Page MenuHomePhabricator
People taavi

taavi (Taavi Väänänen)
SREAdministrator

Projects (44)
View All

Calendar

Today

  • No visible events.

Tomorrow

  • No visible events.

Tuesday

  • No visible events.

User Details

User Since
Feb 24 2019, 3:58 PM (354 w, 6 d)
Roles
Administrator
Availability
Available
IRC Nick
taavi
LDAP User
Majavah
MediaWiki User
Taavi [ Global Accounts ]

Recent Activity
View All

Yesterday

taavi added a comment to T412607: Ensure that auto-created Phabricator projects for Toolforge tools are always editable by that tool's maintainers.
In T412607#11457361, @A_smart_kitten wrote:

Just to be absolutely clear, would this be about the idea to include tool maintainers in the edit policy of auto-created projects, or about the idea to automatically add tool maintainers/Toolforge members to Trusted-Contributors (or about both)?

Sat, Dec 13, 11:26 PM · Phabricator, Striker, cloud-services-team
taavi added a comment to T412607: Ensure that auto-created Phabricator projects for Toolforge tools are always editable by that tool's maintainers.

Seems reasonable to me. We could even just add people to Trusted-Contributors after their Toolforge access request has been approved, instead of only adding those who end up creating a project.

Sat, Dec 13, 7:24 PM · Phabricator, Striker, cloud-services-team
taavi added a subtask for T364516: Look for ways to consolidate "we trust this human" access lists: T412607: Ensure that auto-created Phabricator projects for Toolforge tools are always editable by that tool's maintainers.
Sat, Dec 13, 7:22 PM · Release-Engineering-Team (Radar), cloud-services-team, GitLab (Auth & Access), Toolforge, Phabricator
taavi added a parent task for T412607: Ensure that auto-created Phabricator projects for Toolforge tools are always editable by that tool's maintainers: T364516: Look for ways to consolidate "we trust this human" access lists.
Sat, Dec 13, 7:22 PM · Phabricator, Striker, cloud-services-team
taavi merged task T412597: Translation Guidelines Documentation into T412596: Translation Guidelines Documentation.
Sat, Dec 13, 3:45 PM · Tool-ghanasupremecases1, WMA-HackChallenge-2025
taavi merged T412597: Translation Guidelines Documentation into T412596: Translation Guidelines Documentation.
Sat, Dec 13, 3:45 PM · Tool-ghanasupremecases1, WMA-HackChallenge-2025
taavi merged task T412594: Technical Architecture Overview into T412593: Technical Architecture Overview.
Sat, Dec 13, 3:45 PM · Tool-ghanasupremecases1, WMA-HackChallenge-2025
taavi merged T412594: Technical Architecture Overview into T412593: Technical Architecture Overview.
Sat, Dec 13, 3:45 PM · Tool-ghanasupremecases1, WMA-HackChallenge-2025
taavi removed a project from T412580: Grant TausheefHassan edit access to auto-created Toolforge Phabricator project (Tool-pid-bangladesh-uploadbot): Striker.
Sat, Dec 13, 12:23 PM · Phabricator

Fri, Dec 12

taavi added a comment to T412433: checkwiki toolforge webservice restarts every few minutes.

Seems like your tool is running out of memory:

taavi@tools-bastion-14:~ $ k describe -n tool-checkwiki pod checkwiki-59666598d4-cx57c
Name:             checkwiki-59666598d4-cx57c
Namespace:        tool-checkwiki
[cut]
    Last State:     Terminated
      Reason:       OOMKilled
      Exit Code:    137
      Started:      Fri, 12 Dec 2025 17:43:13 +0000
      Finished:     Fri, 12 Dec 2025 17:44:35 +0000
[...]
Fri, Dec 12, 5:49 PM · cloud-services-team, Toolforge
taavi renamed MollyMaclachlan.
Fri, Dec 12, 3:44 PM
taavi added a comment to T412427: prod0.twl.eqiad1.wikimedia.cloud started sending several emails per second.
In T412427#11452322, @jsn.sherman wrote:

I would ask that you unblock us since I've cancelled out the survey run, which is manually triggered. That way our regular account communications can still go through while we fix the issues ahead of trying the survey again.

