[01:01:02] https://wikitech.wikimedia.org/wiki/Incident_documentation/20200723-wdqs-outage is the first draft of the writeup for today's (23/07/2020 DD/MM/YYYY) wdqs outage is ready for review [01:29:12] thanks ryankemper I'll take a pass tomorrow [01:29:30] cdanis: thanks for all the help today! [01:29:40] np :) [01:30:16] XioNoX, when you come back to work, this might be something that you immediately know the solution for: https://phabricator.wikimedia.org/T258764 [01:36:28] andrewbogott: grepping around for a random switch name in the puppet repo, it comes from here: https://phabricator.wikimedia.org/source/operations-puppet/browse/production/hieradata/common/monitoring.yaml$302 [01:36:34] https://phabricator.wikimedia.org/source/operations-puppet/browse/production/modules/profile/manifests/icinga.pp$9 [01:36:41] probably just add the switch hostname and a description to the yaml [01:36:59] please try that, right now icinga isn't loading new configurations, per the alert in #-operations [02:16:45] cdanis: no joy from https://gerrit.wikimedia.org/r/c/operations/puppet/+/615906. Maybe just hostname and not fqdn? [02:17:05] It's not clear to me, hostnames and fqdns both appear in that list and also in the icinga config [02:25:49] nope, doesn't help either way [09:15:18] are there any docs on 'sandbox' branches in gerrit? [09:17:34] or, generally, how to make a branch in gerrit that can be shared with other people? [09:19:13] mmhh I thought I read about sandbox branches on wikitech but can't find documentation, then it must have been by looking at permissions on gerrit for sth that I could push-force too (JFTR) [09:20:00] ah hah - just found https://www.mediawiki.org/wiki/Gerrit/personal_sandbox [09:30:46] mmph. `git push gerrit HEAD:sandbox/kormat/pontoon-mariadb104-test` [09:30:47] er [09:30:55] `remote: You need 'Push' rights with 'Force' flag set to do a non-fastforward push.` [12:55:50] kormat: seems unfortunate that you'd need that permission, I might bring that up in #-releng and/or with Paladox [12:55:54] _joe_: did you have a chance to look at my patches? [12:59:39] ah he's off today [13:00:03] akosiaris: I added you as a reviewer on the very-rough https://gerrit.wikimedia.org/r/c/operations/puppet/+/615877 which is maybe almost correct [13:27:56] wkandek: btw, you should join #wikimedia-sre-private [17:56:37] hey all, we've got a PR to add airflow privileges to the scap deploy user: https://gerrit.wikimedia.org/r/c/operations/puppet/+/615582/2/modules/profile/manifests/analytics/search/airflow.pp#52 [17:57:16] since this is adding to sudoers, is review needed from the broader sre team? not sure on the process here [18:17:03] not-sre: I think Wikitech says all 'sudo'ers needs approval in weekly ops meeting? [19:00:06] ryankemper: changes to the sudo permission of groups are generally expected to wait one SRE meeting, although, I think we set that policy before we moved it from weekly to bi-weekly [19:00:29] thanks. next meeting is this upcoming monday so waiting is no problem in this case [19:00:35] yeah, was just about to say that [19:00:45] can you add it to the meeting doc, and also, add j.bond + m.oritzm to reviewers? [19:02:41] done [19:02:47] oh wait [19:02:56] I thought you meant add them on the google doc but you definitely mean the gerrit patch huh [19:02:57] xD [19:04:10] :D [19:04:49] okay done for real now [19:05:32] thanks :) [19:38:42] twentyafterfour: aphlict1001 has the scap target now. puppet is happier but still missing some stuff. now that i look at /srv/deployment i already see phab files [19:39:00] cool [19:39:19] mutante: want me to take a look at the remaining stuff that's missing? [19:39:51] twentyafterfour: right now the issue is i used /srv/aphlict and let puppet create the symlink to /srv/deployment... but... [19:40:07] in some other place it still looks for /srv/phab/phabricator/support/aphlict/server [19:40:21] and the "/srv/phab" is the basedir [19:40:40] but basedir is already a variable and should not be hardcoded [19:42:38] also let me make sure phab-admins also get shell access to that instance [19:42:54] mutante: yeah I can't log in apparently [19:44:14] modules/phabricator/manifests/aphlict.pp $aphlict_dir = "${phabdir}/support/aphlict/server" [19:44:42] yes, that [19:45:31] if we make aphlict_dir a parameter then it doesn't need to be based off of $phabdir ... [19:46:11] yea, i already started that: [19:46:12] Stdlib::Unixpath $base_dir = lookup('aphlict_base_dir', { 'default_value' => '/srv/aphlict' }), [19:46:39] but this is another one in the phab module instead of the profile [19:47:46] or we just need to set $basedir when using phabricator::aphlict [19:49:06] yea, base_dir => $base_dir, should do it .. trying [19:49:45] well several pieces of aphlict are inside of phabricator's source directory [19:50:52] that should be ok since the symlink aphlict -> /srv/deployment/phabricator/deployment [19:51:05] right [20:34:34] twentyafterfour: shell access - resolved, base_dir issue - resolved. new issue: we don't have PHP installed :) [20:35:00] aphlict[20819]: /usr/bin/env: ‘php’: No such file or directory [20:35:04] oh [20:35:35] that's probably just used in the start script.. could probably replace it with a shell script but I'm not sure if it's worth the trouble [20:36:28] i mean.. yea.. we have nodejs installed obviously. and per https://secure.phabricator.com/T6889 they won't replace that with PHP alternatives [20:36:47] so now it needs both :p [20:53:52] twentyafterfour: let puppet install php-cli. errors are gone. aphlict is now running :) [20:54:51] next for me: add envoy, cert [21:00:08] sweet thanks mutante [21:02:00] Is anyone around who is comfortable making switch config changes? I have the feeling I need that for https://gerrit.wikimedia.org/r/c/operations/puppet/+/616153 (since it's moving from a public IP to cloud-hosts1-b-eqiad) [21:07:28] cmjohnson1 maybe? [21:09:45] or… I guess bblack? [21:11:36] * andrewbogott should probably back out that change and embrace the Friday