[11:13:01] * Emperor sees T355914 and is sad
[11:16:09] <Emperor>	 (enwiki want to change thumbs from 220 to 250)
[11:19:11] <jynus>	 why sad?
[11:21:06] <Emperor>	 250 isn't a pre-generated size, last time Amir.1 looked, only about 2% of thumb requests were for 250px. So I think making this change would cause us to have to generate new thumbs for most of the images on enwiki.
[11:21:23] <jynus>	 I see
[11:21:43] <Emperor>	 which seems likely to result in thumbor going down in flames
[11:22:05] <Emperor>	 hnowlan: do you agree, as person most often left holding the baby^Wthumbor?
[11:22:09] <jynus>	 would it be possible to request on an agreement inter-wikis?
[11:22:27] <jynus>	 (assuming that would help)
[11:23:25] <jynus>	 I don't even know if most enwiki request is to enwiki or to commonswiki
[11:23:56] <Emperor>	 I'm not sure it would; the extra disk from storing 250 as well as 220 is probably negligible, it's the spike in thumbor load that I'm worried about.
[11:24:17] <jynus>	 I see
[11:25:19] <jynus>	 what about a mw-layer sampling (e.g. starting with 0.01% of requests and going up?)
[11:25:31] <hnowlan>	 Emperor: yeah it would be a significant bump - due to some recent improvements it has gotten significantly *better* in terms of performance, but I'm assuming this would be a case of 100x the usual RPS
[11:25:54] <hnowlan>	 some kind of pregeneration would be the way to do it 
[11:26:00] <jynus>	 I see
[11:26:35] <Emperor>	 jynus: that would (if its easy to do) presumably have the effect of gradually generating the new size thumbs rather than all at once.
[11:26:51] <hnowlan>	 a percentage would also be good as it'd be easy to tune up/down
[11:27:17] <jynus>	 I just don't like you being sad \o/
[11:27:18] <Emperor>	 hnowlan: as an aside, how easy now thumbor is on k8s is it to say "let's throw some more resource at thumbor"?
[11:27:45] <hnowlan>	 Emperor: very easy, change number, line go up :D
[11:28:08] <Emperor>	 modulo how much spare capacity we have in k8s, presumably
[11:28:46] <Emperor>	 jynus: do you know how we would go about doing that sort of gradual-ease-in and/or who we would need to talk about it with?
[11:29:07] <jynus>	 I know some devels do it for features
[11:29:24] <jynus>	 and well, there is some of that for k8s at traffic level
[11:29:42] <jynus>	 I would start asking first releng
[11:29:58] <hnowlan>	 Mediawiki Engineering would be worth asking also
[11:30:02] <jynus>	 and they probably know best if it is possible and how
[11:30:06] <jynus>	 aside from serviceops
[11:30:14] <jynus>	 or how other teams do it
[11:30:50] <hnowlan>	 for mw-on-k8s it's a bit more simple a match, I would say we couldn't easily do it at traffic layer. not impossible, but messier
[11:31:05] <jynus>	 yeah, makes sense
[11:31:18] <hnowlan>	 a feature flag for a percentage would be nice although I'm not sure how you manage that consistently across anonymous users etc
[11:31:36] <jynus>	 well, I would guess pure code
[11:31:56] <jynus>	 unless someone has already support for it
[11:31:59] <Emperor>	 hnowlan: in your boundless free time, could you add something to https://wikitech.wikimedia.org/wiki/Thumbor on how to give more resource to thumbor if necessary?
[11:32:35] <Emperor>	 Hm, so that's releng and/or serviceops and/or mediawiki engineering 
[11:32:55] <jynus>	 I'd say more and than or :-D
[11:33:52] <Emperor>	 I (possibly incorrectly) don't want to bug everyone everywhere all at once :)
[11:34:08] <jynus>	 well, start with service ops as it is closer (?)
[11:34:26] <Emperor>	 Mmm
[11:34:43] <jynus>	 but as you may know, they may not have the mw expertise
[11:35:01] <jynus>	 but I think they should be on the loop
[11:35:04] <Emperor>	 Mmm
[11:35:10] <hnowlan>	 we are already :) 
[11:35:22] <jynus>	 ah, sorry, hnowlan, I didn't put you there
[11:38:38] <Emperor>	 hnowlan: do you have a view on the next people to consult? I can leave it with you and serviceops for now if you like, but don't want to seagull...