Fri, Dec 12, 11:20 AM · Moderator-Tools-Team (Kanban), The-Wikipedia-Library

Thu, Dec 11

taavi changed the subtype of T412428: Wikidata full .json.gz dumps not published since 20250625 from "Production Error" to "Bug Report".
Thu, Dec 11, 5:59 PM · Wikidata, Data-Engineering, Dumps-Generation, Wikidata data dumps
taavi removed a project from T412428: Wikidata full .json.gz dumps not published since 20250625: Wikimedia-production-error.
Thu, Dec 11, 5:58 PM · Wikidata, Data-Engineering, Dumps-Generation, Wikidata data dumps
taavi created T412427: prod0.twl.eqiad1.wikimedia.cloud started sending several emails per second.
Thu, Dec 11, 5:26 PM · Moderator-Tools-Team (Kanban), The-Wikipedia-Library
taavi closed T411790: jobs-api lists running buildservice images as "unknown" as Resolved.
Thu, Dec 11, 4:19 PM · tools-platform-team, Toolforge
taavi closed T408543: MTU setting in IPv6 VMs causes issues with Docker as Resolved.
Thu, Dec 11, 3:49 PM · Patch-For-Review, cloud-services-team, Cloud-VPS
taavi reopened T412410: SRE Service Ops - Subproject to experiment new structure as "Open".

Well, derp, this indeed requests a new project in addition to the column management permissions that Trusted-Contributors gives. Which leads me to: Why a subproject? (Since you can't have a specific task tagged in both a parent project and subproject at the same time, there's not much more you can do with a subproject in this case compared to just playing with the main board directly.)

Thu, Dec 11, 3:47 PM · Project-Admins
taavi closed T412410: SRE Service Ops - Subproject to experiment new structure as Resolved.

Added you to Trusted-Contributors

Thu, Dec 11, 3:03 PM · Project-Admins
taavi added a member for Trusted-Contributors: MLechvien-WMF.
Thu, Dec 11, 3:03 PM

Wed, Dec 10

taavi added a comment to T412265: Pushing to the docker registry fails with 500 Internal Server Error.

Grepping for the request ID shows this:

Dec 10 18:38:16 registry2005 docker-registry[608]: time="2025-12-10T18:38:16.115838953Z" level=error msg="unknown error completing upload: timeout expired while waiting for segments of /docker/registry/v2/repositories/restricted/mediawiki-multiversion/_uploads/b01bff22-794f-4341-bbd9-41d53187ffd1/data to show up" go.version=go1.19.8 http.request.host=docker-registry.discovery.wmnet http.request.id=52d055ca-f623-4185-9e0e-d69a2e83f977 http.request.method=PUT http.request.remoteaddr=10.192.32.7 http.request.uri="/v2/restricted/mediawiki-multiversion/blobs/uploads/b01bff22-794f-4341-bbd9-41d53187ffd1?_state=[redacted]&digest=[redacted]" http.request.useragent="docker/20.10.5+dfsg1 go/go1.15.15 git-commit/363e9a8 kernel/5.10.0-36-amd64 os/linux arch/amd64 UpstreamClient(Docker-Client/20.10.5+dfsg1 \\(linux\\))" vars.name=restricted/mediawiki-multiversion vars.uuid=b01bff22-794f-4341-bbd9-41d53187ffd1
Wed, Dec 10, 8:25 PM · serviceops, SRE, MW-on-K8s
taavi added a comment to T412265: Pushing to the docker registry fails with 500 Internal Server Error.

