[00:11:41] <paladox>	 James_F yup we bumped it.
[12:14:45] <XioNoX>	 elukey: an-coord1001 has 3 active icinga alerts (~6h for the most recent one)
[12:16:30] <elukey>	 XioNoX: yep I know, fixes are in progress.
[12:19:57] <XioNoX>	 cool :)
[14:34:50] <fsero>	 does this message "Error while evaluating a Function Call, secret(): invalid secret keyholder/apache2modsec.pub at /srv/jenkins-workspace/puppet-compiler/16902/change/src/modules/scap/manifests/target.pp:101:28 at /srv/jenkins-workspace/puppet-compiler/16902/change/src/modules/profile/manifests/waf/apache2/administrative.pp:59 on node phab1003.eqiad.wmnet" ring a bell to someone?
[14:34:54] <fsero>	 running a PCC
[14:43:14] <godog>	 usually means not-private private.git is missing the file
[14:43:20] <godog>	 labs/private.git that is
[14:50:27] <fsero>	 thx godog
[14:57:17] <elukey>	 now that you guys mention this, was the key armed at the end?
[14:57:34] <godog>	 np fsero
[14:57:58] <elukey>	 ah snap it was not
[14:58:39] <elukey>	 chasemp: o/ - can you check https://phabricator.wikimedia.org/T224887 when you are online? :)
[15:10:11] <arturo>	 fsero godog if you merge to labs/private, don't forget we need now `puppet-merge` https://wikitech.wikimedia.org/wiki/Puppet#Updating_labs/private.git
[15:11:08] <fsero>	 but but.. why?
[15:11:17] <fsero>	 ok, do i need to do it now?
[15:11:24] <fsero>	 PCC took it without merging
[15:12:06] <Krenair>	 fsero, because we don't trust gerrit with this stuff anymore
[15:12:49] <Krenair>	 PCC is piggybacking on that repo, its purpose is to keep puppet within labs instances happy
[15:13:06] <Krenair>	 PCC probably just takes whatever version gerrit gives it
[15:13:50] <fsero>	 im probably missing something but labs/private is a mock repo so why all this hassle?
[15:14:12] <andrewbogott>	 fsero: context is in T221888
[15:14:19] <andrewbogott>	 https://phabricator.wikimedia.org/T221888
[15:14:30] <fsero>	 restricted for me :)
[15:15:04] <Krenair>	 fsero, that repo is used and trusted by all labs instances
[15:15:09] <andrewbogott>	 hm, does that mean you don't have access to security tickets in phab?
[15:15:17] <fsero>	 i guess so
[15:15:53] <andrewbogott>	 seems like that needs fixing!  Although I don't know offhand how to do it
[15:21:44] <godog>	 arturo: oh good to know, TIL
[15:22:41] <Krenair>	 (it's not trusted to give actually secret secrets, but it is trusted not to contain malicious things considering stuff in there can be executed by root)
[15:26:38] <Krenair>	 I guess it's fine for PCC to use the version gerrit provides, but maybe we should change that purely to force correct practices
[15:34:59] <andrewbogott>	 not a bad idea
[15:35:12] <andrewbogott>	 otherwise unmerged patches tend to pile up there