44:52] <chasemp>	 sorry no had to put in a car seat :)
[21:45:21] <chasemp>	 andrewbogott: we should be able to get root on console
[21:45:32] <chasemp>	 and test a few fo these things out as is before imaging, that had been my thought
[21:47:21] <Coren>	 No, that actually makes sense: log into the console via mgmt and *try* it with dhclient.  See what pops.
[21:47:48] <andrewbogott>	 our current nova network is 10.68.16.0/21
[21:47:49] <chasemp>	 that's my thought
[21:47:57] <andrewbogott>	 It’s not possible to carve off a bit without cutting it in half, right?
[21:48:13] <chasemp>	 well is the entire nova network definition also the dhcp pool scope defintion?
[21:48:14] <Coren>	 andrewbogott: I'm pretty sure the dhcp pool is a range, not a subnet.
[21:48:18] <chasemp>	 I guess I remember tehm being separate
[21:48:31] <chasemp>	 it would be odd if they were teh same as one determines network config and the other network assignment
[21:49:32] <andrewbogott>	 I see...
[21:49:36] <andrewbogott>	 | dhcp_server         | 10.68.16.1                           |
[21:49:36] <andrewbogott>	 | dhcp_start          | 10.68.16.2                           |
[21:49:42] <andrewbogott>	 but no dhcp_stop
[21:49:48] <chasemp>	 that is interesting
[21:50:26] <Coren>	 Well, we could dhcp_stop somewhere higher than .2 and it'd end up pretty much the same; but it's odd that it'd imply the end of the subnet as the end of the range.  :-)
[21:51:18] <chasemp>	 well assuming it just allows teh dhcp server to mange it's own lease pool
[21:51:21] <chasemp>	 it may not be an issue at all
[21:51:33] <chasemp>	 I'm just not sure how specific the dhcp server is with it's clients in this case
[21:52:12] <andrewbogott>	 I don’t know for sure, but I thought that IPs were assigned by nova and then passed on to dnsmasq
[21:52:35] <chasemp>	 andrewbogott: can you try your root pass on mgmt for promethium?
[21:52:40] <chasemp>	 either I have an old pass or idk
[21:52:51] <chasemp>	 it's "console com2" fyi
[21:53:38] <wikibugs>	 6Labs, 10Tool-Labs, 5Patch-For-Review: Update Java 7 to Java 8 - https://phabricator.wikimedia.org/T121020#1874417 (10valhallasw) 5Open>3declined a:3valhallasw I spent a bit more time on this, but I don't see this working: the packages need more work (dependencies are wrong) and I have no way to easily...
[21:53:58] <chasemp>	 but yeah Coren could just start the valid lease pool higher to the same effect I guess
[21:54:04] <chasemp>	 super weird to have a start and no end entry tho isn't it?
[21:54:30] <Coren>	 chasemp: Maybe it /accepts/ a dhcp_end too, just defaults to "the whole thing"?
[21:54:36] <andrewbogott>	 chasemp: Labs instances don’t have root passwords, so probably promethium doesn’t either :(
[21:54:49] <chasemp>	 ....oh :)
[21:55:02] <andrewbogott>	 We could start the lease pool higher if we didn’t have instances already in the pool.
[21:55:04] <chasemp>	 the image tho came from caron
[21:55:14] <andrewbogott>	 Yeah, but it was puppetized for labs
[21:55:23] <andrewbogott>	 I’ll look in the source about lease ranges
[21:55:42] <Coren>	 andrewbogott: Does something live at .2 now?  Just putting the start at .3 would work for testing if nothing else.
[21:55:54] * andrewbogott checks
[21:56:11] <chasemp>	 or even just bumping that vm out of that space with a pool change and a reup
[21:57:44] <andrewbogott>	 hm, certainly pinging .2 and .3 and .4 works
[21:58:25] <wikibugs>	 10PAWS: Make the default PS1 more helpful - https://phabricator.wikimedia.org/T120560#1874448 (10yuvipanda) 5Open>3Resolved a:3yuvipanda It's $MWUSERNAME@PAWS:$CWD $ now
[21:59:05] <chasemp>	 ok I'll move promethium back to labs-support so I can set a root password to test out the rest of it
[21:59:44] <andrewbogott>	 sure
[21:59:58] <andrewbogott>	 .2 is an instance called ‘nfstest’ built by faidon in testlabs
[22:00:19] <Coren>	 I think that was the one he used to break into labstore.  :-)
[22:00:26] <chasemp>	 pretty good odds that's not a big deal to move ip's for
[22:01:03] <andrewbogott>	 I still don’t see any public-facing way to change the dhcp range.  Still digging
[22:01:10] <wikibugs>	 6Labs, 10Tool-Labs: Figure out a way to support java 1.8 on tool labs (Merl's bot) - https://phabricator.wikimedia.org/T121279#1874462 (10valhallasw) 3NEW
[22:01:20] <valhallasw`cloud>	 ^ I would appreciate input on this
[22:01:42] <valhallasw`cloud>	 YuviPanda: especially from you on whether k8s is 'ready enough' for this -- probably not?