Nothing immediately obvious in the registry logs:

Dec 10 18:38:16 registry2005 docker-registry[608]: time="2025-12-10T18:38:16.115983796Z" level=error msg="error canceling upload after error: already committed" go.version=go1.19.8 http.request.host=docker-registry.discovery.wmnet http.request.id=52d055ca-f623-4185-9e0e-d69a2e83f977 http.request.method=PUT http.request.remoteaddr=10.192.32.7 http.request.uri="/v2/restricted/mediawiki-multiversion/blobs/uploads/b01bff22-794f-4341-bbd9-41d53187ffd1?_state=[redacted]&digest=[redacted]" http.request.useragent="docker/20.10.5+dfsg1 go/go1.15.15 git-commit/363e9a8 kernel/5.10.0-36-amd64 os/linux arch/amd64 UpstreamClient(Docker-Client/20.10.5+dfsg1 \\(linux\\))" vars.name=restricted/mediawiki-multiversion vars.uuid=b01bff22-794f-4341-bbd9-41d53187ffd1
Dec 10 18:38:16 registry2005 docker-registry[608]: time="2025-12-10T18:38:16.145477553Z" level=error msg="response completed with error" err.code=unknown err.detail="timeout expired while waiting for segments of /docker/registry/v2/repositories/restricted/mediawiki-multiversion/_uploads/b01bff22-794f-4341-bbd9-41d53187ffd1/data to show up" err.message="unknown error" go.version=go1.19.8 http.request.host=docker-registry.discovery.wmnet http.request.id=52d055ca-f623-4185-9e0e-d69a2e83f977 http.request.method=PUT http.request.remoteaddr=10.192.32.7 http.request.uri="/v2/restricted/mediawiki-multiversion/blobs/uploads/b01bff22-794f-4341-bbd9-41d53187ffd1?_state=[redacted]&digest=[redacted]" http.request.useragent="docker/20.10.5+dfsg1 go/go1.15.15 git-commit/363e9a8 kernel/5.10.0-36-amd64 os/linux arch/amd64 UpstreamClient(Docker-Client/20.10.5+dfsg1 \\(linux\\))" http.response.contenttype="application/json; charset=utf-8" http.response.duration=13.175337905s http.response.status=500 http.response.written=70 vars.name=restricted/mediawiki-multiversion vars.uuid=b01bff22-794f-4341-bbd9-41d53187ffd1
Dec 10 18:38:16 registry2005 docker-registry[608]: 127.0.0.1 - - [10/Dec/2025:18:38:02 +0000] "PUT /v2/restricted/mediawiki-multiversion/blobs/uploads/b01bff22-794f-4341-bbd9-41d53187ffd1?_state=[redacted]&digest=[redacted] HTTP/1.1" 500 70 "" "docker/20.10.5+dfsg1 go/go1.15.15 git-commit/363e9a8 kernel/5.10.0-36-amd64 os/linux arch/amd64 UpstreamClient(Docker-Client/20.10.5+dfsg1 \\(linux\\))"
Wed, Dec 10, 8:23 PM · serviceops, SRE, MW-on-K8s

Tue, Dec 9

taavi closed T412142: Getting forbidden from public CI runners on forgejo with opendatasync as Resolved.
Tue, Dec 9, 7:37 PM · Traffic, SRE
taavi added a comment to T412142: Getting forbidden from public CI runners on forgejo with opendatasync.

Please provide the full HTTP response body, which either details why the request is blocked or contains an internal identifier for us to locate the relevant WAF rule.

Tue, Dec 9, 6:02 PM · Traffic, SRE
taavi created P86480 (An Untitled Masterwork).
Tue, Dec 9, 3:33 PM
taavi added a comment to T408592: Request: Wikipedia 25 microsite hosting.
In T408592#11443145, @Jelto wrote:
In T408592#11441688, @ATitkov wrote:

Hi @Dzahn

Sounds ok from my side. But I have question - would I still be able to deploy to toolforge a dev version for review / feedback / approvals?

I'm not a toolforge expert, but from looking at the deploy docs it looks like you can specify which repository you want to use. But maybe @Dzahn or toolforge experts like @taavi know more about that. Is it possible to use a different GitLab repo to serve wikipedia25-years-of-wikipedia.toolforge.org or is the toolforge project tied to the GitLab project toolforge-repos/wikipedia25-years-of-wikipedia ?

