[11:43:16] <gmodena>	 Hi folks, I have a CI pipeline that started failing with ERROR: The "maven:3.3.9-jdk-8" image is not present on list of allowed images. (https://gitlab.wikimedia.org/repos/data-engineering/mediawiki-stream-enrichment/-/jobs/207010). I've seen this error in the past, but it used to go away after a retry. Has the list of allowed images permanently changed?
[12:46:06] <gmodena>	 and FWIW using our internal docker image (which i should have done to begin with), triggers a similar error: https://gitlab.wikimedia.org/repos/data-engineering/mediawiki-stream-enrichment/-/jobs/20712
[12:46:28] <gmodena>	 ERROR: The "docker-registry.wikimedia.org/releng/maven-java8:1.0.0-s1" image is not present on list of allowed images:
[15:20:01] <dancy>	 gmodena: https://gerrit.wikimedia.org/r/c/operations/puppet/+/724472 was merged on June 9 (last Thursday) which restricted what images can be run.
[15:21:28] <dancy>	 The topic is discussed in https://phabricator.wikimedia.org/T291978.  That might be a reasonable place for you to request that maven:* be added to the trusted list.
[16:36:30] <brennen>	 gmodena, dancy: that seems like a bug - or at least the internal docker image part of it does - docker-registry.wikimedia.org images should all be allowed.  i'll look at this after current meeting.
[17:11:31] <dduvall>	 maybe it requires a pattern of more depth, `docker-registry.wikimedia.org/*/*` or `docker-registry.wikimedia.org/**/*`?
[17:11:37] <dduvall>	 for the allow list that is
[17:36:34] <brennen>	 yeah, i wonder
[17:37:39] <brennen>	 seems pretty likely
[17:44:01] <brennen>	 https://github.com/bmatcuk/doublestar#patterns
[18:08:11] <wikibugs>	 10GitLab (CI & Job Runners), 10Release-Engineering-Team, 10User-brennen: GitLab runners: allowed_images patterns need to be loosened to include subdirectories - https://phabricator.wikimedia.org/T310535 (10brennen)
[18:11:16] <wikibugs>	 10GitLab (CI & Job Runners), 10Release-Engineering-Team, 10User-brennen: GitLab runners: allowed_images patterns need to be loosened to include subdirectories - https://phabricator.wikimedia.org/T310535 (10brennen)
[18:59:29] <gmodena>	 brennen dancy ack, and thanks.
[19:02:37] <brennen>	 tested the pattern matching library with dduvall a minute ago, will have a patch shortly.
[21:44:08] <mutante>	 !log gitlab-runner1001 - pause from accepting jobs - rebooting
[21:44:08] <stashbot>	 mutante: Not expecting to hear !log here
[21:44:18] <mutante>	 stashbot: there was one way to find out
[21:44:19] <stashbot>	 See https://wikitech.wikimedia.org/wiki/Tool:Stashbot for help.
[21:44:22] <mutante>	 yup. thanks
[21:47:05] <mutante>	 all gitlab machines have to be rebooted eventually but it's not super urgent. started with the ones not in use yet
[21:47:14] <mutante>	 now doing protected runners
[21:47:20] <mutante>	 but only one by one