[00:01:38] <longma>	 I was wondering, is it normal for the checksum/tls-certs annotations values to be different from last deploy when deploying to k8s?
[06:03:10] <_joe_>	 longma: which chart? there was a bug in the first iteration of the tls-certs checksums template but it's long been fixed
[06:08:21] <longma>	 Ah. Today when I was deploying blubber it showed up on the diff but then when I declined to apply the changes and ran it again, there was no change to the checksum
[06:09:22] <longma>	 That seemed a bit weird to me
[06:36:09] <_joe_>	 longma: uhm that's a bit strange indeed, lemme check something
[06:36:33] <_joe_>	 (also I feel guilty. I shouldn't be working but you should *definitely* not be working at this hour :P)
[06:37:19] <_joe_>	 yeah not sure why that would happen, blubber is already using the 0.2 version of the common templates
[06:37:43] <_joe_>	 {{- include "tls.annotations" . | indent 8 }} so yeah, that definitely shouldn't happen
[06:42:56] <longma>	 :) no worries, I just saw the notification so I thought I'd reply
[06:43:11] <longma>	 I'll let you know if I see it again
[10:53:34] <jbond42>	 @all i have jusst created https://wikitech.wikimedia.org/wiki/User:Jbond/debuging which is a list of oneliners i had localy which have been usefull for debugging.  im sure there is a better place to put this and suspect others have there own collection of one liners but figuered wikitech is at least better the ~/docs/debugging.txt
[10:58:48] <_joe_>	 jbond42: nice
[11:01:55] <jbond42>	 thanks
[11:19:32] <jbond42>	 fyi all i have pushed an updated to puppet stdlib (https://github.com/puppetlabs/puppetlabs-stdlib/blob/main/CHANGELOG.md).  Main driver was to add the new stdlib::ensure function (https://github.com/puppetlabs/puppetlabs-stdlib/pull/1150)
[11:28:34] <paravoid>	 nice :)
[11:29:08] <paravoid>	 for those that didn't click the link, john neglected to mention that he was the one to submit that PR and add that function :P
[11:29:12] <paravoid>	 that's pretty cool to see!
[11:30:46] <jbond42>	 thanks paravoid  :")
[11:40:23] <volans>	 nice!
[11:53:12] <_joe_>	 jbond42: some of the stuff we have in wmflib could indeed be submitted upstream with minimal changes
[12:00:22] <jbond42>	 _joe_: indeed thats what spured this CR, the debian module as well as some of the addtional stdlib types https://github.com/puppetlabs/puppetlabs-stdlib/pulls?q=is%3Apr+author%3Ab4ldr+.  Its in my mind to do exactly that however i notice now that thats the only place it was so have create a task to track ongoing progress :) https://phabricator.wikimedia.org/T273743
[12:01:52] <_joe_>	 heh nice :)
[12:02:20] <_joe_>	 yeah I'll take a look at our functions, one that comes to mind is a generalized version of "secret"
[12:07:50] <jbond42>	 _joe_: i did port the secret function to the new api (https://github.com/wikimedia/puppet/blob/production/modules/wmflib/lib/puppet/functions/wmflib/secret.rb) but it depends on puppet6 so not usefull for us and i stop working on it however i dont think it needs to be dependent on puppet6 il take another look at it this week, propbably on friday.  but yes if there is anything elses please add to
[12:07:56] <jbond42>	 the task
[12:08:36] <_joe_>	 nod
[15:06:31] <jbond42>	 8fyi all i have made an updated to PCC so that you can send a cumin query using the puppetdb grammer https://wikitech.wikimedia.org/w/index.php?title=Help%3APuppet-compiler&type=revision&diff=1896740&oldid=1894923
[15:06:55] <volans>	 yay
[15:08:47] <jbond42>	 please not this should be considered experimental and imo will have unexpected results due to the fact that the compilers have a limited puppetdb, however it will allow for much more complex selections and in paticuler rselecting based on a resource e.g. `cumin:R:icinga::monitor::elasticsearch::base_checks`
[15:09:10] <jbond42>	 kormat: ^^ have a feeling you may have been one of the people who asked for this?
