[07:10:10] <elukey>	 rzl: o/ thanks a ton for https://gerrit.wikimedia.org/r/c/operations/puppet/+/650298/1/modules/admin/data/data.yaml, I wanted to send an email to the ops@ mailing list but a new use case preceeded me :)
[07:14:43] <elukey>	 I have only one doubt - in https://phabricator.wikimedia.org/T270438 I don't see any mention of L3 signed etc.. (but since this s a wmf account maybe not needed), do we need it for other general access? It mentions also important things other than SSH (like data privacy etc..)
[07:40:40] <_joe_>	 L3 needs to be signed by anyone with production ssh access AIUI
[07:40:46] <_joe_>	 employee or not
[07:41:25] <elukey>	 for this use case (analytics-privatedata-users without ssh) could be useful
[07:42:42] <elukey>	 I mean for the "Handling sensitive data"
[07:42:52] <elukey>	 but it is all focused on ssh to servers
[10:18:08] <volans>	 mutante: what was the issue with pwstore? we're now using the keys in the keys directory
[10:18:12] <volans>	 it should never be an issue
[10:18:41] <volans>	 you need the modified pws, see the docs in officewiki for the link
[10:42:24] <apergos>	 there were expired keys, volans, beyond that I don't know
[10:43:03] <volans>	 expired in the keys/ directory? they can always be temporarily removed AIUI
[10:48:30] <apergos>	 I really don't know the details (sorry)
[11:22:22] <jbond42>	 mutante: if you are not using the wmf-sre-laptop you may need to download a modified version of pws from  https://people.wikimedia.org/~jmm/pws (https://office.wikimedia.org/wiki/Pwstore#Installation)
[14:45:53] <rzl>	 elukey: oh sorry, missed this highlight before commenting on task
[14:46:09] <rzl>	 basically I think we don't need L3, but if anyone disagrees, I'd happily go along with it
[14:46:33] <rzl>	 we could also ask Mike to sign it just for the avoidance of doubt -- but we'd still need to figure out a general answer for the next person
[14:49:02] <rzl>	 moritzm: if you're around today, can you also glance at https://gerrit.wikimedia.org/r/650298 just to make sure you're happy with the implementation? context at https://phabricator.wikimedia.org/T270438#6700097
[14:52:46] <elukey>	 rzl: hi! Moritz is out today, he'll be back on monday IIRC
[14:53:09] <rzl>	 ah okay :) in that case I'll hope to merge today and make any corrections next week
[14:53:40] <elukey>	 rzl: makes sense yes :) I raised the question since effectively a user via superset will be able to query PII data (read-only mode)
[14:53:41] <rzl>	 (oops yeah I checked his calendar but not the SRE meeting doc)
[14:54:43] <rzl>	 nod
[14:55:05] <elukey>	 in any case thanks a lot for working on this first use case, it should probably make life easier for some users
[14:55:24] <rzl>	 sure thing! I'll make sure we get it documented on the clinic duty page
[14:55:24] <elukey>	 I am going to amend the help in data.yaml with more info about this
[14:55:31] <rzl>	 oh brilliant thanks
[14:56:04] <rzl>	 hmmm actually https://wikitech.wikimedia.org/wiki/Analytics/Data_access#User_responsibilities links to L3
[14:56:16] <rzl>	 which is enough to change my mind from "probably barely doesn't matter" to "probably barely does"
[14:57:03] <elukey>	 me and Andrew wrote that so it is probably stale :D
[14:57:18] <rzl>	 yeah, but I was going to make him promise that he's read it :P
[14:57:29] <rzl>	 unless you want to update it now, which is fine by me!
[14:59:57] <elukey>	 rzl: better now?
[15:00:17] <rzl>	 yeah, seems good!
[15:01:24] <elukey>	 super :)
[15:07:31] <rzl>	 elukey: does the data.yaml change lgty? I'll go ahead and wrap everything up if so
[15:09:05] <elukey>	 checking
[15:10:07] <rzl>	 thanks!
[15:10:11] <elukey>	 thank you!
[15:10:30] <elukey>	 I'll check after puppet-merge that the admin module does its job on the hadoop masters
[15:14:29] <rzl>	 cheers! puppet-merge complete, go ahead
[17:20:05] <sukhe>	 for some reason, vim now thinks the .pp file is Pascal. I wonder what changed because I certainly didn't make any modifications to my vimrc. setting filetype=ruby does help but yeah
[17:20:27] <rzl>	 I love it
[17:20:29] <sukhe>	 I guess it's time to give https://github.com/rodjek/vim-puppet a try
[17:20:33] <rzl>	 we're rewriting that entire repo in pascal, let's go
[17:22:06] <sukhe>	 right after someone finishes the Haskell fork
[17:23:39] <sukhe>	 Filename extensions.pp, .pas, .inc, for Pascal
[17:24:02] <sukhe>	 which makes me wonder why it worked all this time. anyway, it's just me getting worried when something happens to my vim settings when I didn't make a change :D
[18:08:55] <elukey>	 rzl: if you have time https://gerrit.wikimedia.org/r/c/operations/puppet/+/645275
[18:11:35] <rzl>	 looking
[18:15:54] <elukey>	 grazie mille <3
[18:17:09] <Amir1>	 mutante: 280 hiera() left
[18:17:55] <elukey>	 ahahhahaha
[18:19:09] <rzl>	 hierae? :)
[18:20:11] <volans>	 hierai [https://fr.wiktionary.org/wiki/hierai]
[18:20:18] <volans>	 :-P
[18:20:36] <rzl>	 🤔
[18:30:22] <cdanis>	 hieraeis
[18:32:15] <Amir1>	 hierä
[18:32:24] <Amir1>	 hieree?
[18:39:07] <mutante>	 Amir1: thank you for lowering the hieraeii count
[18:40:53] <Amir1>	 I didn't do much, you did most of it, it'll finish soon thouguh
[18:54:41] <mutante>	 It will be fun to close the ticket after the last one.
[20:35:33] <sukhe>	 I am sure I am seeing things today. like "8 processes for 10 specs, ~ 1 specs per process
[20:35:36] <sukhe>	 "
[20:35:41] <sukhe>	 was it always running tests in parallel or is this recent?
[20:36:00] <sukhe>	 this is from utils/run_ci_locally.sh
[20:39:36] <sukhe>	 no recent changes to the file itself, but maybe there is some docker magic happening here that I don't understand (and don't want to I guess :P)