Page MenuHomePhabricator
Feed Advanced Search

Today

MoritzMuehlenhoff closed T249081: Onboarding Janis Meybohm as Resolved.

This is done!

Thu, Apr 9, 9:29 PM · Operations
MoritzMuehlenhoff updated the task description for T249081: Onboarding Janis Meybohm .
Thu, Apr 9, 9:29 PM · Operations
MoritzMuehlenhoff closed T247722: LDAP access to the wmf group for Pita as Resolved.

The old identity has been cleaned up, closing.

Thu, Apr 9, 2:10 PM · LDAP-Access-Requests, Operations
MoritzMuehlenhoff triaged T249815: maps: whitelist/reduce ratelimit from requests with toolforge.org referrer as High priority.
Thu, Apr 9, 1:50 PM · Patch-For-Review, Operations, Maps, Toolforge, cloud-services-team (Kanban)
MoritzMuehlenhoff created T249812: Rebuild helm/helm-diff for buster-wikimedia.
Thu, Apr 9, 12:34 PM · Release-Engineering-Team-TODO, Release-Engineering-Team (CI & Testing services), Continuous-Integration-Infrastructure (phase-out-jessie), Operations
MoritzMuehlenhoff triaged T249678: add oauth login to mailing lists as Low priority.
Thu, Apr 9, 7:41 AM · Operations, Wikimedia-Mailing-lists
MoritzMuehlenhoff triaged T249680: Clients failing API login due to dependence on "Set-Cookie" header name casing as High priority.
Thu, Apr 9, 7:40 AM · Patch-For-Review, serviceops, Core Platform Team Workboards (Clinic Duty Team), Traffic, Operations, OpenRefine
MoritzMuehlenhoff triaged T247603: Email to WikimediaUA mailing list from base-w[at]yandex.ru does not get delivered as Medium priority.
Thu, Apr 9, 7:39 AM · Mail, Wikimedia-Mailing-lists, Operations
MoritzMuehlenhoff triaged T247490: HTTP MediaWiki API GET requests to Wikimedia wikis should not be redirected to HTTPS when they have a session cookie or Authorization header as Medium priority.
Thu, Apr 9, 7:38 AM · Traffic, Security, Operations
MoritzMuehlenhoff added a comment to T249059: Requesting access to analytics-privatedata-users for tchanders, dmaza, dbarratt, wikigit.

So, the consensus is that access to stat1006 is not neeeded and instead access to the DB testing host should be requested (following https://wikitech.wikimedia.org/wiki/MariaDB#Testing_servers) instead?

Thu, Apr 9, 7:37 AM · Patch-For-Review, Anti-Harassment, Operations, SRE-Access-Requests
MoritzMuehlenhoff added a comment to T224591: Migrate contint* hosts to Buster.

helm-diff also needs to be built for buster-wikimedia

Thu, Apr 9, 7:35 AM · Patch-For-Review, Release-Engineering-Team-TODO, Release-Engineering-Team (CI & Testing services), Continuous-Integration-Infrastructure (phase-out-jessie), Operations
MoritzMuehlenhoff added a comment to T249059: Requesting access to analytics-privatedata-users for tchanders, dmaza, dbarratt, wikigit.

This task evolved from an access request for analytics-privatedata-users towards a wider discussion about testing DB queries.

Thu, Apr 9, 5:58 AM · Patch-For-Review, Anti-Harassment, Operations, SRE-Access-Requests
MoritzMuehlenhoff triaged T249733: Requesting access to analytics for andrew-wmde as Medium priority.

You have an updated NDA in our records, so that's covered.

Thu, Apr 9, 5:04 AM · Operations, SRE-Access-Requests

Yesterday

MoritzMuehlenhoff updated subscribers of T224591: Migrate contint* hosts to Buster.

contint2001 has been reimaged with buster using the wmf-auto-reimage cookbook.
puppet on the first run, and therefore also the reimage cookbook, fail though.
among the current issues are now:

  • Error: Could not find command '/usr/bin/helm'
Wed, Apr 8, 5:19 PM · Patch-For-Review, Release-Engineering-Team-TODO, Release-Engineering-Team (CI & Testing services), Continuous-Integration-Infrastructure (phase-out-jessie), Operations
MoritzMuehlenhoff added a project to T249729: Assess whether we should still disable seccomp in Docker for CI : Operations.
Wed, Apr 8, 4:28 PM · Operations, Release-Engineering-Team-TODO, Release-Engineering-Team (CI & Testing services), Continuous-Integration-Infrastructure
MoritzMuehlenhoff added a comment to T247245: Test Performance of Marian NMT translation in stat cluster.