[22:03:01] <YuviPanda>	 valhallasw`cloud: so 6. is their own project, but that sucks too
[22:03:19] <andrewbogott>	 well, that’s upsetting
[22:03:34] <valhallasw`cloud>	 YuviPanda: right. 
[22:03:51] <YuviPanda>	 valhallasw`cloud: 7. is 'write a small proxy in another language that speaks the SSL Java 1.7 speaks on one side and the SSL that wmf speaks on the other'
[22:03:51] <valhallasw`cloud>	 silly openjdk :(
[22:04:07] <valhallasw`cloud>	 that's evil! :D
[22:04:10] <YuviPanda>	 indeed
[22:04:13] <valhallasw`cloud>	 mitmproxy to the rescue
[22:04:15] <valhallasw`cloud>	 but let's not
[22:04:17] <YuviPanda>	 yeah
[22:04:44] <andrewbogott>	 chasemp: can you make any sense out of the ‘fixed reserve’ docs here?  http://docs.openstack.org/admin-guide-cloud/compute-networking-nova.html
[22:05:04] <YuviPanda>	 valhallasw`cloud: how about, 1. setup a separate project for this, 2. move to K8s in 3-4 months?
[22:05:08] <andrewbogott>	 seems like that command would let us change dhcp_start, but… ‘reserve’?  what the heck?
[22:06:20] <valhallasw`cloud>	 YuviPanda: yeah, also not a big fan of that :/
[22:06:34] <YuviPanda>	 valhallasw`cloud: might be the most workable setup.
[22:06:46] <YuviPanda>	 definitely don't want to port gridengine to jessie
[22:06:50] <valhallasw`cloud>	 not sure if merl agrees :-p
[22:07:33] <YuviPanda>	 the only difference between 6 and 5 is that in (5) the instance lives inside tools and in (6) it does not
[22:08:01] <chasemp>	 andrewbogott: I read that as a) yes vm's are mapped by mac to a specific ip b) you can set a starting point in the network range for dhcp but it assumes it will consume to the end of hte range from there
[22:08:09] <chasemp>	 which does what we are talking but very awkwardly
[22:08:26] <wikibugs>	 6Labs, 10Tool-Labs: Figure out a way to support java 1.8 on tool labs (Merl's bot) - https://phabricator.wikimedia.org/T121279#1874483 (10yuvipanda) 6. Put this in its own projects until we can do (4), which is a few months off now.
[22:08:28] <valhallasw`cloud>	 YuviPanda: yes, which means you have access to tools nfs
[22:08:31] <andrewbogott>	 yeah, that’s what it reads like to me too.  I just think that ‘reserve’ is a preposterous name for it
[22:08:36] <chasemp>	 truly
[22:08:40] <valhallasw`cloud>	 might not be that important, though
[22:08:47] <valhallasw`cloud>	 also someone still has to manage that project
[22:08:50] <YuviPanda>	 valhallasw`cloud: yup. I don't actually know what that bot needs.
[22:09:00] <YuviPanda>	 (other than 'java 8')
[22:09:01] <chasemp>	 what kind of a dhcp scheme doesn't include specific scope
[22:09:10] <YuviPanda>	 for example, if it's using qsub, everything becomes a lot more complicated
[22:09:58] <valhallasw`cloud>	 yeah
[22:11:56] <wikibugs>	 6Labs, 10Tool-Labs: Figure out a way to support java 1.8 on tool labs (Merl's bot) - https://phabricator.wikimedia.org/T121279#1874486 (10yuvipanda) What features of tools does merlbot use? I think that's an important consideration in figuring out what to do.  Specifically:  # Does it use qsub/jsub? # Does it...
