[11:59:22] In my quest of making the network interaction easier, I sent this CR, let me know what you think: https://gerrit.wikimedia.org/r/c/operations/puppet/+/889069 [12:01:51] I wonder if those hardcoded list could be replaced by puppetdb queries within the puppet manifest [12:03:11] yeah, there is something more to do, but different patch :) [12:04:35] sure sure [12:05:24] hardcoded list of hosts are so 2022 [12:10:24] :D [14:10:44] code review out for etcd and SANs - https://gerrit.wikimedia.org/r/c/operations/puppet/+/889084 - please chime in if you are interested and/or if you manage an etcd cluster (this seems to be a requisite for etcd on bullseye) [16:04:43] anyone care to quickly stamp https://gerrit.wikimedia.org/r/c/operations/puppet/+/889158 ? [16:04:54] I didn't use the 'usual' naming convention because just putting 'aux' on that list felt rather silly [16:11:50] cdanis: +1'd [16:12:11] thanks! [16:39:57] https://gerrit.wikimedia.org/r/c/operations/deployment-charts/+/889172 PR to hopefully avoid OOM on flink jobs, LMK if you are able to take a look [17:10:31] jhathaway: jayme: https://gerrit.wikimedia.org/r/c/operations/puppet/+/889175 [17:13:59] hmm...I'm puzzled if it's a good thing to start introducing a k8s_ prefix tbh [17:14:36] i'm fine either way, though a slight preference for just using aux [17:14:59] jayme: I felt kind of weird adding a bare 'aux' in that namespace [17:15:19] yeah...I totally understand :) [17:15:20] intermediates aren't just k8s stuff and aux is pretty generic [17:16:42] otoh I already had several occations of some things for some clusters named slightly different then for others and it always caused pain or at least "oops" moments [17:16:52] yeah... [17:18:21] I don't have a solution thb...it's just a concern [17:19:19] what would be the fear of calling the intermediate "aux"? That someone might come around using it for "aux" stuff I suppose? [17:19:35] I just thought it would be unclear, I guess [17:19:51] given we have stuff like 'kafka' and 'debmonitor' in there [17:20:03] but maybe I should have just been consistent [17:20:45] :D have a look at line 40 regarding aux and consitent naming, eheh [17:20:59] oh god hahaha [17:21:20] well now I feel both better and worse [17:21:34] that we should def. change before runnig workload on it - I'll open a task [17:21:46] thanks [17:22:32] I would say that consistency wins in case of the intermediate naming as well tbh...but that's just my personal opinion [17:22:59] ok well that's two votes for consistency, I'll rename [17:23:20] ❤️ [17:27:50] https://phabricator.wikimedia.org/T329657 for the discovery profile [17:39:56] ok jayme jhathaway https://gerrit.wikimedia.org/r/c/operations/puppet/+/889175/ [17:40:09] cfssl <3 [17:54:16] thanks both! [17:54:40] I was a bit quick on +1 but PCC looks "good" https://puppet-compiler.wmflabs.org/output/889175/39595/pki1001.eqiad.wmnet/index.html [17:55:05] eheh [17:55:12] oh, I'll leave this as a tidbit here [17:55:16] ❌cdanis@cumin1001.eqiad.wmnet ~ 🕧☕ (export INTERMEDIATE=aux ; sudo SSH_AUTH_SOCK=/run/keyholder/proxy.sock scp -3 pki-root1001.eqiad.wmnet:/etc/cfssl/ssl/${INTERMEDIATE}/${INTERMEDIATE}-key.pem puppetmaster1001.eqiad.wmnet:/srv/private/modules/secret/secrets/pki/intermediates) [17:55:27] hate getting my hands dirty with private key info directly [17:56:59] oh, yeah. I remember me doing something similar. Mind adding that to https://wikitech.wikimedia.org/wiki/PKI/CA_Operations ? [17:57:08] will do [17:57:19] cool, thanks! [18:06:33] {done} [18:07:21] ...and so the world did get a bit better toaday :-) [18:18:25] two more patches out for review at your convenience jhathaway <3 [18:24:19] +1 on consistency even if it "feels weird" [18:42:44] jayme: I'm merging elukey's patch to the cookbook so I can use it -- in the aux cluster's case, the etcd v2 namespace is totally empty :D