[12:04:26] varnish-aggregate-client-status-codes is a pretty important dashboard, should we put it under revision control? [12:04:42] https://gerrit.wikimedia.org/r/#/c/328350/ [12:06:43] I've followed the procedure described here https://wikitech.wikimedia.org/wiki/Grafana.wikimedia.org#Import_a_new_dashboard [12:41:10] mmh something is funny with digicert-2016-ecdsa-unified.key and pcc [12:41:39] the key is deployed successful on pu, but pcc complains with Error: secret(): invalid secret ssl/digicert-2016-ecdsa-unified.key at /mnt/jenkins-workspace/puppet-compiler/4943/production/src/modules/sslcert/manifests/certificate.pp:70 [12:45:05] see for example https://puppet-compiler.wmflabs.org/4946/ [12:45:38] hashar: any ideas? ^ [12:48:49] ema: if the key is in the private repo you'd need to update the labs fake priv repo for pcc [12:49:42] oh [12:49:49] yes it is in the private repo [12:50:11] ah yes so pcc doesn't see it, it sees only the fake private repo! [12:50:44] that is https://gerrit.wikimedia.org/r/#/admin/projects/labs/private IIRC [12:50:45] sorry about that, I didn't add the new names to labs-private [12:50:55] just create them as empty files there [12:51:12] no worries, I just wasn't aware of this procedure [12:51:58] or I can, I have it all checked out [12:52:28] bblack: I'm checking it out now, it's all good :) [13:07:34] yeah that was it, thanks guys [14:02:43] ema: yeah labs/private.git (which is public despite its name) [15:26:11] 10netops, 06Labs, 10Labs-Infrastructure, 06Operations, and 3 others: Provide read-only access to OpenStack APIs from WMF IP space - https://phabricator.wikimedia.org/T150092#2890030 (10Andrew) 05Open>03Resolved I can now do 'openstack project list' on a labs Jessie machine with addition of openstack::c... [22:18:28] 07HTTPS, 10Traffic, 06Labs, 06Operations, 10Tool-Labs: Migrate tools.wmflabs.org to https only (and set HSTS) - https://phabricator.wikimedia.org/T102367#2891325 (10abian) I've been using HTTPS Everywhere for a long time. This extension has [[ https://github.com/EFForg/https-everywhere/blob/master/src/ch... [22:21:25] 07HTTPS, 10Traffic, 06Labs, 06Operations, 10Tool-Labs: Migrate tools.wmflabs.org to https only (and set HSTS) - https://phabricator.wikimedia.org/T102367#2891340 (10bd808) I really think we could just flip the switch at the ingress proxy and then deal with the fallout. Mixed content warnings/errors are r... [22:24:53] 07HTTPS, 10Traffic, 06Labs, 06Operations, 10Tool-Labs: Migrate tools.wmflabs.org to https only (and set HSTS) - https://phabricator.wikimedia.org/T102367#2891349 (10bd808) >>! In T102367#2891340, @bd808 wrote: > I really think we could just flip the switch at the ingress proxy and then deal with the fall... [22:59:21] 07HTTPS, 10Traffic, 06Labs, 06Operations, 10Tool-Labs: Migrate tools.wmflabs.org to https only (and set HSTS) - https://phabricator.wikimedia.org/T102367#1363321 (10Legoktm) We could do the same thing as what we did in prod. Allow HTTP POST for a while, then make a percentage of requests fail, and then f...