Fri, Apr 16
Looks good to me!
@crusnov Could you please take modules/raid/files/check-raid.py with precedence? It's part of a Bullseye base install and thus affected by it's lack of Python 2.
Looks good! Some comments below:
Thu, Apr 15
@lmata: for your approval
Wed, Apr 14
Tendril and dbtree are now running on a new Buster instance dbmonitor1002.wikimedia.org ith PHP 5.6 packages from sury.org (since Tendril needs the mysql extention dropped in PHP 7) and dbmonitor1001/jessie has been removed.
kraz has been replaced by two Buster instances (irc1001.wikimedia.org and irc2001.wikimedia.org) was eventually removed.
bast1003 has now fully replaced bast1002. The decom task for bast1002 is T280110
Tue, Apr 13
I have stopped apache on dbmonitor1001 (and done chmod -x to apache2 binary so puppet doesn't bring it up), let's leave it till next week and if nothing breaks, let's decommission it
Thu, Apr 8
@MSantos, @hnowlan : I've uploaded the postgis 3.1.1 backport to the newly created component/postgis for buster. You can add it to the maps Puppet manifests using apt::package_from_component (feel free to add me as reviewer).
Wed, Apr 7
git-fat is the only package requiring Python 2 in a base bullseye setup at this point.
I've rebooted kraz to force the remaining bots still connected to kraz to reconnect to irc2001.w.o.
Tue, Apr 6
bast1003 is up and running; I've sent an announcement to the ops list so that people update their configs. Will open a decom task next week.
What's the timeline for the actual Mailman 3 migration? Early steps for making bullseye usable are ongoing and we'll be able to run a few machines on bullseye even before it's finally released (we've done that for buster before, I'm keeping an eye on security packages and those pilots installs manually and if necessary we pull sec updates from sid (before they migrated or roll out local fixes). If this can wait two more weeks (by then base should be ready), let's directly install the Mailman 3 systems with bullseye?
Thu, Apr 1
@MSantos You can find a backport for buster at https://people.wikimedia.org/~jmm/postgis/ Can you run some tests whether that's what you need? If all is fine, I'll import them to a repository component on apt.wikimedia.org
Fri, Mar 26
Hmmh, I added some debug output to wmf-auto-restart on an-launcher1002 and it seems to correctly pick up the config, the executed lsof command is
Is an-launcher in anyway different than the rest of Hadoop, like different mount options or so? We would have seen that error also happening on the rest of the Hadoop cluster, wouldn't we?
Thu, Mar 25
Wed, Mar 24
VM has been created/install, further setup via T278255 once kraz is gone.
This has been created and is being used.
I've merged https://gerrit.wikimedia.org/r/674392 and shut down deployment-logstash2, it can be removed for good in a few days. Puppet was broken on this instance since September 2020, so if anything really still used it, it would probably be broken anyway...
tendril.w.o and dbtree.w.o are now served from dbmonitor1002.wikimedia.org running Buster. If there are any issues, we can fallback to dbmonitor1001 by reverting https://gerrit.wikimedia.org/r/674303
Tue, Mar 23
This is complete
Mon, Mar 22
There's a second CVE ID for pygments: CVE-2021-27291
https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce and fixed via https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14
Fri, Mar 19
Mar 19 2021
This eventually got assigned CVE-2021-27358.
Same for "A number of new administrative actuator endpoints are presented to report back on the registered authentication handlers and policies."
Mar 17 2021
There's still part 2 and 3 coming (but rather next month), should we reopen the task when ready or make a new one?
Mar 16 2021
Ouch, let's move to dbmonitor to Stretch, then? If PHP 5 is the blocker (I remember some issues with PHP7 vaguely), I can make a stretch-wikimedia build of php5, but this really, really needs to move away from jessie: jessie is EOLed for three quarters now and we spend a lot of time on backporting security fixes for jessie-wikimedia internally and this really needs to end now.
With orchestrator in place, can these be removed now? Support for jessie will cease in two weeks.
This has been flapping in Icinga, e.g. for today:
Mar 12 2021
What's up with icinga1001/icinga2001, they are still up and running?
Mar 11 2021
There's now a group of companies related to OTRS which will be collaborating on Znuny: https://www.otter-alliance.de/en/die-allianz.html
Mar 10 2021
Pasting in my comments from IRC (which are based on a very quick look):
[16:33] <moritzm> bullseye has 3.1, but it's hard to tell how complex a backport will be, given that maps is still on stretch
[16:33] <moritzm> and the list of build deps in 3.1 is not small
[16:33] <moritzm> and includes things like protobuf and libgdal
[16:34] <moritzm> I think this can only really be estimated if someone gives it a shot for half an hour