[07:09:02] <elukey>	 morning!
[07:10:12] <elukey>	 klausman: I think it is a performance issue hardcorded in the kubelet, maybe they don't want the risk to be swapped out of memory? (Without locking the memory used to be unswappable etc..)
[07:10:35] <elukey>	 anyway, if we want to reimage the ctrl nodes we could spend a little time trying to make Bullseye working
[07:11:01] <elukey>	 there should be a few packages to copy to bullseye-wikimedia, and nothing more
[07:11:07] <elukey>	 I can quickly check the puppet code
[07:11:17] <elukey>	 so we'd be the first ones running bullseye
[07:59:14] <aiko>	 o/ good morning!
[08:01:01] <elukey>	 morning!
[08:04:33] <elukey>	 so I see
[08:04:34] <elukey>	 kubernetes-master | 1.16.15-4 | bullseye-wikimedia |     component/kubernetes116 | amd64
[08:04:44] <elukey>	 that should be what we need for the k8s master daemons
[08:05:14] <elukey>	 yeah and puppet is updated
[08:05:24] <elukey>	 so in theory the reimage to bullseye should just work klausman 
[09:51:02] <klausman>	 Noted.
[09:51:20] <klausman>	 I'll that in a hot minute (once my brain is fully booted). Also, mornong :)
[09:56:41] <elukey>	 o/
[10:07:05] <klausman>	 Got a bit carried away last night on my gaming group's music chat and only got to bed at 2am
[10:07:27] <klausman>	 Turns out, I'm not 20 anymore, when doing that was nbd
[10:07:44] <klausman>	 But now I have tea and the neurons are starting to fire
[10:08:16] <klausman>	 elukey: so just doing the usual cumin reimage cookbook would do the trick (after setting them to boot the bullseye installer)
[10:09:24] <elukey>	 klausman: no no these are VMs and it is more manual, IIRC the coobook doesn't support them
[10:09:32] <elukey>	 but I could be wrong
[10:09:35] <klausman>	 Ok, I'll dig on WT then
[10:09:53] <klausman>	 I mean I just did the install a few days ago, I should remember :D
[10:10:48] <klausman>	 https://wikitech.wikimedia.org/wiki/Ganeti#Reinstall_/_Reimage_a_VM There we go
[10:12:54] <elukey>	 yes this works for sure
[10:13:16] <elukey>	 one more thing, if we want bullseye - we'll need to change the dhcp config in puppet for the staging ctrl vms
[10:13:37] <klausman>	 Actually they already are on bullseye
[10:14:19] <elukey>	 ah perfect!
[10:14:24] <elukey>	 then it is just a reimage
[10:14:42] <elukey>	 caveat - their puppet certs need to be cleaned/signed
[10:14:55] <elukey>	 cleaned before the reimage, signed after it
[10:15:13] <klausman>	 https://gerrit.wikimedia.org/r/plugins/gitiles/operations/puppet/+/refs/heads/production/modules/install_server/files/dhcpd/linux-host-entries.ttyS0-115200#871
[10:15:20] <elukey>	 basically the node generates a client cert after the first puppet run, and sends a csr to the puppet master
[10:15:27] <klausman>	 Yeah, the puppet cert dance I am aware of.
[10:15:32] <elukey>	 perfect
[10:21:29] <klausman>	 Is there an easy way to see (during the install) if the no-swap part of the partman recipe was picked up
[10:22:01] <elukey>	 in theory no, but I have  tested the recipe in several vms
[10:22:57] <elukey>	 the first time to see it is when running install_console
[10:24:31] <klausman>	 Ah, actually, there is a way
[10:25:04] <klausman>	 as soon as the partitioning has run, you can open one of the shells on the installer, and run `blkid`, which shows you what partitions there are. 
[10:27:06] <klausman>	 https://phabricator.wikimedia.org/P22828 <- before and after partitioning/mkfs
[10:35:17] <elukey>	 mmm without stopping d-i?
[10:35:27] <klausman>	 sure
[10:35:36] <elukey>	 no idea how to do it!
[10:35:39] <klausman>	 ctrl-a 2 will get you the second console
[10:35:46] <elukey>	 TIL thanks!
[10:35:47] <klausman>	 Like a physical Alt-2 would
[10:37:04] <klausman>	 Ok, reinstall done, certs signed, doing initial puppet runs
[10:38:24] <klausman>	 I think the WMF netinstall image basically wraps d-i in screen(1) to enable this kind of stuff
[10:38:56] <klausman>	 I've done _magical_ things this way with partition layouts and the like for private servers. Granted, *black* magic, but still.
[10:46:00] <klausman>	 Ok, all done, including a post-puppet-run reboot
[10:46:22] <klausman>	 Now to make the patch for actually putting k8s stuff on the machines
[11:22:23] <klausman>	 elukey: Looking at https://netbox.wikimedia.org/ipam/prefixes/377/prefixes/ - would we use a /24 each (i.e. 80, 81) for the staging service IPs and pod IPs?
