[07:22:39] <wikibugs>	 10netops, 10Operations, 10fundraising-tech-ops: adjust NAT mapping for frdata.wikimedia.org - https://phabricator.wikimedia.org/T196656#4270975 (10ayounsi) a:03ayounsi This needs to be pushed for the NAT change: ```lang=diff [edit security nat static rule-set static-nat rule public-reporting then static-na...
[08:08:05] <volans>	 vgutierrez, ema: do you think I could merge https://gerrit.wikimedia.org/r/#/c/operations/puppet/nginx/+/437968/ and the subsequent patch? anything to be careful about?
[08:27:48] <ema>	 volans: go for it
[08:38:20] <volans>	 ema: ack
[08:39:04] <vgutierrez>	 :D
[08:50:13] <wikibugs>	 10Traffic, 10Operations, 10Patch-For-Review: Merge cache_misc into cache_text functionally - https://phabricator.wikimedia.org/T164609#4271132 (10ema)
[09:08:06] <ema>	 vgutierrez: re: https://gerrit.wikimedia.org/r/#/c/operations/puppet/+/436485/, could you split the functional vs OCD fixes in two different commits?
[09:08:43] <vgutierrez>	 sure.. let's meet the reviewer OCD requirements :P
[09:08:51] <ema>	 :)
[09:10:20] <vgutierrez>	 hmm is it me or the gerrit links have changed?
[09:10:56] <moritzm>	 there was an update on Friday
[09:10:56] <vgutierrez>	 that /+/ on the URL looks weird
[09:13:44] <volans>	 yes they have changed but do the redirect from old ones
[09:13:56] <volans>	 now each CR link includes the repo in the path
[09:38:02] <ema>	 vgutierrez: I will trade the reviews for https://gerrit.wikimedia.org/r/#/c/operations/puppet/+/439550/ :)
[09:41:33] <vgutierrez>	 checking :)
[09:41:47] <vgutierrez>	 volans got me on the debmonitor dungeon right now 
[09:41:58] * volans hides
[09:47:01] <vgutierrez>	 ema: uff.. string handling on that python script it's scary
[09:47:20] <ema>	 yeah there's a possible command injection too
[09:47:29] <vgutierrez>	 yup
[09:47:36] <ema>	 python ./modules/varnish/files/reload-vcl -n ' ; echo test > /tmp/injection' -f $blah
[09:48:27] <ema>	 better to build a list of arguments I guess and pass it to Popen
[09:48:35] <vgutierrez>	 IMHO yup
[09:48:43] <ema>	 alright, on it
[10:20:50] <ema>	 vgutierrez: https://gerrit.wikimedia.org/r/439563
[10:22:05] <ema>	 oh yeah I forgot that pep8 is a thing
[10:22:19] <ema>	 wait
[10:22:25] <ema>	 jenkins didn't complain
[10:22:28] <ema>	 interesting :)
[10:23:17] <volans>	 ema: the file doesn't end in .py in puppet
[10:23:27] <ema>	 lulz
[10:23:37] <volans>	 ema: T144169
[10:23:38] <stashbot>	 T144169: Flake8 for python files without extension in puppet repo - https://phabricator.wikimedia.org/T144169
[10:27:02] <vgutierrez>	 so are you fixing the bad whitespaces? :P
[10:27:09] <ema>	 yeah
[10:27:11] <vgutierrez>	 pylint is not amused O:)
[10:28:19] <vgutierrez>	 hmm I miss volans screaming python3 on a bran-new python script BTW
[10:28:25] <vgutierrez>	 *brand new
[10:28:50] <volans>	 lol
[10:32:22] <vgutierrez>	 ema: do we need to add the .py suffix?
[10:33:21] <ema>	 vgutierrez: if we want CI to run the Flake8 I think we do, yes
[10:34:01] <volans>	 the long term solution is to support both, automatically checking those
[10:34:10] <volans>	 I personally didn't had time to work on it
[10:34:31] <vgutierrez>	 hmm target filename still can be programming languange agnostic, right?
[10:35:20] <volans>	 target can be whatever you want
[10:35:28] <volans>	 is the name in the repo that counds for CI autodiscovery
[10:35:34] <volans>	 flake8 in this case
[10:36:17] <ema>	 ok I've finally managed to please the commit message validator
[10:36:21] <vgutierrez>	 hahahah
[10:36:42] <ema>	 it took me 3 commits but I've managed
[10:37:23] <volans>	 lol
[10:38:51] <ema>	 > Commit message is formatted properly! Keep up the good work!
[10:39:01] <ema>	 http://i0.kym-cdn.com/entries/icons/mobile/000/000/745/success.jpg
[10:39:08] <vgutierrez>	 we can do a t-shirt with that message
[10:39:13] <ema>	 HAHAH please
[10:39:31] <vgutierrez>	 that in one side, on the other one.. "volans approves"
[10:39:38] <volans>	 rotfl
[10:39:52] <volans>	 OCD approved
[10:40:26] <vgutierrez>	 tomato/tomato... shit, I'm missing audio right now
[10:55:57] <vgutierrez>	 ema: can I stop puppet on cp1008 to replace update-ocsp?
