Page MenuHomePhabricator

jbond (John Bond)
Staff Site Reliability Engineer

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Sunday

  • Clear sailing ahead.

User Details

User Since
Jan 7 2019, 1:06 PM (175 w, 3 d)
Availability
Available
IRC Nick
jbond
LDAP User
Jbond
MediaWiki User
JBond (WMF) [ Global Accounts ]

Recent Activity

Today

jbond added a comment to T308826: puppet admin: check if additional groups in systemd::sysuser conflicts with admin.yaml.

confirmed that the addtional_gropups parameter is not compatible with groups managed by the admin module. this is because the admin module use an exec to check on group permissions. It doesn't know about the groups managed by the systemd::user (or user) type and thus removes them. then the systemd::sysuser/user resources adds them back causing a puppet change on every run

Fri, May 20, 12:07 PM · Patch-For-Review, Puppet, Infrastructure-Foundations
jbond renamed T308826: puppet admin: check if additional groups in systemd::sysuser conflicts with admin.yaml from puppet admin: check if additional gropus in systemd::sysuser conflicts with admin.yaml to puppet admin: check if additional groups in systemd::sysuser conflicts with admin.yaml.
Fri, May 20, 11:38 AM · Patch-For-Review, Puppet, Infrastructure-Foundations
jbond renamed T308826: puppet admin: check if additional groups in systemd::sysuser conflicts with admin.yaml from puppet admin: cxheck if additional gropus in systenmd::sysuser conflicts with admin.yaml to puppet admin: check if additional gropus in systemd::sysuser conflicts with admin.yaml.
Fri, May 20, 11:37 AM · Patch-For-Review, Puppet, Infrastructure-Foundations
jbond triaged T308826: puppet admin: check if additional groups in systemd::sysuser conflicts with admin.yaml as Medium priority.
Fri, May 20, 9:15 AM · Patch-For-Review, Puppet, Infrastructure-Foundations

Yesterday

jbond added a comment to T306654: Request sudo access for Jclark-ctr.

There is already an group named sre-admins (used for SRE's without root), that gives the same SSO access to web service ops the ops group, but doesn't have +2 on the operations repos. We could either use this group or copy it. To avoid confusion i would vote to create a new group but use sre-admins as an reference when assigning permissions in the puppet repo.

Thu, May 19, 7:05 PM · Infrastructure-Foundations (FY2021/2022-Q4), SRE, SRE-Access-Requests
jbond updated the task description for T308639: Remove legacy functions.
Thu, May 19, 1:09 PM · Patch-For-Review, Infrastructure-Foundations, User-jbond, Puppet
jbond updated the task description for T308639: Remove legacy functions.
Thu, May 19, 12:54 PM · Patch-For-Review, Infrastructure-Foundations, User-jbond, Puppet
jbond updated the task description for T308639: Remove legacy functions.
Thu, May 19, 12:53 PM · Patch-For-Review, Infrastructure-Foundations, User-jbond, Puppet
jbond added a comment to T308013: Assign SPDX headers to puppet.git.

Before October 1st 2012, the code is my own and per my contract at the time: "source code contributed as part of this contract relationship will be licensed under an applicable open source license" and I hereby place it under Apache License 2 with copyright Antoine Musso <hashar@free.fr>. Then I don't know whether there is a lot left from this era beside the Rake puppet-lint, contint and jenkins modules.

From October 1st 2012 till December 31 2019 I had a joint copyright agreement with the Wikimedia Foundation. So essentially everything is ALSO owned by "Wikimedia Foundation Inc." and I guess that can be assigned to both of us Antoine Musso <hashar@free.fr> and Wikimedia Foundation Inc..

Since March 2020, the code is owned by my employer WFRR CRM Services (the France local SafeGuard branch). I am guessing there is some legal agreement with Wikimedia Foundation Inc and if so the code can be attributed to Wikimedia Foundation Inc.. Then given I don't think I have introduced any module but modified existing code, all those probably get placed under Apache License 2 which thus implies the code is also under Apache License 2.

