[08:13:28] 10GitLab (Pipeline Services Migration🐤), 10Research, 10collaboration-services: Move research webpages to gitlab - https://phabricator.wikimedia.org/T334511 (10Clement_Goubert) [08:47:57] 10GitLab (CI & Job Runners), 10Patch-For-Review, 10Release-Engineering-Team (Escape Goats🐐): Replace deprecated `CI_JOB_JWT` CI variable in Kokkuri - https://phabricator.wikimedia.org/T337474 (10CodeReviewBot) jnuche merged https://gitlab.wikimedia.org/repos/releng/kokkuri/-/merge_requests/73 jwt: replace d... [09:02:52] 10GitLab (Pipeline Services Migration🐤), 10MediaWiki-Docker, 10Release-Engineering-Team, 10dev-images, and 3 others: MySQL/MariaDB images for development environments - https://phabricator.wikimedia.org/T238925 (10kostajh) >>! In T238925#9000146, @hashar wrote: >>>! In T238925#8996824, @kostajh wrote: >>>>... [09:04:10] 10GitLab (CI & Job Runners), 10Patch-For-Review, 10Release-Engineering-Team (Escape Goats🐐): Replace deprecated `CI_JOB_JWT` CI variable in Kokkuri - https://phabricator.wikimedia.org/T337474 (10CodeReviewBot) jnuche opened https://gitlab.wikimedia.org/repos/releng/kokkuri/-/merge_requests/84 Revert "jwt: r... [09:08:53] 10GitLab (CI & Job Runners), 10Patch-For-Review, 10Release-Engineering-Team (Escape Goats🐐): Replace deprecated `CI_JOB_JWT` CI variable in Kokkuri - https://phabricator.wikimedia.org/T337474 (10CodeReviewBot) jnuche merged https://gitlab.wikimedia.org/repos/releng/kokkuri/-/merge_requests/84 Revert "jwt: r... [11:17:51] 10GitLab (Integrations), 10Phabricator, 10Release-Engineering-Team (Escape Goats🐐): Get GitLab to render `T{\d}+` in MR overviews, comments, etc. as links to Phabricator - https://phabricator.wikimedia.org/T337570 (10Jelto) Maybe it's possible to add a new GitLab flavored markdown (GLFM) extension which unde... [11:58:57] jelto: I'm having a problem with the JWT authorizer [11:59:06] currently it's accepting the old tokens, but the new ones are being rejected: https://gitlab.wikimedia.org/repos/releng/kokkuri/-/jobs/133618 [11:59:19] I have installed locally the package you built yesterday (Candidate: 1.1.1-1) and I can see it accepts both token types [11:59:35] can you help me verify that the version running on the docker registry hosts is the new one? [12:00:35] jnuche yes, maybe we have to restart jwt-authorizer. I'll try to find out which version is running [12:03:25] Service is running since January. I can restart it [12:08:06] jnuche: I restarted the service on all registry nodes [12:09:29] jelto: yep, it works now, thank you :) [12:10:02] great :) [12:20:20] 10GitLab (CI & Job Runners), 10Patch-For-Review, 10Release-Engineering-Team (Escape Goats🐐): Replace deprecated `CI_JOB_JWT` CI variable in Kokkuri - https://phabricator.wikimedia.org/T337474 (10CodeReviewBot) jnuche opened https://gitlab.wikimedia.org/repos/releng/kokkuri/-/merge_requests/85 jwt: replace d... [12:26:01] 10GitLab (CI & Job Runners), 10Patch-For-Review, 10Release-Engineering-Team (Escape Goats🐐): Replace deprecated `CI_JOB_JWT` CI variable in Kokkuri - https://phabricator.wikimedia.org/T337474 (10CodeReviewBot) jnuche merged https://gitlab.wikimedia.org/repos/releng/kokkuri/-/merge_requests/85 jwt: replace d... [12:35:49] 10GitLab (CI & Job Runners), 10Patch-For-Review, 10Release-Engineering-Team (Escape Goats🐐): Replace deprecated `CI_JOB_JWT` CI variable in Kokkuri - https://phabricator.wikimedia.org/T337474 (10CodeReviewBot) jnuche opened https://gitlab.wikimedia.org/repos/releng/kokkuri/-/merge_requests/86 use latest ver... [12:36:33] 10GitLab (Pipeline Services Migration🐤), 10Research, 10collaboration-services, 10Patch-For-Review: Move research webpages to gitlab - https://phabricator.wikimedia.org/T334511 (10Jelto) On the infrastructure side everything is prepared for switching