Page MenuHomePhabricator

Krenair (Alex Monk)
Wikimedia volunteer

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Friday

  • Clear sailing ahead.

User Details

User Since
Oct 3 2014, 2:34 PM (311 w, 4 d)
Availability
Available
IRC Nick
Krenair
LDAP User
Alex Monk
MediaWiki User
Krenair [ Global Accounts ]

I am a Wikimedia volunteer helping in various technical ways. These days it's usually Beta Cluster, Cloud VPS, or Operations related labs puppet migrations. Since 2012 I've spent significant amounts of time involved in MediaWiki development, software deployments to the Wikimedia cluster, OTRS (email response to e.g. info-en@wikimedia.org addresses), and various other things.

Some of my old VisualEditor and other work (2014-2016) can be found under @AlexMonk-WMF instead.

I have opinions on things, which do not necessarily represent those of any organisation I am, have previously been, or will in the future be affiliated with.

Recent Activity

Sat, Sep 19

Krenair added a comment to T263328: Agents can view watched tickets outside of assigned queues.

This worked in the past on OTRS 5 with e.g. oversight queues. I assumed it
was deliberate - the most sensitive part of a ticket is almost always going
to be the first article and in this case the agent has already seen it.

Sat, Sep 19, 5:19 PM · OTRS

Mon, Sep 14

Krenair added a comment to T262816: The certificate for en.wikipedia.beta.wmflabs.org expired on 2020-09-14.

It's possible - if acme chief has got a new cert issued but the cache-text
box hasn't run puppet since, you'll see this. Check whether acme-chief has
a new one and if it does, fix puppet on cache-text. If not investigate why.
Am having lunch and then working again but I can look this evening if no
one has fixed it by then.

Mon, Sep 14, 12:12 PM · User-zeljkofilipin, Beta-Cluster-Infrastructure

Wed, Sep 2

Krenair awarded T261900: Request for floating IP / DNS for gitlab-test.wmcloud.org a Like token.
Wed, Sep 2, 9:10 PM · User-brennen, Release-Engineering-Team, GitLab-Test, Cloud-VPS (Quota-requests)
Krenair added a comment to T261900: Request for floating IP / DNS for gitlab-test.wmcloud.org.

Yeah that would work and is the mechanism that allows people direct access to e.g. the bastions and the tools login machines. The other potential option is just to require people using the test setup to use some custom SSH config to proxy through the bastions to get there.

Wed, Sep 2, 9:10 PM · User-brennen, Release-Engineering-Team, GitLab-Test, Cloud-VPS (Quota-requests)

Mon, Aug 31

Krenair awarded T261656: Grant merge rights (+2) on MediaWiki Core to Martin Urbanec a Like token.
Mon, Aug 31, 4:52 PM · MediaWiki-Gerrit-Group-Requests

Sun, Aug 30

Krenair added a comment to T261551: https://meet.wmflabs.org creates a redirect loop.

maybe you can look for an X-Forwarded-Proto: https header which I think the proxy should be setting? if it's set then treat the request as if you would on port 443, if it's not set than issue redirect?

Sun, Aug 30, 1:07 AM · User-Ladsgroup, Wikimedia Meet

Fri, Aug 28

Krenair added a comment to T251414: Support TLSv1.3 in IABot.

This is not something I believe I have control over.

Fri, Aug 28, 11:42 PM · Traffic, Operations, InternetArchiveBot

Mon, Aug 24

Krenair added a comment to T261133: Ban IP editions on pt.wiki.

Note to those I see in the ptwiki comments proposing AbuseFilters: Abuse Filter has emergency checks that will disable a filter matching 5% or more of edits.

Mon, Aug 24, 11:38 PM · Growth-Team, Anti-Harassment, Wikimedia-Site-requests
Krenair added a comment to T261133: Ban IP editions on pt.wiki.