Exactly, the OpenBLAS available in Debian Buster (which stat1008 uses provides CPU-optimized computation kernels). I've just installed apache2-utils on the host, feel free to also ping me on IRC (moritzm) if you need other packages installed (we'll be reimaging the server anyway after the tests are done).

Wed, Apr 8, 10:54 AM · Language-Team (Language-2020-Focus-Sprint), ContentTranslation, Analytics
MoritzMuehlenhoff closed T248797: Requesting access to analytics-privatedata-users for aaron, dpifke, phedenskog as Resolved.

Closing the task, please reopen if there are any issues.

Wed, Apr 8, 9:03 AM · Operations, SRE-Access-Requests
MoritzMuehlenhoff claimed T248797: Requesting access to analytics-privatedata-users for aaron, dpifke, phedenskog.

@dpifke @Peter @aaron I've created Kerberos accounts for you, you'll have received an email with your initial/temporary password and further instructions how to change it.

Wed, Apr 8, 8:48 AM · Operations, SRE-Access-Requests
MoritzMuehlenhoff added a comment to T159830: Sanity check global-multiwrite logs for ConfirmEdit usage.

@Reedy, @fgiunchedi : Is there anything actionable left for this task?

Wed, Apr 8, 8:35 AM · Operations, SRE-swift-storage
MoritzMuehlenhoff triaged T249606: Requesting new gerrit project repository "operations/software/purged" as Medium priority.
Wed, Apr 8, 8:34 AM · Traffic, Operations, Repository-Admins
MoritzMuehlenhoff triaged T249648: redirect sco.wiktionary.org/wiki/(.*?) -> sco.wikipedia.org/wiki/Define:$1 as Medium priority.
Wed, Apr 8, 8:33 AM · Wikimedia-Site-requests, Wikimedia-Apache-configuration, Traffic, DNS, Operations
MoritzMuehlenhoff triaged T249663: write some recording rules for queries used in the appserver RED dashboard as Medium priority.
Wed, Apr 8, 8:33 AM · serviceops, observability, Operations

Tue, Apr 7

MoritzMuehlenhoff closed T249594: codfw: 1 VM request for idp staging host as Resolved.

idp-test2001.wikimedia.org has been created, rest of the setup is handled via T233930

Tue, Apr 7, 3:55 PM · vm-requests, Operations
MoritzMuehlenhoff claimed T233930: Create a staging environment for CAS.
Tue, Apr 7, 3:55 PM · Patch-For-Review, User-jbond, Operations
MoritzMuehlenhoff reassigned T248905: Add aklapper to analytics-privatedata-users from MoritzMuehlenhoff to elukey.

Superset needs an internal user created, this is handled by the analytics team, reassigning to Luca for further setup

Tue, Apr 7, 1:55 PM · Developer-Advocacy (Apr-Jun 2020), SRE-Access-Requests, Operations
MoritzMuehlenhoff updated the task description for T249081: Onboarding Janis Meybohm .
Tue, Apr 7, 12:10 PM · Operations
MoritzMuehlenhoff claimed T249594: codfw: 1 VM request for idp staging host.
Tue, Apr 7, 8:37 AM · vm-requests, Operations
MoritzMuehlenhoff created T249594: codfw: 1 VM request for idp staging host.
Tue, Apr 7, 8:36 AM · vm-requests, Operations
MoritzMuehlenhoff added a comment to T249517: Add jmeybohm@wikimedia.org to security@ Google group.

Confirmed, jmeybohm@wikimedia.org is the correct address for Janis.

Tue, Apr 7, 6:49 AM · Security-Team
MoritzMuehlenhoff triaged T247783: Remove "Cache-control: no-cache" hack from wmf-config as Medium priority.
Tue, Apr 7, 6:02 AM · Operations, Traffic, serviceops, Wikimedia-Site-requests, Performance-Team, Technical-Debt
MoritzMuehlenhoff changed the status of T248097: Hive access for Sam Patton from Open to Stalled.
Tue, Apr 7, 6:02 AM · SRE-Access-Requests, Operations, Analytics, Product-Analytics
MoritzMuehlenhoff added a comment to T248905: Add aklapper to analytics-privatedata-users.