Thu, May 19, 11:22 AM · Patch-For-Review, Infrastructure-Foundations, SRE
jbond added a comment to T306654: Request sudo access for Jclark-ctr.

Not directly because of the datacenter-ops group but you get it from the LDAP ops group and John is in that group. So that should work

For me the access to puppet-merge and +2 on the puppet repo needs more information as to what tasks need to be preformed. As mentioned the combination of theses two privileges allows one to the same amount of control as global root.

Thu, May 19, 11:19 AM · Infrastructure-Foundations (FY2021/2022-Q4), SRE, SRE-Access-Requests
jbond created P28111 (An Untitled Masterwork).
Thu, May 19, 10:49 AM

Wed, May 18

jbond updated the task description for T308639: Remove legacy functions.
Wed, May 18, 3:12 PM · Patch-For-Review, Infrastructure-Foundations, User-jbond, Puppet
jbond created P27950 (An Untitled Masterwork).
Wed, May 18, 2:35 PM
jbond updated the task description for T308639: Remove legacy functions.
Wed, May 18, 1:31 PM · Patch-For-Review, Infrastructure-Foundations, User-jbond, Puppet
jbond added a comment to T288470: Replace cassandra-ca-manager with cergen .

Thanks @jbond - Do you think it would be better to create a new intermediary for Cassandra, similar to the way we did for Kafka?

Wed, May 18, 1:13 PM · Platform Team Workboards (Platform Engineering Reliability), Cassandra
jbond added a comment to P27926 Error on first puppet run (went away on second run).

its probably more related to load order so slightly different issue on production but i think that the same fix wil solve both. however feel free to assign the task to me once WMCS is happy and i can double check production :)

Wed, May 18, 12:18 PM
jbond added a comment to P27926 Error on first puppet run (went away on second run).

production host

Wed, May 18, 12:17 PM
jbond added a comment to T308601: Puppet fails on new cloud-vps VMs (with new base images) due to wanting /usr/local/lib/nagios/plugins.

This issue is also affecting production reimages see P27926

Wed, May 18, 12:17 PM · Cloud-Services-Origin-Team, Cloud-Services-Worktype-Maintenance, User-dcaro, Infrastructure-Foundations, Observability-Alerting, Puppet, Cloud-VPS, Patch-For-Review, cloud-services-team (Kanban)
jbond added a comment to P27926 Error on first puppet run (went away on second run).

@jcrespo see T308601 taavi is applying fixes as we speak

Wed, May 18, 12:15 PM
jbond updated the task description for T308639: Remove legacy functions.
Wed, May 18, 8:57 AM · Patch-For-Review, Infrastructure-Foundations, User-jbond, Puppet
jbond added a comment to T288470: Replace cassandra-ca-manager with cergen .

@BTullis thanks and yes i agree any new migrations should go directly to pki.discovery.wmnet. Happy to help

Wed, May 18, 8:54 AM · Platform Team Workboards (Platform Engineering Reliability), Cassandra
jbond created T308639: Remove legacy functions.
Wed, May 18, 8:36 AM · Patch-For-Review, Infrastructure-Foundations, User-jbond, Puppet
jbond created P27901 puppet 7.7. Gemfile.
Wed, May 18, 8:02 AM
jbond created P27899 puppet 7.7 Gemfile patch.
Wed, May 18, 7:56 AM

Mon, May 16

jbond added a comment to T308350: Access to trusted gitlab runners for gitlab-roots (or appropriate similar group).

@lmata/@MoritzMuehlenhoff Can you add it to your Monday agenda please?

This has been added, will update after the meeting

<3 thanks all!

This was approved will create the CR tomorrow

Mon, May 16, 5:10 PM · Infrastructure-Foundations, SRE, Release-Engineering-Team (GitLab-a-thon 🦊), serviceops, GitLab (CI & Job Runners), User-brennen, SRE-Access-Requests
jbond added a comment to T308013: Assign SPDX headers to puppet.git.

Could you expand on why Apache 2 specifically (e.g. vs MIT or BSD?)- is it because trademarks?