Yeah this should probably be added to https://meta.wikimedia.org/wiki/Limits_to_configuration_changes

Mon, Aug 24, 11:26 PM · Growth-Team, Anti-Harassment, Wikimedia-Site-requests

Aug 19 2020

Krenair created T260835: Stop using letsencrypt::cert::integrated on toolserver-legacy.
Aug 19 2020, 6:06 PM · cloud-services-team (Kanban)
Krenair updated the task description for T252199: Stop using letsencrypt::cert::integrated.
Aug 19 2020, 6:06 PM · cloud-services-team (Kanban), Mail
Krenair created T260834: Stop using letsencrypt::cert::integrated on mx-out*.cloudinfra.
Aug 19 2020, 6:05 PM · cloud-services-team (Kanban), Mail

Aug 18 2020

Krenair added a comment to T260732: ORES icinga alerts.

modules/icinga/manifests/monitor/ores_labs_web_node.pp has check_command => "check_ores_workers!oresweb/node/${title}", which would be e.g. check_ores_workers!oresweb/node/ores-web-04. Also host ores.wmflabs.org.
modules/nagios_common/files/check_commands/check_ores_workers.cfg says this is $USER4$/check_ores_workers $HOSTADDRESS$ '$ARG1$'
So it becomes /usr/local/lib/nagios/plugins/check_ores_workers ores.wmflabs.org 'check_ores_workers!oresweb/node/ores-web-04'
./modules/nagios_common/files/check_commands/check_ores_workers turns that into /usr/local/lib/nagios/plugins/check_http -f follow -H "ores.wmflabs.org" -I "ores.wmflabs.org" -A "wmf-icinga/something (root@wikimedia.org)" -u "http://oresweb/node/ores-web-04/v3/scores/fakewiki/$(/bin/date +%s)/"

Aug 18 2020, 9:46 PM · Patch-For-Review, ORES, Operations, Machine Learning Platform

Aug 17 2020

Krenair added a comment to T260449: Users of Jio ISP (India, AS 55836) unable to reach Wikimedia sites.

I don't have OTRS access, sorry. Is this a new reported issue with Jio users?

Aug 17 2020, 6:06 PM · Operations, netops, Traffic

Aug 4 2020

Krenair awarded T88258: Convert WikibaseRepository, WikibaseClient, WikibaseLib and WikibaseView to use extension registration a Barnstar token.
Aug 4 2020, 5:50 PM · Wikidata-Campsite, MW-1.35-notes (1.35.0-wmf.10; 2019-12-10), MW-1.34-notes (1.34.0-wmf.23; 2019-09-17), Patch-For-Review, Wikidata-Trailblazing-Exploration, Story, Technical-Debt, wdwb-tech-focus, Wikidata-Turtles-Tech-Debt, Wikidata-Ministry-Of-Magic-Tech-Debt, Wikidata-Sprint-2017-12-20, Wikidata-Sprint-2015-08-11, Wikidata-Sprint-2015-06-30, Wikidata-Sprint-2015-06-16, Wikidata-Sprint-2015-06-02, MediaWiki-extensions-WikibaseRepository, Wikidata, MediaWiki-extensions-WikibaseClient

Aug 3 2020

Krenair claimed T248041: puppetdb on deployment-puppetdb03 keeps getting OOMKilled.

replacing with a medium instance, deployment-puppetdb04

Aug 3 2020, 11:57 PM · Patch-For-Review, Developer Productivity, Puppet, Beta-Cluster-Infrastructure
Krenair added a project to T259540: deployment-perfapt01 seems to be broken: Beta-Cluster-Infrastructure.
Aug 3 2020, 5:57 PM · Beta-Cluster-Infrastructure
Krenair created T259540: deployment-perfapt01 seems to be broken.
Aug 3 2020, 5:57 PM · Beta-Cluster-Infrastructure

Aug 2 2020

Krenair added a comment to T259444: Request for creating a DNS record for lists.wmcloud.org to 185.15.56.28.

As I recall with the meet project the project itself in OpenStack was named meet, therefore you automatically got a meet.wmflabs.org designate zone. Could get one for lists created too I guess (similar to the beta zone in deployment-prep). This way you could administer it without going through more tickets in future

Aug 2 2020, 10:30 PM · User-bd808, cloud-services-team (Kanban), Operations, VPS-Projects, User-Ladsgroup, Wikimedia-Mailing-lists
Krenair added a comment to T259444: Request for creating a DNS record for lists.wmcloud.org to 185.15.56.28.