[11:41:10] <Emperor>	 (nor do I want to tread on your toes!)
[11:41:40] <hnowlan>	 I'd say someone in mediawiki engineering is the next port of call as regards what our options are 
[11:41:49] <hnowlan>	 the "who" of it all is a bit sticky :D 
[11:43:20] <Emperor>	 I wonder if they have a team interface page
[11:44:21] <Emperor>	 no, it's WIP
[11:44:32] <Emperor>	 I'll ask a Wrong Person and they can point me in the right direction :)
[11:48:13] <hnowlan>	 thanks! 
[11:49:48] <Emperor>	 hnowlan: would you like to be CCd?
[11:50:13] <jynus>	 arnaudb: is there anything I can help with T356240 that makes sense (e.g. backup1 hosts or something like that?)
[11:53:47] <hnowlan>	 Emperor: please! 
[11:59:26] <claime>	 Hey keepers of the data, I'm going to raise traffic to mw-on-k8s to 35% today, and j.oe brought up that we should keep an eye on the number of connections to the DB due to us using a larger number of smaller worker pools. Have you seen anything that would warrant concern about this? For reference, the last 5% bump was on January 23rd
[12:04:24] <Emperor>	 hnowlan: YHM
[13:14:16] <arnaudb>	 jynus: sorry I was afk lunching! as for T356240: you can take hosts you're OK to deal with if you have some time to spare it'll be appreciated!
[13:15:08] <jynus>	 well, I don't usally have time, I was only asking for example if it involves backup1 or something like that
[13:15:34] <arnaudb>	 it looks like it does not, will ping you if I stumble upon an impacted host!
[13:15:36] <jynus>	 as I thought I will have to reboot mediabackups, but apparently I don't
[13:15:50] <jynus>	 no problem
[15:15:59] <Amir1>	 Emperor: jynus hnowlan I know how to do this, I've done it before for other changes
[15:16:26] <Amir1>	 can't file the patch but you can just put a mt_rand on CommonSettings.php
[15:17:27] <hnowlan>	 oh cool :) 
[15:17:53] <Amir1>	 It'll cause cache pollution but whatever :D 
[15:18:22] <Amir1>	 we did it for deploying of the new skin of enwiki
[15:18:57] <volans>	 jynus: if you want to coordinate here for T316655 feel free to ping me when you want to do the manual run. And sure we can rename/delete/move the files and do a restore. I'd be happy to try the restore as I'm rusty and it's good to know it ;)
[15:18:57] <stashbot>	 T316655: Convert Netbox data (PostgresQL) longterm storage backups (bacula) into full backups rather than incrementals - https://phabricator.wikimedia.org/T316655
[15:21:06] <jynus>	 volans: I am creating the backup, thank you
[15:21:12] <jynus>	 will ping you when donwe
[15:21:22] <volans>	 <3 thx
[15:22:37] <Emperor>	 Amir1: ah, useful to know, thanks
[15:32:03] <jynus>	 volans: I haven't commented because I don't think it corresponds to me, but one of the reasons I suggested the mariadb structure is that it makes that possible, and it is quite flexible
[15:32:28] <jynus>	 maybe at some point we could support postgres and its monitoring (the most important part) on wmfbackups
[15:32:44] <jynus>	 the same way we want to support gitlab exports
[15:34:48] <jynus>	 volans: can you move or remove the original files now (or I can do it)?
[15:35:59] <jynus>	 I will ask you for a hash of them, too
[15:36:51] <jynus>	 (on the good side, if the backup fails and we have a 0 byte backup, now it will complain)
[15:37:17] <volans>	 nice!
[15:37:33] <jynus>	 but it is not as nice as the wmfbackup heuristics :-D
[15:38:29] <volans>	 ehehe which host have you backupped?
