[06:13:42] 10serviceops, 10Dumps-Generation: Test php7.4 for dumps generation - https://phabricator.wikimedia.org/T295580 (10ArielGlenn) 05Open→03Resolved a:03ArielGlenn Tested category rdf dumps and content translation dumps and they look good. That concludes all testing. With coordination, the snapshot hosts coul... [06:13:44] 10serviceops: Test running php7.2 and php7.4 in parallel on the beta cluster - https://phabricator.wikimedia.org/T295578 (10ArielGlenn) [07:10:57] 10serviceops, 10Patch-For-Review: Upgrade kafka-main nodes to buster - https://phabricator.wikimedia.org/T296641 (10elukey) ` elukey@kafka-main1001:~$ sudo find / \( -path /proc -o -path /mnt -o -path /sys -o -path /dev -o -path /media -o -path /srv/kafka/data \) -prune -false -o -user kafka /etc/kafka/ssl /et... [07:12:10] 10serviceops, 10Patch-For-Review: Upgrade kafka-main nodes to buster - https://phabricator.wikimedia.org/T296641 (10elukey) ` #!/bin/bash set -x change_uid() { # $1 new uid # $2 username if id "$2" &>/dev/null then OLD_UID=$(id -u $2) usermod -u $1 $2 find / \( -path /... [07:46:51] 10serviceops, 10Data-Engineering, 10observability: Move kafka clusters to fixed uid/gid - https://phabricator.wikimedia.org/T296982 (10elukey) [07:47:35] 10serviceops, 10Data-Engineering, 10observability: Move kafka clusters to fixed uid/gid - https://phabricator.wikimedia.org/T296982 (10elukey) [07:48:04] 10serviceops, 10Data-Engineering, 10observability: Move kafka clusters to fixed uid/gid - https://phabricator.wikimedia.org/T296982 (10elukey) [07:49:09] 10serviceops, 10Data-Engineering, 10observability: Move kafka clusters to fixed uid/gid - https://phabricator.wikimedia.org/T296982 (10elukey) [07:49:34] sorry [07:49:50] if you like the plan --^ I can take care of kafka main [07:49:55] maybe starting with main-codfw [07:50:03] currently doing kafka test, it works fine [09:29:52] hello folks, I have some ideas about egress for ML, going to write in here [09:30:03] you are free to ignore me of course :D [09:30:38] the ml-serve cluster will basically host the same kind of service, namely based on the InferenceService CRD that Kserve provides [09:30:56] we'll need to fetch data from few endpoints, like MW API, Swift, etc.. [09:31:30] and in the process it would be great to apply some circuit breaking / limits to avoid issues if bots hammer our future endpoints [09:31:51] due to the whole istio mesh thing, instead of using the envoy sidecars I tried the Istio Egress gateway [09:31:55] that seems to work well [09:32:28] it would be nice to use it since if we (as ML) want to enable mTLS in Istio, we'll be able to with little changes [09:32:52] and the whole ingress -> sidecar proxy -> egress mesh concept should remain consistent [09:33:26] now, if the above makes sense, I'll add some configs to deployment-charts to allow the definition of egress gateways [09:33:32] (plus their NetworkPolicies) [09:33:46] the main question mark that I have is about the circuit breaking limits [09:35:39] that IIUC at the moment we have some settings for "TCP proxies" in _tls_helpers.tpl right? [09:35:54] or is there more? [10:39:41] 10serviceops, 10Data-Engineering, 10Data-Engineering-Kanban, 10observability: Move kafka-jumbo to a fixed uid - https://phabricator.wikimedia.org/T296990 (10BTullis) [10:39:51] 10serviceops, 10Data-Engineering, 10Data-Engineering-Kanban, 10observability: Move kafka-jumbo to a fixed uid/gid - https://phabricator.wikimedia.org/T296990 (10BTullis) [10:41:46] 10serviceops, 10Data-Engineering, 10Data-Engineering-Kanban, 10observability: Move kafka-jumbo to a fixed uid/gid - https://phabricator.wikimedia.org/T296990 (10BTullis) p:05Triage→03Medium [12:50:06] <_joe_> elukey: that's the right place yes [12:50:11] <_joe_> sorry I didn't notice earlier [16:04:44] 10serviceops: Productionise mc20[38-55] - https://phabricator.wikimedia.org/T293012 (10Papaul) [16:17:55] 10serviceops, 10Security-Team, 10GitLab (CI & Job Runners), 10Patch-For-Review, and 2 others: Setup GitLab Runner in trusted environment - https://phabricator.wikimedia.org/T295481 (10Jelto) I created a runner in codfw as well: `gitlab-runner2001`. ` jelto@puppetmaster1001:~$ sudo puppet cert -s gitlab-ru...