This should probably just be a record under mailman.wmcloud.org ?

Aug 2 2020, 9:39 PM · User-bd808, cloud-services-team (Kanban), Operations, VPS-Projects, User-Ladsgroup, Wikimedia-Mailing-lists

Jul 30 2020

Krenair added a comment to T255249: acme-chief: support for generating a concatenated cert/key file.

I think the keys are generated first and the certs appear when acme-chief
has gone through the ACME API to get stuff signed by the CA

Jul 30 2020, 5:47 PM · Patch-For-Review, Acme-chief

Jul 17 2020

Krenair added a comment to T257968: Certificate for *.beta.wmflabs.org has expired.

I'm still getting the cert error on https://upload.beta.wmflabs.org . Other subdomains, e.g. https://en.wikisource.beta.wmflabs.org , are working fine now.

Jul 17 2020, 12:01 AM · Beta-Cluster-Infrastructure

Jul 15 2020

Krenair created P11917 fixes for `puppet` hostname serving on a new labs central puppetmaster in codfw1dev.
Jul 15 2020, 6:29 PM · Cloud-VPS

Jul 14 2020

Krenair updated subscribers of T257968: Certificate for *.beta.wmflabs.org has expired.

@Vgutierrez: I'm guessing puppet had failed to run the reload exec itself due to the errors connecting to acme-chief (Error 400 on SERVER: part must be in ['ec-prime256v1.crt', 'ec-prime256v1.chain.crt', 'ec-prime256v1.chained.crt', 'ec-prime256v1.key', 'ec-prime256v1.ocsp', 'rsa-2048.crt', 'rsa-2048.chain.crt', 'rsa-2048.chained.crt', 'rsa-2048.key', 'rsa-2048.ocsp'] from puppet and requests like /puppet/v3/file_content/acmedata/mx/bfcd4752e6b346289533bcb6934671a2/rsa-2048.crt.key?environment=production& showing up in the uwsgi-acme-chief logs) - it had new puppet classes and was making the new .crt.key CERTIFICATE_TYPE calls to acme-chief, and the acme-chief instance had v0.26 installed, but the uwsgi-acme-chief service on the acme-chief box had not been restarted. Wonder if we should automatically restart uwsgi-acme-chief on upgrading the acme-chief package somehow (puppet?)

Jul 14 2020, 9:23 PM · Beta-Cluster-Infrastructure
Krenair lowered the priority of T257968: Certificate for *.beta.wmflabs.org has expired from Unbreak Now! to High.

the immediate problem is solved by me manually doing the cert reload (something like touch /srv/trafficserver/tls/etc/ssl_multicert.config && /bin/systemctl reload trafficserver except there are two different ssl_multicert.config files on the system and two different trafficserver services)

Jul 14 2020, 8:50 PM · Beta-Cluster-Infrastructure
Krenair added a comment to T257968: Certificate for *.beta.wmflabs.org has expired.

it's UBN because beta is down and this task is the beta project, not due to perceived security risk (it's only beta)
initial glance: certs on the box look fine:

root@deployment-cache-text06:/etc/acmecerts/unified/live# openssl x509 -in /etc/acmecerts/unified/live/rsa-2048.chained.crt -noout -text | grep After
            Not After : Sep 14 05:29:00 2020 GMT
root@deployment-cache-text06:/etc/acmecerts/unified/live# openssl x509 -in /etc/acmecerts/unified/live/ec-prime256v1.chained.crt -noout -text | grep After
            Not After : Sep 14 05:29:37 2020 GMT
Jul 14 2020, 8:44 PM · Beta-Cluster-Infrastructure
Krenair claimed T257968: Certificate for *.beta.wmflabs.org has expired.

looking

Jul 14 2020, 8:33 PM · Beta-Cluster-Infrastructure

Jul 11 2020

Krenair awarded T255697: Offboard valhallasw as vps/toolforge admin a Dislike token.
Jul 11 2020, 12:10 AM · User-bd808, cloud-services-team (Kanban), Toolforge

Jun 30 2020

Krenair added a comment to T256806: Mailserver TLS is broken, root certificates are not present for sent intermediate certificates.

