[03:37:53] legoktm: if someone wished to host a webchat for wikimedia channels, i recall wmtoolforge is not appropriate, because it collects ips or something? and would there be any interest in having a modified version of webchat for here? [03:38:46] I was in discussions with the Cloud Services team this morning about it and we concluded that we could set up a Cloud VPS VM that has a floating IP + ident setup [03:39:06] the key would be some kind of anti-abuse prevention, maybe limiting it just to Wikimedia namespace channels [03:39:15] +1 :) [03:39:32] (we're moving over from #libera-dev where webchat was being discussed) [03:40:10] I'm happy to help with getting started on VPS and that kind of stuff, but I don't have time/bandwidth to maintain something like this myself [03:42:36] https://thelounge.chat/ is one that looks really interesting (in public mode) [03:43:09] running it in bouncer mode would be spooky I think [03:43:57] but if it was namespace restricted and anon-only (no NickServ auth) maybe it could be hacked in to having scrollback for everyone [03:44:02] that would be super cool [03:45:11] legoktm: floating ip meaning the real user's ip isn't exposed to irc, or what? [03:45:45] sorry, a floating IP means that the VM has a fixed IP and isn't behind our NAT [03:46:10] which allows for LC staff to apply the banhammer / exemptions to just that IP and not all of WMCS [03:46:24] oh shiny -- https://thelounge.chat/docs/configuration#webirc-support + https://thelounge.chat/docs/configuration#identd-and-oidentd-support [03:46:33] also we previously looked into ident, and it doesn't work behind our NAT setup, so the VM needs its own IP to talk to LC [03:46:52] whether the user's IP is exposed to LC and then channels is up to the webchat client I think [03:46:59] why do you need ident? users have nick and ip. the ident can be the same [03:47:33] if libera gives you some config setting (webirc block?) then your webchat instance can expose users' ip on the chat [03:50:30] gry: I was under the impression that web chats had to run ident, but maybe i was wrong [03:51:59] i don't think so, though, i may be wrong too [03:52:37] they just need to connect to irc and send a 'hi libera, i am webchat, this user's ip is 1.2.3.4 and my webirc password is iliketrains' line to libera, somewhere together with user and nick [03:53:30] https://ircv3.net/specs/extensions/webirc.html here. it existed before ircv3, they just documented it [03:54:20] ahh very neat [03:54:27] would you like to set up a webchat then? :D [04:00:31] i'm busy today, but i could try it this weekend if you like [04:01:35] gry: sure, let me know if you need any help. I also know Platonides has set one up as well for es channels, maybe he'd be interested in collaborating [04:03:58] which webchat is it? [04:04:14] kiwi, thelounge, or something else entirely? which one would you like? [04:04:24] i host convos.by at home, but i doubt you want it, it has email login [04:05:03] whichever is best? I have no clue, I only ever used the old freenode one and now kiwiirc [04:05:25] the old freenode one == kiwiirc [04:06:33] "The backend of Convos is written in Perl and Mojolicious, while the frontend is written with JavaScript and Svelte." -- perl might limit the number of folks who can help with upstream patches :) [04:07:58] the "old freenode one" was qwebirc? [04:08:50] I also used the super old one on the Toolserver, that was how I first connected to IRC [04:09:23] I thought that was also qwebirc [04:09:40] or maybe there's an even older one I don't know about [04:30:02] I looked through the history of [[WP:IRC]] a bit, couldn't find the TS one I remembered, but I discovered that java.freenode.net used to be a webchat. Can't remember if I ever used it [04:34:00] there's also https://github.com/cjstewart88/nirc [04:34:37] thelounge is a rather nice client, missing few customization options I'd like but I'd imagine itbwoulf be rather nice for a webchat [04:34:58] nice [04:46:01] legoktm: on what box do i install it, then? [04:46:14] i'll try thelounge first [04:49:53] gry: if we don't need a public IP, then we can host it on Toolforge. otherwise we need a VPS project, see https://wikitech.wikimedia.org/wiki/Help:Cloud_VPS_project#Request_a_new_Cloud_VPS_project [04:51:39] we would need the client ip passed to it, and i'm not sure if that's doable on toolforge [04:52:43] it supports xff, but configuring the few layers of proxies in front of it is a different thing [04:52:58] oh, I forgot about that [04:53:08] I thought there was a switch to bypass that? or is that just available to VPS projects? [04:54:30] not sure, but at least not in use in toolforge [05:00:37] wouldn'n we need cloud vps and floating ip for identd anyways? [05:07:11] https://phabricator.wikimedia.org/T283791 added [05:07:35] legoktm: i assume you already asked that libera is willing to configure webchat for us? [05:08:11] gry: unless you have a magic trick to do it without identd you will need a floating ip [05:08:14] majavah: discussion in #libera-dev made it seem that way [05:09:48] majavah: they're going to install webchat, i just think having one for here allows greater flexibility to include into it some links relevant for wikis [05:09:57] we do not pass ips into toolforge. that exception is only available for the wmcloud.org proxy [05:11:25] legoktm, majavah: I'm +1 for a fast track project creation. Somebody should be around tomorrow to do it. (/me will be traveling!) [05:12:25] +1, we technically discussed