Mon, May 16, 2:56 PM · Patch-For-Review, Infrastructure-Foundations, SRE
jbond added a comment to T307762: Puppet broken on deploy03.

Nice catch, TIL about wmflib::resource_hosts, thanks John!

Mon, May 16, 11:44 AM · Beta-Cluster-Infrastructure
jbond added a comment to T308350: Access to trusted gitlab runners for gitlab-roots (or appropriate similar group).

Sounds good from from my side: seems analogous to the current setup of contint-roots on the Jenkins hosts.

Added @LSobanski + @akosiaris per the approval line in data.yaml

Mon, May 16, 11:09 AM · Infrastructure-Foundations, SRE, Release-Engineering-Team (GitLab-a-thon 🦊), serviceops, GitLab (CI & Job Runners), User-brennen, SRE-Access-Requests
jbond closed T307762: Puppet broken on deploy03 as Resolved.

This is working now. I had to fix up api redirect in "[LOCAL HACK] Attempt to secure Puppet DB better" on the deployment prep puppetmaster. please reopen if there are still issues

Mon, May 16, 10:53 AM · Beta-Cluster-Infrastructure

Fri, May 13

jbond closed T307565: sre.hosts.reimage cookbook dosn't like different LC_ALL environments as Resolved.

We have now disabled sending and accepting LANG and LC environment variables in production, closing

Fri, May 13, 10:05 AM · Patch-For-Review, Infrastructure-Foundations, Spicerack, SRE-tools

Thu, May 12

jbond created P27801 (An Untitled Masterwork).
Thu, May 12, 9:22 AM

Wed, May 11

jbond added a comment to P27788 (An Untitled Masterwork).

image.png (631×1 px, 34 KB)

Wed, May 11, 2:38 PM
jbond created P27788 (An Untitled Masterwork).
Wed, May 11, 2:35 PM
jbond added a comment to P27781 (An Untitled Masterwork).

$ git log [11:24:20]
commit 542f2c5b55fd7a6035f0aff2d0896fb0dd89c6b4 (HEAD, tag: v3.0.12-wmf)
Author: John Bond <github@johnbond.org>
Date: Thu Jun 3 21:16:42 2021 +0200

Wed, May 11, 9:24 AM
jbond created P27781 (An Untitled Masterwork).
Wed, May 11, 9:24 AM

Tue, May 10

jbond created T308002: Move Netbox authentication to python-social-auth.
Tue, May 10, 11:11 AM · CAS-SSO, Infrastructure-Foundations, netbox
jbond committed rOSNB91fb60854623: Add CAS authentication support (authored by jbond).
Add CAS authentication support
Tue, May 10, 10:10 AM
jbond committed rOSNBa653243bc251: Add a passthrough configuration system (authored by crusnov).
Add a passthrough configuration system
Tue, May 10, 10:10 AM
jbond committed rOSNB6467d16516e9: Switch swagger to non-public mode (authored by crusnov).
Switch swagger to non-public mode
Tue, May 10, 10:10 AM
jbond committed rOSNB36d7bce387c6: Add CAS authentication support (authored by jbond).
Add CAS authentication support
Tue, May 10, 9:28 AM
jbond committed rOSNBc0451ed09fc5: Add a passthrough configuration system (authored by crusnov).
Add a passthrough configuration system
Tue, May 10, 9:28 AM
jbond committed rOSNB2ca80b6bb556: Switch swagger to non-public mode (authored by crusnov).
Switch swagger to non-public mode
Tue, May 10, 9:28 AM
jbond committed rOSNB98f32d988d7e: Add CAS authentication support (authored by jbond).
Add CAS authentication support
Tue, May 10, 9:10 AM
jbond committed rWISC459138f41b6e: wikimedia-operations: add rzl to ops (authored by jbond).
wikimedia-operations: add rzl to ops
Tue, May 10, 6:35 AM

Mon, May 9

jbond added a comment to T307873: [mitigated] Google returning 503 error when delivering to mx1001 and mx2001.

