Krenair (Alex Monk)
Wikimedia volunteer

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Saturday

  • Clear sailing ahead.

User Details

User Since
Oct 3 2014, 2:34 PM (163 w, 6 d)
Availability
Available
IRC Nick
Krenair
LDAP User
Alex Monk
MediaWiki User
Krenair

I am a Wikimedia volunteer helping in various technical ways - e.g. MediaWiki development, software deployments to the Wikimedia cluster, and various other things. I am also an OTRS agent.

Some of my old VisualEditor work can be found under @AlexMonk-WMF instead

I have opinions on things, which do not necessarily represent those of any organisation I am or have previously been affiliated with.

Recent Activity

Mon, Nov 13

Krenair added a comment to T180384: Turn off Trending Service.

Really the concept needs more testing for product viability. Unfortunately, we were unable to test in a non-production environment due to Kafka not being available outside of production.

Mon, Nov 13, 11:15 PM · Operations, Services (designing), Reading-Infrastructure-Team-Backlog (Kanban), Trending-Service

Fri, Nov 10

Krenair added a comment to T145832: Create Trusted Contributors project?.

What was the criteria for being added in the first batch of people?

Fri, Nov 10, 6:18 PM · Project-Admins

Tue, Nov 7

Krenair added a comment to T179877: Central Auth users who's home wiki is a test wiki should be deleted occasionally.
MariaDB [centralauth_p]> select gu_home_db, count(1) from globaluser where gu_home_db in ('testwiki', 'test2wiki') group by gu_home_db;
+------------+----------+
| gu_home_db | count(1) |
+------------+----------+
| test2wiki  |      919 |
| testwiki   |     3899 |
+------------+----------+
2 rows in set (51.14 sec)

Out of like 52m accounts that's not very much

Tue, Nov 7, 12:29 AM · Wikimedia-General-or-Unknown

Mon, Oct 30

Krenair added a comment to T176926: Request creation of IIAB VPS project.

Can someone help me with scp or rsync syntax for this environment. I need to copy files from instance medbox-iiab to medbox2-iiab and get publickey error.

Mon, Oct 30, 7:19 PM · User-bd808, Cloud-VPS (Project-requests)

Sat, Oct 28

Krenair created P6209 Alex's new(ish) SSH key.
Sat, Oct 28, 8:04 AM · Beta-Cluster-Infrastructure

Tue, Oct 24

Krenair added a comment to T178841: Beta cluster is down.

Are we okay to close this now? Do we want to look into what caused the initial varnish upgrade?

Tue, Oct 24, 10:54 PM · Release-Engineering-Team (Kanban), User-Ryasmeen, User-greg, Patch-For-Review, Traffic, Operations, Beta-Cluster-Infrastructure

Oct 23 2017

Krenair added a comment to T178841: Beta cluster is down.

HTTPS should now work again too. Need to commit hieradata/labs/deployment-prep/host/deployment-cache-text04.yaml on the puppetmaster:

