[08:46:56] <wikibugs>	 10Traffic, 10Core Platform Team, 10Operations, 10Patch-For-Review: Configure purged in deployment-prep - https://phabricator.wikimedia.org/T254844 (10ema) 05Open→03Resolved a:03ema Both deployment-cache-text06 and deployment-cache-upload06 are now reading purges from Kafka. Closing!
[09:46:42] <wikibugs>	 10netops, 10Operations, 10fundraising-tech-ops, 10WMF-NDA: Deploy pfw policy 1591901800 for T122104 - https://phabricator.wikimedia.org/T255185 (10jbond) p:05Triage→03Medium
[10:37:41] <wikibugs>	 10Acme-chief: acme-chief: support for generating a concatenated cert/key file - https://phabricator.wikimedia.org/T255249 (10aborrero)
[10:38:28] <wikibugs>	 10Acme-chief: acme-chief: support for generating a concatenated cert/key file - https://phabricator.wikimedia.org/T255249 (10Vgutierrez) p:05Triage→03Medium
[10:39:31] <elukey>	 hello folks
[10:40:13] <elukey>	 I am trying to bootstrap archiva-new.wikimedia.org via ACME, using a procedure that worked when we did the migration from jessie -> stretch
[10:40:19] <elukey>	 but on archiva1002 I see
[10:40:19] <elukey>	 Could not retrieve information from environment production source(s) puppet://acmechief1001.eqiad.wmnet/acmedata/archiva-new
[10:42:02] <elukey>	 maybe the archiva usage of acme_chief::cert is not right anymore
[10:43:53] <elukey>	 vgutierrez: around by any chance? :)
[10:45:33] <vgutierrez>	 yeah
[10:46:02] <elukey>	 hola :)
[10:46:11] * vgutierrez cehcking
[10:46:12] <vgutierrez>	 *checking
[10:46:22] <elukey>	 thanks a lot :)
[10:46:38] <elukey>	 I see some 404s on acmechief1001 related to archiva-new
[10:46:59] <vgutierrez>	 right
[10:47:00] <elukey>	 so I am sure that you'll just end up telling me that I forgot XYZ
[10:47:01] <vgutierrez>	 elukey: https://github.com/wikimedia/puppet/blob/production/hieradata/role/common/acme_chief.yaml#L11-L17
[10:47:09] <vgutierrez>	 I don't see here any cert called archiva-new
[10:47:41] <elukey>	 of course, the last time I didn't change it
[10:47:49] <elukey>	 sending a patch now :)
[10:47:52] <vgutierrez>	 so you have two options, adding the SNI to the existing one
[10:47:59] <vgutierrez>	 or configuring a completely new cert called archiva-new
[10:48:51] <elukey>	 so the current archiva cert is handled by archiva1001, and I'd like to keep it in this way for some days
[10:49:01] <elukey>	 my team needs to run some builds etc.. before switching
[10:49:08] <elukey>	 so I was going for a new cert
[10:49:21] <elukey>	 (that will not last much but shouldn't be an issue IIRC)
[10:49:28] <vgutierrez>	 not at all
[10:50:40] <elukey>	 super, sendind cr
[10:55:47] <vgutierrez>	 +1ed
[10:56:24] <elukey>	 thanks a lot!
[11:03:52] <vgutierrez>	 elukey: archiva-new has been issued successfully
[11:04:10] <vgutierrez>	 archiva1002 should be happy now
[11:04:11] <elukey>	 yep! all good!
[22:49:04] <Platonides>	 868
[23:22:23] <wikibugs>	 10Traffic, 10Cloud-VPS, 10DNS, 10Maps, and 2 others: multi-component wmflabs.org subdomains doesn't work under simple wildcard TLS cert - https://phabricator.wikimedia.org/T161256 (10bd808) >>! In T161256#5070781, @TheDJ wrote: > FYI, I have configured [abc].tiles.wmflabs.org webhosts to redirect to http:/...