In T323717#8564666, @ssingh wrote:

In T323717#8564660, @jbond wrote:

In T323717#8560745, @ssingh wrote:

iDrac shouldn't upgrade to 6.00.00.00 (breaks https mgmt access), cap at 5.10.30.00.

FYI its safe to update to the most recent idrac version now, can you update where ever this information is?

This is from https://wikitech.wikimedia.org/wiki/SRE/Dc-operations/Platform-specific_documentation/Dell_Documentation#Urgent_Firmware_Revision_Notices: ... is it safe to do 6.x now?

Hi ssingh ,

In T323717#8560745, @ssingh wrote:

@ssingh i have created a patch to defer reboots until all drivers have been uploaded. Are you able to let me know a host i can test on?

In T247517#8533090, @herron wrote:

In T247517#8211187, @jbond wrote:

• did the emails informing @herron that the machine was due to be deleted go out correctly
• where they received by @herron (spam filter etc)
• why where they not acted upon (possibly not enough notice)

I don't recall seeing any email warnings re: instance deletion, and don't see any archived with a cursory search of my mailboxes. But I can double check. What should the from/subject headers have been?

It should come from do_not_reply@wmcloud.org

I have gone ahead and merged the changes to rename this account, please reopen if you have have any issues

@BCornwall thanks for reviving this. i think that this ultimately stalled as there was a questions of wether it would be usefull. from memory the main questions where

• is there a set of universal sysctl settings that are useful across the board
• does it make senses to try have theses settings configured in a base profile or is it better to have the settings in the application specific profile

150:100:150 seems a bit more logical to me although i think they have the same end result so not a big deal

fyi we now have OIDC support in production, currently been tested by @SLyngshede-WMF

In T277011#8516648, @MoritzMuehlenhoff wrote:

In T277011#8516622, @jbond wrote:

With bullseye apt even does this automatically

wonder if we could backport this to buster, ignore stretch and call it done?

With Buster being around for nine months (and many migrations happening much earlier) we could even focus on building this based on apt/bullseye entirely. After all, the problem has been around for quite a while and still having it for some more months on a small subset of the fleet seems fine. Backporting would be a little tricky since it's a feature in apt itself and there are no backports for dpkg.

With bullseye apt even does this automatically

wonder if we could backport this to buster, ignore stretch and call it done?

In T326316#8515619, @ayounsi wrote:

Both of theses look like manual user actions possibly would be fixed with https://gerrit.wikimedia.org/r/c/operations/puppet/+/771568/ been rolled out globally

Only seeing that set of patches now, I left a comment on:
https://gerrit.wikimedia.org/r/c/operations/puppet/+/771411/8#message-232fee2f2106f145e77d72a41219ced4f1b8d120

I don't see any red-flag on rolling it out globally, if there are no blockers, let's draft an email for sre-at-large@ to plan a global roll out?

After a chat with @MoritzMuehlenhoff they are from the pbuilder environments

I took a look at this and the pbuilder environments already go direct however there is a systemd timer debian-weekly-rebuild.service that seems to be responsible for this traffic, CR sent.

@BTullis Seems you have allready gone through most of the issues i went through. Some addtional things to mention

For now i have added the dnsquery dns_lookup function

also possibly useful: https://apereo.github.io/cas/6.5.x/installation/Configuring-Commandline-Shell.html

this seems to be fixed in puppet 6.0.0 so wont get fixed in the 5 branch

Full command for what exactly? The downgrade issue is fixed with the commented info:

i meant the full cookbook command that you ran however...

what's the full command you are using robh?

Notice: Compiled catalog for jbond-laptop.home.arpa in environment production in 0.02 seconds
Notice: Applied catalog in 0.01 seconds

leaving this here as it may also be useful https://olivernguyen.io/w/sapling/. disclaimer i have not tested myself

upstream bug re java 11