profile::cache::base::varnish_version: 5
nginx::variant: extras
cache::lua_support: true
cluster: cache_text
"cache::cluster": text
"profile::cache::ssl::unified::le_subjects":
    - beta.wmflabs.org
    - www.wikimedia.beta.wmflabs.org
    - www.wikipedia.beta.wmflabs.org
    - www.wikibooks.beta.wmflabs.org
    - www.wiktionary.beta.wmflabs.org
    - commons.wikimedia.beta.wmflabs.org
    - commons.m.wikimedia.beta.wmflabs.org
    - deployment.wikimedia.beta.wmflabs.org
    - deployment.m.wikimedia.beta.wmflabs.org
    - en.wikibooks.beta.wmflabs.org
    - en.m.wikibooks.beta.wmflabs.org
    - en.wikinews.beta.wmflabs.org
    - en.m.wikinews.beta.wmflabs.org
    - en.wikiquote.beta.wmflabs.org
    - en.m.wikiquote.beta.wmflabs.org
    - en.wikisource.beta.wmflabs.org
    - en.m.wikisource.beta.wmflabs.org
    - en.wikiversity.beta.wmflabs.org
    - en.m.wikiversity.beta.wmflabs.org
    - en.wikivoyage.beta.wmflabs.org
    - en.m.wikivoyage.beta.wmflabs.org
    - en.wiktionary.beta.wmflabs.org
    - en.m.wiktionary.beta.wmflabs.org
    - login.wikimedia.beta.wmflabs.org
    - login.m.wikimedia.beta.wmflabs.org
    - meta.wikimedia.beta.wmflabs.org
    - meta.m.wikimedia.beta.wmflabs.org
    - test.wikimedia.beta.wmflabs.org
    - test.m.wikimedia.beta.wmflabs.org
    - wikidata.beta.wmflabs.org
    - m.wikidata.beta.wmflabs.org
    - zero.wikimedia.beta.wmflabs.org
    - zero.m.wikimedia.beta.wmflabs.org
    - aa.wikipedia.beta.wmflabs.org
    - aa.m.wikipedia.beta.wmflabs.org
    - aa.zero.wikipedia.beta.wmflabs.org
    - ar.wikipedia.beta.wmflabs.org
    - ar.m.wikipedia.beta.wmflabs.org
    - ar.zero.wikipedia.beta.wmflabs.org
    - ca.wikipedia.beta.wmflabs.org
    - ca.m.wikipedia.beta.wmflabs.org
    - ca.zero.wikipedia.beta.wmflabs.org
    - de.wikipedia.beta.wmflabs.org
    - de.m.wikipedia.beta.wmflabs.org
    - de.zero.wikipedia.beta.wmflabs.org
    - de.wiktionary.beta.wmflabs.org
    - de.m.wiktionary.beta.wmflabs.org
    - en-rtl.wikipedia.beta.wmflabs.org
    - en-rtl.m.wikipedia.beta.wmflabs.org
    - en-rtl.zero.wikipedia.beta.wmflabs.org
    - en.wikipedia.beta.wmflabs.org
    - en.m.wikipedia.beta.wmflabs.org
    - en.zero.wikipedia.beta.wmflabs.org
    - eo.wikipedia.beta.wmflabs.org
    - eo.m.wikipedia.beta.wmflabs.org
    - eo.zero.wikipedia.beta.wmflabs.org
    - es.wikipedia.beta.wmflabs.org
    - es.m.wikipedia.beta.wmflabs.org
    - es.zero.wikipedia.beta.wmflabs.org
    - fa.wikipedia.beta.wmflabs.org
    - fa.m.wikipedia.beta.wmflabs.org
    - fa.zero.wikipedia.beta.wmflabs.org
    - he.wikipedia.beta.wmflabs.org
    - he.m.wikipedia.beta.wmflabs.org
    - he.zero.wikipedia.beta.wmflabs.org
    - he.wiktionary.beta.wmflabs.org
    - he.m.wiktionary.beta.wmflabs.org
    - hi.wikipedia.beta.wmflabs.org
    - hi.m.wikipedia.beta.wmflabs.org
    - hi.zero.wikipedia.beta.wmflabs.org
    - ja.wikipedia.beta.wmflabs.org
    - ja.m.wikipedia.beta.wmflabs.org
    - ja.zero.wikipedia.beta.wmflabs.org
    - ko.wikipedia.beta.wmflabs.org
    - ko.m.wikipedia.beta.wmflabs.org
    - ko.zero.wikipedia.beta.wmflabs.org
    - nl.wikipedia.beta.wmflabs.org
    - nl.m.wikipedia.beta.wmflabs.org
    - nl.zero.wikipedia.beta.wmflabs.org
    - ru.wikipedia.beta.wmflabs.org
    - ru.m.wikipedia.beta.wmflabs.org
    - ru.zero.wikipedia.beta.wmflabs.org
    - simple.wikipedia.beta.wmflabs.org
    - simple.m.wikipedia.beta.wmflabs.org
    - simple.zero.wikipedia.beta.wmflabs.org
    - sq.wikipedia.beta.wmflabs.org
    - sq.m.wikipedia.beta.wmflabs.org
    - sq.zero.wikipedia.beta.wmflabs.org
    - uk.wikipedia.beta.wmflabs.org
    - uk.m.wikipedia.beta.wmflabs.org
    - uk.zero.wikipedia.beta.wmflabs.org
    - zh.wikipedia.beta.wmflabs.org
    - zh.m.wikipedia.beta.wmflabs.org
    - zh.zero.wikipedia.beta.wmflabs.org
    - commons.wikipedia.beta.wmflabs.org
Oct 23 2017, 11:25 PM · Release-Engineering-Team (Kanban), User-Ryasmeen, User-greg, Patch-For-Review, Traffic, Operations, Beta-Cluster-Infrastructure
Krenair added a comment to T178841: Beta cluster is down.