Tue, Dec 9, 10:23 AM · Patch-For-Review, collaboration-services, SRE, PES1.3.3 WP25 Easter Eggs

Mon, Dec 8

taavi closed T411996: Toolforge access request for Outreachy intern as Invalid.

Toolforge access can be requested via https://toolsadmin.wikimedia.org/.

Mon, Dec 8, 10:23 AM · cloud-services-team, Outreachy (Round 31), Toolforge
taavi edited projects for T411993: dpogorzelski gpg key, added: SRE; removed Security.
Mon, Dec 8, 10:18 AM · SRE

Sat, Dec 6

taavi added a comment to T411926: Patch Demo failed: no class Wikimedia\Equivset\Equivset.
In T411926#11438333, @Tacsipacsi wrote:

So the installation of oojs/ui removes a bunch of Composer dependencies, including wikimedia/equivset. I don’t know why this happens [...]

Sat, Dec 6, 7:55 PM · Catalyst (PatchDemo)
taavi added a project to T411936: Android app: replies not visible (cache?): Wikipedia-Android-App-Backlog.
Sat, Dec 6, 5:51 PM · Content-Transform-Team, Wikipedia-Android-App-Backlog
taavi changed the subtype of T411930: `toolforge components config generate` fails on train-blockers tool from "Task" to "Bug Report".
Sat, Dec 6, 12:58 PM · cloud-services-team, Toolforge
taavi created T411930: `toolforge components config generate` fails on train-blockers tool.
Sat, Dec 6, 12:58 PM · cloud-services-team, Toolforge
taavi created T411928: PasswordlessLogin CI failure on master.
Sat, Dec 6, 12:39 PM · ci-test-error, PasswordlessLogin
taavi added a project to T411927: Temporary account adding URL on first Publish attempt gets hCaptcha request, but no popup.: Product Safety and Integrity.
Sat, Dec 6, 12:31 PM · Product Safety and Integrity, WE4.2 Bot detection (WE4.2 hCaptcha editing trial), ConfirmEdit (CAPTCHA extension)
taavi added projects to T411927: Temporary account adding URL on first Publish attempt gets hCaptcha request, but no popup.: ConfirmEdit (CAPTCHA extension), WE4.2 Bot detection (WE4.2 hCaptcha editing trial).
Sat, Dec 6, 12:30 PM · Product Safety and Integrity, WE4.2 Bot detection (WE4.2 hCaptcha editing trial), ConfirmEdit (CAPTCHA extension)

Fri, Dec 5

taavi added a comment to T198138: Disable agent forwarding for Cloud VPS.
In T198138#11436783, @Physikerwelt wrote:

Thanks. I did that, it works. It still means that everyone with access to that machine can push to that repo (if I wouldn't use a password for the ssh-key). I would guess that having many private keys stored on labs instances makes them a valuable target for attackers. Thus I found the ssh agent forwarding approach more secure (if used correctly).

Fri, Dec 5, 4:19 PM · cloud-services-team, Patch-For-Review, Cloud-VPS, Security
taavi closed T411470: Page on cloudweb/horizon down as Resolved.
Fri, Dec 5, 3:11 PM · Horizon, cloud-services-team
taavi removed a project from T361859: Document diffusion->github mirroring to https://github.com/toolforge/ on wikitech: wikitech.wikimedia.org.
Fri, Dec 5, 2:22 PM · cloud-services-team, Phabricator, User-bd808, Documentation, Diffusion, Toolforge
taavi closed T269380: rename/delete/something duplicate accounts for Muhammad Usman as Declined.

Declining to reflect reality.

Fri, Dec 5, 2:20 PM · LDAP
taavi closed T208387: Rename labs/toollabs components to toolforge/wmcs where appropriate as Resolved.

We've renamed a lot of things over the years.

Fri, Dec 5, 2:19 PM · cloud-services-team
taavi closed T198138: Disable agent forwarding for Cloud VPS as Resolved.

