Krenair (Alex Monk)
Wikimedia volunteer

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Saturday

  • Clear sailing ahead.

User Details

User Since
Oct 3 2014, 2:34 PM (206 w, 6 d)
Availability
Available
IRC Nick
Krenair
LDAP User
Alex Monk
MediaWiki User
Krenair [ Global Accounts ]

I am a Wikimedia volunteer helping in various technical ways. These days it's usually Beta cluster related. I've previously spent significant amounts of time involved in MediaWiki development, software deployments to the Wikimedia cluster, and various other things. I am also an OTRS agent.

Some of my old VisualEditor work can be found under @AlexMonk-WMF instead

I have opinions on things, which do not necessarily represent those of any organisation I am, have previously been, or will in the future be affiliated with.

Recent Activity

Today

Krenair added a comment to T204611: Generate beta captchas.

Looks like the higher you increase --fill the more broken it gets. I tried around --fill=1000 and got a bunch of * An unknown error occurred in storage backend "global-swift-eqiad". when copying new captchas to storage. It's fine around 500 though.

Thu, Sep 20, 9:17 PM · Beta-Cluster-Infrastructure
Krenair added a comment to T193521: Consider adding expect-CT: header to enforce certificate transparency.

<bblack> we need to audit that all our current LE certs (issued via the old system) have in fact renewed since LE started embedding SCT, and that they have it (maybe we're missing an attribute to ask for it)
<bblack> then maybe we can flip on Expect-CT at the caches, and/or via ssl_ciphersuite() for the one-offs, or something

Thu, Sep 20, 6:59 PM · Traffic, Operations
Krenair added a comment to T204994: Integrate certspotter with certcentral to avoid certspotter notifying us on legitimate certs generated by our certcentral boxes.

What we probably want to do is have certcentral write all old certs into an archive directory and have a certcentral-api route that allows people to get a list of all hashes. Then we just give the certspotter integration the URLs to the certcentral boxes and it can find out what to ignore.

Thu, Sep 20, 6:56 PM · Operations, Traffic
Krenair added a parent task for T199711: Deploy a scalable service for ACME (LetsEncrypt) certificate management: T204997: certcentral: delay deployment of renewed certs to wait out skewed client clocks.
Thu, Sep 20, 6:12 PM · Patch-For-Review, Traffic, Goal, Operations
Krenair added a subtask for T204997: certcentral: delay deployment of renewed certs to wait out skewed client clocks: T199711: Deploy a scalable service for ACME (LetsEncrypt) certificate management.
Thu, Sep 20, 6:12 PM · Operations, Traffic
Krenair created T204997: certcentral: delay deployment of renewed certs to wait out skewed client clocks.
Thu, Sep 20, 6:11 PM · Operations, Traffic
Krenair added a comment to T193521: Consider adding expect-CT: header to enforce certificate transparency.

This was discussed in #wikimedia-traffic today. Even though theoretically the header would be useless past 2021-06-01 (when the last publicly trusted certs issued before the CT requirement was in force would expire), it's possible that some browsers would rely on a code update instead of just checking the time to close the backdating loophole (so we'd have to wait for old versions to go out of use to be safe). So, maybe add the header for 4-5 years and re-evaluate what clients still need it after that.

Thu, Sep 20, 6:09 PM · Traffic, Operations
Krenair added a comment to T204994: Integrate certspotter with certcentral to avoid certspotter notifying us on legitimate certs generated by our certcentral boxes.

We'd still get stuff being issued from *.corp.wikimedia.org and frack but these are all manual AFAIK (there's a *.corp OV cert and a bunch of OV ones directly under wikimedia.org for frack) so less of a problem than the regular LE ones.