both services to GitLab and Kubernetes/wikikube. I invit... [12:38:29] 10GitLab (CI & Job Runners), 10Patch-For-Review, 10Release-Engineering-Team (Escape Goats🐐): Replace deprecated `CI_JOB_JWT` CI variable in Kokkuri - https://phabricator.wikimedia.org/T337474 (10CodeReviewBot) jnuche merged https://gitlab.wikimedia.org/repos/releng/kokkuri/-/merge_requests/86 use latest ver... [14:33:04] jnuche: Sounds like that might be a problem w/ the deb package definition (not set up to restart the program when upgraded)? [14:33:45] 10GitLab, 10Release-Engineering-Team: Test Trusted Contributors group in devtools GitLab - https://phabricator.wikimedia.org/T344379 (10dancy) [14:37:03] dancy: would you know how to add that? I don't know how the first thing about making debian packages [14:37:15] maybe in the `control` file? https://gitlab.wikimedia.org/repos/releng/jwt-authorizer/-/tree/main/debian [14:37:32] Lemme see what I can dig up [14:53:30] it'll be in debian/rules [14:54:15] you'll want to add --restart-after-upgrade to dh_installsystemd [14:55:29] though that should be the default [14:56:15] Emperor: thanks! I'll give that a try [14:57:03] jnuche: where does the service file come from? It's not obviously in the package tree [14:58:53] ...e.g. if the service file isn't in the package at all (coming from puppet, say), then the usual mechanism won't work, and you'll need to write a postinst file to do the restart. [15:01:09] Emperor: gotcha, the service file is indeed placed by puppet: https://gerrit.wikimedia.org/r/plugins/gitiles/operations/puppet/+/refs/heads/production/modules/jwt_authorizer/templates/authorizer.service.erb [15:01:31] I'll look into maybe using postinst [15:04:34] [alternatively, put the service file into the package :) ] [15:11:58] ^ [15:15:32] the service file is pulling values from puppet, that would be my guess why it's not part of the package [15:16:02] dduvall: ^^ do you remember why you decided not to put the service file in the deb package? [16:13:51] 10GitLab (Administration, Settings & Policy), 10Phabricator, 10Release-Engineering-Team (Priority Backlog 📥), 10User-brennen: Create a form for tracking administrative privilege requests for GitLab - https://phabricator.wikimedia.org/T314495 (10Aklapper) 05Open→03Resolved a:03brennen >>! In T314495#8... [16:32:13] jnuche: lack of experience in packaging debs :) no good reason [16:34:44] i think i assumed the `systemd` puppet module would want to manage that, but perhaps it works with existing unit files? [16:38:44] i suppose we wouldn't use `systemd::service` at all, and just rely on `service` for packages that add their own service file. that would make more sense [16:40:52] dduvall: mmh, maybe even just delegating everything to the package installation could work, I think that's what we used to do with Jenkins [16:41:33] gotta take a look at that [16:41:51] but in any case, thanks for confirming we don't have to keep it in puppet [16:42:34] (the service file I mean) [16:45:22] jnuche: it would probably be best long term to refactor jwt-authorizer to use a config file for all of its cli options, but for now you could add a service file to the package that references en `EnvironmentFile` that can be populated by puppet [16:50:32] 10GitLab (Integrations), 10Phabricator, 10Release-Engineering-Team (Escape Goats🐐): Get GitLab to render `T{\d}+` in MR overviews, comments, etc. as links to Phabricator - https://phabricator.wikimedia.org/T337570 (10dduvall) >>! In T337570#9098829, @Jelto wrote: > Maybe it's possible to add a new GitLab fla... [16:56:41] dduvall: sure, I meant not to use puppet resources/classes to install except for the one that installs deb packages [16:57:07] moving the cli args to a config file makes sense [16:58:06] jnuche: ack. makes sense