deployed on mwdebug1001.. puppet will deploy it on all others within 30 min or so. done!
thanks! edited ticket description, added comment on Gerrit, deployed, added to DNS
You had this nice comparison of the different options "pnb, pni, punjabi?" somewhere that explained why this is probably the best option and we are not using ISO codes. Can you add this here?
@cwdent has the send_nsca part also been done?
Yep, was resolved in T200304 , kind of a duplicate.
Sun, Oct 21
Fri, Oct 19
It's the right thing to add operations because we need to do DNS and Apache. But after that is done you can remove it. ACK.
shn has been created in DNS:
Still needs user input there. Moving to new column "Stalled / Needs Input" on the Wiki-Setup workboard i created for this.
^ there might be an issue with this, it seems "gdnsd reload-zones" isn't the correct syntax anymore.. hold on for a bit..
Ok, i will remove myself from this ticket for now but that doesn't mean i have an opinion on this one way or another. Once there is some consensus and you need technical help again, please simply re-add me. Cheers
looks like @elukey made this as the fix:
Needs to be /login but not /login/
https://releases-jenkins.wikimedia.org/login/ -> HTTP ERROR 404
adding /login/ to the URL changes it from "403 Forbidden" to "404 Not Found"
Of course i am not involved in this issue so i can't comment much but let me say as an outsider i am a bit confused because you are saying "I don't really object the creation" followed by "i stand by the decision of stalling". I haven't heard of user groups with a board before, only chapters and this is what Urbanecm said above as well. Though you seem to be saying that existence of a board is necessary to create the group.
Thu, Oct 18
This is a warning level alert on the hosts releases1001 and releases2001.
icinga will stop using the mysql module once on stretch. Once T202782 is resolved and einsteinium isn't the prod Icinga server anymore this part will be done.
Ok, no problem. It can stay in "stalled" status, that's ok.
Implemented as suggested on https://gerrit.wikimedia.org/r/#/c/operations/puppet/+/466951/ and https://gerrit.wikimedia.org/r/#/c/operations/puppet/+/467011/
Ok. The need for "sudo as www-data" wasn't obvious to me from the request or the linked wikitech page. I see it when looking at actual mwrepl source though.
Done. I logged in at the admin interface using the master password from pwstore and added aklapper@ as an additional admin.
I saw we also have "maintenance-log-readers". It allows for access to mwmaint* hosts and reading logs (includes running journcalctl, dmesg, anything as syslog user).
Since the request is specifically for viewing logs i recommend using the group "mw-log-readers" which was made specifically for this purpose.
Wed, Oct 17
I assume you can rename it without needing an admin? If not let me know.
Tue, Oct 16
Cool, sounds good:) I guess we can resolve it here then.
Edited the custom policy of the new pad, L36 to allow "members of legal" and @JeanFred
I think we should first let Stephen try if it works to edit the pad above now. Let's find out why the custom policy works or doesn't work, it says Legal Team should be able to edit. Let's not just fix it by using admin rights?
I created L36 - https://phabricator.wikimedia.org/legalpad/view/36/
Mon, Oct 15
added to wmf and ops LDAP groups.
subscribed to ops and ops-private
host ve.m.wikimedia.org ve.m.wikimedia.org has address 184.108.40.206 ve.m.wikimedia.org has IPv6 address 2620:0:861:ed1a::1
is MobileFrontend enabled?
This should resolve the ticket. Please reopen if something doesn't work.
approved in SRE meeting
Sat, Oct 13
Yes, i was thinking the same. I did not expect to add this as an Icinga check. I expected to add a script that is run by cron and sends out email to tell us.
Memory correctable errors -EDAC-
Current Status: CRITICAL (for 0d 8h 6m 11s)
Status Information: cluster=misc device=megaraid,8 instance=heze:9100 job=node site=codfw
confirmed on icinga1001 that the fix for check_ssl is actually:
new approach to make check_ssl work:
@Cwhite regarding the Juniper alerts that have "Can't locate Nagios/Plugin/Getopt.pm", Google sent me to our own phab where Fundraising tech fixed it in T195522
Fri, Oct 12
@Aklapper thanks. i didn't know the "for affiliate campaign" part of it. That makes it work related.
bpfilter made it into 4.18 kernel and there are claims that it would "eventually replace both iptables and nftables"
Automatic mail to primary list admins of all lists without description sent with:
affected lists as of today: