[09:08:16] <wm-bot>	 !log tools.integraality <jeanfred> Deploy 137f5b8, c816e41 8e0b9ca, 8dbc099 (T273226)
[09:08:20] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.integraality/SAL
[09:34:04] <arturo>	 !log tools.bd808-test experiment with ingress annotations for reverse proxy (T294330)
[09:34:06] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.bd808-test/SAL
[09:35:32] <gehel>	 hey! ejoseph is a new team member on Search Platform
[09:35:55] <arturo>	 hello ejoseph !!! welcome!!
[09:35:55] <gehel>	 He's having issues connecting to primary.bastion.wmcloud.org
[09:36:27] <gehel>	 His public SSH key has been uploaded to https://toolsadmin.wikimedia.org/profile/settings/ssh-keys/ but I suspect that wasn't what's needed :/
[09:38:06] <arturo>	 you need to upload the ssh key in wikitech
[09:38:14] <arturo>	 toolsadmin is for toolforge tools
[09:38:31] <arturo>	 (I guess we can do better in documenting that...)
[09:38:44] <arturo>	 relevant docs: https://wikitech.wikimedia.org/wiki/Help:Accessing_Cloud_VPS_instances
[09:38:54] <arturo>	 cc gehel ejoseph ^^^
[09:39:01] <gehel>	 arturo: thanks!
[09:39:09] <arturo>	 this is the magic link: https://wikitech.wikimedia.org/wiki/Special:Preferences#mw-prefsection-openstack
[09:41:45] <gehel>	 looks like it is already there, so some other problem
[09:42:08] <gehel>	 arturo: would you have a few minutes to help ejoseph to debug this?
[09:42:13] <arturo>	 yes, I do!
[09:43:04] <arturo>	 is ejoseph enrolled in any CloudVPS project?
[09:43:22] <gehel>	 I've jsut added him to the wikidata-query project
[09:43:50] <gehel>	 But only 5 minutes ago. I would have expected the keys to be already deployed on the bastion, even if he had no project access
[09:44:00] <ejoseph>	 Hi Arturo
[09:44:26] <ejoseph>	 Should I send a link
[09:44:32] <arturo>	 o/
[09:44:46] <ejoseph>	 meet link*
[09:45:06] <arturo>	 sure, in a DM please
[09:46:13] <arturo>	 ejoseph: I found the problem: `Failed publickey for ejoseph`
[09:46:56] <arturo>	 it seems you are connecting with this key `ED25519 SHA256:gqIEv/9BwjtcbYVxGhZF9LLU4wHjETsOESKyUL85iM0` which likely isn't the one you set in wikitech
[10:18:02] <wm-bot>	 !log tools.integraality <jeanfred> Deploy b4f12bc to help investigate T236960
[10:18:05] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.integraality/SAL
[10:34:38] <dcaro>	 welcome ejoseph!
[10:37:34] <ejoseph>	 Thank you
[10:43:09] <arturo>	 !log tools.deno update proxy-github ingress object (T294533)
[10:43:12] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.deno/SAL
[10:43:12] <stashbot>	 T294533: tool-deno: update reverse proxy ingress annotations - https://phabricator.wikimedia.org/T294533
[10:44:23] <arturo>	 !log tools.deno update proxy-deno ingress object (T294533)
[10:44:24] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.deno/SAL
[11:29:21] <wm-bot>	 !log tools.integraality <jeanfred> Deploy 5c547d8
[11:29:23] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.integraality/SAL
[11:31:37] <wm-bot>	 !log tools.integraality <jeanfred> Deploy 30a2f2ba (T278156)
[11:31:40] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.integraality/SAL
[12:23:10] <arturo>	 !log tools.moedata update proxy ingress objects (T294547)
[12:23:13] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.moedata/SAL
[12:23:13] <stashbot>	 T294547: tool-moedata: update reverse proxy ingress annotations - https://phabricator.wikimedia.org/T294547
[12:38:44] <wm-bot>	 !log tools.integraality <jeanfred> Deploy 0a8e7fb (T236590)
[12:38:47] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.integraality/SAL
[12:42:54] <arturo>	 !log tools set `allow-snippet-annotations: "false"` for ingress-nginx (T294330)
[12:42:56] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools/SAL
[12:48:10] <arturo>	 !log toolsbeta update ingress-nginx via helm for `--watch-ingress-without-class=true`
[12:48:13] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Toolsbeta/SAL
[14:35:18] <chicocvenancio>	 !log paws set team toolforge/wmcsadmins as maintainers for github repo
[14:35:20] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Paws/SAL
[14:47:38] <bd808>	 arturo: for future reference, the ssh-key management in Striker (toolsadmin) does the exact same things as using the ssh-key management in wikitech. Both manage the public keys attached to the user's Developer account LDAP entry.
[14:47:57] <arturo>	 right
[17:14:04] <wm-bot>	 !log tools.integraality <jeanfred> Rollbacked to 977236b42daef66818e561b49e64264a0c785454 for T294570 and restart
[17:14:08] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.integraality/SAL
[17:25:28] <chicocvenancio>	 !log video move enconding04 to python3 T294520
[17:25:31] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Video/SAL
[17:25:31] <stashbot>	 T294520: Error with video2commons Tool - https://phabricator.wikimedia.org/T294520
[17:47:06] <AntiComposite>	 what would be the least-worst way to run a command every time I start/restart a (python k8s) webservice?
[17:49:50] <chicocvenancio>	 !log video move encoding05 and encoding06 to python3 T294520
[17:49:53] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Video/SAL
[17:49:53] <stashbot>	 T294520: Error with video2commons Tool - https://phabricator.wikimedia.org/T294520
[18:42:59] <legoktm>	 AntiComposite: inside or outside the container? but I'd do a bash script  that wraps `webservice $1` and then runs your other command before/after
[18:43:13] <AntiComposite>	 inside
[18:43:27] <AntiComposite>	 well, inside *a* container
[18:43:42] <legoktm>	 can you have your python app do it on startup?
[18:44:02] <AntiComposite>	 no
[18:44:21] <legoktm>	 https://phabricator.wikimedia.org/T169695#7378720 was merged
[18:45:11] <AntiComposite>	 what I'm trying to do is to run a PEP 517 build to build the app before it starts
[18:46:10] <AntiComposite>	 because poetry-core doesn't support editable installs yet, it would have to build every time the code is changed for it to take effect
[18:46:19] <legoktm>	 tools.ldap@tools-sgebastion-08:~$ webservice python3.9 shell -- python3 --version
[18:46:19] <legoktm>	 Python 3.9.2
[18:46:37] <AntiComposite>	 doing it in webservice shell would work on start, but not restart
[18:47:06] <legoktm>	 why not?
[18:47:51] <AntiComposite>	 well, I suppose I could run it before running restart too
[18:48:16] <wm-bb>	 <chicocvenancio> k8s initContainer?
[18:48:50] <AntiComposite>	 tried, something was broken with the user
[18:48:59] <AntiComposite>	 it had the correct user id, but no permissions
[18:52:14] <AntiComposite>	 other thought was patching the command to use a bash script that ran pip install . and then ran webservice-runner
[18:52:35] <AntiComposite>	 but that would break if the webservice-runner invocation changed
[19:06:30] <wm-bb>	 <chicocvenancio> poetry can just build the venv btw
[19:06:57] <AntiComposite>	 yes, but that means installing poetry
[19:07:01] <AntiComposite>	 on toolforge
[19:07:24] <wm-bb>	 <chicocvenancio> on a venv
[19:08:02] <AntiComposite>	 they don't recommend doing that, as it drags in a bunch of extra dependencies
[19:31:57] <legoktm>	 I thought https://python-poetry.org/docs/#osx--linux--bashonwindows-install-instructions was isolated from the venv?
[19:32:32] <AntiComposite>	 yes, if you use that method it is
[19:34:21] <wm-bb>	 <chicocvenancio> I'm not saying its pratical, but you can have a poetry venv in toolforge that manages another venv that is actually used by your container
[19:34:53] <AntiComposite>	 can you? when I tried that it just detected the venv it was in and modified that
[19:35:19] <AntiComposite>	 maybe if you don't activate it but just run the executable...