[15:09:35] <kormat>	 that doesn't sound.. unlikely. <3
[15:10:45] <jbond42>	 also the `Hosts ` field is getting very overloaded now so open to suggesttions for improving that, however it will mean changes to jenkins and zuul which is why i have avoided it up to now
[15:14:01] <kormat>	 jbond42: i'm still ending up hand-coding a list of hosts due to the restriction that you can only supply a single puppetdb query
[15:14:35] <kormat>	 e.g. https://gerrit.wikimedia.org/r/c/operations/puppet/+/656887
[15:15:05] <jbond42>	 i also did some work at the end of last year to try and make the node selection dynamic based on the change you commit.  This still needs work but any early review, thoughts would be usefull _joe_ (i think you have thought about this before) cdanis (may be able to point me to some better ways of pulling stuff from gerrit)
[15:16:36] <jbond42>	 kormat: withthe new syntax in theory you should be able to do `Hosts: cumin:C:class1 or c:class2`
[15:16:55] <jbond42>	 *`Hosts: cumin:C:class1 or C:class2`
[15:16:58] <kormat>	 jbond42: oh reeeally. and it will resolve to multiple hosts?
[15:17:08] <jbond42>	 thats the theory :D
[15:17:15] <kormat>	 i'm a huge fan of that theory!
[15:18:09] <jbond42>	 :) if it dosn;t work its a bug ill work on as i think that is going to be one of the main uses cases, that and cumin:R
[15:19:33] <kormat>	 awesome 💜
[15:20:05] <jbond42>	 kormat: looking at the wikitech for cumin you can also do stuff like `cuimn:R:Class ~ "(?i)role::cache::(upload|text)"` (again this all needs testing with pcc)
[15:20:39] <kormat>	 ... has science gone too far??
[15:20:44] <jbond42>	 :)
[15:20:58] <volans>	 lol
[15:21:06] * volans brings popcorns
[15:34:28] <jbond42>	 kormat: and others if you do see bugs please comment on T245288
[15:34:29] <stashbot>	 T245288: improve host select for puppet compiler - https://phabricator.wikimedia.org/T245288
[15:38:09] <hnowlan>	 I have a deb I'd like to manually install locally on a single host for testing purposes, will that make debmonitor angry?
[15:39:08] <cdanis>	 debmonitor doesn't get angry, debmonitor just observes :)
[15:39:11] <volans>	 it will be recorded by debmonitor in its daily syncup run instead than "live"
[15:39:43] <volans>	 if you do it with dpkg -i
[15:39:44] <jbond42>	 volans: i thought if you installed with apt-get install then it would be synced live
[15:39:48] <volans>	 if it's an apt-get instlal all it's fine
[15:39:50] * jbond42 too slow
[15:39:53] <cdanis>	 hnowlan: in general the thing I was taught here is "you can install non-puppetized one-offs, but on a single host, for a temporary duration only, and !log that you did this"
[15:40:01] <cdanis>	 if that helps wrt the larger question?
[15:42:17] <hnowlan>	 cdanis: that's exactly what I was trying to ask for I think! thanks :)
[15:42:18] <volans>	 hnowlan: from your question is not clear if it's a new package or an upgrade of an existing one
[15:42:27] <hnowlan>	 volans: it's a new one
[15:42:33] <volans>	 ok that what was said
[15:42:50] <cdanis>	 hnowlan: oh, and add to that "and not serving in production"
[15:43:05] <hnowlan>	 oh yeah, for sure heh
[16:00:39] <_joe_>	 cdanis: you forgot the last clause
[16:00:47] <_joe_>	 "it must not run on the jvm"
[16:00:59] <kormat>	 "or be an alternative jvm"
[16:01:04] <cdanis>	 hahah
[16:01:49] <hnowlan>	 don't worry, it just opens a bunch of new ports locally, is actually an erlang service for remote command execution and uses a closed license
[16:02:05] <_joe_>	 hnowlan: "an erlang service" was enough
[16:02:17] <_joe_>	 tell me it also uses mnesia
[16:03:15] <_joe_>	 I have a love / hate relationship with erlang. I find the language elegant, I find OTP a great library for building distributed systems, but running things on erlang is great until it isn't, and then you regret falling for the beauty of the language
[16:03:37] <_joe_>	 says someone who had to debug ejabberd too many times
[16:05:29] <hnowlan>	 yeah, my first real job was a heavily erlang-based place. It's very elegant but debugging it makes envoy logs look terse and concise
[16:16:36] <_joe_>	 lol