We don't really log a ton in LDAP and most application (not sure how Gerrit does it) queries for the user and then validates the password internally.

I've done a few check and there isn't any reason to reimage the host.

@AnnieKim_WMDE you should be getting an email with a temporary password and some instruction.

Key has been verified. I'll ping you once I have everything rolled out, shouldn't take long.

@Martyn.ranyard is only for the SSH key :-)

@Ottomata already approved.

@Dzahn if you verified the ssh key out of band, then we can just restore your patch to data.yaml and create the Kerberos principal.
I can merge the patch and to create the principal, if you would just confirm that you verified the ssh key.

@Cuthead Sorry, I'll just reopen this. I still need to do the second half of the caching servers, those that deals with upload.

@AnnieKim_WMDE Hi, did you get the access you needed?

Bastion host map has been updated.

That host no longer exists and have been replaced by bast5005.wikimedia.org

SSH key verified out of band.

@thcipriani for your approval.

Hi @ZSinger-WMF access to the wmf group can be requests via https://idm.wikimedia.org/permissions/

For testing I suggest rolling out to e.g. MAGRU first.
We can then test that cookies get set with

Puppet currently fails to run and hasn't done so since May 10th, at 21:23

Memory is also having issues

Same issue for cp4052:

cp4046 refused to be reimaged and seems to be missing some configuration in Netbox from what I can tell. I've pinged @Papaul and asked to have it investigated as I'm not entirely sure how to fix it.

Re-image command:

Depooling command output, for the records:

Minor error in command, should have been:

Only hosts in this one rack will be touched: https://netbox.wikimedia.org/dcim/racks/34/ but we'll depool the entire site before work starts.

Depooling command: (depool datacenter and depool dns4003)

I'll bring the topic up at next traffic team meeting.

@Dzahn Yes. We'll figure out if we need to write out to a broader group that the feature is available, but the feature is done and deployed.

@Naruse_shiroha we're currently working on another task, related to TCP Fast Open. To make that work, this task will need to be completed first.

CAS/IDP is now tested against Redis 8 locally. It all works perfectly.

Thank you! I will ping you. Any concerns regarding Redis 8?

For IDP we do not need to migrate data, this is just session storage. The only downside is that people will need to sign back in.

@Papaul Done :-)

This should be fixed, not that we correct add an HTML formatted email to the html mime-type.

Fixed

Notes to myself, for deployment:

@A_smart_kitten I think that's fair, disabling an account isn't exactly hard.

We normally don't disable accounts, just remove any special privileges.

I'm getting an RAID error

I've disabled the account.

@BCornwall We currently have two hosts:

@Tgr do we want to do any more work on this task? If not I'll go a head and close it.

Oh, yeah that look annoying.