[15:38:36] <jynus>	 oh
[15:38:38] <volans>	 I've moved the files on netboxdb2002
[15:38:54] <jynus>	 I had actually run it on eqiad
[15:38:56] <jynus>	 as I saw
[15:39:04] <volans>	 it's the same
[15:39:10] <jynus>	 psql-all-dbs-2024-01-31-14-55.sql.gz
[15:39:16] <jynus>	 on the full backup
[15:39:23] <volans>	 98a7c3851bfa471c48a02bcfacbbf1f5  psql-all-dbs-latest.sql.gz
[15:39:39] <jynus>	 feel free to delete it right away- and trust your code!
[15:39:57] <jynus>	 is that codfw?
[15:40:02] <jynus>	 I can run it too
[15:40:04] <volans>	 that's eqiad
[15:40:06] <jynus>	 ok
[15:40:15] <volans>	 I've renamed into .moved
[15:40:16] <jynus>	 ready to restore when you tell me
[15:40:19] <volans>	 but we can delete too :D
[15:40:39] <volans>	 psql-all-dbs-2024-01-31-14-55.sql.gz.moved and psql-all-dbs-latest.sql.gz.moved
[15:42:09] <jynus>	 uh, I got an error
[15:43:08] <jynus>	 netbox1002.eqiad.wmnet-fd JobId 550808: Error: Missing private key required to decrypt encrypted backup data.
[15:43:39] <volans>	 oh oh...
[15:45:25] <jynus>	 that's weird, because we tested restores after puppet 7 migration
[15:45:35] <jynus>	 and restores had happened since then
[15:46:12] <jynus>	 ah, level 8 error
[15:46:19] <jynus>	 layer 8
[15:46:26] <jynus>	 one sec, wrong host
[15:46:40] <volans>	 lol :D
[15:46:41] <volans>	 ok
[15:46:54] <jynus>	 I tried to recover to netbox, not netboxdb
[15:47:01] <volans>	 better, also which command are you running for restore?
[15:47:11] <jynus>	 I think the confusion is ok
[15:47:14] <jynus>	 restore
[15:47:15] <volans>	 L8 issues are the easiest to fix :D
[15:47:27] <jynus>	 it is actually well documend if you search panic mode on wikitech
[15:47:48] <jynus>	 let me share the screen for you on a meet
[15:47:58] <volans>	 nah no need
[15:47:59] <jynus>	 (I promise not to talk)
[15:48:00] <volans>	 I know the docs
[15:48:20] <volans>	 and nice shortcut to find it :D
[15:48:22] <jynus>	 I like to do restore
[15:48:28] <jynus>	 and then 3
[15:48:40] <jynus>	 because I like using check_bacula.py <jobname>
[15:48:48] <jynus>	 and work with job ids
[15:48:50] <jynus>	 but that is me
[15:50:05] <jynus>	 46.42 M  OK
[15:50:30] <jynus>	 let me delete some empty dirs on netbox1002
[15:51:12] <volans>	 md5 matches
[15:52:33] <jynus>	 yeah, and clearly it is not a 1kb file, which is what would happen with softlinks
[15:52:41] <jynus>	 (on storage, I mean)
[15:53:15] <jynus>	 consider, at your own will, attempting to restore on a staging db
[15:53:27] <jynus>	 but otherwise, let's amend and send the other patch
[15:53:41] <volans>	 yes I can restore that on netbox-next but zless looks good
[15:54:12] <jynus>	 I would worry if md5 matches but zless retuns garbage!
[15:54:20] <volans>	 indeed
[15:54:37] <jynus>	 not impossible (google did it with pdfs) but not trivial
[15:55:01] <jynus>	 I will leave the restore there unless you tell me so
[15:55:12] <volans>	 ok renamed back files to their original names
[15:55:17] <volans>	 I'll take cre of that no worries
[15:55:18] <volans>	 thx
[15:55:36] <jynus>	 just to be 100% sure, you md5 sum the file on /srv/postgres-restores
[15:55:38] <jynus>	 right?
[15:55:39] <volans>	 last question, if the host is totally lost could we restore it elsewhere?
[15:55:44] <jynus>	 yep
[15:55:56] <volans>	 yes of course :)
[15:55:59] <jynus>	 just needs the private key, it is the section bellow panick mode
[15:56:24] <jynus>	 that is what I didn't worry about the message- we have a backup for the process :-D
[15:56:33] <jynus>	 thank alex for the good setup!