Between the three of us it's been brought back up.

Oct 23 2017, 11:06 PM · Release-Engineering-Team (Kanban), User-Ryasmeen, User-greg, Patch-For-Review, Traffic, Operations, Beta-Cluster-Infrastructure

Oct 20 2017

Krenair added a comment to T116027: Make selenium users use botflags at beta-cluster.

I think you'll have to make some test code in MW core set the bot flag when saving edits

Oct 20 2017, 5:15 PM · Beta-Cluster-Infrastructure, User-zeljkofilipin, WorkType-NewFunctionality

Oct 17 2017

Krenair added a comment to T177944: k8s nodes sometimes getting bad token value from hiera.

I'm pretty sure this is a wider issue as I've seen it before on deployment-prep with other hiera data

Oct 17 2017, 9:16 PM · Patch-For-Review, Toolforge
Krenair added a comment to T178417: New e-mail-created wikitechwiki user "Per Magnus" can't set their password.

I'm assuming it's just where you create an account while already logged in,
for another user, providing their email address. It will email them their
password

Oct 17 2017, 6:39 PM · wikitech.wikimedia.org

Oct 15 2017

Krenair created P6121 (An Untitled Masterwork).
Oct 15 2017, 12:13 AM

Oct 5 2017

Krenair awarded T177493: IRC operator request for Freenode #wikimedia-operations for @Dereckson a Like token.
Oct 5 2017, 8:56 PM · Ops-Access-Requests, Operations

Oct 2 2017

Krenair added a comment to T171208: contentadmin has suddenly less permissions.

I know why at least one of those is considered a security-sensitive right.

Would you dare to enlighten us, or is that knowledge somehow security-sensitive itself? :)

Oct 2 2017, 12:14 AM · wikitech.wikimedia.org, cloud-services-team

Oct 1 2017

Krenair added a comment to T171208: contentadmin has suddenly less permissions.

@Krenair set these explicit removals back in c9f3ef6526c4 - maybe he knows what the reason was to keep some of these rights away from contentadmins (e.g. createaccount, override-antispoof, titleblacklistlog, tboverride).

I know why at least one of those is considered a security-sensitive right.

Oct 1 2017, 11:30 PM · wikitech.wikimedia.org, cloud-services-team

Sep 26 2017

Krenair added a comment to T144479: Ensure thumbor container access is preserved by mw filebackend setzoneaccess.

This requires exposing the Thumbor Swift username in $wmfSwiftEqiadConfig and $wmfSwiftCodfwConfig which I believe resides in an Ops repo I don't have access to, where the private keys of things for the PHP config are defined.

That'd come from /srv/mediawiki-staging/private/PrivateSettings.php which all deployers should have access to

Sep 26 2017, 3:58 PM · MW-1.31-release-notes (WMF-deploy-2017-09-26 (1.31.0-wmf.1)), Patch-For-Review, MediaWiki-Maintenance-scripts, Operations, Performance-Team, Thumbor

Sep 24 2017

Krenair added a comment to T176576: http://tools.wmflabs.org/static-browser/ and http://tools.wmflabs.org/static gives Error 500.

5xx errors are never intentional, they always indicate something is wrong

Sep 24 2017, 3:54 PM · Tools

Sep 21 2017

Krenair added a comment to T93483: Add script_path to meta_p.wiki database.

I agree that it should be script_path and not api_url

Sep 21 2017, 6:15 AM · Data-Services

Sep 20 2017

Krenair added a comment to T172356: Decom RCStream in Beta Cluster.

and a DNS entry instance-deployment-stream.deployment-prep.wmflabs.org. see http://instance-deployment-stream.deployment-prep.wmflabs.org

Sep 20 2017, 6:09 PM · Analytics-Kanban, Patch-For-Review, Beta-Cluster-Infrastructure, Wikimedia-Stream

Sep 18 2017

Krenair added a comment to T138915: OTRS database is "too large".

I'm guessing this got worse with the recent spam problem

Sep 18 2017, 5:38 PM · DBA, OTRS

Sep 17 2017

Krenair added a comment to T174860: Define naming scheme for connecting to new wiki replica cluster.