Yes, this is https://lists.wikimedia.org/hyperkitty/list/cloud-announce@lists.wikimedia.org/thread/WDYB4XJ6GCQYVD4JUEOD2TJKFGSQFXFH/ and I forgot to close the task.

Fri, Dec 5, 1:32 PM · cloud-services-team, Patch-For-Review, Cloud-VPS, Security
taavi added a project to T367399: Default to the Puppet 7 PCC CI test, make it voting and eventually remove the Puppet 5 one: Puppet CI.
Fri, Dec 5, 1:26 PM · Puppet CI, Patch-For-Review, Puppet-Infrastructure, SRE, Infrastructure-Foundations

Thu, Dec 4

taavi added a comment to T410465: wikipedia25-years-of-wikipedia tool loads and uses non-free JavaScript.

@ATitkov: Ping? Any news here?

Thu, Dec 4, 11:19 PM · Software-Licensing, Tools, PES1.3.3 WP25 Easter Eggs
taavi edited projects for T411799: E-mail doesn't get confirmed and gets unlinked constantly, added: MediaWiki-User-management; removed Infrastructure-Foundations, Notifications (Echo), Mail.
Thu, Dec 4, 4:26 PM · MediaWiki-Email, MediaWiki-User-management
taavi claimed T411790: jobs-api lists running buildservice images as "unknown".
Thu, Dec 4, 2:47 PM · tools-platform-team, Toolforge
taavi created T411790: jobs-api lists running buildservice images as "unknown".
Thu, Dec 4, 2:38 PM · tools-platform-team, Toolforge
taavi created T411783: Move cloudweb hosts to cloud racks?.
Thu, Dec 4, 2:01 PM · Infrastructure-Foundations, netops, Striker, Horizon, cloud-services-team
taavi removed a project from T343644: Improve maintenance message CSS: Patch-For-Review.
Thu, Dec 4, 12:29 PM · cloud-services-team, CSS, Quarry
taavi closed T343644: Improve maintenance message CSS as Resolved.
Thu, Dec 4, 12:28 PM · cloud-services-team, CSS, Quarry
taavi triaged T411248: Plan to make clouddumps more resilient and easier to operate as Medium priority.
Thu, Dec 4, 11:45 AM · Data-Services, Cloud-VPS, cloud-services-team
taavi triaged T411470: Page on cloudweb/horizon down as High priority.
Thu, Dec 4, 11:45 AM · Horizon, cloud-services-team
taavi closed T410382: Ensure ingress pods get scheduled on ingress nodes as Resolved.
Thu, Dec 4, 11:25 AM · cloud-services-team, Toolforge
taavi claimed T410421: Add paging alert if Toolforge HAProxy connection limit is reached.
Thu, Dec 4, 10:32 AM · Patch-For-Review, User-dcaro, Toolforge, cloud-services-team

Wed, Dec 3

taavi edited P86393 (An Untitled Masterwork).
Wed, Dec 3, 9:43 PM
taavi created P86393 (An Untitled Masterwork).
Wed, Dec 3, 9:43 PM
taavi closed T411027: Emails to Google group no-reply@wikimedia.org are not being delivered - SMTP server issue? as Declined.
Wed, Dec 3, 6:52 PM · Mail, Infrastructure-Foundations, SRE
taavi created P86386 (An Untitled Masterwork).
Wed, Dec 3, 6:49 PM
taavi added a comment to T351688: 404 error when using action=raw on an admin-level hidden revision.