This is probably because this:
modules/profile/templates/toolforge/mail-relay.exim4.conf.erb:tls_certificate = /etc/acmecerts/<%= @cert_name %>/live/ec-prime256v1.crt
should use .chained.crt more like these:

Jun 30 2020, 8:15 PM · cloud-services-team (Kanban)

Jun 18 2020

Krenair awarded T255731: Create #acl*wmcs-team a Like token.
Jun 18 2020, 12:13 AM · cloud-services-team (Kanban), Project-Admins

Jun 13 2020

Krenair updated subscribers of T232521: Clicking on images takes you to a black screen due to JS error from MediaViewer using mw.Title internals which have changed.

The patches above have fixed some known uses, but I'm concerned that the ext property should've be deprecated first as we may not have caught every case.

Jun 13 2020, 12:25 PM · MW-1.34-notes (1.34.0-wmf.22; 2019-09-10), MediaViewer, Multimedia

Jun 10 2020

Krenair added a comment to T252734: Consider moving tools away from acme-chief.

It sounds like we've decided to keep acme-chief and set it up in toolsbeta. Shall we close this?

Jun 10 2020, 9:15 PM · cloud-services-team (Kanban), Tools
Krenair added a comment to T252721: cloud-vps solution for Let's Encrypt.

One issue we will have is that we can't create another instance due to quota though.

Jun 10 2020, 9:13 PM · cloud-services-team (Kanban), Cloud-VPS
Krenair added a comment to T254801: Logstash-Beta cannot be accessed: 504 Gateway Time-out.

Can I suggest that efforts may be better placed on getting logstash03 into
operation rather than continuing to resurrect or keep logstash2 on life
support.

Jun 10 2020, 5:03 PM · Release-Engineering-Team, observability, Beta-Cluster-Infrastructure

Jun 8 2020

Krenair added a comment to T254801: Logstash-Beta cannot be accessed: 504 Gateway Time-out.

An image is used to create the VM in the first place, once that's done we just keep it updated. If we replaced instances because they were based on images that were deprecated we'd either have automated the whole thing, stopped running special VMs and gone for a container-on-ephemeral-VM model, or gathered a small army of people to spend all their time replacing instances (this may be an exaggeration but you get the gist).
Stretch is not banned yet, we're still trying to get rid of jessie. Production logstash hosts run stretch.

Jun 8 2020, 7:35 PM · Release-Engineering-Team, observability, Beta-Cluster-Infrastructure
Krenair added a comment to T254801: Logstash-Beta cannot be accessed: 504 Gateway Time-out.

It's supposed to be on 03 but I think it got moved back to 2 at some point.

Jun 8 2020, 6:50 PM · Release-Engineering-Team, observability, Beta-Cluster-Infrastructure

Jun 7 2020

Krenair added a comment to T52864: Upgrade GNU Mailman from 2.1 to Mailman3.

I went to have a look but both security groups and iptables on the box looked fine and exim was listening on that port, then realised it works for me anyway, I can connect to it:

alex@alex-laptop:~$ telnet lists.beta.wmflabs.org 25
Trying 185.15.56.7...
Connected to lists.beta.wmflabs.org.
Escape character is '^]'.
220 deployment-mailman01.deployment-prep.eqiad.wmflabs ESMTP Exim 4.92 Sun, 07 Jun 2020 02:38:38 +0000

Unless that's been fixed in the past 25 minutes, maybe your ISP is blocking you from connecting out to port 25?

Jun 7 2020, 2:39 AM · Security-Team, Operations, Wikimedia-Mailing-lists

Jun 3 2020

Krenair added a comment to T253584: Strikethrough in Reply tool adds <s> tags with href attribute.

Hmm. I haven't been able to reproduce this either. [1]

@Krenair, do you remember what steps you took to produce the diffs linked above?