I am curious as to what your designateclient hack is though

Sep 17 2017, 9:55 PM · Patch-For-Review, cloud-services-team (Kanban), Data-Services, User-bd808
Krenair added a comment to T174860: Define naming scheme for connecting to new wiki replica cluster.

I've created the db.svc.eqiad.wmflabs. domain.

Managing this domain will be a bit of a pain, since it's in noauth-project. [...]

Sep 17 2017, 9:53 PM · Patch-For-Review, cloud-services-team (Kanban), Data-Services, User-bd808
Krenair awarded T176090: wikitech-static sync failing a Manufacturing Defect? token.
Sep 17 2017, 6:46 PM · MW-1.30-release-notes (WMF-deploy-2017-09-19 (1.30.0-wmf.19)), MediaWiki-Maintenance-scripts, Operations
Krenair added a project to T176090: wikitech-static sync failing: MediaWiki-Maintenance-scripts.
Sep 17 2017, 6:46 PM · MW-1.30-release-notes (WMF-deploy-2017-09-19 (1.30.0-wmf.19)), MediaWiki-Maintenance-scripts, Operations

Sep 16 2017

Krenair awarded T175962: Issue with maintenance script: SELECTing revisions with high rev_id is painfully slow a Orange Medal token.
Sep 16 2017, 9:15 PM · Community-Tech, MW-1.30-release-notes, MW-1.31-release-notes (WMF-deploy-2017-09-26 (1.31.0-wmf.1)), Patch-For-Review, DBA
Krenair added a comment to T176057: Designate API expects FQDN in "name" value for a recordset and raises bizarre error when that expecation fails.

another job well done phabricator

Sep 16 2017, 8:56 PM · Cloud-VPS, Upstream
Krenair added a project to T176057: Designate API expects FQDN in "name" value for a recordset and raises bizarre error when that expecation fails: Upstream.

<Krenair> bd808, did you try the FQDN for that record you had trouble creating?
<Krenair> i.e. "name": "s1.web.db.svc.eqiad.wmflabs."
<bd808> I did not... would the records need to contain FQDNs?
<bd808> easy enough to try I guess
<Krenair> I'm not sure but try it
<Krenair> I'd report the error upstream regardless
<bd808> using an FQDN works

Sep 16 2017, 8:56 PM · Cloud-VPS, Upstream
Krenair added a comment to T176042: Create amwikimedia.

Ok.

Sep 16 2017, 8:02 PM · Patch-For-Review, User-Ladsgroup, Wiki-Setup (Create)
Krenair added a comment to T176042: Create amwikimedia.

who?

Sep 16 2017, 7:38 PM · Patch-For-Review, User-Ladsgroup, Wiki-Setup (Create)
Krenair added a comment to T176042: Create amwikimedia.

Has someone from WMAM requested this?

Sep 16 2017, 7:36 PM · Patch-For-Review, User-Ladsgroup, Wiki-Setup (Create)
Krenair added a comment to T175917: Beta cluster rights clarification.

The rights those groups grant on beta are fine to hand out (within reason - some of these are steward-level rights) there, but I'd at least change the name of the group before granting it to avoid impersonation concerns

Sep 16 2017, 5:39 PM · Beta-Cluster-Infrastructure

Sep 14 2017

Krenair awarded T172035: Blockers for Wikimedia wiki domain renaming a Goat token.
Sep 14 2017, 5:43 PM · Wikimedia-Site-requests

Sep 13 2017

Krenair added a comment to T172035: Blockers for Wikimedia wiki domain renaming.

I think that token (and fire in general) is generally associated with destruction but sure.

Sep 13 2017, 6:31 PM · Wikimedia-Site-requests

Sep 12 2017

Krenair added a comment to T175643: Grant Bmansurov access to "Recommendation-api" Cloud VPS Project.

*mumbles something about phabricator's conflict detection or lack thereof*

Sep 12 2017, 8:43 PM · VPS-Projects, Recommendation-API, Cloud-VPS
Krenair awarded T175643: Grant Bmansurov access to "Recommendation-api" Cloud VPS Project a Like token.
Sep 12 2017, 8:43 PM · VPS-Projects, Recommendation-API, Cloud-VPS
Krenair added a comment to T175643: Grant Bmansurov access to "Recommendation-api" Cloud VPS Project.

