Sun, Aug 11
@Volker_E Yes, nothing else needed besides merging content. Each time puppet-agent runs it will try to git clone and because the code says " ensure => 'latest'," it will always just overwrite with the latest version. puppet-agent runs per cron every half hour, at 5 and 35 minutes past the hour on this specific host.
Sat, Aug 10
Please try again now. wikistats site is back now.
Fixed it with the remote hands of @Paladox .(Thanks!) The data_dir was set to the wrong location and we had to re-add GRANTs.
Unfortunately i currently don't have the access to get on that machine. I don't have my labs key with me, only in a backup somewhere else. @Paladox Could you maybe try to see if you get access to mysql root shell? Are the tables still there?
@jijiki This is good to go now from my point of view.
also see https://gerrit.wikimedia.org/r/c/operations/puppet/+/425027 though which might or might not make this obsolete
Here is where i switched that to php7.2 to ensure all crons using foreachwikiindblist are actually using 7.2 and we don't just think it does. (cc: @jijiki )
Fri, Aug 9
done! here you go:
on contint1001: added entry to /etc/fstab for /mnt/docker to survive reboots ( /dev/mapper/contint1001--data-docker /mnt/docker ext4 defaults 0 2$)
Tbh it seems the main issue is that the c-level communication is not happening on this task and therefore not visible.
I want so support basically everything that @GreenReaper said above. WMDE can take control of DNS back or we can use wikibase.org at WMF. But nn both cases HTTPS can be fixed, which this ticket is about.
If that is really the outcome that would be unfortunate but please leave it open or ideally create a subtask to revert/remove the code that had already been added for this.
on deploy1001 and deploy2001:
Thu, Aug 8
Oh, thanks. looks like i forgot to add it to fstab when i created and mounted it. This should fix it indeed.
[cumin1001:~] $ sudo debdeploy deploy -u 2019-08-08-scap.yaml -s codfw Rolling out scap: Non-daemon update, no service restart needed
debdeploy spec file generated by generate-debdeploy-spec
SIGH.. no idea why this was broken. there was recent WMCS maintenance though where instances were shut down.
Hi @abi may i ask what the part you are planning to run on mwmaint servers will be? It's less common to see that requested related to "analytics and metrics". Usually we see other servers being requested for that.
Wed, Aug 7
in syslog there were no memory errors this time either. just stops and then continues.
replication should work again now. there was a syntax issue in the config that has been fixed.
Here's an example config for certbot using webroot for renewal. As used on wikitech-static.wikimedia.org because that's outside our usual infra which uses acmechief.
This is modules/profile/manifests/microsites/design.pp in the puppet repo. Happy to help adding a third repo there to git clone from.
We talked on IRC about this and agreed this ticket should be re-purposed away from "production access to puppetmaster" and to "add to trusted users for CI in gerrit" and possibly "add to 'puppet' or another project in wmcs to run local puppetmaster'.
Tue, Aug 6
Hi, regarding the user lists, i think there was a misunderstand about "primary admin" and "secondary admin". It did not mean that you should list all wiki admins and their individual primary and secondary email. What it meant was who should be primary and secondary admin of the mailing list itself, separate from any wiki permissions. Can we assume we take some reasonable number of people, like about 3?, from the top of the first list and then they share the admin ship of the list? Note there is going to be a single random password that needs to be shared among the list admins.
- Add to "Ops vendor maintenance" Calendar (added with 'all email as it arrives').
Mon, Aug 5
Hi @RStallman-legalteam do you have an NDA on file for Mayakp.wiki ?
Added to https://phabricator.wikimedia.org/project/members/974/ which is the "WMF-NDA-Requests" for people requesting to be added to "WMF-NDA". (The example ticket T157404 would be accessible by that group).
There is now the Hiera key profile::mediawiki::install_hhvm that let's us remove HHVM entirely from appservers individually.
We now have the flag to entirely remove HHVM profile::mediawiki::install_hhvm: false that also removes monitoring in profile::mediawiki::webserver.
This is done.
Let me know how parsoid-rt-client-config.js has to be changed and i can look at making a patch for puppet so that it can be switched back and forth by just flipping a hiera switch.
@hashar Does this resolve the ticket or is it part of it as well to switch a lot of tools to using it?
There is now a replica of gerrit in codfw that can be used to clone from:
Hi @ssastry i talked to Giuseppe and he made some tests of scandium's webserver and we think this is resolved now. Does it look ok to you?