Thu, Sep 20, 6:05 PM · Operations, Traffic
Krenair added a parent task for T199711: Deploy a scalable service for ACME (LetsEncrypt) certificate management: T204994: Integrate certspotter with certcentral to avoid certspotter notifying us on legitimate certs generated by our certcentral boxes.
Thu, Sep 20, 6:03 PM · Patch-For-Review, Traffic, Goal, Operations
Krenair added subtasks for T204994: Integrate certspotter with certcentral to avoid certspotter notifying us on legitimate certs generated by our certcentral boxes: T204993: Update certspotter, T199711: Deploy a scalable service for ACME (LetsEncrypt) certificate management.
Thu, Sep 20, 6:03 PM · Operations, Traffic
Krenair added a parent task for T204993: Update certspotter: T204994: Integrate certspotter with certcentral to avoid certspotter notifying us on legitimate certs generated by our certcentral boxes.
Thu, Sep 20, 6:03 PM · Operations, Traffic
Krenair created T204994: Integrate certspotter with certcentral to avoid certspotter notifying us on legitimate certs generated by our certcentral boxes.
Thu, Sep 20, 6:01 PM · Operations, Traffic
Krenair created T204993: Update certspotter.
Thu, Sep 20, 5:58 PM · Operations, Traffic
Krenair created T204992: Puppetise OCSP stapling for all one-off HTTPS servers.
Thu, Sep 20, 5:54 PM · Operations, Traffic
Krenair removed a project from T204987: Consider adding Must-Staple header to enforce revocation checking: HTTPS.
Thu, Sep 20, 5:53 PM · Operations, Traffic
Krenair added a project to T204987: Consider adding Must-Staple header to enforce revocation checking: HTTPS.
Thu, Sep 20, 5:53 PM · Operations, Traffic
Krenair added a comment to T204987: Consider adding Must-Staple header to enforce revocation checking.

https://scotthelme.co.uk/designing-a-new-security-header-expect-staple/

Thu, Sep 20, 5:52 PM · Operations, Traffic
Krenair created T204987: Consider adding Must-Staple header to enforce revocation checking.
Thu, Sep 20, 5:52 PM · Operations, Traffic
Krenair added a comment to T204611: Generate beta captchas.

Yeah so this is not going as intended:

