[09:37:41] <dcaro>	 there's a puppetserver loop in codfw that makes cloudinfra-cloudvps-puppetserver-1 depend on cloudinfra-internal-puppetserver-01 that depends on cloudinfra-cloudvps-puppetserver-1 again to run puppet, is that the expected behavior?
[09:37:52] <dcaro>	 (/me is restarting one of them to pick up the autorestart changes from yesterday)
[09:41:21] <arturo>	 dcaro: I kind of recall the loop is expected, yes
[09:41:29] <dcaro>	 codfw puppet alerts should get sorted before tomorrow
[09:41:32] <dcaro>	 ack
[09:41:52] <arturo>	 or, maybe another option would be to make the internal puppetserver be its own client
[10:24:23] <dcaro>	 quick review https://gitlab.wikimedia.org/repos/cloud/toolforge/builds-builder/-/merge_requests/42
[10:24:48] <dcaro>	 arturo: yep, that's what I though we were doing, at least for the main internal puppetmaster (so it only depends on itself kinda thing)
[10:49:46] <arturo>	 quick review https://gitlab.wikimedia.org/repos/cloud/toolforge/lima-kilo/-/merge_requests/123
[12:04:42] <dcaro>	 ^ done (clicked again xd)
[13:06:27] <arturo>	 what is the source for this script (from a tool webservice pod)
[13:06:29] <arturo>	 https://www.irccloud.com/pastebin/5NO9p6Fh/
[13:26:11] <dcaro>	 that looks like the docker entrypoint from the pre-built images
[13:28:04] <taavi>	 https://gerrit.wikimedia.org/r/plugins/gitiles/operations/docker-images/toollabs-images/+/refs/heads/master/shared/lighttpd/webservice-runner
[13:36:41] <taavi>	 bd808: is it possible for dcaro to grant more people edit access to https://toolhub.wikimedia.org/lists/192?
[14:57:06] <bd808>	 taavi: at the moment, no. T317610 is a reasonable feature request for this, but with nobody actively working on anything Toolhub I don't have any guess as to when somebody might make the time to code it.
[14:57:08] <stashbot>	 T317610: Make lists editable by multiple people - https://phabricator.wikimedia.org/T317610
[14:59:05] <bd808>	 In theory WMCS owns Toolhub now and could work on things like this, but I think in practice SWE attention is reasonably still on Toolforge features
[15:01:43] <dcaro>	 raymond was able to edit that list at some point, is that because he's an admin?
[15:09:22] <arturo>	 regarding T362872, I closed it this morning because everyone seemed to agree on option 1, but I just discovered a new data point. Please reevaluate if required
[15:09:22] <stashbot>	 T362872: Decision Request - Toolforge policy agent enforcement model - https://phabricator.wikimedia.org/T362872
[15:12:23] <dcaro>	 👍
[15:21:50] <dcaro>	 oh, I think we should change all the endpoints we have in the toolforge APIs to include the tool, like '/tool/<toolname>/*' in advance to having any kind of authentication besides certificates
[15:22:11] <dcaro>	 (writing it here so it's not only in my brain, will try to create a task too)
[15:22:40] <dcaro>	 otherwise if we authenticate by user (as opposed to by tool), we would not be able to know which tool the user wants to act on
[15:23:16] <arturo>	 makes sense
[15:28:43] <dcaro>	 I'll fill up better, but please add any comments/ideas/etc. here T363346
[15:28:45] <stashbot>	 T363346: [jobs-api,builds-api,envvars-api,api-gateway] Prefix all endpoints with `/tool/<toolname>` - https://phabricator.wikimedia.org/T363346
[15:28:50] <dcaro>	 *fill it up
[15:30:26] <arturo>	 I just discovered T363347
[15:30:27] <stashbot>	 T363347: toolforge lima-kilo: PodSecurityPolicy admission is disabled - https://phabricator.wikimedia.org/T363347
[15:30:35] <bd808>	 dcaro: yeah, R.aymond_Ndibe has god-like powers in Toolhub (like me, b.lancadesal, and JJMC89). https://toolhub.wikimedia.org/members?groups_id=1
[15:31:10] <bd808>	 (there were supposed to be more, but somehow everything stalled out in building community there)
[15:31:47] * arturo offline
[15:32:01] <dcaro>	 I guess we (wmcs) should be getting those eventually too if we are maintaining it xd
[15:32:25] <bd808>	 I'm happy to hand out hats :)
[15:32:27] <arturo>	 bd808: you may want to read T363296 and brain-dump
[15:32:27] <dcaro>	 bd808: how hard do you think it would be to implement T317610? (might get a stab at it)
[15:32:41] <stashbot>	 T363296: toolforge: explore options to introduce egress network quotas - https://phabricator.wikimedia.org/T363296
[15:32:41] <stashbot>	 T317610: Make lists editable by multiple people - https://phabricator.wikimedia.org/T317610
[15:32:49] * arturo offline for real now
[15:34:36] * dcaro off
[15:34:48] <dcaro>	 cya tomorrow (might drop by in a bit too, but gtg right now)
[15:35:22] <bd808>	 dcaro: It probably is not huge, but it is also not completely trivial. It needs a place in the db to track the list of users instead of just a single user, UI to manage that list, and then an update in the perms checker to make the list work.
[15:36:08] <bd808>	 there is a potential question of how someone would find out they were granted such a right
[18:17:26] * bd808 lunch