@Aklapper I have just created your Kerberos account. You will have received a mail to your wikimedia.org address with instructions how to log in and change the initial/temporary password.

Tue, Apr 7, 5:53 AM · Developer-Advocacy (Apr-Jun 2020), SRE-Access-Requests, Operations

Mon, Apr 6

MoritzMuehlenhoff triaged T247473: Thumbnailing page 2 of c:File:Mimořádné opatření - zákaz vývozu desinfekce rukou.pdf generates a non-fatal Ghostscript error that is piped to imagemagick as Medium priority.
Mon, Apr 6, 2:28 PM · Thumbor, Operations, Commons
MoritzMuehlenhoff triaged T243937: Wiki email not delivered to GMail as Medium priority.
Mon, Apr 6, 2:27 PM · Operations, Mail
MoritzMuehlenhoff added a comment to T248151: Big number of uploads from DPLA bot.

@fgiunchedi Is there anything left for this ticket? Can it be closed?

Mon, Apr 6, 2:27 PM · User-fgiunchedi, Operations, SRE-swift-storage, Commons
MoritzMuehlenhoff triaged T248506: Add linecard diversity to the router-to-router interconnect in codfw as Medium priority.
Mon, Apr 6, 12:53 PM · Wikimedia-Incident, netops, Operations
MoritzMuehlenhoff triaged T248384: Delete email addresses with privileged @domain names from mailing lists at offboarding as Medium priority.
Mon, Apr 6, 12:48 PM · Operations, Wikimedia-Mailing-lists
MoritzMuehlenhoff triaged T248865: Move netflow data to Eventgate Analytics as Medium priority.
Mon, Apr 6, 12:48 PM · netops, Operations, Analytics
MoritzMuehlenhoff updated the task description for T249081: Onboarding Janis Meybohm .
Mon, Apr 6, 7:52 AM · Operations
MoritzMuehlenhoff triaged T248168: Upgrade Puppet to 5.5.19 as Medium priority.
Mon, Apr 6, 6:24 AM · Puppet, Operations
MoritzMuehlenhoff triaged T247967: Migrate role::netmon to Buster as Medium priority.
Mon, Apr 6, 6:24 AM · netops, observability, Operations

Fri, Apr 3

MoritzMuehlenhoff updated the task description for T249081: Onboarding Janis Meybohm .
Fri, Apr 3, 9:09 AM · Operations
MoritzMuehlenhoff updated the task description for T249081: Onboarding Janis Meybohm .
Fri, Apr 3, 8:38 AM · Operations
MoritzMuehlenhoff updated the task description for T249081: Onboarding Janis Meybohm .
Fri, Apr 3, 7:49 AM · Operations
MoritzMuehlenhoff added a comment to T248905: Add aklapper to analytics-privatedata-users.

@elukey: To help SREs on Clinic Duty figure out whether adding someone to a group also needs a Kerberos account, let's annotate the headers in data.yaml?

Fri, Apr 3, 7:45 AM · Developer-Advocacy (Apr-Jun 2020), SRE-Access-Requests, Operations
MoritzMuehlenhoff updated the task description for T249081: Onboarding Janis Meybohm .
Fri, Apr 3, 7:32 AM · Operations
MoritzMuehlenhoff added a comment to T224576: Upgrade install servers to Buster.

I successfully tested import and removals of a dummy build (hello) and fixed up the sending of status mails.

Fri, Apr 3, 6:57 AM · Patch-For-Review, Operations

Thu, Apr 2

MoritzMuehlenhoff updated the task description for T249081: Onboarding Janis Meybohm .
Thu, Apr 2, 4:01 PM · Operations
MoritzMuehlenhoff updated the task description for T249081: Onboarding Janis Meybohm .
Thu, Apr 2, 2:41 PM · Operations
MoritzMuehlenhoff updated the task description for T249081: Onboarding Janis Meybohm .
Thu, Apr 2, 9:34 AM · Operations
MoritzMuehlenhoff updated the task description for T249081: Onboarding Janis Meybohm .
Thu, Apr 2, 9:27 AM · Operations
MoritzMuehlenhoff added a member for Trusted-Contributors: JMeybohm.
Thu, Apr 2, 9:26 AM
MoritzMuehlenhoff added a member for WMF-NDA: JMeybohm.
Thu, Apr 2, 9:24 AM
MoritzMuehlenhoff added a member for acl*sre-team: JMeybohm.
Thu, Apr 2, 9:24 AM
MoritzMuehlenhoff removed a member for acl*sre-team: fsero.
Thu, Apr 2, 9:15 AM
MoritzMuehlenhoff removed a member for acl*sre-team: Banyek.
Thu, Apr 2, 9:15 AM