I did some searching around and it looks to me like DarTar's approval is good for this project

Sep 12 2017, 8:43 PM · VPS-Projects, Recommendation-API, Cloud-VPS
Krenair added a comment to T175643: Grant Bmansurov access to "Recommendation-api" Cloud VPS Project.

schana was on Phabricator under a week ago talking about a request they made in relation to this project. Is this urgent?

Sep 12 2017, 8:26 PM · VPS-Projects, Recommendation-API, Cloud-VPS

Sep 11 2017

Krenair updated subscribers of T175643: Grant Bmansurov access to "Recommendation-api" Cloud VPS Project.

adding current admins to process request

Sep 11 2017, 11:05 PM · VPS-Projects, Recommendation-API, Cloud-VPS

Sep 7 2017

Krenair added a comment to T162910: Update Collection not to use deprecated wfSetupSession call.

What would we use instead?

Sep 7 2017, 9:23 PM · Patch-For-Review, Readers-Web-Backlog (Tracking), Collection, Technical-Debt, Wikimedia-log-errors

Sep 5 2017

Krenair added a comment to T166712: Remove logging from labs for schema https://meta.wikimedia.org/wiki/Schema:CommandInvocation.

<yuvipanda> Krenair: you should ask some of the cloud team people about it :)

Sep 5 2017, 6:16 PM · Analytics-Kanban, User-Elukey, cloud-services-team (Kanban)

Sep 3 2017

Krenair added a comment to T174850: wikistream.wmflabs.org down - unable to ssh to ws-web.

I believe that auth-related service would likely be nslcd/nscd (I forget which).

Sep 3 2017, 6:09 PM · Cloud-VPS
Krenair added a comment to T174859: Image File is not working on hi.wikiversity.

Yes, you'd need a separate task to report that.

Sep 3 2017, 2:51 AM · media-storage, Hindi-Sites
Krenair closed T174859: Image File is not working on hi.wikiversity as Resolved.

That fixed it, the URL provided above by @Urbanecm works now.

Sep 3 2017, 1:00 AM · media-storage, Hindi-Sites

Sep 2 2017

Krenair updated subscribers of T174859: Image File is not working on hi.wikiversity.
Sep 2 2017, 11:27 PM · media-storage, Hindi-Sites
Krenair added a comment to T174859: Image File is not working on hi.wikiversity.

addWiki.php is supposed to run setZoneAccess.php

Sep 2 2017, 11:26 PM · media-storage, Hindi-Sites
Krenair added a comment to T173968: Add a "preview of the message" button.

could also just stick it in action=parse

Sep 2 2017, 10:17 PM · Google-Code-in-2017, Huggle
Krenair added a comment to T174867: Wikivoyage is missing from PAWS system user-config.py.

also wikiboots instead of wikibooks?
what about wikinews?

Sep 2 2017, 9:29 PM · PAWS
Krenair added a comment to T174866: tool extreg-wos not updating its table.

I changed the titles on them. Let's see if it updates now.

