Fri, Dec 2
Thu, Dec 1
No longer necessary since the scripts have been removed (See https://gerrit.wikimedia.org/r/c/operations/puppet/+/862371)
Wed, Nov 30
@ayounsi I've started a tcpdump on the dns hosts to see what devices are still reaching out. It's on our radar and I intend on addressing the remaining hosts (or poking dcops to do it for us if we cannot)!
Wed, Nov 23
Mon, Nov 21
Thu, Nov 17
Done! Thanks for the eagle eyes :)
The new patch which was just deployed addresses all these concerns. I'll close the ticket but please feel free to re-open if something isn't quite right. Thanks!
Wed, Nov 16
Thanks for all the feedback @Vgutierrez and @BBlack! Hopefully I've addressed all of your concerns. The dashboard at https://grafana.wikimedia.org/d/oMIu2XI4z/data-transfer-rates has been moved from "Drafts" to "SRE Traffic Team" since I believe it to be usable now. Could either of you take a peek and verify that it would be useful? Thanks!
@Vgutierrez, while this doesn't have strict support for multiple ATS instances, bblack suggested that by simplifying all this it would make it trivial to add that support should we decide to pursue it.
Mon, Nov 14
Nov 3 2022
[~]$ curl -s -I https://en.wikipedia.org/ | grep Last-Access set-cookie: WMF-Last-Access=03-Nov-2022;Path=/;HttpOnly;secure;Expires=Mon, 05 Dec 2022 12:00:00 GMT set-cookie: WMF-Last-Access-Global=03-Nov-2022;Path=/;Domain=.wikipedia.org;HttpOnly;secure;Expires=Mon, 05 Dec 2022 12:00:00 GMT [~]$ curl -s -I https://doc.wikimedia.org/ | grep Last-Access [~]$ curl -s -I https://upload.wikimedia.org/ | grep Last-Access [~]$
Oct 28 2022
Oct 26 2022
Seems reasonable to me. It looks like the alert fired as you demonstrated.
Oct 25 2022
Perhaps this is because the severity is set to warning rather than critical?
Oct 24 2022
Oct 19 2022
Closing as per bblack's recommendation.
@Vgutierrez Now that HAProxy is used for TLS termination, can this safely be closed?
Oct 18 2022
Oct 10 2022
Oct 4 2022
Hi, @Bogdan! Thanks for the report. There have been numerous changes in the stack since you've reported this; Would you be willing to try again and let us know if that's still a problem?
Untagging the Traffic team: While we're happy to help out when this is needed, this currently appears to be more of a discussion with other teams since we are unable by policy to redirect to wikiba.se
Oct 3 2022
Sep 27 2022
While we have https://gerrit.wikimedia.org/r/c/operations/software/latency-measurement/+/833848 available for review, I hear that there'd be pushback for not having any tests.
Sep 23 2022
Sep 22 2022
@Vgutierrez What actions, if any, are still required for this ticket?
Sep 21 2022
Sep 20 2022
I think this ticket could do with some more clarification: Which domains are affected? Should the Geo/LastVisit cookies be applied to a few domains explicitly rather than defaulting to every domain?
Indeed, I did use the uid. Thanks for handling that, @Ottomata.
Sep 19 2022
I believe this to be the case. From https://wikitech.wikimedia.org/wiki/Caching_overview#2022:
$ sudo cumin '*lvs*' 'grep VERSION= /etc/os-release' [...] ----- OUTPUT of 'grep VERSION= /etc/os-release' ----- VERSION="10 (buster)"
As the server appears to be dead and nearly all of those domain names being removed, I think this can safely be closed. If there's still a direct need, please re-open.
The request has been merged and you should have received the Kerberos password through email. @CMyrick-WMF Can you help confirm that you have the accesses you require?
Sep 17 2022
Revisiting this, it seems like SSH is not something that's needed. Unless there's an uproar I've created the patch without SSH access.
Sep 16 2022
@CMyrick-WMF It appears that your SSH key is missing the header. It looks like it is ssh-ed25519 but I'd like to be sure. :)
Sep 15 2022
Okay, @Milimetric, that should be solved. She's in analytics-privatedata-users now. Would you say that's everything needed?
I went ahead and clarified that in Wikitech: https://wikitech.wikimedia.org/w/index.php?title=SRE/Clinic_Duty/Access_requests&diff=2012791&oldid=2012786
Hi, @Milimetric. No need for a new email, I consider that to be part of the same issue. I'm assuming Hannah checked their spam folder? :)
Sep 14 2022
@KFrancis I sent you the email address. Thanks!
Adding @KFrancis as per https://wikitech.wikimedia.org/wiki/SRE/Clinic_Duty/Access_requests#wmde_access to ensure that the NDA has been signed.
Thanks for verifying! It looks like this ticket can be closed.
Added @KFrancis as per https://wikitech.wikimedia.org/wiki/SRE/Clinic_Duty/Access_requests#wmde_access to ensure that the NDA has been signed.
I switched "has shell access" to "No" because the user haas is not in data.yaml
Sep 13 2022
Thanks for the information, @taavi. I missed the banner since the given link was an anchor, TBH. Given this, I think it's safe to close this as invalid.
@ayounsi as you are a bureaucrat on wikitech, I choose you for the privilege of renaming!
Hi, Tanuja! I'll need approval from your manager before proceeding. Could you tag them here, please?
Hi! Thanks for the request.
@Ottomata or @elukey I'm under the impression that one of you would be the best person to handle the Kerberos access. If that's true, would you be kind enough to provide that? If not, I'd appreciate knowing the specific level of krb access as the docs mention three different types. :)
@Milimetric Thanks for the reply and for expanding the docs. I think that Wikitech is a more appropriate place for documentation of the group than the codebase: Both are publicly accessible and most rationale lives in WT so it might as well stay in the same place. It's good knowledge for us all to have, even those in the data teams. :)
Sep 12 2022
From the CR which is currently not approved:
Thanks for the clarification, @Dzahn! Unless there's dissent, I'll just add them to the analytics-admins group as was suggested.
@dcausse Are these action items filed into appropriate places such that this ticket, which seems "finished", can be closed?
I'm going to mark this as resolved since no verification has occurred. If there's any unfinished business please feel free to re-open the ticket.
It looks like this ticket has been resolved. I'm going to close it but please do re-open if there is any unfinished business.