As far as I can tell this is MW serving a blank page:

taavi@deploy2002 ~ $ curl -v --connect-to ::mw-web.discovery.wmnet:4450 "https://www.mediawiki.org/w/index.php?title=User:DannyS712/sandbox&oldid=6207359&action=raw"
* Uses proxy env variable no_proxy == 'wikipedia.org,wikimedia.org,wikibooks.org,wikinews.org,wikiquote.org,wikisource.org,wikiversity.org,wikivoyage.org,wikidata.org,wikiworkshop.org,wikifunctions.org,wiktionary.org,mediawiki.org,wmfusercontent.org,w.wiki,wikimediacloud.org,wmnet,127.0.0.1,::1'
* Connecting to hostname: mw-web.discovery.wmnet
* Connecting to port: 4450
*   Trying 10.2.1.75:4450...
* Connected to mw-web.discovery.wmnet (10.2.1.75) port 4450 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=mediawiki-main-tls-proxy-certs
*  start date: Nov 19 20:56:00 2025 GMT
*  expire date: Dec 17 20:56:00 2025 GMT
*  subjectAltName: host "www.mediawiki.org" matched cert's "*.mediawiki.org"
*  issuer: C=US; L=San Francisco; O=Wikimedia Foundation, Inc; OU=SRE Foundations; CN=discovery
*  SSL certificate verify ok.
> GET /w/index.php?title=User:DannyS712/sandbox&oldid=6207359&action=raw HTTP/1.1
> Host: www.mediawiki.org
> User-Agent: curl/7.74.0
> Accept: */*
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Mark bundle as not supporting multiuse
< HTTP/1.1 404 Not Found
< date: Wed, 03 Dec 2025 18:40:46 GMT
< server: mw-web.codfw.main-78dd885bd6-rdrgr
< x-powered-by: PHP/8.3.26
< x-content-type-options: nosniff
< content-security-policy: default-src 'self'; script-src 'none'; object-src 'none'
< vary: Accept-Encoding,X-Subdomain,Cookie,Authorization
< cache-control: public, s-maxage=0, max-age=1209600
< traceparent: 00-24245b4fcba3a33764d2c01fa3ba782f-c9d7b65c49cacf2c-00
< x-request-id: e57e9104-f0fa-4b7d-b387-d1a2f2d54f3f
< last-modified: Tue, 21 Nov 2023 02:58:50 GMT
< backend-timing: D=51247 t=1764787246163783
< content-length: 0
< content-type: text/x-wiki; charset=UTF-8
< x-envoy-upstream-service-time: 51
< 
* Connection #0 to host mw-web.discovery.wmnet left intact

(note the content-type: text/x-wiki; charset=UTF-8 header!)

Wed, Dec 3, 6:42 PM · MW-Interfaces-Team, MediaWiki-Revision-deletion, Traffic, User-DannyS712
taavi edited P86384 (An Untitled Masterwork).
Wed, Dec 3, 6:20 PM
taavi created P86384 (An Untitled Masterwork).
Wed, Dec 3, 6:19 PM
taavi added a project to T411649: Application Security Review Request : MultiTitle: MediaWiki-extensions-MultiTitle.
Wed, Dec 3, 4:57 PM · MediaWiki-extensions-MultiTitle, secscrum, Security, Application Security Reviews
taavi triaged T411509: Octavia network public access inconsistency as Medium priority.
Wed, Dec 3, 1:37 PM · cloud-services-team, Cloud-VPS
taavi closed T411274: Audit and standardize on UTC timezone for grafana.wmcloud.org dashboards as Resolved.

After merging the default settigns patch above I went through all grafana.wmcloud.org dashboards and changed the few non-UTC ones to use the default (which is now UTC). There were some in browser time, and a few ones hardcoded to CET for some reason(?).

Wed, Dec 3, 12:45 PM · cloud-services-team
taavi added a comment to T411503: x-provenance header: identify WMCS.

Sure, done at https://tools-static.wmflabs.org/admin/meta/worker-ips.json and documented at the same place.

Wed, Dec 3, 12:31 PM · Patch-For-Review, Infrastructure-Foundations, Traffic
taavi closed T411610: Publish machine-readable information for Toolforge worker IPs as Resolved.
Wed, Dec 3, 12:31 PM · tools-infrastructure-team, Toolforge
taavi closed T411610: Publish machine-readable information for Toolforge worker IPs, a subtask of T411503: x-provenance header: identify WMCS, as Resolved.
Wed, Dec 3, 12:31 PM · Patch-For-Review, Infrastructure-Foundations, Traffic
taavi created T411610: Publish machine-readable information for Toolforge worker IPs.
Wed, Dec 3, 11:57 AM · tools-infrastructure-team, Toolforge
taavi added a comment to T411503: x-provenance header: identify WMCS.