Sep 2 2017, 9:21 PM · Tools
Krenair renamed T174483: Convert MagicNoCache to use extension registration from Convert MagicNoCache to use extension registration to Convert MagicNoCache to use extension registration.
Sep 2 2017, 9:18 PM · Patch-For-Review, MediaWiki-extensions-Other
Krenair renamed T174657: Convert PageNotice to use extension registration from Convert Extension:PageNotice to use extension registration to Convert PageNotice to use extension registration.
Sep 2 2017, 9:18 PM · Patch-For-Review, MediaWiki-extensions-PageNotice
Krenair renamed T174661: Convert SimpleChanges to use extension registration from Convert Extension:SimpleChanges to use extension registration to Convert SimpleChanges to use extension registration.
Sep 2 2017, 9:18 PM · Patch-For-Review, MediaWiki-extensions-Other
Krenair renamed T174663: Convert SubpageFun to use extension registration from Convert Extension:SubpageFun to use extension registration to Convert SubpageFun to use extension registration.
Sep 2 2017, 9:18 PM · Patch-For-Review, MediaWiki-extensions-Other
Krenair renamed T174456: Convert WebChat to use extension registration from Convert Extension:WebChat to use extension registration to Convert WebChat to use extension registration.
Sep 2 2017, 9:18 PM · Patch-For-Review, MediaWiki-extensions-Other
Krenair renamed T174478: Convert ArticleToCategory2 to use extension registration from Convert Extension:ArticleToCategory2 to use extension registration to Convert ArticleToCategory2 to use extension registration.
Sep 2 2017, 9:18 PM · Patch-For-Review, MediaWiki-extensions-Other
Krenair renamed T174529: Convert GroupsSidebar to use extension registration. from Convert Extension:GroupsSidebar to use extension registration. to Convert GroupsSidebar to use extension registration..
Sep 2 2017, 9:18 PM · Patch-For-Review, MediaWiki-extensions-Other
Krenair renamed T174530: Convert MsLinks to use extension registration. from Convert Extension:MsLinks to use extension registration. to Convert MsLinks to use extension registration..
Sep 2 2017, 9:18 PM · Patch-For-Review, MediaWiki-extensions-Other
Krenair renamed T174483: Convert MagicNoCache to use extension registration from Convert Extension:MagicNoCache to use extension registration to Convert MagicNoCache to use extension registration.
Sep 2 2017, 9:18 PM · Patch-For-Review, MediaWiki-extensions-Other
Krenair renamed T171819: Convert FlickrAPI to use extension registration from Update FlickrAPI extension to use registration to Convert FlickrAPI to use extension registration.
Sep 2 2017, 9:17 PM · Patch-For-Review
Krenair renamed T173058: Convert AdminLinks to use extension registration from Convert Extension:AdminLinks to use extension registration to Convert AdminLinks to use extension registration.
Sep 2 2017, 9:17 PM · Patch-For-Review, MediaWiki-extensions-AdminLinks
Krenair added a comment to T174866: tool extreg-wos not updating its table.

A lot of tasks are like that - see the related objects on T98668

Sep 2 2017, 9:10 PM · Tools
Krenair added a comment to T174861: CAPTCHA ineffective, consider using reCAPTCHA.

My understanding is that it was considered not an option in 2008 for reasons that AFAIK have not changed, so this is probably a duplicate of a wontfix.

Sep 2 2017, 7:19 PM · Wikimedia-Site-requests

Aug 31 2017

Krenair added a comment to T174746: deployment-imagescaler0[12] puppet broken due to missing nginx lua support.
  • Installed libnginx-mod-http-lua
  • Manually installed /etc/nginx/prometheus.lua file to avoid puppet catch-22 (specifically, puppet will error out before creating that file due to nginx failing due to that file being missing), need to make the nginx service depend on that file somehow?
  • Killed existing deployment-imagescaler01 (was fine on -imagescaler02) nginx processes that were refusing to stop (preventing a restart due to port 8800 being in use)
  • Puppet now works
Aug 31 2017, 11:31 PM · Patch-For-Review, Thumbor, Performance-Team, Beta-Cluster-Infrastructure
Krenair updated the task description for T174746: deployment-imagescaler0[12] puppet broken due to missing nginx lua support.
Aug 31 2017, 11:22 PM · Patch-For-Review, Thumbor, Performance-Team, Beta-Cluster-Infrastructure
Krenair created T174746: deployment-imagescaler0[12] puppet broken due to missing nginx lua support.
Aug 31 2017, 11:20 PM · Patch-For-Review, Thumbor, Performance-Team, Beta-Cluster-Infrastructure
Krenair updated the task description for T174742: deployment-kafka01 - disk is full.
Aug 31 2017, 10:59 PM · Analytics-Kanban, Beta-Cluster-Infrastructure
Krenair created T174742: deployment-kafka01 - disk is full.
Aug 31 2017, 10:57 PM · Analytics-Kanban, Beta-Cluster-Infrastructure
Krenair claimed T162977: Create top-level domain for a project on project creation.
Aug 31 2017, 10:34 PM · Patch-For-Review, Cloud-Services
Krenair added a comment to T162977: Create top-level domain for a project on project creation.

I think we'll have to do the makedomain-style subdomain creation dance with wmflabsdotorg
Actually let's just import that code and call it?