[15:57:04] <jynus>	 and that is also, for context, why I am a pain to work with when changing certs
[15:57:36] <volans>	 lol
[15:57:42] <jynus>	 we cannot just switch to a different one because it will take 3 months to rotate on all older files
[15:58:07] <jynus>	 possible, just painful :-D
[15:58:11] <volans>	 I took the liberty to add a shortcut to the top, feel free to change it at will if you don't like it
[15:58:14] <volans>	 https://wikitech.wikimedia.org/wiki/Bacula
[15:58:27] <jynus>	 yeah, makes sense
[15:58:48] <jynus>	 normally I think the idea was to come from the runbuk portal of the team, it as better accesibility
[15:59:10] <jynus>	 I also have to separate runbooks from design, based on feedback
[15:59:24] <jynus>	 on everything backups, but that will take some work
[15:59:31] <volans>	 todo never ends
[15:59:43] <jynus>	 ok, let me send the patch and we are almost there
[16:00:48] <jynus>	 do you have handy the profile of netboxdb ?
[16:01:34] <volans>	 hieradata/common/profile/netbox/db.yaml ?
[16:02:30] <jynus>	 thanks, it is just a small edit to modules/profile/manifests/netbox/db.pp
[16:10:47] <jynus>	 see patchset 3
[16:12:48] <volans>	 mmh does 'Daily-productionEqiad' works for codfw too?
[16:12:57] <volans>	 we do backups on both hosts
[16:13:00] <jynus>	 yes
[16:13:02] <volans>	 ok
[16:13:39] <jynus>	 eventually there will be a difference here, so non-default defaults may need a change, but this is ok for now
[16:14:02] <volans>	 ack makes sense
[16:14:18] <jynus>	 e.g. the idea is to backup eqiad on codfw and codfw on eqiad only
[16:14:34] <jynus>	 but for now, backuing up on the primary and cloning is the default
[16:14:41] <volans>	 ack
[16:15:40] <volans>	 at which time bacula will copy the file?
[16:16:10] <volans>	 given we do a ln -f it's almost atomic, but avoiding overlap might be good anyway :D
[16:17:53] <jynus>	 these are the job on codfw (including its termination time) https://phabricator.wikimedia.org/P55975
[16:19:53] <volans>	 ok so early morning but fairly distributed, I think we're good for the daily one on netboxdb1002, as for netboxdb2002 we do hourly there so might overlap but shouldn't be a big deal
[16:20:04] <jynus>	 here the eqiad times: https://phabricator.wikimedia.org/P55975#226521
[16:20:38] <jynus>	 currently it is scheduled for 04:05
[16:21:00] <jynus>	 but it is not the only one, ofc at that time
[16:21:16] <volans>	 ok I'd say we're good
[16:22:39] <volans>	 thanks a lot for the support on this!
[16:22:39] <jynus>	 one thing that probably should be good is some kind of distributed locking mechanism
[16:23:00] <jynus>	 not only for postgres, but for other processes
[16:23:02] <volans>	 I'll ping data-eng on task for changing the config for their host
[16:23:26] <jynus>	 on my side I will keep an eye for the first runs
[16:23:38] <jynus>	 feel free to cc me on those changes
[16:23:53] <volans>	 If I see them for sure
[16:24:33] <jynus>	 as far as https://gerrit.wikimedia.org/r/c/operations/puppet/+/994743 that can go
[16:24:36] <jynus>	 I +1
[16:25:33] <jynus>	 'ed it
[16:26:00] <volans>	 thanks!
[16:26:02] <jynus>	 thank you for working on it, I think I am happy with that, and longer term improvements can come later on
[16:26:25] <jynus>	 like a proper, integrated backup framework and monitoring beyond mariadb
[16:26:51] <jynus>	 but being too ambitious at first == doing nothing, so I am happy with this
[16:28:11] <volans>	 :D
[20:42:23] <jinxer-wm>	 (SessionStoreOnNonDedicatedHost) firing: (2) Sessionstore k8s pods are running on non-dedicated hosts - TODO - TODO - https://alerts.wikimedia.org/?q=alertname%3DSessionStoreOnNonDedicatedHost