My reading of https://seclists.org/oss-sec/2017/q4/324 suggests that if a BDAT command is issued after the mail or RCPT command then exim will respond with this error message. Looking at the log line above we see the commands issued where C=EHLO,STARTTLS,EHLO,MAIL,RCPT,BDAT,RSET,NOOP,MAIL,RCPT,BDAT) i.e. we do see a BDAT after RCPT

Mon, May 9, 3:16 PM · SRE, Mail, Infrastructure-Foundations
jbond added a comment to T307873: [mitigated] Google returning 503 error when delivering to mx1001 and mx2001.

My reading of https://seclists.org/oss-sec/2017/q4/324 suggests that if a BDAT command is issued after the mail or RCPT command then exim will respond with this error message. Looking at the log line above we see the commands issued where C=EHLO,STARTTLS,EHLO,MAIL,RCPT,BDAT,RSET,NOOP,MAIL,RCPT,BDAT) i.e. we do see a BDAT after RCPT

Mon, May 9, 3:11 PM · SRE, Mail, Infrastructure-Foundations
jbond added a comment to T307873: [mitigated] Google returning 503 error when delivering to mx1001 and mx2001.

demonstrating the we support chunking

Mon, May 9, 3:03 PM · SRE, Mail, Infrastructure-Foundations
jbond triaged T307905: Add validate function to conftool reqconfig extension as Medium priority.
Mon, May 9, 11:43 AM · conftool
jbond added a comment to T307873: [mitigated] Google returning 503 error when delivering to mx1001 and mx2001.

I have looked in our logs and the following is an example of what we see on our side

Mon, May 9, 9:05 AM · SRE, Mail, Infrastructure-Foundations
jbond updated subscribers of T307873: [mitigated] Google returning 503 error when delivering to mx1001 and mx2001.

@jhathaway wonder if anything may have changed recently

Mon, May 9, 8:27 AM · SRE, Mail, Infrastructure-Foundations
jbond added a comment to T307873: [mitigated] Google returning 503 error when delivering to mx1001 and mx2001.

Also see

Screen Shot 2022-05-07 at 7.47.59 PM.png (1×1 px, 139 KB)

Mon, May 9, 8:25 AM · SRE, Mail, Infrastructure-Foundations

Fri, May 6

jbond added a comment to T307775: Adding a nes scap::soource failed due to lack of git user config.

Further to this on the passive node we get an error on every puppet run due to the following

Fri, May 6, 11:54 AM · Scap
jbond created T307775: Adding a nes scap::soource failed due to lack of git user config.
Fri, May 6, 11:45 AM · Scap
jbond added a comment to T67270: Default license for operations/puppet.

We have had a response from leagle which state3s that it is fine to licence all *@wikimedia.org contributions under the Apache licence. As such i think we can start to do this with some module that we know have been developed completly internaly e.g. apereo_cas (which almost exclusively developed by myself). In order to move a module to this new licenced model i propose that we update modules to:

  • add an spdx-licence header to each file in the module
  • add the apache licence file to the route of the module
  • create and spdx file in the module directory root

Ill create a change to convert apereo_cas to demonstrated and critice the list above.

Fri, May 6, 11:28 AM · Patch-For-Review, SRE, Software-Licensing, Documentation, WMF-Legal, WMF-General-or-Unknown

Wed, May 4

jbond updated the task description for T307565: sre.hosts.reimage cookbook dosn't like different LC_ALL environments.
Wed, May 4, 12:31 PM · Patch-For-Review, Infrastructure-Foundations, Spicerack, SRE-tools
jbond triaged T307565: sre.hosts.reimage cookbook dosn't like different LC_ALL environments as Medium priority.
Wed, May 4, 12:30 PM · Patch-For-Review, Infrastructure-Foundations, Spicerack, SRE-tools
jbond merged T305245: pcc should support Depends-On for a labs/private patch into T265633: Allow running PCC with different states of the private repo for prod/change catalog.
Wed, May 4, 11:48 AM · Infrastructure-Foundations, User-jbond, puppet-compiler
jbond merged task T305245: pcc should support Depends-On for a labs/private patch into T265633: Allow running PCC with different states of the private repo for prod/change catalog.
Wed, May 4, 11:48 AM · Infrastructure-Foundations, puppet-compiler
jbond created P27433 (An Untitled Masterwork).
Wed, May 4, 10:58 AM
jbond added a comment to T285086: Prepare puppet master infrastructure for bullseye.