[22:11:57] <YuviPanda>	 valhallasw`cloud: commented
[22:12:09] <valhallasw`cloud>	 thanks!
[22:12:55] <YuviPanda>	 valhallasw`cloud: Depending on what is required I might be able to provide support for it on its own project.
[22:13:00] <YuviPanda>	 valhallasw`cloud: until k8s is ready
[22:13:19] <valhallasw`cloud>	 ok, great :-)
[22:13:30] <YuviPanda>	 need to figure out what's needed first tho :D
[22:13:34] <YuviPanda>	 I'm going to go eat food
[22:13:36] <YuviPanda>	 I'll brb
[22:13:37] <valhallasw`cloud>	 I wish there were an easy way to statically compile a .deb :(
[22:13:49] <YuviPanda>	 > easy
[22:13:51] <YuviPanda>	 > .deb
[22:14:01] <YuviPanda>	 gotta get hazed first :)
[22:15:02] <YuviPanda>	 anyway
[22:15:04] <YuviPanda>	 fooood
[22:15:43] <andrewbogott>	 ebernhardson: is instance estest1003 defunct or still in use?
[22:15:50] <andrewbogott>	 (Nothing is wrong, I’m just making space :) )
[22:20:31] <ebernhardson>	 andrewbogott: in use, the whole estest100{1,2,3,4} set
[22:20:38] <andrewbogott>	 ok
[22:20:58] <ebernhardson>	 to clear up some space, help me convince you all to keep some of elastic1001-16 when they get replaced later this year ;)
[22:21:07] <ebernhardson>	 (where you all = ops ;)
[22:21:24] <YuviPanda>	 this year -> ?
[22:21:26] <YuviPanda>	 2016?
[22:21:28] <paravoid>	 andrewbogott: yes, kill it
[22:21:29] <YuviPanda>	 or next few months?
[22:21:40] <andrewbogott>	 paravoid: ok, thanks
[22:21:59] <ebernhardson>	 YuviPanda: mark said "They're slated to be replaced by end of this fiscal year (at 4 years of age), which may (or may not) have to be pushed to early start of the next fiscal year (July 2016) if necessary for budget pressure. "
[22:22:08] <YuviPanda>	 ah :)
[22:22:15] <YuviPanda>	 ebernhardson: ys, that'd be nice to recycle
[22:22:55] <ebernhardson>	 YuviPanda: although if we were to use them for a labs replica, they need more disk
[22:23:18] <YuviPanda>	 hmm
[22:23:28] <ebernhardson>	 well, maybe. hard to say exactly. they have 493GB each
[22:23:40] <ebernhardson>	 i think thats after raid0
[22:23:52] <ebernhardson>	 or maybe raid1? gah i should know this...
[22:24:07] <chasemp>	 it's raid 0 w/ a software raid 1 on the os partition
[22:24:14] <chasemp>	 which is a small part of the disk
[22:24:45] <ebernhardson>	 ahh ok, thats it :)
[22:33:14] <andrewbogott>	 chasemp, Coren, ok I removed one solitary IP from the dhcp pool:  192.168.16.2
[22:33:45] <chasemp>	 sweet -- I moved back promethium and set a root pass now I'm looking to test the console but it's bieng weird
[22:33:55] <andrewbogott>	 .3 and .4 are in use
[22:35:05] <wikibugs>	 6Labs, 10Tool-Labs: Figure out a way to support java 1.8 on tool labs (Merl's bot) - https://phabricator.wikimedia.org/T121279#1874520 (10Merl) Are there any plans to support ubuntu 16.04 as sge execution nodes next year? If so the easiest solution would be to keep the ssl force exception for labs until this i...
[22:38:28] <Coren>	 andrewbogott: We need just the one for testing anyways.
[22:38:55] <andrewbogott>	 Coren: yes, although it would be nice to have a plan for getting a second one, someday :)
[22:39:09] <chasemp>	 yeah I figure if this works out we clear out a block of 10 or soemthing?
[22:39:12] <chasemp>	 idk
[22:39:36] <chasemp>	 side note, that patch was only the second time I've written php here in 2 years ...just occurred to me
[22:39:39] <chasemp>	 I think
[22:39:53] <Coren>	 I don't miss it.  :-)
[22:40:34] <chasemp>	 andrewbogott: so I got root going on promethium
[22:40:40] <chasemp>	 anything else you want o do w/ it befoer we jump back?
[22:40:45] <wikibugs>	 6Labs, 10Labs-Infrastructure, 6operations, 10ops-eqiad: labstore1002 issues while trying to reboot - https://phabricator.wikimedia.org/T98183#1874524 (10coren) @cmjohnson: We need to get our hands on another then; perhaps put in a req for one or is there one in Dallas we could ship accross?
[22:40:51] <chasemp>	 I'm going to install a few diagnostic packages
[22:41:01] <andrewbogott>	 chasemp: nothing specific
[22:41:19] <andrewbogott>	 oh, btw, Coren and chasemp, when hacking keep in mind that currently the active network node is labnet1002, not labnet1001
[22:41:30] <andrewbogott>	 I keep making that mistake and getting upset at how there are no logs
[22:41:37] <Coren>	 Heh.
[22:41:42] <chasemp>	 gotcha I actually no joke just did too when we were talking
[22:41:43] <wikibugs>	 6Labs, 10Tool-Labs: Figure out a way to support java 1.8 on tool labs (Merl's bot) - https://phabricator.wikimedia.org/T121279#1874526 (10Merl) Btw: i am running funtoo/gentoo on my two year old laptop and emerging jdk8 with a clean compile cache uses about 6GB of ram, 7 GB temp space, but completes within 40...
[22:41:47] <chasemp>	 lik wtf iptables rules? oh yeah
[22:42:30] <wikibugs>	 6Labs, 10Labs-Infrastructure, 5Patch-For-Review: labcontrol1001 and 1002 running web servers on 80 and 443 open to all - https://phabricator.wikimedia.org/T120449#1874537 (10Dzahn) a:3Dzahn
[22:43:27] <wikibugs>	 6Labs, 10Labs-Infrastructure, 5Patch-For-Review, 5WMF-deploy-2015-12-08_(1.27.0-wmf.8), 5WMF-deploy-2015-12-15_(1.27.0-wmf.9): Project entries are created in ldap but not the posix group entry (disallowing ssh, etc) - https://phabricator.wikimedia.org/T121064#1874539 (10coren) 5Open>3Resolved Confirm...
[22:52:15] <wikibugs>	 6Labs, 10Labs-Infrastructure, 5Patch-For-Review: labcontrol1001 and 1002 running web servers on 80 and 443 open to all - https://phabricator.wikimedia.org/T120449#1874550 (10Dzahn) fixed by removing the firewall hole for 80/443 that wasn't needed. can't open these URLs anymore now
[22:52:27] <wikibugs>	 6Labs, 10Labs-Infrastructure, 5Patch-For-Review: labcontrol1001 and 1002 running web servers on 80 and 443 open to all - https://phabricator.wikimedia.org/T120449#1874551 (10Dzahn) 5Open>3Resolved
[23:00:30] <ebernhardson>	 YuviPanda: my search skills arn't working out...where were docs for putting up a repository in tool labs via kubernetes (as in, without managing your own server) ?
[23:02:11] <ebernhardson>	 oh it looks like normal tools are that way, i was just uncertain because it started talking about lighttpd.conf :)
[23:05:41] * ebernhardson is a little scared ssh tools-k8s-master-01.tools.eqiad.wmflabs
[23:05:46] <ebernhardson>	 let him log in...and logs back out
[23:05:52] <andrewbogott>	 chasemp:  here are some dnsmasq facts!  1) dnsmasq is started/stopped by nova-network, if you ‘service dnsmasq start’ yourself you may end up with more dnsmasqs than you want.  2) it’s configured via /etc/dnsmasq-nova (as specified in /etc/nova.conf) 3) which comes from puppet/modules/openstack/templates/kilo/nova/dnsmasq-nova.conf.erb
[23:06:14] <chasemp>	 this all makes sense
[23:06:16] <andrewbogott>	 Most of the craziness in there is for aliasing public IPs
[23:06:31] <andrewbogott>	 (sorry if I’m telling you what was already obvious)
[23:07:08] * andrewbogott out for now
[23:07:40] <chasemp>	 andrewbogott: are you coming back tonight? if not or if I'm gone, have fun at the garden thing
[23:07:45] <chasemp>	 talk to you tuesday
[23:07:59] <andrewbogott>	 I’ll be back a bit this evening, but thanks!