[19:35:21] <wm-bb>	 <chicocvenancio> there is a flag for poetry to tell it what venv to use, iirc
[19:35:28] <wm-bb>	 <chicocvenancio> or that
[20:11:11] <mutante>	 anyone who uses https://integration.wikimedia.org/ci/job/operations-puppet-catalog-compiler/ to compile changes on cloud VPS? I ran into the "Unable to find fact file" again when I pasted my instance FQDNs to compile on.. but I remember it used to work in the past and at least one of them is definitely not new so the facts have been synced for sure. I think there was some gotcha to it, like had 
[20:11:17] <mutante>	 to change the hostname slightly due to the renames. but what was that? I tried wmflabs.org just because but that wasn't it
[20:11:29] <legoktm>	 it should match the output of `hostname -f`
[20:11:44] <mutante>	 that's what I did though.. hrmm
[20:12:06] <mutante>	 one of them is new.. that's one thing, ok. but not the other one
[20:12:50] <mutante>	 vm.projectname.eqiad1.wikimedia.cloud
[20:14:07] <mutante>	 yea, somehow it doesn't have the facts about my instance, i'll risk it without compiling and just merge :) cloud-only
[20:15:05] <mutante>	 there was something in the past where it did not match the FQDN exactly when the compiler was involved
[20:52:36] <bd808>	 AntiComposite: we should figure out how to make `webservice` work out of the box with poetry! We would need to do some work on how the python container does what it does to run the wsgi entry point but I think it is a thing that we could make work.
[20:55:02] <bd808>	 The place that would need changes is https://github.com/wikimedia/operations-software-tools-webservice/blob/master/toolsws/wstypes/python.py. One approach might be to add some special cli argument like `--poetry` and then fork the whole wsgi container creation bit. Another could be to autodetect a poetry.lock and do things a bit differently.
[20:55:42] <bd808>	 We could put poetry in the base image for python too I think without causing anyone real problems.
[20:56:05] <bd808>	 Toolhub is using poetry, and I like it, so I'm interested in being able to use it in my volunteer work too.
[21:06:38] <AntiComposite>	 I do think PEP 517 builds are the best way to do it, since that means support for any future tools instead of just one
[21:22:22] <AntiComposite>	 (they're also faster, at least with poetry)
[21:35:40] <bd808>	 PEP 517 is more about pypi packaging than app deployment though isn't it?
[21:36:23] <bd808>	 sdist and wheels aren't typically a thing I worry about producing for a website deploy
[21:37:23] <bd808>	 for toolforge tools I'm more interested in provisioning a venv and a wsgi container
[22:54:20] <andrewbogott>	 I'm working on deleting things from toolforge NFS but if anyone here would like to delete their logfiles that'd be great!
[23:08:35] <andrewbogott>	 ugh, I'm not finding obviously easy things to delete
[23:08:58] <andrewbogott>	 glamwiki is using 200+ GB but It looks like it might be useful historical data
[23:19:32] <wm-bot>	 !log tools.wd-image-positions <lucaswerkmeister> briefly stopping tool (few minutes) to cycle the uwsgi.log
[23:19:34] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.wd-image-positions/SAL
[23:21:47] <wm-bot>	 !log tools.wd-image-positions <lucaswerkmeister> tool is back up but the pre-2021 logs are gone instead of backed up because the container doesn’t have zstd and I didn’t notice in time :(
[23:21:48] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.wd-image-positions/SAL
[23:22:18] <wm-bb>	 <lucaswerkmeister> well, that’s 34MB less disk space I suppose
[23:25:10] <andrewbogott>	 thanks lucas
[23:27:20] <wm-bb>	 <lucaswerkmeister> is it worth filing a task to add zstd to the tf-bullseye-std image? (T225380 was for adding it on the bastions)
[23:35:40] <andrewbogott>	 As to whether or not to do it is complicated, but a ticket is a reasonable place to discuss that :)