1krenair@deployment-deploy01:~$ sudo -u www-data php /srv/mediawiki/multiversion/MWScript.php extensions/ConfirmEdit/maintenance/GenerateFancyCaptchas.php aawiki --wordlist=/tmp/words --font=/usr/share/fonts/truetype/freefont/FreeMonoBoldOblique.ttf --blacklist=/tmp/badwords --fill=10000 --verbose --delete
2Generating 10000 new captchas..
3
4 Done.
5
6Generated 10000 captchas in 895.7 seconds
7Getting a list of old captchas to delete... Done.
8Copying the new captchas to storage...[Wed Sep 19 23:17:05 2018] [hphp] [6732:7f1bc3d053c0:0:000001] []
9Warning: Host lookup failed [-1350970400]: Unknown error -1350970400 in /srv/mediawiki/php-master/vendor/monolog/monolog/src/Monolog/Handler/SyslogUdp/UdpSocket.php on line 47
10[Wed Sep 19 23:17:05 2018] [hphp] [6732:7f1bc3d053c0:0:000002] []
11Fatal error: require(/srv/mediawiki/php-master/includes/json/FormatJson.php): File not found in /srv/mediawiki/php-master/includes/AutoLoader.php on line 109
12[Wed Sep 19 23:17:05 2018] [hphp] [6732:7f1bc3d053c0:0:000003] []
13Warning: Host lookup failed [-10001]: Unknown error -10001 in /srv/mediawiki/php-master/includes/debug/logger/monolog/LegacyHandler.php on line 218
14[Wed Sep 19 23:17:05 2018] [hphp] [6732:7f1bc3d053c0:0:000004] []
15Warning: Host lookup failed [-10001]: Unknown error -10001 in /srv/mediawiki/php-master/includes/debug/logger/monolog/LegacyHandler.php on line 218
16[Wed Sep 19 23:17:05 2018] [hphp] [6732:7f1bc3d053c0:0:000005] []
17Warning: Host lookup failed [-10001]: Unknown error -10001 in /srv/mediawiki/php-master/vendor/monolog/monolog/src/Monolog/Handler/SyslogUdp/UdpSocket.php on line 47
18[Wed Sep 19 23:17:05 2018] [hphp] [6732:7f1bc3d053c0:0:000006] []
19Warning: Host lookup failed [-10001]: Unknown error -10001 in /srv/mediawiki/php-master/includes/debug/logger/monolog/LegacyHandler.php on line 218
20[Wed Sep 19 23:17:05 2018] [hphp] [6732:7f1bc3d053c0:0:000007] []
21Warning: Host lookup failed [-10001]: Unknown error -10001 in /srv/mediawiki/php-master/includes/debug/logger/monolog/LegacyHandler.php on line 218
22[Wed Sep 19 23:17:05 2018] [hphp] [6732:7f1bc3d053c0:0:000008] []
23Warning: Host lookup failed [-10001]: Unknown error -10001 in /srv/mediawiki/php-master/includes/debug/logger/monolog/LegacyHandler.php on line 218
24[Wed Sep 19 23:17:05 2018] [hphp] [6732:7f1bc3d053c0:0:000009] []
25Warning: Host lookup failed [-10001]: Unknown error -10001 in /srv/mediawiki/php-master/vendor/monolog/monolog/src/Monolog/Handler/SyslogUdp/UdpSocket.php on line 47
26[Wed Sep 19 23:17:05 2018] [hphp] [6732:7f1bc3d053c0:0:000010] []
27Warning: Host lookup failed [-10001]: Unknown error -10001 in /srv/mediawiki/php-master/includes/debug/logger/monolog/LegacyHandler.php on line 218
28[Wed Sep 19 23:17:05 2018] [hphp] [6732:7f1bc3d053c0:0:000011] []
29Warning: Host lookup failed [-10001]: Unknown error -10001 in /srv/mediawiki/php-master/includes/debug/logger/monolog/LegacyHandler.php on line 218
30[Wed Sep 19 23:17:05 2018] [hphp] [6732:7f1bc3d053c0:0:000012] []
31Warning: Host lookup failed [-10001]: Unknown error -10001 in /srv/mediawiki/php-master/includes/debug/logger/monolog/LegacyHandler.php on line 218
32[Wed Sep 19 23:17:05 2018] [hphp] [6732:7f1bc3d053c0:0:000013] []
33Warning: Host lookup failed [-10001]: Unknown error -10001 in /srv/mediawiki/php-master/vendor/monolog/monolog/src/Monolog/Handler/SyslogUdp/UdpSocket.php on line 47
34[Wed Sep 19 23:17:05 2018] [hphp] [6732:7f1bc3d053c0:0:000014] []
35Warning: Host lookup failed [-10001]: Unknown error -10001 in /srv/mediawiki/php-master/includes/debug/logger/monolog/LegacyHandler.php on line 218
36[Wed Sep 19 23:17:05 2018] [hphp] [6732:7f1bc3d053c0:0:000015] []
37Warning: Host lookup failed [-10001]: Unknown error -10001 in /srv/mediawiki/php-master/includes/debug/logger/monolog/LegacyHandler.php on line 218
38[Wed Sep 19 23:17:05 2018] [hphp] [6732:7f1bc3d053c0:0:000016] []
39Warning: Host lookup failed [-10001]: Unknown error -10001 in /srv/mediawiki/php-master/includes/debug/logger/monolog/LegacyHandler.php on line 218
40[Wed Sep 19 23:17:05 2018] [hphp] [6732:7f1bc3d053c0:0:000017] []
41Warning: Host lookup failed [-10001]: Unknown error -10001 in /srv/mediawiki/php-master/vendor/monolog/monolog/src/Monolog/Handler/SyslogUdp/UdpSocket.php on line 47
42[Wed Sep 19 23:17:05 2018] [hphp] [6732:7f1bc3d053c0:0:000018] []
43Warning: Host lookup failed [-10001]: Unknown error -10001 in /srv/mediawiki/php-master/includes/debug/logger/monolog/LegacyHandler.php on line 218
44krenair@deployment-deploy01:~$

Thu, Sep 20, 3:27 PM · Beta-Cluster-Infrastructure
Krenair added a comment to T204088: exported puppet resources are not queryable: cannot create grafana graphs of EventLogging running in beta cluster.

I think so - I'm pretty sure that's the mechanism that ssh known hosts is using there. Give it a go and let me know if you run into any issues?

Thu, Sep 20, 1:43 PM · Beta-Cluster-Infrastructure, Readers-Web-Backlog (Readers-Web-Kanbanana-Board-2018-19-Q1), Operations, Puppet
Krenair added a comment to T199003: Develop timeline for Cloud VPS wide deprecation of Trusty.

@Krenair asked me to look for instances running something other than Trusty, Jessie, or Stretch. Here's what I found:

outreachdashboard.globaleducation.eqiad.wmflabs: Codename:      xenial
wikidata-lexeme.wikidata-dev.eqiad.wmflabs: Codename:   xenial

Additionally, these instances failed to allow the cumin user to connect which probably indicates broken Puppet config:

  • cloudservices.getstarted.eqiad.wmflabs
  • compiler.puppet.eqiad.wmflabs
Thu, Sep 20, 1:41 PM · cloud-services-team (FY2018-19), Goal, Cloud-VPS
Krenair updated the task description for T204931: Re-evaluate use of EV certificates for payments.wm.o?.
Thu, Sep 20, 10:36 AM · Traffic, HTTPS, Operations, fundraising-tech-ops
Krenair added a comment to T204931: Re-evaluate use of EV certificates for payments.wm.o?.

Just to emphasise, it's not doing anything special on Chrome on my Android phone, and the article linked above shows similar things on some browsers on iOS:

Thu, Sep 20, 10:22 AM · Traffic, HTTPS, Operations, fundraising-tech-ops
Krenair updated the task description for T204931: Re-evaluate use of EV certificates for payments.wm.o?.
Thu, Sep 20, 10:14 AM · Traffic, HTTPS, Operations, fundraising-tech-ops
Krenair created T204931: Re-evaluate use of EV certificates for payments.wm.o?.
Thu, Sep 20, 10:14 AM · Traffic, HTTPS, Operations, fundraising-tech-ops
Krenair added a comment to T178173: Renew unified certificates 2017.

@BBlack looks like this one should be closed?

Thu, Sep 20, 9:32 AM · Patch-For-Review, Operations, Traffic
Krenair created P7572 beta cluster captcha generation problems.
Thu, Sep 20, 12:05 AM

Yesterday

Gerrit Code Review <gerrit@wikimedia.org> committed rECPW7f368fc01b7c: James fixed it, rv permissions. (authored by Krenair).
James fixed it, rv permissions.
Wed, Sep 19, 10:51 PM
Gerrit Code Review <gerrit@wikimedia.org> committed rECPWae57ce90681a: Allow James to fix repo. (authored by Krenair).
Allow James to fix repo.
Wed, Sep 19, 10:48 PM
Krenair awarded T200557: Create a stretch and Son of Grid Engine grid in toolsbeta a Party Time token.
Wed, Sep 19, 8:31 PM · Patch-For-Review, Toolforge, Epic, cloud-services-team (Kanban)
Krenair added a comment to T204830: Temporarily redirect sgs.wikipedia.org to bat-smg.wikipedia.org until bat-smg->sgs move can be done.

I think that was what the 'ops' and 'shell' keywords were for.

Wed, Sep 19, 6:33 PM · Operations, Wikimedia-Apache-configuration, Wikimedia-Site-requests
Krenair added a comment to T204830: Temporarily redirect sgs.wikipedia.org to bat-smg.wikipedia.org until bat-smg->sgs move can be done.

The problem is they're not all configuration changes.