it in the meeting today, just without an actual request [05:12:37] I don't think it will need identd at all. Actually I don't think there is a rational way to do identd for a web client that is shared use [05:12:56] bd808: are you trying to nerd snipe me to work on it? I'm not even listed as a requester on it [05:13:31] but it probably should have a floating ip to separate the traffic in case it needs an emergency kline from the IRC side [05:13:58] most/all public web clients hex encode the real client ip to the identd [05:14:02] majavah: heh no. I was just including you in my reponse :) [05:14:44] thelounge supports https://ircv3.net/specs/extensions/webirc.html to pass that kind of info [05:15:27] identd could be abused to do something like it, but the WEBIRC extension is much better [05:15:57] * bd808 should stop doing drive by blather and head to bed [05:16:25] gry: I'm going to drop the "-wm" from the project name, it's a bit redundant. just about everything in VPS is Wikimedia-related :) [05:19:54] sure [05:20:24] do we have a way to do tls certs for floating ip without acme-chief + local puppetmaster + special config for the designate role account? [05:20:48] i can configure that if needed, but it seems a bit overkill [05:21:10] majavah: certbot [05:21:44] https://phabricator.wikimedia.org/T283791#7118330 -- I think there is a way to avoid the TLS bit [05:23:18] great [07:07:53] so if i want to write a web-app that allows people to upload files to commons, can that be done from the browser, or does it need to hand off to a server with some kind of OAuth shenanigans? [07:12:21] inductiveload: if you want to host said app on Toolforge/Cloud VPS you will need to use OAuth. If you were going to run it as a gadget then it could be on in the browser with CORS [14:49:13] !log tools swapping in three new etcd nodes with local storage: tools-k8s-etcd-13,14,15 [14:49:16] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools/SAL [14:56:25] !log tools.cloud-ceph-performance-tests test [14:56:27] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.cloud-ceph-performance-tests/SAL [14:58:59] !log admin Testing - cookbook ran by dcaro@vulcanus [14:59:01] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Admin/SAL [16:04:43] !log tools cleared error state from several exec node queues [16:04:48] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools/SAL [16:05:24] Sheesh it was 7 hosts [16:55:18] If convenient, it would be very helpful for me for this to get done before tomorrow: https://phabricator.wikimedia.org/T283776 [17:01:31] ragesoss: I'm pretty sure they get reviewed weekly on a normal basis [17:03:43] that's why I posted, in hopes that it can be expedited. :-) [17:06:17] ragesoss: hang round as I'm sure someone will be watching but can I strongly recommend you plan in advance in future. [17:06:51] We didn't realize we needed this particular thing until yesterday. [17:12:58] ragesoss, we're short-staffed today and need a quorum to approve but will do our best. [17:13:44] andrewbogott: thanks much! [18:03:55] !log tools adjusted profile::wmcs::kubeadm::etcd_latency_ms from 30 back to the default (10) [18:03:58] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools/SAL [18:09:29] legoktm, hmm, i don't think it can be a gadget because it uses Vue [18:44:41] kthank you andrewbogott :) [18:45:19] inductiveload: no idea about that. but then probably running it on Toolforge + OAuth is your best bet [18:46:05] mrhhhh now I'm gonna hafta learn how to do oauth aren't I? [18:46:08] >-< [18:48:41] well most likely someone already wrote an OAuth library [18:48:48] you just need to add it in and get the secrets [18:49:10] well sure, it's probably just a bit of flask [18:50:01] but I don't know what I'm doing, I'm making this all up as I go by slapping random stuff together (which I think is just called "web dev" these days) [18:51:58] although...actually this totally jsut worked as a gadget o_O https://dpaste.org/49br [19:41:01] !log paws forced removal of openrefine in paws for now and deleted all current user server pods to force use of the new image [19:41:03] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Paws/SAL [19:42:51] !log tools.notwikilambda bump quota to 3 services T283754 [19:42:52] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.notwikilambda/SAL [19:42:52] T283754: Request increased quota for notwikilambda Toolforge tool - https://phabricator.wikimedia.org/T283754 [19:44:25] inductiveload: I assume vue is bundled in your JS/CSS [19:44:37] !bash but I don't know what I'm doing, I'm making this all up as I go by slapping random stuff together (which I think is just called "web dev" these days) [19:44:37] legoktm: Stored quip at https://bash.toolforge.org/quip/9Qlbr3kB8Fs0LHO5dhxJ [20:37:23] !log paws removed paws-k8s-control-2.paws.eqiad.wmflabs from the proxy because it is somewhat broken (certs expired) [20:37:27] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Paws/SAL [20:42:06] legoktm: I once spent an entire coach journey laughing about wikimedia bash quotes [21:40:50] hm, vm created, interesting [21:41:24] ircwebchat.wmcloud.org does not resolve [21:50:40] https://web.libera.chat/ is on [21:50:48] !log paws renewed the certs for paws-k8s-control-2 [21:50:50] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Paws/SAL [21:53:02] !log paws added paws-k8s-control-2.paws.eqiad.wmflabs back to the list of control nodes at the proxy [21:53:03] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Paws/SAL