Wed, Apr 1

MoritzMuehlenhoff updated the task description for T249081: Onboarding Janis Meybohm .
Wed, Apr 1, 4:20 PM · Operations
MoritzMuehlenhoff updated the task description for T249081: Onboarding Janis Meybohm .
Wed, Apr 1, 3:41 PM · Operations
MoritzMuehlenhoff added a comment to T241719: Migrate remaining self-hosted puppet masters to Puppet 5 / facter 3.

This is an m1.small. Maybe the instance size is just too low for recent versions?

Wed, Apr 1, 12:00 PM · cloud-services-team (Kanban), Operations
MoritzMuehlenhoff created T249081: Onboarding Janis Meybohm .
Wed, Apr 1, 6:45 AM · Operations
MoritzMuehlenhoff added a comment to T248957: Test tendril events and tokudb on 10.4.

Looks like that for the hosts that will require TokuDB (tendril and analytics dbstore) we need to find a way to use jemalloc on start if we want to keep using TokuDB

Wed, Apr 1, 6:25 AM · Patch-For-Review, DBA

Tue, Mar 31

MoritzMuehlenhoff updated the task description for T244840: Evaluate options for non-root operations with cumin and spicerack cookbooks.
Tue, Mar 31, 3:53 PM · SRE-tools, Operations
MoritzMuehlenhoff added a comment to T248923: Puppet failures with tlsproxy::envoy on cloud-vps.

BTW, nothing in puppet.git was specifically meant to only compile on puppet 5/ facter 3 yet, we don't use specific new features yet, it's probably rather a case of a bug fixed in the new versions which is broken in f2/p4.

I pushed a patch yesterday which used structured facts i.e. facts['networking']['interfaces'] which depends on facter 3. but otherwise i think this is correct

Tue, Mar 31, 10:37 AM · cloud-services-team (Kanban), Cloud-VPS
MoritzMuehlenhoff created T248963: Docker report failing for docker-registry.wikimedia.org/releng/bazel:0.4.0.
Tue, Mar 31, 10:05 AM · Release-Engineering-Team (CI & Testing services), Continuous-Integration-Infrastructure
MoritzMuehlenhoff created T248954: Upgrade ferm to 2.5.1.
Tue, Mar 31, 8:11 AM · Operations
MoritzMuehlenhoff added a comment to T248923: Puppet failures with tlsproxy::envoy on cloud-vps.

Now that the puppet repo /requires/ puppet5.5/facter3 to compile catalogs, those hosts will be broken until puppet is manually upgraded.

Tue, Mar 31, 5:55 AM · cloud-services-team (Kanban), Cloud-VPS
MoritzMuehlenhoff added a comment to T248923: Puppet failures with tlsproxy::envoy on cloud-vps.

Yeah, what Paladox wrote, on hosts which had Puppet broken before the facter3/puppet5 Hiera setting was applied, you can add this to sources.list:

Tue, Mar 31, 5:51 AM · cloud-services-team (Kanban), Cloud-VPS

Fri, Mar 27

MoritzMuehlenhoff closed T232308: Integrate Stretch 9.10/9.11 point updates as Resolved.

This is done

Fri, Mar 27, 9:00 AM · Operations
MoritzMuehlenhoff updated the task description for T232308: Integrate Stretch 9.10/9.11 point updates.
Fri, Mar 27, 8:59 AM · Operations

Thu, Mar 26

MoritzMuehlenhoff added a comment to T247722: LDAP access to the wmf group for Pita.

