[10:00:43] <MirahezeRelay_>	 <paladox> Is nginx reloading
[14:22:38] <MacFan4000>	 Well, Puppet should be doing that automatically
[14:29:12] <MacFan4000>	 Nginx has been restarted on mw* and I still am served the old certs
[14:29:35] <MacFan4000>	 Of course I can’t check things in cp* so could be an issue there
[15:01:39] <MirahezeRelay_>	 <rhinosf1> It only really matters what cp* is serving
[15:02:02] <MirahezeRelay_>	 <rhinosf1> The cert served on mw* is not forwarded
[15:08:06] <MacFan4000>	 @orduin when you get a chance, could you please take a look into this?
[15:59:30] <MirahezeRelay_>	 <Juesto> macfan4000 where are you? i dont see you in libera.chat
[15:59:42] <MirahezeRelay_>	 <Juesto> oh oops
[15:59:46] <MirahezeRelay_>	 <Juesto> i got channels mixed up
[18:48:07] <MirahezeRelay_>	 <orduin> Ah yup, forgot to last night
[19:13:17] <MirahezeRelay_>	 <orduin> MacFan4000, in what way are the ssl certs not deploying? I'm seeing what appears to be three extra certificates on cp22, but that's about it
[19:19:58] <MacFan4000>	 @orduin https://github.com/miraheze/ssl/commit/b11b531006ad56b07e1d2574c2a8bbad9122a46b this renewal is form 2 days ago, yet if you go to that domain the cert that is served is expiring on sept 9th which shouldn't be
[19:20:44] <MirahezeRelay_>	 <orduin> Ah, yeah, I'm seeing a puppet log that indicates a change hit localcerts but did not notify nginx to restart
[19:27:47] <MacFan4000>	 we should try manually restarting then
[19:52:25] <MacFan4000>	 @orduin ^
[19:55:01] <MirahezeRelay_>	 <orduin> Yeah, but I also want to make sure we don't get this recurring in the future
[19:56:00] <MacFan4000>	 Not clear to me why it’s happening - it was working fine the day before
[19:57:59] <MirahezeRelay_>	 <orduin> From the looks of things, <https://github.com/miraheze/puppet/blob/5e297bf177e9916197a1e1ebca740da2dc1c16f4/modules/ssl/manifests/all_certs.pp#L23> isn't establishing a proper require relationship
[19:58:20] <MirahezeRelay_>	 <orduin> I suspect `defined(Service["nginx"])` doesn't produce the desired effect
[20:00:22] <MacFan4000>	 @paladox ^^ you were doing stuff in that file
[20:13:26] <MirahezeRelay_>	 <orduin> https://github.com/miraheze/puppet/pull/3396/files
[20:13:34] <MirahezeRelay_>	 <orduin> reloaded nginx
[20:26:10] <MirahezeRelay_>	 <paladox> Hmm
[20:27:12] <MirahezeRelay_>	 <paladox> Merged
[21:59:27] <MirahezeRelay_>	 <paladox, replying to cookmeplox> done a lot of tuning although not finished yet.
[21:59:48] <MirahezeRelay_>	 <paladox> We've identified the login system (CentralAuth) as one culprit which is causing performance issues.
[22:00:06] <MirahezeRelay_>	 <paladox> it's obviously not been tested or made for a wiki farm that just grows...
[22:00:57] <MirahezeRelay_>	 <paladox> I've also speeded up the puppet runs so certs can get deployed/updated much faster.
[22:02:42] <MirahezeRelay_>	 <orduin> [1/4] Looks like patch works:
[22:02:42] <MirahezeRelay_>	 <orduin> [2/4] ```
[22:02:42] <MirahezeRelay_>	 <orduin> [3/4] Debug: /Stage[main]/Ssl::All_certs/File[/etc/ssl/localcerts]/notify: notify to Service[nginx]
[22:02:43] <MirahezeRelay_>	 <orduin> [4/4] ```
[22:37:32] <MirahezeRelay_>	 <originalauthority, replying to paladox> _looks at WMF_
[23:01:22] <Juest>	 @paladox, is the updated math extension deployed to miraheze yet?