[03:14:44] Hello everyone. I just deleted and rebuilt a cloud VPS instance to upgrade from Debian 9.5 to 11. However I'm no unable to ssh onto the instance (it's 22minutes old now). The error I'm getting is: [03:14:45] > ssh fastcci-worker2.fastcci.eqiad.wmflabs [03:14:45] channel 0: open failed: administratively prohibited: open failed [03:14:46] stdio forwarding failed [03:14:46] kex_exchange_identification: Connection closed by remote host [03:14:47] Connection closed by UNKNOWN port 65535 [03:15:10] ssh into fastcci-worker1 (old instance) works fine [07:18:30] !log extdist switching extdist.wmflabs.org domain to point to extdist-06 instance (bullseye/cinder) - T293055 [07:18:33] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Extdist/SAL [07:18:34] T293055: Switch extdist to Bullseye and composer Debian package - https://phabricator.wikimedia.org/T293055 [07:19:17] !log extdist deleting extdist-05 instance, no longer needed [07:19:18] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Extdist/SAL [15:48:26] is there a recommended way to set up ssh keys within a process to enable hopping between instances? If I add such a key to my preferences it would enable logging into any project, which I don't want. [15:49:21] Dschwen: no, I don't believe there is a recommended way [15:49:36] there is /etc/ssh/userkeys but that seems to get overwritten (by puppet?) [15:50:05] yeah, Puppet will (by default? not sure if it can be disabled) remove any local ssh key definitions [15:50:07] did you figure out how to access the new instance you asked about earlier? [15:50:22] my "hack" for the past couple of years has been to use a cronjob to rewrite userkeys [15:50:30] well, let me double check [15:50:56] no, not really [15:51:13] I cannot get to it from the outside (via bastion) [15:51:27] when did you create that instance? just now? [15:51:28] I can get to it from another project instance [15:51:33] no yesterday [15:51:35] ye [15:51:37] puppet ran [15:51:57] ~12h ago [15:52:05] then you're affected by https://wikitech.wikimedia.org/wiki/News/Phasing_out_the_.wmflabs_domain, new instances only have .eqiad1.wikimedia.cloud names and not .wmflabs ones [15:52:24] getting to it from another project instance involves adding a local key to my preferences [15:52:40] oh, right, shiny new name again ;-) [15:52:48] thanks! [15:52:55] I keep my keys in a config.ini file owned by the tool and mode 0400. [15:54:01] where is that config.ini file? [15:54:09] (or where should it be?) [15:54:21] ok, "ssh fastcci-worker2.fastcci.eqiad1.wikimedia.cloud" works. Thanks! [15:55:16] Mine is /data/project/spi-tools-dev/www/python/config.ini, but I think all that matters is that it's on a file system that's available via NFS on any of your instances. [16:58:51] sorry if I'm a bit daft here, is that a puppet thing? [18:19:23] !log tools.lexeme-forms deployed 68234bd17d (Odia adjectives and adverbs) [18:19:25] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.lexeme-forms/SAL [19:53:09] !log tools.lexeme-forms deployed 504c5481e9 (update Spanish verbs) [19:53:12] Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.lexeme-forms/SAL [20:05:30] You can't no longer JOIN data from other DBs in Quarry right? [20:06:09] Some data I need is in metawiki_p, and some other in centralauth_p [20:08:55] nope, no longer possible [20:12:45] in theory those two dbs might work (they're on the same db section), but in general it's no longer supported [20:20:13] Thanks for the answer :)