[11:23:26] <klausman>	 77 and 78-79 are going to go away with the renumbering, so I am not sure if we should leave a a gap there in the future
[11:24:14] <klausman>	 OTOH, re-doing the IPs for the staging cluster after renumbering the above-mentioned should not be too disruptive because it's just staging.
[11:32:26] <elukey>	 klausman: for the moment we are not ready to reuse the subnets so I'd choose the first ones that are free
[11:32:56] <klausman>	 Ack. that would be 80/81. Think /24 is enough for pods and services?
[11:38:57] <elukey>	 maybe /23 for services, just in case we want to do extra testing etc..?
[11:39:04] <elukey>	 (many revisions etc..)
[11:40:30] <elukey>	 going out for lunch!
[11:52:52] <klausman>	 bon appetito
[11:53:13] <klausman>	 and yes, /23 sounds good. will do the NB thing after lunch
[14:01:39] <klausman>	 elukey: akosiaris mentioned that we could just use a slice out of the /16 Arzhel signed off on and keep all our IP ranges "together" that way
[14:02:02] <klausman>	 (from T302701)
[14:04:54] <elukey>	 could be an option yes
[14:08:54] <klausman>	 I'm a bit confused about the /16 though. It sounds like they want us to pick one /18 inside of it and then slice that up however we want. Am I reading that right?
[14:09:33] <elukey>	 I think so yes, more than a /18 would mean a ton of ips
[14:11:09] <klausman>	 So a /18 is 4 /20 or 8 /21. We could use the first /20 and the /21 after it for prod, and the last 23 and the preceding /24 for staging. We'll only be able to dodge fragmentation for so long, though.
[14:18:23] <klausman>	 https://phabricator.wikimedia.org/P22831 basically like this
[14:19:46] <elukey>	 (I'll check in a bit)
[14:19:55] <klausman>	 disregard, there be a mistake there
[14:22:50] <klausman>	 and fixed
[14:23:02] <elukey>	 the other thing to keep in mind is that we'll have the train/dse cluster soon to build, that will be shared with data engineering
[14:23:17] <elukey>	 so if we find some space for it as well it would be great
[14:23:35] <klausman>	 Yeah, I think there would still be plenty of space. Would it be in codfw or in eqiad?
[14:24:47] <elukey>	 eqiad
[14:25:32] <klausman>	 Would we allocate prod-sized ranges or staging-size ones? I'd presume the former?
[14:26:11] <elukey>	 yes definitely, we'll need to run full kubeflow on it
[14:26:19] <elukey>	 plus possibly other DE-related things
[14:26:24] <klausman>	 Ok, I'll update the paste with a plan for that
[14:33:16] <klausman>	 And updated, including a rationale
[15:06:18] <elukey>	 reviewing the paste :)
[15:11:06] <elukey>	 calculating subnet ranges on a friday afternoon is not the best
[15:15:38] <elukey>	 klausman: overall it seems good, maybe try to implement it in netbox's ipam so we can ask to netops/serviceops people a final +1 ?
[15:17:01] <klausman>	 Does it have a review mode? I thought allocation edits were immediately active
[15:17:54] <klausman>	 (calculating IP ranges: use ipcalc or ipcalc-ng :))
[15:18:38] <elukey>	 sure but it doesn't really trigger any side effects, it just allocates ips in a dedicated /18 in netbox
[15:18:56] <klausman>	 Ah, sure, I can do that
[15:19:02] <elukey>	 super
[15:27:45] <klausman>	 https://netbox.wikimedia.org/ipam/prefixes/530/prefixes/ and https://netbox.wikimedia.org/ipam/prefixes/535/prefixes/
[15:31:15] <elukey>	 klausman: looks good! Let's wait for feedback in the task!
[15:31:15] <klausman>	 Also added to T302701
[16:00:25] <elukey>	 ah I just noticed that we lost wikibugs (so no phab updates in here)
[16:04:33] <klausman>	 Is it a bad sign that I didn't notice?
[16:07:01] <elukey>	 nono I was wondering why I didn't see my last phab update, and I noticed that the bot is down everywhere
[16:07:14] <elukey>	 no idea how to respawn it, there is doc but never done it
[16:20:46] <chrisalbon>	 Morning all! Today is a US holiday but I’m around if you need anything. Actually I’m just sitting here doing my taxes
[16:23:02] <elukey>	 morning!
[16:29:36] <klausman>	 \o Heya Chris
[16:29:55] <klausman>	 I need to do my 2021 taxes soon, but... motivation
[16:40:48] <elukey>	 started https://gerrit.wikimedia.org/r/c/operations/puppet/+/771947 the preliminary work on ORES to support buster
[16:58:39] <klausman>	 lmk if-when you want a review on that
[17:02:51] <elukey>	 Moritz is going to add python3-scipy to the component, after that I think we can spin up a cloud vm and test it
[17:03:02] <elukey>	 (something like the beta vm that we have)
[17:09:34] <klausman>	 :+1:
[18:15:05] * elukey afk!
[18:15:08] <elukey>	 have a good weekend folks!