[10:56:36] <ema>	 vgutierrez: yes, go ahead
[10:56:45] <vgutierrez>	 thx
[11:08:47] <wikibugs>	 10netops, 10Operations, 10ops-codfw: Switch port configuration for backup2001 - https://phabricator.wikimedia.org/T196782#4268246 (10ayounsi) ```lang=diff [edit interfaces interface-range vlan-private1-d-codfw]      member ge-3/0/10 { ... } +    member xe-2/0/11; [edit interfaces] +   xe-2/0/11 { +       des...
[11:09:15] <wikibugs>	 10netops, 10Operations, 10ops-codfw: Switch port configuration for backup2001 - https://phabricator.wikimedia.org/T196782#4271606 (10ayounsi) 05Open>03Resolved a:05RobH>03ayounsi
[11:29:01] <ema>	 volans: 0o022?
[11:29:05] <ema>	 it looks like ascii-art
[11:30:15] <volans>	 ema: https://docs.python.org/3.0/whatsnew/3.0.html search for Octal literals
[11:30:18] <volans>	 ;)
[11:32:25] <ema>	 sad
[11:33:55] <ema>	 volans: thanks, CR updated
[11:58:59] <volans>	 ack, thank you
[12:51:37] <ema>	 vgutierrez: still testing update-ocsp on cp1008?
[12:52:12] <vgutierrez>	 lunch happened in the middle :)
[12:56:44] <vgutierrez>	 it's behaving as expected :)
[13:01:32] <ema>	 nice
[13:01:47] <vgutierrez>	 I'm reenabling puppet :D
[14:06:38] <wikibugs>	 10netops, 10Operations, 10ops-eqiad: replace mr1-eqiad - https://phabricator.wikimedia.org/T185171#4272218 (10ayounsi)
[14:06:49] <wikibugs>	 10netops, 10Operations, 10ops-eqiad: replace mr1-eqiad - https://phabricator.wikimedia.org/T185171#3908273 (10ayounsi)
[15:26:01] <vgutierrez>	 sigh.. I'm hating gnutls right now
[15:34:37] <wikibugs>	 10Traffic, 10Analytics-Cluster, 10Analytics-Kanban, 10Operations, and 2 others: TLS security review of the Kafka stack - https://phabricator.wikimedia.org/T182993#4272582 (10Ottomata) @Vgutierrez from what I can tell: the only blocker to removing IPSec is deploying a new version of librdkafka with your pat...
[15:53:29] <wikibugs>	 10Traffic, 10Analytics-Cluster, 10Analytics-Kanban, 10Operations, and 2 others: TLS security review of the Kafka stack - https://phabricator.wikimedia.org/T182993#4272695 (10Vgutierrez) I think we can do it :).  BTW, right now we are enforcing AES ciphersuites in our TLS connections, and we are lucky that...
[15:59:45] <wikibugs>	 10Traffic, 10Operations, 10ops-codfw: rack/setup/install LVS200[7-10] - https://phabricator.wikimedia.org/T196560#4272735 (10Papaul)
[16:11:06] <wikibugs>	 10Traffic, 10Analytics-Cluster, 10Analytics-Kanban, 10Operations, and 2 others: TLS security review of the Kafka stack - https://phabricator.wikimedia.org/T182993#4272798 (10Vgutierrez) @Ottomata also I'm currently reviewing the TLS implementation on Kafka side, so far so good.
[17:30:23] <wikibugs>	 10Traffic, 10Operations, 10ops-codfw: rack/setup/install LVS200[7-10] - https://phabricator.wikimedia.org/T196560#4273095 (10Papaul)
[19:43:25] <wikibugs>	 10netops, 10Operations: Rack/setup cr2-eqdfw - https://phabricator.wikimedia.org/T196941#4273504 (10Papaul) p:05Triage>03Normal
[19:44:53] <wikibugs>	 10netops, 10Operations, 10fundraising-tech-ops: adjust NAT mapping for frdata.wikimedia.org - https://phabricator.wikimedia.org/T196656#4273538 (10Jgreen)
[20:09:33] <wikibugs>	 10Traffic, 10netops, 10Operations, 10ops-codfw: switch port configuration for lvs200[7-10] - https://phabricator.wikimedia.org/T196946#4273636 (10Papaul) p:05Triage>03Normal
[23:01:15] <wikibugs>	 10Traffic, 10netops, 10Operations, 10ops-codfw: switch port configuration for lvs200[7-10] - https://phabricator.wikimedia.org/T196946#4274128 (10Papaul) a:05Papaul>03None
[23:35:48] <wikibugs>	 10netops, 10Operations, 10ops-codfw: switch port configuration for bast2002 - https://phabricator.wikimedia.org/T196957#4274185 (10Papaul) p:05Triage>03Normal