Ok, we now publish https://meta.wmcloud.org/cloudvps-ips-all.json (which is now documented at https://wikitech.wikimedia.org/wiki/Help:Cloud_VPS_IP_space#Machine-readable_data). I can't quite tell from the comments here - would a similar file for the Toolforge workers be helpful as well?

Wed, Dec 3, 11:28 AM · Patch-For-Review, Infrastructure-Foundations, Traffic
taavi closed T411590: Publish machine-readable version of Cloud VPS IP space as Resolved.
Wed, Dec 3, 11:19 AM · tools-infrastructure-team, Cloud-VPS
taavi closed T411590: Publish machine-readable version of Cloud VPS IP space, a subtask of T411503: x-provenance header: identify WMCS, as Resolved.
Wed, Dec 3, 11:19 AM · Patch-For-Review, Infrastructure-Foundations, Traffic
taavi added a parent task for T399807: Allow team customization for service::catalog probes: T411470: Page on cloudweb/horizon down.
Wed, Dec 3, 10:53 AM · Observability-Alerting
taavi added a subtask for T411470: Page on cloudweb/horizon down: T399807: Allow team customization for service::catalog probes.
Wed, Dec 3, 10:53 AM · Horizon, cloud-services-team
taavi claimed T411590: Publish machine-readable version of Cloud VPS IP space.
Wed, Dec 3, 10:15 AM · tools-infrastructure-team, Cloud-VPS
taavi created T411590: Publish machine-readable version of Cloud VPS IP space.
Wed, Dec 3, 9:52 AM · tools-infrastructure-team, Cloud-VPS
taavi added a project to T367593: Replace 'download' cloud-vps project after we support per-tool object storage: Cloud-VPS.
Wed, Dec 3, 9:51 AM · Cloud-VPS, cloud-services-team

Tue, Dec 2

taavi added a comment to T411552: Make "Requests from your IP have been blocked" more visible in Beta cluster error page.

Duplicate of T401489: Separate error templates for 5xx (server errors) and 4xx (IP blocks) or parametrize Varnish messaging?

Tue, Dec 2, 9:29 PM · Patch-For-Review, Beta-Cluster-Infrastructure, MediaWiki-Platform-Team (Radar), Traffic
taavi triaged T392384: magnum dashboard shows clusters across all projects as Medium priority.
Tue, Dec 2, 6:48 PM · cloud-services-team, Upstream, Horizon, Openstack-Magnum
taavi moved T392384: magnum dashboard shows clusters across all projects from Backlog to Upstream on the Horizon board.
Tue, Dec 2, 6:48 PM · cloud-services-team, Upstream, Horizon, Openstack-Magnum
taavi changed the subtype of T203035: Designate DNS TXT records max length is 255 chars (Horizon reports vague "Error: Unable to create the record set.") from "Task" to "Bug Report".
Tue, Dec 2, 6:47 PM · cloud-services-team, Horizon, Upstream
taavi added projects to T219079: Horizon - Not possible to remove A record from Record Set: Upstream, TestMe.
Tue, Dec 2, 6:46 PM · TestMe, Upstream, cloud-services-team, Horizon
taavi changed the subtype of T219079: Horizon - Not possible to remove A record from Record Set from "Task" to "Bug Report".
Tue, Dec 2, 6:46 PM · TestMe, Upstream, cloud-services-team, Horizon
taavi changed the subtype of T192182: Horizon instance list: Sorting should work regardless of paging from "Task" to "Bug Report".
Tue, Dec 2, 6:46 PM · cloud-services-team, Upstream, Horizon
taavi changed the subtype of T207937: Keep and display audit log of who added/removed who to a project, as well as who gave/took projectadmin role access from "Task" to "Feature Request".
Tue, Dec 2, 6:42 PM · cloud-services-team, Horizon
taavi triaged T250623: Allow providing a commit message for hieradata changes as Low priority.
Tue, Dec 2, 6:41 PM · cloud-services-team, Puppet, Horizon
taavi changed the subtype of T150828: Horizon prefix puppet dialog puts you in wrong prefix after you create a new prefix from "Task" to "Bug Report".
Tue, Dec 2, 6:41 PM · cloud-services-team, Horizon
taavi changed the subtype of T190709: Horizon: Support host-matching for sudo rules from "Task" to "Feature Request".
Tue, Dec 2, 6:41 PM · cloud-services-team, Horizon
taavi triaged T411531: Prevent creating web proxies on ports with no matching security group rule to permit the traffic as Low priority.
Tue, Dec 2, 5:34 PM · cloud-services-team, Horizon
taavi changed the subtype of T411531: Prevent creating web proxies on ports with no matching security group rule to permit the traffic from "Task" to "Feature Request".
Tue, Dec 2, 5:34 PM · cloud-services-team, Horizon
taavi created T411531: Prevent creating web proxies on ports with no matching security group rule to permit the traffic.
Tue, Dec 2, 5:33 PM · cloud-services-team, Horizon
taavi created T411528: api.enterprise.wikimedia.com should support IPv6.
Tue, Dec 2, 5:17 PM · IPv6, Wikimedia Enterprise
taavi closed T411445: Elasticsearch credential request for gutensearch as Resolved.