...I suspect it'll be hard to recall at this point, but figured it's worth asking.

Jun 3 2020, 11:53 AM · Skipped QA, User-Ryasmeen, MW-1.35-notes (1.35.0-wmf.37; 2020-06-16), Editing-team (Q3 2019-2020 Kanban Board), OWC2020 (OWC2020 Replying 2.0), DiscussionTools

Jun 2 2020

Krenair added a comment to T245937: tools-acme-chief-01 is attempting to validate DNS challenge against cloud authdns IPv6 addresses.

@Krenair, can you summarize the results here? It looks resolved but it's not clear if or how :)

Jun 2 2020, 6:38 PM · cloud-services-team (Kanban), Patch-For-Review, IPv6, Acme-chief

May 29 2020

Krenair awarded Blog Post: Celebrating 600,000 commits for Wikimedia a Party Time token.
May 29 2020, 11:07 PM
Krenair created T254043: cdanis-etcd101.puppet.eqiad.wmflabs not permitting access from cloud-cumin-01.
May 29 2020, 9:57 PM · Cloud-VPS
Krenair created T254042: Investigate peek0[12].orch.eqiad.wmflabs not allowing SSH connections from cloud-cumin-01.
May 29 2020, 9:50 PM · Peek, Security-Team, Cloud-VPS
Krenair created T254041: monitoring and swift project instances not permitting access from cloud-cumin-01.
May 29 2020, 9:48 PM · Cloud-VPS
Krenair created T254040: rec-wiki-buster.recommendation-api.eqiad.wmflabs out of disk space.
May 29 2020, 9:43 PM · Recommendation-API

May 27 2020

Krenair reopened T252762: tools/toolsbeta: improve acme-chief integration as "Open".
May 27 2020, 8:54 PM · Acme-chief, cloud-services-team (Kanban)

May 26 2020

Krenair added a comment to T253584: Strikethrough in Reply tool adds <s> tags with href attribute.

I also ran into this in:

May 26 2020, 5:25 PM · Skipped QA, User-Ryasmeen, MW-1.35-notes (1.35.0-wmf.37; 2020-06-16), Editing-team (Q3 2019-2020 Kanban Board), OWC2020 (OWC2020 Replying 2.0), DiscussionTools

May 20 2020

Krenair placed T165874: Implement queue filter that allows people to specify range of score of edits they want to see up for grabs.

Sorry, missed this message and forgot about this task a long while ago :(

May 20 2020, 7:08 PM · WorkType-NewFunctionality, Huggle
Krenair added a comment to T252762: tools/toolsbeta: improve acme-chief integration.

we might still do this, we'll see :)

May 20 2020, 5:27 PM · Acme-chief, cloud-services-team (Kanban)

May 16 2020

Krenair added a comment to T252721: cloud-vps solution for Let's Encrypt.

WIP puppetisation of this on krenair-t252721-test.testlabs.eqiad.wmflabs, has successfully issued a cert

May 16 2020, 1:09 AM · cloud-services-team (Kanban), Cloud-VPS

May 15 2020

Krenair added a comment to T252721: cloud-vps solution for Let's Encrypt.

figured out roughly how this can work

May 15 2020, 11:23 PM · cloud-services-team (Kanban), Cloud-VPS
Krenair closed T252732: Create a service account to manage testlabs DNS, a subtask of T252721: cloud-vps solution for Let's Encrypt, as Resolved.
May 15 2020, 8:07 PM · cloud-services-team (Kanban), Cloud-VPS
Krenair closed T252732: Create a service account to manage testlabs DNS as Resolved.

now it can authenticate and read zones etc.

May 15 2020, 8:07 PM · cloud-services-team (Kanban), Cloud-VPS

May 14 2020

Krenair reopened T252732: Create a service account to manage testlabs DNS, a subtask of T252721: cloud-vps solution for Let's Encrypt, as Open.
May 14 2020, 11:59 PM · cloud-services-team (Kanban), Cloud-VPS
Krenair reopened T252732: Create a service account to manage testlabs DNS as "Open".

we missed a bit, have been wondering why this wasn't working

May 14 2020, 11:59 PM · cloud-services-team (Kanban), Cloud-VPS
Krenair closed T252732: Create a service account to manage testlabs DNS, a subtask of T252721: cloud-vps solution for Let's Encrypt, as Resolved.
May 14 2020, 10:52 PM · cloud-services-team (Kanban), Cloud-VPS
Krenair closed T252732: Create a service account to manage testlabs DNS as Resolved.

Thanks Andrew

May 14 2020, 10:52 PM · cloud-services-team (Kanban), Cloud-VPS
Krenair added a comment to T252762: tools/toolsbeta: improve acme-chief integration.

do we really want to go down the path of setting acme-chief up in toolsbeta before doing the thing we agreed? I feel like this is basically motivated by T252199: Stop using letsencrypt::cert::integrated and its subtask, see also T252734: Consider moving tools away from acme-chief

May 14 2020, 9:11 PM · Acme-chief, cloud-services-team (Kanban)
Krenair added a subtask for T161256: multi-component wmflabs.org subdomains doesn't work under simple wildcard TLS cert: T252721: cloud-vps solution for Let's Encrypt.
May 14 2020, 1:30 AM · cloud-services-team (Kanban), Operations, Traffic, Maps, Cloud-VPS, DNS
Krenair edited parent tasks for T252721: cloud-vps solution for Let's Encrypt, added: T161256: multi-component wmflabs.org subdomains doesn't work under simple wildcard TLS cert; removed: T252733: Support arbitrary domain names for dynamicproxy.
May 14 2020, 1:29 AM · cloud-services-team (Kanban), Cloud-VPS
Krenair removed a subtask for T252733: Support arbitrary domain names for dynamicproxy: T252721: cloud-vps solution for Let's Encrypt.
May 14 2020, 1:29 AM · Cloud-VPS
Krenair merged T252733: Support arbitrary domain names for dynamicproxy into T161256: multi-component wmflabs.org subdomains doesn't work under simple wildcard TLS cert.
May 14 2020, 1:29 AM · cloud-services-team (Kanban), Operations, Traffic, Maps, Cloud-VPS, DNS
Krenair merged task T252733: Support arbitrary domain names for dynamicproxy into T161256: multi-component wmflabs.org subdomains doesn't work under simple wildcard TLS cert.
May 14 2020, 1:29 AM · Cloud-VPS
Krenair added a parent task for T252721: cloud-vps solution for Let's Encrypt: T252734: Consider moving tools away from acme-chief.
May 14 2020, 1:25 AM · cloud-services-team (Kanban), Cloud-VPS
Krenair added a subtask for T252734: Consider moving tools away from acme-chief: T252721: cloud-vps solution for Let's Encrypt.
May 14 2020, 1:25 AM · cloud-services-team (Kanban), Tools
Krenair created T252734: Consider moving tools away from acme-chief.
May 14 2020, 1:25 AM · cloud-services-team (Kanban), Tools
Krenair added a parent task for T252721: cloud-vps solution for Let's Encrypt: T252733: Support arbitrary domain names for dynamicproxy.
May 14 2020, 1:20 AM · cloud-services-team (Kanban), Cloud-VPS
Krenair added a subtask for T252733: Support arbitrary domain names for dynamicproxy: T252721: cloud-vps solution for Let's Encrypt.
May 14 2020, 1:20 AM · Cloud-VPS
Krenair created T252733: Support arbitrary domain names for dynamicproxy.
May 14 2020, 1:20 AM · Cloud-VPS
Krenair added a subtask for T252199: Stop using letsencrypt::cert::integrated: T252721: cloud-vps solution for Let's Encrypt.
May 14 2020, 1:17 AM · cloud-services-team (Kanban), Mail
Krenair added a parent task for T252721: cloud-vps solution for Let's Encrypt: T252199: Stop using letsencrypt::cert::integrated.
May 14 2020, 1:17 AM · cloud-services-team (Kanban), Cloud-VPS
Krenair placed T252732: Create a service account to manage testlabs DNS up for grabs.

Created user, just need a cloud admin to give it observe+designateadmin rights in the testlabs project.

May 14 2020, 1:14 AM · cloud-services-team (Kanban), Cloud-VPS
Krenair created T252732: Create a service account to manage testlabs DNS.
May 14 2020, 1:09 AM · cloud-services-team (Kanban), Cloud-VPS

May 13 2020

Krenair added a comment to T252721: cloud-vps solution for Let's Encrypt.

also, when we say "per-project", we mean "dynamicproxy will need one and might have permissions for all projects, tools will need one to manage its own, toolserver-legacy will need one to manage its own", etc.

May 13 2020, 10:13 PM · cloud-services-team (Kanban), Cloud-VPS
Krenair claimed T252721: cloud-vps solution for Let's Encrypt.
  • find ACMEv2 client we can puppetise the installation of
    • ensuring we can get some certs through running a local commands to get certs (for dynamicproxy to call)
    • ensuring we can get some certs configured through puppet or whatever (for other use cases e.g. tools to replace acme-chief and stuff covered under T252199)
    • need to be able to get secrets for ACME account as well as designate service account through unpuppetised secrets, seeing as no expectation of a local puppetmaster
May 13 2020, 10:04 PM · cloud-services-team (Kanban), Cloud-VPS

May 9 2020

Krenair added a comment to T252129: Access to analytics-privatedata-users for Research intern Daniram.

I don't think bastiononly has existed for years.

May 9 2020, 11:47 AM · SRE-Access-Requests, Operations

May 8 2020

Krenair added a comment to T252199: Stop using letsencrypt::cert::integrated.

Looks like we don't have acme-chief setup in toolsbeta or cloudinfra, or toolserver-legacy

May 8 2020, 1:11 PM · cloud-services-team (Kanban), Mail
Krenair removed projects from T252199: Stop using letsencrypt::cert::integrated: Operations, Puppet.

actually looks like profile::mail::smarthost only gets used in labs

May 8 2020, 1:10 PM · cloud-services-team (Kanban), Mail
Krenair created T252199: Stop using letsencrypt::cert::integrated.
May 8 2020, 1:07 PM · cloud-services-team (Kanban), Mail

May 7 2020

Krenair added a comment to T83447: GeoIP Puppet Module Fails in Labs.

I wonder if modules/puppetmaster/manifests/geoip.pp's file { $geoip_destdir: should set owner/groups. Right now:

root@cloud-puppetmaster-03:~# ls -lh /var/lib/puppet/volatile
total 8.0K
drwxr-xr-x 2 root root   4.0K Apr  5  2019 GeoIP
drwxr-x--- 2 root puppet 4.0K Apr  5  2019 misc
May 7 2020, 1:51 PM · Operations, ops-requests

May 3 2020

Krenair added a comment to T236576: Move all Wikimedia CI (WMCS integration project) instances from jessie to stretch.

@Aklapper: It's still valid and should stay open, the due date is correctly set in the past. It's not clear to me whether December 2019 is accurate or if it should actually be some time in April 2020.
Edit: The same probably goes for most of the rest of the jessie deprecation tasks you just left this comment on.

May 3 2020, 4:06 PM · Patch-For-Review, Release-Engineering-Team-TODO (2020-04 to 2020-06 (Q4)), Release-Engineering-Team (CI & Testing services), Continuous-Integration-Infrastructure (phase-out-jessie), Cloud-VPS (Debian Jessie Deprecation)

Apr 22 2020

Don-vip awarded T103062: Please add www.dvidshub.net to the wgCopyUploadsDomains whitelist of Wikimedia Commons a Love token.
Apr 22 2020, 11:12 AM · Patch-For-Review, Commons, Wikimedia-Site-requests

Apr 20 2020

aborrero awarded T250623: Allow providing a commit message for hieradata changes a Love token.
Apr 20 2020, 10:21 AM · Puppet, Horizon

Apr 19 2020

Krenair created T250623: Allow providing a commit message for hieradata changes.
Apr 19 2020, 5:31 PM · Puppet, Horizon
Krenair updated the task description for T250622: Preserve formatting etc. in horizon hiera editor.
Apr 19 2020, 5:28 PM · Puppet, Horizon
Krenair moved T250622: Preserve formatting etc. in horizon hiera editor from Backlog to Local dashboards on the Horizon board.
Apr 19 2020, 5:27 PM · Puppet, Horizon
Krenair updated the task description for T250622: Preserve formatting etc. in horizon hiera editor.
Apr 19 2020, 5:26 PM · Puppet, Horizon
Krenair created T250622: Preserve formatting etc. in horizon hiera editor.
Apr 19 2020, 5:26 PM · Puppet, Horizon

Apr 18 2020

Krenair added a comment to T247213: Consider replacing our spreadcheck alerts with Server Groups Anti-Affinity policies.

I assume our process involves trying to tell a new Nova host to schedule some particular VM and providing it the files.
I guess if Nova will refuse to schedule a VM that would be in violation that's fine, as long as our process involves checking for that and finding an appropriate place for it (instead of just leaving it turned off).

Apr 18 2020, 11:28 PM · Cloud-VPS
Krenair awarded T250021: Problems on deployment-hadoop-test-1 a Burninate token.
Apr 18 2020, 10:38 PM · Beta-Cluster-Infrastructure
Krenair closed T199272: novaobserver doesn't appear to have access to view any information about security groups as Resolved.

Looks like this got fixed at some point, I'm guessing either through the OpenStack upgrades or policy tidyups or both.

Apr 18 2020, 10:24 PM · cloud-services-team (Kanban), Upstream, Cloud-VPS
Krenair merged T222414: Nova policy does not permit novaobserver to view an instance's security groups into T199272: novaobserver doesn't appear to have access to view any information about security groups.
Apr 18 2020, 10:19 PM · cloud-services-team (Kanban), Upstream, Cloud-VPS
Krenair merged task T222414: Nova policy does not permit novaobserver to view an instance's security groups into T199272: novaobserver doesn't appear to have access to view any information about security groups.
Apr 18 2020, 10:19 PM · Cloud-VPS
Krenair added a comment to T247213: Consider replacing our spreadcheck alerts with Server Groups Anti-Affinity policies.

We good to go with this given the Queens upgrade?

Apr 18 2020, 10:18 PM · Cloud-VPS
Krenair added a comment to T233134: logstash-beta.wmflabs.org does not receive any mediawiki events.

Yes, we will need a second logstash stretch instance, and to migrate the Kafka broker ID from deployment-logstash2 to the new host.

Apr 18 2020, 9:50 PM · Release-Engineering-Team-TODO, observability, Wikimedia-Logstash, Beta-Cluster-Infrastructure
Krenair updated the task description for T218729: Migrate deployment-prep away from Debian Jessie to Debian Stretch/Buster.
Apr 18 2020, 9:48 PM · Cloud-VPS (Debian Jessie Deprecation), Beta-Cluster-Infrastructure
Krenair updated the task description for T218729: Migrate deployment-prep away from Debian Jessie to Debian Stretch/Buster.
Apr 18 2020, 9:35 PM · Cloud-VPS (Debian Jessie Deprecation), Beta-Cluster-Infrastructure
Krenair updated the task description for T250585: Determine purpose of deployment-memc0[67].
Apr 18 2020, 9:34 PM · Cloud-VPS (Debian Jessie Deprecation), Beta-Cluster-Infrastructure
Krenair created T250585: Determine purpose of deployment-memc0[67].
Apr 18 2020, 9:34 PM · Cloud-VPS (Debian Jessie Deprecation), Beta-Cluster-Infrastructure
Krenair updated the task description for T218729: Migrate deployment-prep away from Debian Jessie to Debian Stretch/Buster.
Apr 18 2020, 9:29 PM · Cloud-VPS (Debian Jessie Deprecation), Beta-Cluster-Infrastructure
Krenair closed T248933: Broken puppet in deployment-prep as Resolved.
Apr 18 2020, 9:11 PM · Beta-Cluster-Infrastructure, Cloud-VPS