Wed, Sep 19, 6:31 PM · Operations, Wikimedia-Apache-configuration, Wikimedia-Site-requests
Krenair added a comment to T204819: Spambots on #wikimedia-cloud.

Is Sigyn (kind of) solving the problem for now?

Wed, Sep 19, 6:30 PM · wikimedia-irc-freenode, Cloud-Services
Krenair added a comment to T204830: Temporarily redirect sgs.wikipedia.org to bat-smg.wikipedia.org until bat-smg->sgs move can be done.

I think a "site request" doesn't exist anymore. It's a term from times when people actually ran manual commands on "the servers".

Wed, Sep 19, 6:27 PM · Operations, Wikimedia-Apache-configuration, Wikimedia-Site-requests
Krenair added a comment to T204088: exported puppet resources are not queryable: cannot create grafana graphs of EventLogging running in beta cluster.

"which aren't availabe for labs puppet"

Wed, Sep 19, 6:20 PM · Beta-Cluster-Infrastructure, Readers-Web-Backlog (Readers-Web-Kanbanana-Board-2018-19-Q1), Operations, Puppet
Krenair updated the task description for T204697: cloudvps: wikidata-federation project trusty deprecation.
Wed, Sep 19, 5:45 PM · Cloud-VPS
Krenair added a comment to T204697: cloudvps: wikidata-federation project trusty deprecation.

Instances belong to the administrators of whatever project they are in, not any team.

Wed, Sep 19, 5:43 PM · Cloud-VPS
Krenair added a comment to T204559: cloudvps: reading-web-staging project trusty deprecation.

When does this need to be done by?

Wed, Sep 19, 5:42 PM · User-Jdlrobson, Cloud-VPS
Krenair added a comment to T204507: cloudvps: fastcci project trusty deprecation.

The upgrade should be to Debian. Xenial is Ubuntu 16.04.
Does Puppet still work on there?

Wed, Sep 19, 5:35 PM · Cloud-VPS
Krenair added a comment to T204819: Spambots on #wikimedia-cloud.

One thing you can do is +zq $~a to silence all unidentified users but allow channel ops to see their messages. You'll also want to +o Sigyn despite it having network oper status.

Wed, Sep 19, 1:06 PM · wikimedia-irc-freenode, Cloud-Services
Krenair added projects to T204819: Spambots on #wikimedia-cloud: Cloud-Services, wikimedia-irc-freenode.
Wed, Sep 19, 12:44 PM · wikimedia-irc-freenode, Cloud-Services
Krenair added a comment to T204611: Generate beta captchas.

T164047
deployment-tin:/home/krenair will now be at deployment-deploy01:/home/krenair/deployment-tin-home

Wed, Sep 19, 11:08 AM · Beta-Cluster-Infrastructure

Tue, Sep 18

Krenair added a comment to T204699: cloudvps: wikidata-query project trusty deprecation.

By "upgrade", you mean shut down these VMs and create new ones with Stretch, or is it possible to migrate an existing VM?

Tue, Sep 18, 10:54 PM · User-Smalyshev, Cloud-VPS
Krenair updated the task description for T204699: cloudvps: wikidata-query project trusty deprecation.
Tue, Sep 18, 10:54 PM · User-Smalyshev, Cloud-VPS
Krenair added a project to T204698: cloudvps: wikidata-page-banner project trusty deprecation: Wikidata-Page-Banner.
Tue, Sep 18, 10:53 PM · Readers-Web-Backlog (Tracking), Wikidata, Wikidata-Page-Banner, Cloud-VPS
aborrero awarded T204550: cloudvps: petscan project trusty deprecation a Yellow Medal token.
Tue, Sep 18, 12:29 PM · Cloud-VPS
Krenair added a comment to T204515: cloudvps: mwoffliner project trusty deprecation.

Ubuntu is not supported, you need Debian Jessie or Stretch. The procedure
is to start new instances to replace the old ones.