Aug 31 2017, 10:23 PM · Patch-For-Review, Cloud-Services
Krenair added a comment to T174720: letsencrypt::cert::integrated and non-http servers.

acme_tiny - modules/letsencrypt/files/acme_tiny.py in puppet

Aug 31 2017, 9:24 PM · Patch-For-Review, Operations
Krenair updated subscribers of T166712: Remove logging from labs for schema https://meta.wikimedia.org/wiki/Schema:CommandInvocation.
Aug 31 2017, 5:57 PM · Analytics-Kanban, User-Elukey, cloud-services-team (Kanban)
Krenair added a comment to T166712: Remove logging from labs for schema https://meta.wikimedia.org/wiki/Schema:CommandInvocation.

modules/toollabs/files/log-command-invocation in puppet
T123444

Aug 31 2017, 5:55 PM · Analytics-Kanban, User-Elukey, cloud-services-team (Kanban)

Aug 30 2017

Krenair added a comment to T168677: Add new Cloud Services domains to public suffix list.

I just checked and that domain doesn't even have the right nameservers (it's set to ns[0-2].wikimedia.org), so this might be a bit premature :)

Aug 30 2017, 9:55 PM · Cloud-Services
Krenair added a watcher for Cloud-Services: Krenair.
Aug 30 2017, 9:48 PM
Krenair added a watcher for Cloud-VPS (Project-requests): Krenair.
Aug 30 2017, 9:48 PM
Krenair added a comment to T166845: monitor some things on all Cloud instances (discussion).

Like shinken?

Yes! But as I understand it Shinken currently only monitors select projects... I'd like to monitor a narrower set of things on every single instance.

Aug 30 2017, 9:22 PM · Patch-For-Review, cloud-services-team (Kanban), Cloud-VPS
Krenair added a comment to T168433: Deprecate DSA (ssh-dss) SSH keys for Labs users.

Currently 178 users with these

Aug 30 2017, 9:15 PM · Cloud-VPS, Toolforge, cloud-services-team (Kanban)
Krenair added a comment to T168433: Deprecate DSA (ssh-dss) SSH keys for Labs users.

Audit script basics:

import ldap
ldap_conn = ldap.initialize('ldap://ldap-labs.eqiad.wikimedia.org:389')
lc = ldap.controls.libldap.SimplePagedResultsControl(size=10000, cookie='')
while True:
    rtype, rdata, rmsgid, serverctrls = ldap_conn.result3(ldap_conn.search_ext(
        'ou=people,dc=wikimedia,dc=org',
        ldap.SCOPE_ONELEVEL,
        filterstr='(&(objectClass=ldapPublicKey)(sshPublicKey=*))',
        attrlist=['uid', 'sshPublicKey'],
        serverctrls=[lc]
    ))
    for userDN, userAttributes in rdata:
        badkeys = []
        for key in userAttributes['sshPublicKey']:
            if key.startswith('ssh-dss'):
                badkeys.append(key)
        if len(badkeys) > 0:
            print(userAttributes['uid'][0], len(badkeys))
    for control in serverctrls:
        if control.controlType == ldap.controls.SimplePagedResultsControl.controlType:
            lc.cookie = control.cookie
    if not lc.cookie:
        break
Aug 30 2017, 9:14 PM · Cloud-VPS, Toolforge, cloud-services-team (Kanban)
Krenair added a comment to T171136: dss keys disabled prematurely.

I just tested this and it seems to work on all the non-stretch (stretch has a newer sshd that disables it by default) instances that I tried. Where did you test?

Aug 30 2017, 8:20 PM · Cloud-VPS, cloud-services-team
Krenair edited projects for T150828: Horizon prefix puppet dialog puts you in wrong prefix after you create a new prefix, added: Horizon; removed Cloud-Services.
Aug 30 2017, 8:06 PM · Horizon
Krenair added a parent task for T166349: Support per project user email address $project-admins@wmflabs.org: T174608: Improve SMTP inbound/outbound services.
Aug 30 2017, 7:58 PM · Mail, Cloud-Services
Krenair added a subtask for T174608: Improve SMTP inbound/outbound services: T166349: Support per project user email address $project-admins@wmflabs.org.
Aug 30 2017, 7:58 PM · Epic, Cloud-Services
Krenair added a comment to T41785: Create a labs SMTP smarthost.

I think so

Aug 30 2017, 7:56 PM · Operations, Cloud-Services, Mail
Krenair added a comment to T166712: Remove logging from labs for schema https://meta.wikimedia.org/wiki/Schema:CommandInvocation.