puppetdb package is not currently available in bullseye

Wed, May 4, 10:55 AM · Infrastructure-Foundations, Patch-For-Review, User-jbond, Puppet

Tue, May 3

jbond added a comment to T300977: Maybe restrict domains accessible by webproxy.

If I may add my use case too, I would like to be able to restrict the access to the webproxies from the cumin hosts (cluster::management puppet role) and potentially other sensitive hosts. Ideally to an allow-list of URLs or something similar.

Tue, May 3, 3:18 PM · Patch-For-Review, Research, Product-Analytics, SRE, netops, Infrastructure-Foundations, Data-Engineering
jbond triaged T303803: Prometheus use of Squid proxies as Medium priority.
Tue, May 3, 1:26 PM · SRE Observability (FY2021/2022-Q4)
jbond added a comment to T307445: Grafana posting to http://wpt-graphite.wmftest.org:8080/.

this is likely related to https://wikitech.wikimedia.org/wiki/Performance/Graphite/Synthetic_Instance

Tue, May 3, 12:46 PM · observability, netops, Infrastructure-Foundations
jbond created T307445: Grafana posting to http://wpt-graphite.wmftest.org:8080/.
Tue, May 3, 10:57 AM · observability, netops, Infrastructure-Foundations
jbond added a comment to T306654: Request sudo access for Jclark-ctr.

As for the puppet-merge on the puppetmasters, does the datacenter-ops have +2 on the operations/puppet repository on Gerrit?

To be explicit +2 on gerrit and sudo puppet-merge allows one to promote them self to global root, which seems undesirable. what exactly is puppet-merge access required for. perhaps we can work on migrating this functionality elsewhere?

Tue, May 3, 10:39 AM · Infrastructure-Foundations (FY2021/2022-Q4), SRE, SRE-Access-Requests

Thu, Apr 28

jbond created P26865 (An Untitled Masterwork).
Thu, Apr 28, 2:57 PM

Wed, Apr 27

jbond updated subscribers of T306238: Netbox Juniper report.

I think the best option is to use OIDC, however that comes with a couple of caveats.

  1. We don't currently have OIDC support enabled in CAS so there could be some teething issues enabling this first services
  2. We are currently planning to upgrade CAS and would want to have that bed in before adding OIDC support (we hope to have idp-test working within ~2 weeks)
Wed, Apr 27, 11:34 AM · SRE, netops, netbox, Infrastructure-Foundations

Tue, Apr 26

jbond added a comment to T306354: hpssacli and hpssaducli not available on Debian Bullseye.

This shouldn't be required as we allready have code to install ssacli based on the value of the raid fact. We should revert all the changes here and investigate why machines dont have the correct fact value. What machine where you seeing issues on?

Tue, Apr 26, 3:34 PM · Infrastructure-Foundations, cloud-services-team (Kanban)
jbond added a comment to T67270: Default license for operations/puppet.

@jbond In the meantime, maybe we can add a rule to lint -1ing any new puppet/or otherwise file that doesn't SPDX-License-Identifier?

Tue, Apr 26, 1:33 PM · Patch-For-Review, SRE, Software-Licensing, Documentation, WMF-Legal, WMF-General-or-Unknown
jbond added a comment to P23803 SRE Observability contact hosts.

The following also seems to work, however the functionality is not documented on the puppetdb api pages so it may not always work

Tue, Apr 26, 10:56 AM
jbond added a comment to T306830: role_contacts (service owners) as a custom puppet fact / cumin aliases for owners.

use cumin to ask "what is the kernel version of all machines owned by $subteam" or "which hosts owned by $subteam are still on buster"

As we pass this value as a paramter to profile::contacts we can allready use cumin to preform theses searches. e.g.