Tue, Sep 18, 12:05 PM · Cloud-VPS
Krenair renamed T204624: Parsoid is misbehaving in Beta cluster from Can't load VE on Beta cluster to Parsoid is misbehaving in Beta cluster .
Tue, Sep 18, 10:29 AM · User-Ryasmeen, Services (done), Parsoid, Beta-Cluster-Infrastructure, VisualEditor

Mon, Sep 17

Krenair added a comment to T204611: Generate beta captchas.

Pretty sure the last time I generated captchas for beta I did not use those words

Mon, Sep 17, 11:36 PM · Beta-Cluster-Infrastructure
Krenair closed T204574: openstack-browser proxy list gives HTTP 500 as Invalid.

yeah its fine now

Mon, Sep 17, 6:54 PM · Cloud-VPS
Krenair added a comment to T204574: openstack-browser proxy list gives HTTP 500.

actually maybe this is just a symptom of the wider tools NFS problem at the moment

Mon, Sep 17, 6:12 PM · Cloud-VPS
Krenair created T204574: openstack-browser proxy list gives HTTP 500.
Mon, Sep 17, 6:10 PM · Cloud-VPS
Krenair added a comment to T204550: cloudvps: petscan project trusty deprecation.

I think that's got to be a record for speed in resolving these. Thanks @Magnus :)

Mon, Sep 17, 5:48 PM · Cloud-VPS
Krenair awarded T204550: cloudvps: petscan project trusty deprecation a Barnstar token.
Mon, Sep 17, 5:46 PM · Cloud-VPS
Krenair added a comment to T204566: cloudvps: wikitextexp project trusty deprecation.

I don't think you can wipe and reimage machines in labs like is done in prod, we just replace them from scratch. Theoretically you know how to reproduce their setup (and can change that to work on stretch). I would suggest tools like mysqldump (depending on whatever applications you have running there of course) and rsync to move the data (actually if it's MySQL you could also set up replication). It should be possible to set up SSH keys (with a system user on the target host) to move stuff between the instances without having to pull files down to your laptop and then send them straight back to the wikimedia network (you may need a /etc/security/access.conf entry on the target host to permit it in though9).
People can set these machines up in any way they please (within the scope of the TOU), we don't mandate only certain supported software be installed, as such there is no single labs-specific script to just move everything. The administrators of a project are responsible for being able to reproduce the machines they set up, should they need to. So ideally these things all get worked out when the instance is being set up in the first place.

Mon, Sep 17, 5:43 PM · Parsing-Team, Cloud-VPS
Krenair added a comment to T204506: cloudvps: maps project trusty deprecation.

possibly but that's way out of scope

Mon, Sep 17, 5:31 PM · Maps, Cloud-VPS
Krenair updated the task description for T204504: cloudvps: fa-wp project trusty deprecation.
Mon, Sep 17, 5:30 PM · tofawiki, User-Ladsgroup, Cloud-VPS
JeanFred awarded T204550: cloudvps: petscan project trusty deprecation a Party Time token.
Mon, Sep 17, 5:27 PM · Cloud-VPS
Krenair triaged T204566: cloudvps: wikitextexp project trusty deprecation as Normal priority.
Mon, Sep 17, 5:02 PM · Parsing-Team, Cloud-VPS
Krenair triaged T204565: cloudvps: utrs project trusty deprecation as Normal priority.
Mon, Sep 17, 4:59 PM · Cloud-VPS
Krenair triaged T204564: cloudvps: toolserver-legacy project trusty deprecation as Normal priority.
Mon, Sep 17, 4:57 PM · Cloud-VPS
Krenair added a comment to T204563: cloudvps: striker project trusty deprecation.

I notice that there is a striker-deploy04

Mon, Sep 17, 4:55 PM · Striker, Cloud-VPS
Krenair triaged T204563: cloudvps: striker project trusty deprecation as Normal priority.
Mon, Sep 17, 4:55 PM · Striker, Cloud-VPS
Krenair triaged T204562: cloudvps: shinken project trusty deprecation as Normal priority.
Mon, Sep 17, 4:52 PM · Shinken, Cloud-VPS
Krenair triaged T204559: cloudvps: reading-web-staging project trusty deprecation as Normal priority.
Mon, Sep 17, 4:48 PM · User-Jdlrobson, Cloud-VPS
Krenair updated the task description for T204558: cloudvps: puppet project trusty deprecation.
Mon, Sep 17, 4:45 PM · Puppet, Cloud-VPS
Krenair triaged T204558: cloudvps: puppet project trusty deprecation as Normal priority.
Mon, Sep 17, 4:45 PM · Puppet, Cloud-VPS
Krenair updated the task description for T204553: cloudvps: tools project trusty deprecation.
Mon, Sep 17, 4:39 PM · Toolforge, Cloud-VPS
Krenair triaged T204553: cloudvps: tools project trusty deprecation as Normal priority.
Mon, Sep 17, 4:37 PM · Toolforge, Cloud-VPS
Krenair updated the task description for T204551: cloudvps: phlogiston project trusty deprecation.
Mon, Sep 17, 4:28 PM · Phlogiston, Cloud-VPS
Krenair triaged T204551: cloudvps: phlogiston project trusty deprecation as Normal priority.
Mon, Sep 17, 4:28 PM · Phlogiston, Cloud-VPS
Krenair triaged T204550: cloudvps: petscan project trusty deprecation as Normal priority.
Mon, Sep 17, 4:25 PM · Cloud-VPS
Krenair triaged T204549: cloudvps: pagemigration project trusty deprecation as Normal priority.
Mon, Sep 17, 4:13 PM · Cloud-VPS
Krenair added a comment to T204515: cloudvps: mwoffliner project trusty deprecation.

Yes, you should phase out the use of trusty in your project by April 2019.

Mon, Sep 17, 4:08 PM · Cloud-VPS
Krenair triaged T204515: cloudvps: mwoffliner project trusty deprecation as Normal priority.
Mon, Sep 17, 12:48 PM · Cloud-VPS
Krenair triaged T204514: cloudvps: mw-api-testing project trusty deprecation as Normal priority.
Mon, Sep 17, 12:45 PM · Cloud-VPS
Krenair triaged T204512: cloudvps: multimedia project trusty deprecation as Normal priority.
Mon, Sep 17, 12:42 PM · Multimedia, Cloud-VPS
Krenair triaged T204509: cloudvps: math project trusty deprecation as Normal priority.
Mon, Sep 17, 12:39 PM · Math, Cloud-VPS
Krenair triaged T204506: cloudvps: maps project trusty deprecation as Normal priority.
Mon, Sep 17, 12:31 PM · Maps, Cloud-VPS
Krenair assigned T204501: cloudvps: discourse-wam project trusty deprecation to fantasticfears.
Mon, Sep 17, 12:27 PM · Discourse, Cloud-VPS
Krenair triaged T204504: cloudvps: fa-wp project trusty deprecation as Normal priority.
Mon, Sep 17, 12:25 PM · tofawiki, User-Ladsgroup, Cloud-VPS
Krenair triaged T204503: cloudvps: dumps project trusty deprecation as Normal priority.
Mon, Sep 17, 12:21 PM · Cloud-VPS
Krenair triaged T204501: cloudvps: discourse-wam project trusty deprecation as Normal priority.
Mon, Sep 17, 12:18 PM · Discourse, Cloud-VPS
Krenair added a parent task for T197242: Transition citoid to use Zotero's translation-server-v2: T204500: cloudvps: deployment-prep project trusty deprecation.
Mon, Sep 17, 12:16 PM · VisualEditor (Current work), Patch-For-Review, Citoid, Services (watching), Operations
Krenair added a subtask for T204500: cloudvps: deployment-prep project trusty deprecation: T197242: Transition citoid to use Zotero's translation-server-v2.
Mon, Sep 17, 12:16 PM · Beta-Cluster-Infrastructure, Cloud-VPS
Krenair added a comment to T204500: cloudvps: deployment-prep project trusty deprecation.