I think I see the issue here, @Jpita was added with the jpita-ctr@ account before (uid=josepita) while the current one is uid=jpita.
I think we just need to replace the LDAP membership of the wmf group from uid=josepita to uid=jpita and update the reference in data.yaml in https://gerrit.wikimedia.org/r/plugins/gitiles/operations/puppet/+/production/modules/admin/data/data.yaml#4045 for the username and the email.
Adding @MoritzMuehlenhoff for confirmation that this is the right course of action in this specific case.

Thu, Mar 26, 6:17 PM · LDAP-Access-Requests, Operations
MoritzMuehlenhoff added a comment to T243265: Check why compare.py doesn't work with Percona 8.0.

The Cumin update is something that will happen next Q, but if you need it earlier, we can backport it as well?

Thu, Mar 26, 3:35 PM · DBA

Wed, Mar 25

MoritzMuehlenhoff added a comment to T224591: Migrate contint* hosts to Buster.

Nothing can be blocked on 566383, it's entirely a cleanup change.

Wed, Mar 25, 3:28 PM · Patch-For-Review, Release-Engineering-Team-TODO, Release-Engineering-Team (CI & Testing services), Continuous-Integration-Infrastructure (phase-out-jessie), Operations

Tue, Mar 24

MoritzMuehlenhoff closed T244695: Integrate Stretch 9.12 point update as Resolved.

This is complete

Tue, Mar 24, 1:36 PM · Operations
MoritzMuehlenhoff updated the task description for T244695: Integrate Stretch 9.12 point update.
Tue, Mar 24, 1:36 PM · Operations
MoritzMuehlenhoff updated the task description for T244695: Integrate Stretch 9.12 point update.
Tue, Mar 24, 1:17 PM · Operations

Mon, Mar 23

MoritzMuehlenhoff updated the task description for T244695: Integrate Stretch 9.12 point update.
Mon, Mar 23, 3:27 PM · Operations
MoritzMuehlenhoff updated the task description for T244695: Integrate Stretch 9.12 point update.
Mon, Mar 23, 2:45 PM · Operations

Fri, Mar 20

MoritzMuehlenhoff created T248168: Upgrade Puppet to 5.5.19.
Fri, Mar 20, 12:58 PM · Puppet, Operations
MoritzMuehlenhoff updated subscribers of T248165: codfw: 1 VM for builder.
Fri, Mar 20, 12:13 PM · vm-requests, Operations
MoritzMuehlenhoff created T248165: codfw: 1 VM for builder.
Fri, Mar 20, 12:13 PM · vm-requests, Operations
MoritzMuehlenhoff added a comment to T247245: Test Performance of Marian NMT translation in stat cluster.

I had a closer look into a rebuild of OpenBlas for Skylake/avx512, but it turns out this isn't actually needed thanks to our distro of choice :-)

Fri, Mar 20, 10:59 AM · Language-Team (Language-2020-Focus-Sprint), ContentTranslation, Analytics
MoritzMuehlenhoff added a comment to T247731: Request for a ldap account and be added to nda ldap group for PHPCC.

Is is possible to leave it open for now and I will notify you as soon as I know? because of the current situation we needed to adapt and be flexible so that I cannot give you a fixed date anymore.

Fri, Mar 20, 9:33 AM · Operations, LDAP-Access-Requests

Thu, Mar 19

MoritzMuehlenhoff updated the task description for T244695: Integrate Stretch 9.12 point update.
Thu, Mar 19, 8:08 AM · Operations

Wed, Mar 18

MoritzMuehlenhoff added a comment to T247538: Icinga latency is skyrocketing and commands ignored.

Another low-hanging fruit is to reduce the SSH check for the mgmts I think: It currently runs every minute, but the non-avail of the mgmt sshd has no end-user impact, so checking them hourly should be good enough? That would slash the 30087 checks from above by a lot.

Wed, Mar 18, 3:35 PM · User-fgiunchedi, fundraising-tech-ops, observability, Operations

Mon, Mar 16

MoritzMuehlenhoff added a comment to T246998: Enable SSO for Kibana.

Can the idp redirect to https? What happens when this is configured?

Mon, Mar 16, 3:38 PM · Operations
MoritzMuehlenhoff added a comment to T246998: Enable SSO for Kibana.