Ping @Nuria

Aug 30 2017, 7:52 PM · Analytics-Kanban, User-Elukey, cloud-services-team (Kanban)
Krenair removed a project from T152767: Missing Labs hiera entry in labs-private repo: Patch-For-Review.
Aug 30 2017, 7:47 PM · Operations, Cloud-Services
Krenair removed a project from T153608: Migrate references from $instance.eqiad.wmflabs to $instance.$project.eqiad.wmflabs: Patch-For-Review.
Aug 30 2017, 7:46 PM · Puppet, Cloud-Services
Krenair added a project to T154099: Deactivate repository labs/invisible-unicorn: Gerrit.
Aug 30 2017, 7:43 PM · User-MarcoAurelio, Repository-Admins, Gerrit, Cloud-Services
Krenair added a project to T166349: Support per project user email address $project-admins@wmflabs.org: Mail.
Aug 30 2017, 7:39 PM · Mail, Cloud-Services
Krenair edited projects for T168349: enwiki_p logging vs logging_userindex returning dramatically different results, added: Data-Services; removed Cloud-Services.
Aug 30 2017, 7:37 PM · Data-Services, DBA
Krenair edited projects for T147859: Add a note to the launch instance window about instance names being global, added: Horizon; removed Cloud-VPS, Cloud-Services.

upstream?

Aug 30 2017, 7:18 PM · Horizon
Krenair added a comment to T41785: Create a labs SMTP smarthost.

! In T41785#3567277, @Krenair wrote:

You mean on separate physical hosts, right? I think we're still limited to eqiad if it is to be a Cloud VPS instance :)

Nah, this doesn't seem like a workload that justifies physical hardware. I just mean that if we can avoid a SPOF that's a good thing, and if multi-site is possible all the better.

Aug 30 2017, 7:06 PM · Operations, Cloud-Services, Mail
Krenair awarded T162977: Create top-level domain for a project on project creation a Like token.
Aug 30 2017, 6:48 PM · Patch-For-Review, Cloud-Services
Krenair added a comment to T166845: monitor some things on all Cloud instances (discussion).

Like shinken?

Aug 30 2017, 6:44 PM · Patch-For-Review, cloud-services-team (Kanban), Cloud-VPS
Krenair added a comment to T171570: Rename database labswiki to wikitech.

Surely it'd be wikitechwiki anyway :p

Aug 30 2017, 6:41 PM · DBA, wikitech.wikimedia.org
Krenair added a comment to T167973: Move wikitech and labstestwiki to s3.

I cannot think any reason why wikitech's database (and the similar labstestwiki) is not part of s3

Historically, wikitech was separate because it held important documentation that ops would want to continue to access if most of the site went down. Now we have wikitech-static, so...

Aug 30 2017, 6:40 PM · Data-Services, wikitech.wikimedia.org, cloud-services-team, DBA
Krenair added a comment to T41785: Create a labs SMTP smarthost.

Next tricky step is that <projectname>.wmflabs.org does not exist in DNS by default.

Aug 30 2017, 6:29 PM · Operations, Cloud-Services, Mail
Krenair added a comment to T41785: Create a labs SMTP smarthost.

For sure! Maybe a pair of instances in different locations for durability?

Aug 30 2017, 6:25 PM · Operations, Cloud-Services, Mail
Krenair added a comment to T174596: dmz_cidr only includes some wikimedia public IP ranges, leading to some very strange behaviour.

See also T167357 where this task will probably become obsolete, I just wanted to document the effect of this really.

Aug 30 2017, 6:19 PM · netops, Cloud-VPS, Operations
Krenair updated the task description for T174596: dmz_cidr only includes some wikimedia public IP ranges, leading to some very strange behaviour.
Aug 30 2017, 6:18 PM · netops, Cloud-VPS, Operations
Krenair created T174596: dmz_cidr only includes some wikimedia public IP ranges, leading to some very strange behaviour.
Aug 30 2017, 6:17 PM · netops, Cloud-VPS, Operations

Aug 29 2017

Krenair added a comment to T174488: Request for additional edit permissions on wikitech.wikimedia.org for dr0ptp4kt.

The edit to the page after that one doesn't make a lot of sense...

Aug 29 2017, 8:16 PM · User-bd808, Cloud-Services, cloud-services-team