See https://phabricator.wikimedia.org/T197242#4494011

Mon, Sep 17, 12:16 PM · Beta-Cluster-Infrastructure, Cloud-VPS
Krenair triaged T204500: cloudvps: deployment-prep project trusty deprecation as Normal priority.
Mon, Sep 17, 12:13 PM · Beta-Cluster-Infrastructure, Cloud-VPS

Sun, Sep 16

Krenair created T204450: Why doesn't profile::mediawiki::nutcracker create /var/run/nutcracker/ ?.
Sun, Sep 16, 6:02 PM · Puppet, Operations

Thu, Sep 13

Krenair committed rOSCC95c0ec856e2d: Debian packaging (authored by Krenair).
Debian packaging
Thu, Sep 13, 5:32 PM
Krenair committed rOSCCf35ae22a0edb: [WIP] Check for outdated/expired certs in the main loop (authored by Krenair).
[WIP] Check for outdated/expired certs in the main loop
Thu, Sep 13, 5:19 PM
Krenair committed rOSCC62eaf6e9efae: [WIP] Detect when cert config changes and re-issue (authored by Krenair).
[WIP] Detect when cert config changes and re-issue
Thu, Sep 13, 4:13 PM
Krenair committed rOSCCa892c7ac5ab1: [WIP] Detect when cert config changes and re-issue (authored by Krenair).
[WIP] Detect when cert config changes and re-issue
Thu, Sep 13, 4:04 PM
Krenair committed rOSCC7c1782237784: [WIP] Detect when cert config changes and re-issue (authored by Krenair).
[WIP] Detect when cert config changes and re-issue
Thu, Sep 13, 3:42 PM
Krenair committed rOSCC2ccb54df986b: Add make_account CLI script (authored by Krenair).
Add make_account CLI script
Thu, Sep 13, 1:39 AM

Wed, Sep 12

Krenair created P7536 Weird stale MOTD on shinken-01.
Wed, Sep 12, 3:44 PM
Krenair added a comment to T203925: Save times for changes to translation variable text in centralnotice paralysingly slow.

As I have no knowledge of the codebase, disabling the entire thing was my only viable proposal.

Wed, Sep 12, 2:27 PM · Fundraising Sprint Sasquatches can't find us either, Performance-Team (Radar), Patch-For-Review, Language-Team, Fundraising Sprint Raw data can give you salmonella, MediaWiki-extensions-Translate, Fundraising-Backlog, MediaWiki-extensions-CentralNotice
Krenair added a comment to T134447: letsencrypt puppetization: upgrade for scalability.

are we going to do this as part of the letsencrypt puppetisation or is this getting made (mostly?) obsolete by certcentral?

Wed, Sep 12, 1:22 PM · Patch-For-Review, HTTPS, Traffic, Operations
Krenair added a comment to T141266: letsencrypt puppetization: add parallel rsa+ecdsa cert support.

I don't know if we're going to end up doing this in the current letsencrypt puppetisation, but it's mostly there certcentral. Only thing is my puppetisation around the certcentral one may need a little bit of thought: https://gerrit.wikimedia.org/r/#/c/operations/puppet/+/441991/36/modules/certcentral/manifests/cert.pp

Wed, Sep 12, 1:19 PM · HTTPS, Traffic, Operations
Krenair added a comment to T194965: gdnsd plugin support for ACME DNS challenges.

Status: @BBlack has written support into gdnsd in https://github.com/gdnsd/gdnsd/commit/db7fff10b005b951890fa4ff7c843a1e37bbdc58 (as well as a follow up or two) and I've made https://gerrit.wikimedia.org/r/#/c/operations/puppet/+/459809/

Wed, Sep 12, 1:13 PM · Traffic, Operations
Krenair removed a project from T203396: certcentral: challenge checking on *all* pooled backend hosts: Patch-For-Review.
Wed, Sep 12, 1:11 PM · Traffic, Operations