[04:35:16] <denisse|m>	 Hello, I have an 'acmechief' instance running in a CloudVPS project and I need to request TLS certificates from it to start Apache in another instance in the same project. Do you know how can I use the 'acme_chief::cert' resource to request TLS certificates?
[05:27:04] <wm-bb>	 <yontan12321> Hi everyone, I have a question regrading ssh-ing a tool forge instance. I used to ssh throught “tools-dev.wmflabs.org” on port 22, to bridge a connection to the mariadb to load data to our open analytics dashboard https://glamwikidashboard.org/ 
[05:27:05] <wm-bb>	 <yontan12321> In the past few days I started getting  “Network is unreachable” and after it “Connection refused”. Was there an update? are my current credentials are no longer valid?
[06:39:05] <dcaro_away>	 yontan12321: yep, that one was for stretch testing purposes, we moved to buster already, can you try using login.toolforge.org? 
[06:51:25] <wm-bb>	 <yontan12321> Thanks! had to change the known_hosts file, and it  works 🙂
[07:00:43] <wm-bb>	 <yontan12321> another question: is there a better way to connect to the mariadb read replicae other then opening an ssh tunnel?
[07:20:33] <toan>	 !log deprecated stretch instance deleted T306105
[07:20:34] <stashbot>	 toan: Unknown project "deprecated"
[07:20:34] <stashbot>	 T306105: Cloud VPS "wikibase-registry" project Stretch deprecation - https://phabricator.wikimedia.org/T306105
[07:23:39] <toan>	 !log wikibase-registry stretch instance deleted T306105
[07:23:40] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Wikibase-registry/SAL
[07:25:50] <wm-bot>	 !log tools.bridgebot <lucaswerkmeister> Double IRC messages to other bridges
[07:25:52] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.bridgebot/SAL
[16:36:15] <Amir1>	 taavi: I forgot again, what is the public range of wmcs? (editing coming from it)
[16:39:29] <taavi>	 Amir1: which one :D public range is 185.15.56.0/24, but mediawiki can also see 172.16.0.0/21
[16:39:39] <Amir1>	 I add both
[16:39:41] <Amir1>	 Thanks
[16:41:46] <taavi>	 out of curiosity, what are you working on?
[16:42:01] <Reedy>	 [17:40:58] <wikibugs> (PS1) Ladsgroup: Set GlobalBlockingAllowedRanges for testwiki [mediawiki-config] - https://gerrit.wikimedia.org/r/810055 (https://phabricator.wikimedia.org/T307648)
[16:42:42] <Reedy>	 phpcs gonna say no though
[17:08:45] <wm-bb>	 <MaartenDammers> Which will be legacy at some point in the future and so the cycle of renaming will continue forever 😉 (re @wmtelegram_bot: <bd808> roy649: wmflabs.org is legacy, replaced by wmcloud.org)
[17:14:05] <Amir1>	 taavi: yeah it's to avoid checking against global blocks for edits coming from wmcs for perf and resilience reasons (follow up to an incident) 
[17:36:52] <hauskatze>	 taavi: you do have admin access to UTRS right? I wonder if it is possible to remove the final dot from the user from appeal number 60096?
[17:37:13] <taavi>	 hauskatze: I don't
[17:37:27] <hauskatze>	 oh, I'm sorry to ping then
[20:38:24] <denisse|m>	 Hello team, Apache is failing to start in a CloudVPS instance because the file 'ec-prime256v1.chain.crt' is empty. I see that in the same directory the following files are present: 'ec-prime256v1.chained.crt', 'ec-prime256v1.crt', and 'ec-prime256v1.key'. Is it possible to generate 'ec-prime256v1.chain.crt' based on those files?
[20:40:56] <denisse|m>	 I was unable to get the certificates using Acme Chief. https://wikitech.wikimedia.org/wiki/Acme-chief/Cloud_VPS_setup#Setting_it_up_for_your_own_Cloud_VPS_project
[20:53:27] <bd808>	 denisse|m: I wonder if ec-prime256v1.chained.crt is the file you really want and something either changed the naming convention or is not quite right with the Puppet manifest/hiera config?
[20:57:33] <denisse|m>	 bd808: Yes, that's the file I want as per the error shown in 'systemctl status apache2 -l': SSLCertificateChainFile: file '/etc/acmecerts/librenms/live/ec-prime256v1.chain.crt' does not exist or is empty
[20:57:43] <denisse|m>	 The file exists, but it's empty.
[20:59:04] <bd808>	 hmm. An empty file sounds like an acme-chief bug then?
[20:59:48] <bd808>	 I know what acme-chief is, but not really much about how to operate or debug it
[21:00:40] <bd808>	 The main thing I know about it is that it sometimes just stops working until it is manually restarted
[21:02:04] <bd808>	 the "fix" for this in production was a systemd timer that restarts it like once per day. We setup the same hiera feature flag for that across cloud vps projects too, but I think that we have still seen some failures that required a manual restart