[10:15:57] 10Wikimedia-Apache-configuration, 10Operations, 10Wikimedia-Language-setup, 10Patch-For-Review, and 2 others: Redirect several wikis - https://phabricator.wikimedia.org/T169450#3833668 (10MarcoAurelio) Sorry for the late reply and thanks @Strainu for testing, @EddieGP for your guidance during the process a... [10:40:27] 10Traffic, 10Operations, 10Patch-For-Review: Configuration for Asia Cache DC hosts - https://phabricator.wikimedia.org/T156027#2961994 (10Volans) I just noticed that in `late_command.sh` we have a special case for `cp[1234]*` that I guess will need to be updated to include eqsin too. Mentioning it here becau... [12:50:20] godog: varnishxcps.mtail tests updated based on the rework you've done in 397889 [12:50:33] here's the new ones https://gerrit.wikimedia.org/r/#/c/397876/ [13:18:19] bblack: so in order to be able to query on different aspects of a ciphersuite, we need to use prometheus "labels" instead of different metrics. As in, we cannot define tls_version and tls_key_exchange as two separate metrics and then plot all tlsv1.2 connections using x25519. [13:18:34] see https://gerrit.wikimedia.org/r/#/c/397876/4/modules/mtail/files/programs/varnishxcps.mtail [13:20:12] as per mtail file above, we can query for tls version/key_exchange/auth/cipher, basically being able to plot things like the ciphersuite explorer [13:20:50] the question is: do we also for some reason need h2/session reuse/full cipher as criterias? [13:21:37] if we don't we can leave those as separate metrics (or counters, I'm unsure about the proper prometheus terminology here) [13:21:49] otherwise they also need to be added as labels [13:24:12] question (B) is: I've used xcps as metric prefix name. Any other suggestions? More in general, godog and I are looking forward to some naming bikeshedding :) [13:24:57] only if the shed is red [13:25:09] black you said earlier! [13:25:35] * ema leaves in anger [13:25:46] incredibile how these things change over time [13:26:06] * godog thousand yards stare [13:49:25] ema: https://gerrit.wikimedia.org/r/#/c/397765/ is ready for a second look whenever you want :) [14:01:53] elukey: nice! [14:02:15] elukey: why do we call it "duplicate"? [14:04:53] ema: that was the first name that I came up with, since we also have "mirror" in kafka mirror maker [14:05:23] it is a duplication of the webrequest logs to another cluster [14:05:30] I am open to other names [14:06:10] (it will be a temporary vk instance so I didn't put much effort in coming up with a strong name :D) [14:21:55] elukey: but we don't have another jumbo vk, do we? How about going for jumbo instead of 'duplicate'? [14:24:32] (late) lunch, bbl [14:25:08] nope we don't [14:31:57] ema: done, I called it 'jumbo' [14:32:42] updated also the labs private repo, going to run pcc again [15:37:05] elukey: cool! [15:37:28] ema: there is also another code change that I've sent [15:37:47] https://gerrit.wikimedia.org/r/#/c/398057/ [15:37:57] (that should be merged before) [15:38:01] elukey: is there a phab tracking this? [15:38:35] there should be, going to ask to andrew, I was lazy and didn't check [15:39:00] :) [15:49:43] I'm just going to leave this here [15:49:44] https://blog.apnic.net/2017/12/12/internet-protocols-changing/ [15:49:58] and especially the DOH part, which bblack is gonna love [15:50:09] ehehe yeah was a nice read [15:50:49] Mark Nottingham is a great writer IMHO [15:51:45] also http-wg chair, I think? [15:54:01] httpbis, yes [15:54:32] oh, http and quic too [16:35:04] clearly needs DNSSECOH [16:37:27] brandon is off today guys, your trolling attempts are not gonna work [16:56:51] hahaha [17:09:34] 10Traffic, 10Operations, 10Interdatacenter-IPsec: Enable IPSec between datacenters - https://phabricator.wikimedia.org/T81543#3834853 (10faidon) [21:14:52] https://cloud.google.com/security/encryption-in-transit/ [21:37:34] 10Traffic, 10Operations, 10Reading List Service, 10Reading-Infrastructure-Team-Backlog: PUT blocked by Varnish - https://phabricator.wikimedia.org/T182825#3835819 (10Tgr)