I'll revert 576921 (that was a leftover of testing), but with the service ID pointing to 443 (and CASRootProxiedAs set to https://cas-logstash.wikimedia.org (as Envoy only goes one way and other it would report the http URI as the service ID), it still fails within the bundled Bootstrap copy:

Mon, Mar 16, 1:44 PM · Operations
MoritzMuehlenhoff updated the task description for T224549: Track remaining jessie systems in production.
Mon, Mar 16, 6:45 AM · Operations
MoritzMuehlenhoff added a comment to T247646: migrate racktables to a buster VM (was: decom racktables?).

I think deploying it on Buster will be unproblematic, the current host is already on Stretch, so the big incompatibilities between PHP 5 and 7 are already addressed. Racktables is also still maintained (last maintenance release in November 2019)

Mon, Mar 16, 6:41 AM · Operations

Fri, Mar 13

MoritzMuehlenhoff added a comment to T247245: Test Performance of Marian NMT translation in stat cluster.

@santhosh When you've setup your test environment and want to test OpenBLAS optimised for the CPU architecture of stat1008, let me know, I can help create a custom build and deploy it.

Fri, Mar 13, 3:39 PM · Language-Team (Language-2020-Focus-Sprint), ContentTranslation, Analytics
MoritzMuehlenhoff updated the task description for T241719: Migrate remaining self-hosted puppet masters to Puppet 5 / facter 3.
Fri, Mar 13, 1:45 PM · cloud-services-team (Kanban), Operations
MoritzMuehlenhoff updated the task description for T244695: Integrate Stretch 9.12 point update.
Fri, Mar 13, 10:32 AM · Operations
MoritzMuehlenhoff created T247592: apt config on planet1001 would install systemd from backports.
Fri, Mar 13, 9:32 AM · Operations
MoritzMuehlenhoff updated the task description for T241719: Migrate remaining self-hosted puppet masters to Puppet 5 / facter 3.
Fri, Mar 13, 9:14 AM · cloud-services-team (Kanban), Operations
MoritzMuehlenhoff updated the task description for T241719: Migrate remaining self-hosted puppet masters to Puppet 5 / facter 3.
Fri, Mar 13, 9:12 AM · cloud-services-team (Kanban), Operations

Thu, Mar 12

MoritzMuehlenhoff added a comment to T224583: Migrate labstore1006/1007 to Stretch/Buster.

@elukey: I don't even think we need additional changes? E.g. an-launcher1001 is on Buster and uses profile::hadoop::common with OpenJDK 8, so this is already all implemented.

Thu, Mar 12, 3:54 PM · Cloud-VPS (Debian Jessie Deprecation), cloud-services-team (Kanban), Operations
MoritzMuehlenhoff updated the task description for T229586: decommission cp1008, cp1071, cp1072, cp1073, cp1074, cp1099.
Thu, Mar 12, 9:10 AM · ops-eqiad, Operations, decommission
MoritzMuehlenhoff updated the task description for T229586: decommission cp1008, cp1071, cp1072, cp1073, cp1074, cp1099.
Thu, Mar 12, 8:54 AM · ops-eqiad, Operations, decommission
MoritzMuehlenhoff added a comment to T247245: Test Performance of Marian NMT translation in stat cluster.

In addition to what Faidon said: Test results from Cloud VPS are not useful here; OpenBlas contains assembly-optimised functions for specific CPU models and through virtualisation these are no longer fully effective (the virt hosts don't expose all the CPU features by default compared to baremetal). Also, on Cloud VPS the test VMs are not the only tenant, so it highly depends on the load of the virt host.

Thu, Mar 12, 8:07 AM · Language-Team (Language-2020-Focus-Sprint), ContentTranslation, Analytics
MoritzMuehlenhoff added a comment to T224583: Migrate labstore1006/1007 to Stretch/Buster.

profile::java::analytics uses the Java 8 forward port on Buster, so that part should be fine. Wrt Kerberos there should also be no real issues I can think of.

Thu, Mar 12, 7:44 AM · Cloud-VPS (Debian Jessie Deprecation), cloud-services-team (Kanban), Operations

Wed, Mar 11

MoritzMuehlenhoff added a comment to T247364: Forward port Python2 files to Python3 in Puppet Repository.

Note that there's a number of scripts blocked by OS runtime dependencies, e.g. various LDAP scripts are blocked until mwmaint* and cumin* are reimaged to Buster (no python3-ldap on Stretch).

Wed, Mar 11, 12:53 PM · User-jbond, Python3-Porting, SRE-tools, Puppet