Your credentials will be usable in about half an hour when Puppet runs on the full Elastic cluster.

Tue, Dec 2, 5:01 PM · cloud-services-team, Toolforge (Quota-requests)
taavi claimed T411445: Elasticsearch credential request for gutensearch.
Tue, Dec 2, 4:57 PM · cloud-services-team, Toolforge (Quota-requests)
taavi removed projects from T411508: network::constants::mw_appserver_networks is out of date (or named poorly?): netops, Infrastructure-Foundations.
Tue, Dec 2, 3:41 PM · Patch-For-Review, Puppet, serviceops
taavi added a comment to T411503: x-provenance header: identify WMCS.

I don't think we currently have any places outside of https://wikitech.wikimedia.org/wiki/Help:Cloud_VPS_IP_space that publish our IP space. Would it be helpful if we published the same information in some machine-readable format?

Tue, Dec 2, 3:40 PM · Patch-For-Review, Infrastructure-Foundations, Traffic
taavi created T411509: Octavia network public access inconsistency.
Tue, Dec 2, 3:37 PM · cloud-services-team, Cloud-VPS
taavi closed T411081: Improve how virt networks are configured in cloudgw, a subtask of T407140: Plan networking for Toolforge-on-Metal experiment, as Resolved.
Tue, Dec 2, 3:32 PM · Infrastructure-Foundations, netops, Toolforge, tools-infrastructure-team
taavi closed T411081: Improve how virt networks are configured in cloudgw as Resolved.
Tue, Dec 2, 3:32 PM · tools-infrastructure-team, Cloud-VPS
taavi added a comment to T411081: Improve how virt networks are configured in cloudgw.
In T411081#11412295, @fgiunchedi wrote:

Something I wanted to add: I'm not very familiar with that part of the puppet codebase though I was wondering if we can start referring to the networks and their attributes by name. It will enable us to have puppet code e.g. "give me the subnets for VXLAN/IPv6-dualstack, either v4 or v6 or both", in other words get to more understandable and manageable code/understanding. Ditto for other attributes/properties for a given network like its gateway, etc. Let me know what you think!

Tue, Dec 2, 3:32 PM · tools-infrastructure-team, Cloud-VPS
taavi created T411508: network::constants::mw_appserver_networks is out of date (or named poorly?).
Tue, Dec 2, 3:31 PM · Patch-For-Review, Puppet, serviceops

Mon, Dec 1

taavi created P86257 (An Untitled Masterwork).
Mon, Dec 1, 8:14 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits