[03:55:16] Hi, I want to create a user in my trove instance (postgresql) but it doesn't let me to create a role. Can someone with a root give me root or do create a user for me? [03:55:26] the trove instance is 75a2aobjwyb.svc.trove.eqiad1.wikimedia.cloud [03:58:27] https://openstack-browser.toolforge.org/project/huma [07:28:07] * arturo online [07:38:20] Amir1: iirc trove does not support managing users and databases for postgres via the interface, you'll have to log in as root and then do it manually [09:16:27] where is the DNS tools.db.svc.wikimedia.cloud defined? I found wikireplicas_dns.yaml in puppet but that only contains tools.db.svc.eqiad.wmflabs [09:17:39] i would have imagined it's in wikireplica_dns.yaml :/ [09:18:56] the python script parsing that yaml does some magic, but I can't find a line where it adds that domain [09:21:08] ns authority for svc.wikimedia.cloud is ns0.openstack.eqiad1.wikimediacloud.org, but I don't see that zone in horizon [09:21:37] which project are you looking at? [09:27:18] good point I only looked in tools but it could be in another one [09:29:27] found it! it's defined as a CNAME in project clouddb-services [09:42:56] wdyt of https://gerrit.wikimedia.org/r/c/operations/puppet/+/1034042 ? [09:47:00] I'm still confused by the fact tools.db.svc.wikimedia.cloud is defined in horizon, but s1.analytics.db.svc.wikimedia.cloud is defined in wikireplica_dns.yaml [11:37:05] taavi: the thing is that I can't login to the host directly as I'm in not in the trove project (nor root there) [11:37:28] Amir1: you can set the root password from horizon and then log in from any cloud vps instance with the postgres client installed [11:37:55] well, I did that and that didn't let me make a user [11:38:35] I got the error with a pg client connected from a root user set in horizon [11:40:13] > ERROR: permission denied to create role [11:42:23] hmmm [12:40:01] taavi: creating a web user without any write rights is basically the only blocker from bringing huma live and serving it now, I don't care how it's created, can you create a user humaweb with any random password and grant only select only huma.* please 🥺 if you're too busy, give me a way to do it myself :D [12:40:58] hmm, if you give humaadmin superuser right, I would be able to do it myself too [12:41:16] alter user humadmin superuser; [12:41:25] (with one a, I know, I'm an idiot) [12:44:03] Amir1: how did you try to log in as root before? horizon says that root access to that instance has never been enabled [12:44:36] when I was setting up, the username and password I gave to horizon was humadmin [12:44:53] humaadmin != root [12:45:00] I don't have any root user not password [12:45:15] <@taavi> Amir1: you can set the root password from horizon and then log in from any cloud vps instance with the postgres client installed [12:45:19] I know, but in horizon, I wasn't asked to give a root password [12:46:35] there is a 'manage root access' button in horizon that gave a working password to me... [12:46:51] where is it [12:46:54] I can't find it [12:47:23] hm, are the trove permissions broken somehow? if you go to the instance page it should be on the dropdown menu on the top right corner [12:48:10] https://usercontent.irccloud-cdn.com/file/V2WFRYgm/grafik.png [12:48:31] is it hidden behind those error messages? [12:49:10] ah got it now [12:49:12] our features hidden behind error messages -_- [12:50:26] it's a feature! [12:52:02] to make sure our users are paying attention, and know what they want to do, and ask the right questions, our features are hidden behind error messages :-) [12:54:02] it's also funny that I don't have permissions to see users or dbs (hence the error message) but I can create a root user [12:55:16] no, the issue is that the trove driver for postgres just does not support managing users or databases like the mysql one does which is why you get those errors [13:23:44] Finally https://huma.wmcloud.org/ [13:39:15] taavi: I'm looking at https://gerrit.wikimedia.org/r/c/operations/puppet/+/1032809 -- it looks similar to the patch from last week (the one removing gu_salt), but in that one the column was not dropped from filtered_tables.txt [13:39:40] is it best/common practice to update both maintain-views and filtered_tables at the same time? [13:40:08] actually the other patch was different because it was using AS in the view... [13:40:16] but my question remains [13:41:17] for filtered_tables you need to talk to data persistence, I have no idea what that does [13:41:44] ok! [13:43:29] which might mean that maintain-views and that should be updated in separate patches that can be deployed separately [13:44:15] I will ask that question to data-persistence. I see there are a few commits in the git log where the files were modified together, but I'm not sure if that's a good idea or not [13:54:12] I just noticed that wmcs-cookbooks uses underscores as word separators in cookbook names while sre-cookbooks uses dashes and now i can't unsee that [14:11:54] :-P [16:07:04] * arturo offline [16:52:02] stupid question: Do we over-commit in our cloud infra? Context: I need a VM with a large memory that is going to be used only once a week for an hour. So I wonder if it's okay to make this request or I should try to find a work around (which honestly, I don't think would be possible) [17:19:01] I *think* we overcommit CPU but not RAM? andrewbogott certainly knows the truthful answer [17:20:06] that feels correct to me too. (and Andrew is out until later this week) [17:40:13] thanks