Tue, Apr 26, 10:28 AM · SRE
jbond changed the status of T306809: sre.dns.netbox cookbook dosn't support period terminated domains from Open to Stalled.

As per an offline conversation with @Volans. newer versions of netbox allow us to preform custom data validations as such i'm going to set this ticket to stalled until we upgrade netbox to at least version 3.0

Tue, Apr 26, 9:58 AM · SRE, Traffic, DNS, netbox, SRE-tools, Infrastructure-Foundations
jbond added a comment to T306809: sre.dns.netbox cookbook dosn't support period terminated domains .

Im not sure i understand this response. The value entered which caused an error was ns-recursor0.openstack.codfw1dev.wikimediacloud.org. instead of ns-recursor0.openstack.codfw1dev.wikimediacloud.org both are valid FQDN and strictly speaking the one with the terminating period is the more correct form.

Tue, Apr 26, 9:13 AM · SRE, Traffic, DNS, netbox, SRE-tools, Infrastructure-Foundations

Mon, Apr 25

jbond triaged T306809: sre.dns.netbox cookbook dosn't support period terminated domains as Medium priority.
Mon, Apr 25, 3:30 PM · SRE, Traffic, DNS, netbox, SRE-tools, Infrastructure-Foundations
jbond added a comment to T306429: check_user: manager information not present anymore.

indeed it seems that the data is no longer in gsuite. ill take a new look at https://gerrit.wikimedia.org/r/c/operations/puppet/+/761029

Mon, Apr 25, 1:28 PM · User-jbond, Infrastructure-Foundations
jbond added a comment to T211750: Introduce Python code formatters usage.

We already have logic to detect python2 vs python3 files based on the shebang and could reuse this for any black jobs (forgetting for a moment that a shbang of /usr//bin/python means different things on bullseye vs stretch)

Even on Bullseye /usr/bin/python means Python 2 by default (any such script running on Bullseye will simply not find the command).

There is a separate package which symlinks python/python-dev to the Python 3 versions (https://tracker.debian.org/pkg/what-is-python) but we don't use it.

Mon, Apr 25, 12:26 PM · Infrastructure-Foundations, User-Kormat, tox-wikimedia, Patch-For-Review, SRE, SRE-tools
jbond created P26486 (An Untitled Masterwork).
Mon, Apr 25, 12:20 PM
jbond added a comment to T275575: Add superset-next.wikimedia.org domain for superset staging.

@jbond I see you've worked on our identity provider, is it possible to require multifactor authentication for a service?

Mon, Apr 25, 11:32 AM · Patch-For-Review, Data-Engineering-Kanban, Product-Analytics, Superset, Data-Engineering, Analytics-Clusters
jbond added a comment to T211750: Introduce Python code formatters usage.

Our we ready to consider running black on our puppet repo?

Mon, Apr 25, 11:21 AM · Infrastructure-Foundations, User-Kormat, tox-wikimedia, Patch-For-Review, SRE, SRE-tools
jbond triaged T306788: Update offboard-user script to use Keystone API as Medium priority.
Mon, Apr 25, 11:01 AM · Cloud-VPS, Infrastructure-Foundations, SRE-tools, User-jbond

Mar 25 2022

jbond added a comment to T303434: Add operations/software/purged to Codesearch.

moritz suggested we should just add all software we maintain so ill create a cr to do that

Mar 25 2022, 12:59 PM · Patch-For-Review, SRE, VPS-project-Codesearch
jbond triaged T303434: Add operations/software/purged to Codesearch as Medium priority.
Mar 25 2022, 12:43 PM · Patch-For-Review, SRE, VPS-project-Codesearch
jbond updated subscribers of T303434: Add operations/software/purged to Codesearch.

