[13:34:35] <XioNoX>	 using Batfish + Capirca to cleanup their 1000s of ACLs LOC. The one graphs tells it all.
[13:34:37] <XioNoX>	 That's pretty cool: https://tech.ebayinc.com/engineering/safe-acl-change-through-model-based-analysis/
[14:50:40] <volans>	 moritzm, jbond42: bikeshedding here as is quicker for T252807#6152516: so far we've used the second level in the cookbooks for "things" (sre.maps, sre.wdqs, etc...) with ofc one exception being sre.switchdc that is not a thing but an action. sre.reboot. would too be an action. No real strong opinion on my side on this. Just wanted to point it out and hear feedbacks
[14:58:44] <moritzm>	 I'm perfectly fine either way, sre.SERVICE.reboot also totally works for me
[15:00:09] <jbond42>	 volans: using sre.SERVICE.reboot where would the common reboot code go.  ofcourse the oposite question is valid if we go sre.reboot.SERVICE
[15:00:49] <volans>	 jbond42: sre.hosts.reboot-single or something similar I guess
[15:01:19] <volans>	 we already have some inconsistentcies
[15:01:27] <volans>	 between sre.maps.reboot, sre.wdqs.reboot and then sre.elasticsearch.rolling-reboot
[15:02:09] <volans>	 and we also have sre.hadoop.reboot-workers
[15:11:13] <jbond42>	 volans: i dont think sre.hosts.reboot-single.  if we went sre.ACTION then i would probably have a sre.reboot.__init__.py script which had a reboot function with a sugniture something like reboot(cluster, batch_size, {de,}pool_cmd) (would probably look simlar to the run in update-and-reboot
[15:11:45] <jbond42>	 fyi im happy with sre.SERVICE.reboot im mostly just thinking out loud
[15:12:20] <volans>	 jbond42: "i dont think sre.hosts.reboot-single" you don't think what? :)
[15:12:50] <volans>	 as for the generic code it should probably land in spicerack directly fwiw
[15:12:52] <jbond42>	 sre.hosts.reboot-single would be the right place to have a generic reboot function.  that should just reboot one host
[15:13:05] <jbond42>	 however  ageneric one should in a perfect world also deal with clusters
[15:13:22] <volans>	 yes I meant for the single one
[15:13:23] <jbond42>	 volans: yes thats where my brain was heading
[15:13:31] <volans>	 the generic logic in spicerack
[15:13:37] <volans>	 sorry I misunderstood your point
[15:13:40] <volans>	 we already have https://doc.wikimedia.org/spicerack/master/api/spicerack.remote.html?highlight=reboot#spicerack.remote.RemoteHosts.reboot
[15:13:43] <volans>	 fwiw :D
[15:13:50] <jbond42>	 ack then i think sre.SERVICE is the better option
[15:14:19] <jbond42>	 lol :)
[15:14:28] <volans>	 sre.hosts.reboot-single would be the place for the single host reboot stuff, just that
[15:15:01] <jbond42>	 ack
[15:16:02] <moritzm>	 sre.hosts.reboot-single and sre.SERVICE.reboot works for me!
[15:22:03] <volans>	 +1
[15:22:35] <volans>	 which kind of protection/awareness of the dedicated ones do we want to add to reboot-single?
[15:23:36] <moritzm>	 common sense :-)
[15:24:04] <moritzm>	 ofc there are also technical solutions/further polishing
[15:24:32] <moritzm>	 like it could match the class names registered for the service ones and print a warning or so
[15:24:35] <volans>	 :)
[15:25:06] <moritzm>	 but given that the target audience are SREs I think it's initially fine to assume that people don't blindly run a cookbook without checking the description :-)
[15:25:33] <moritzm>	 I'll go update the Phab task following this discussion
[15:25:40] <volans>	 thanks
[17:25:24] <herron>	 here's a doc for virtual offsite ideas -- tried to write down what was said verbally but I'm sure I've missed stuff, please add and adjust!  https://docs.google.com/document/d/1YaxGXIUgzfr-U2_hfGDddiLhV9bxvF4phOPYBGTtM9Q/edit?usp=sharing
[17:28:53] <XioNoX>	 thx!