Im not too familiar with code search so not sure wht does and doesn't make senses but tagging a few project owners
@Joe pcc
@Volans anything extra you can think of e.g. cumin, debmonitor, debdeploy, homer
@CDanis klaxon, statograph?
@ssingh censorship monitoring?
@RLazarus httpbb?
@JMeybohm cfssl-issuer?

Mar 25 2022, 12:41 PM · Patch-For-Review, SRE, VPS-project-Codesearch
jbond updated the task description for T303434: Add operations/software/purged to Codesearch.
Mar 25 2022, 12:28 PM · Patch-For-Review, SRE, VPS-project-Codesearch
jbond triaged T304390: Email spam from varying tawk.email addresses as Medium priority.
Mar 25 2022, 12:22 PM · User-Ladsgroup, SRE, Wikimedia-Mailing-lists
jbond closed T304120: Grant Access to nda/logstash for User:TheDJ as Resolved.

@TheDJ Access has been granted you should be able to access the requested resources now, please let me know if yu have any issues

Mar 25 2022, 12:21 PM · SRE, LDAP-Access-Requests
jbond triaged T304617: Lock-in Varnish and VarnishKafka versions as Medium priority.
Mar 25 2022, 11:35 AM · Data-Engineering-Radar, SRE, Traffic
jbond triaged T304599: Integrate Bullseye 11.3 point update as Medium priority.
Mar 25 2022, 11:32 AM · Infrastructure-Foundations, SRE

Mar 24 2022

jbond committed rLPRI5e02254f597a: wikidough: add fake secrets (authored by jbond).
wikidough: add fake secrets
Mar 24 2022, 2:00 PM
jbond committed rLPRI0e2691a24414: Merge branch 'master' of ssh://gerrit.wikimedia.org:29418/labs/private (authored by jbond).
Merge branch 'master' of ssh://gerrit.wikimedia.org:29418/labs/private
Mar 24 2022, 2:00 PM
jbond created P23027 (An Untitled Masterwork).
Mar 24 2022, 1:56 PM
jbond triaged T304502: Requesting access to google console for TomekSikora.Monsoon as Medium priority.
Mar 24 2022, 12:38 PM · Search-Console-access-request, SRE
jbond closed T304541: Adding snwachukwu@wikimedia.org to the analytics-alerts mailing list as Resolved.

This has been completed

Mar 24 2022, 12:37 PM · Data-Engineering, SRE
jbond triaged T304546: Integrate Buster 10.12 point update as Medium priority.
Mar 24 2022, 12:30 PM · Infrastructure-Foundations, SRE

Mar 23 2022

jbond added a comment to T304237: Cert renewal for {appserver,api}.svc.{eqiad,codfw}.wmnet.

Thanks! I think we can now destroy the ones in the Puppet CA mentioned in T304237#7790839 at this point.

Would that be puppet cert clean <CN>?

That might work too, Spicerack uses puppet ca --disable_warnings deprecations destroy {hostname}.

either of theses should work, ping me if you need a hand.

Mar 23 2022, 5:28 PM · Patch-For-Review, Infrastructure-Foundations, serviceops, SRE
jbond merged T304543: Service puppet certificate due to expire into T304237: Cert renewal for {appserver,api}.svc.{eqiad,codfw}.wmnet.
Mar 23 2022, 5:25 PM · Patch-For-Review, Infrastructure-Foundations, serviceops, SRE
jbond merged task T304543: Service puppet certificate due to expire into T304237: Cert renewal for {appserver,api}.svc.{eqiad,codfw}.wmnet.
Mar 23 2022, 5:25 PM · serviceops, SRE
jbond triaged T304543: Service puppet certificate due to expire as High priority.
Mar 23 2022, 5:14 PM · serviceops, SRE
jbond closed T304361: Requesting access to stat1007 for sgimeno as Resolved.

@Sgs access has now been set up you shuld have recived an email indicating how to configure kerberos, please re-open if you are still having issues

Mar 23 2022, 12:04 PM · SRE, SRE-Access-Requests
jbond updated the task description for T304361: Requesting access to stat1007 for sgimeno.
Mar 23 2022, 11:49 AM · SRE, SRE-Access-Requests