[10:07:37] there are time zone updates released by Debian (tzdata package): [10:07:39] The data shipped with the tzdata package includes a list of officially [10:07:40] announced leap seconds. The leap second list in the package currently [10:07:41] in bullseye and buster will expire at the end of June, making it [10:07:43] unusable. [10:08:27] these are rolled out all across production, for container images I don't think we need any update since time resolution happens within the container host [10:08:49] but let me know if I should be missing anything or if you want to rebuild production images anyway? [10:14:43] 10serviceops, 10Wikimedia-Developer-Portal, 10Goal, 10Service-deployment-requests: New Service Request: developer-portal - https://phabricator.wikimedia.org/T297140 (10JMeybohm) This has been deployed for some time so I moved it to the Done column, but I see 2 remaining unchecked items in the Checklist sec... [11:03:06] moritzm: should be fine not to rebuild I [11:03:16] *I would say [11:38:31] ack [12:02:49] should be fine to not rebuild, I don't expect anything to croak due to a leap second [12:03:38] as far as I know, time namespaces aren't used in docker containers [12:03:59] they just use the time namespace of the host, so pid 1, systemd [12:04:33] ok [12:05:06] that being said, I am not sure time zone data is namespaced at all in time namespaces [12:05:25] I had a look at NTP implementations installed in containers images and there's only five releng node-test images and the Chromium/proton image which include systemd-timesyncd [12:05:33] https://man7.org/linux/man-pages/man7/time_namespaces.7.html doesn't mention anything about time zones [12:05:59] so even if there's an issue there it would be limited to proton which we rebuild every 1-2 weeks anyway for new Chromium debs [12:07:28] ah, so timezones definitions are anyway on the fs, so it's the mount namespace that matters. That one is definitely namespaced so yeah images will not pick up the change [12:07:49] It might matter for logs? [12:07:53] can't think anything else [12:08:37] even if, for logs I think we could live with a one second slip :-) [12:09:07] jvms used to not like seeing leap seconds 10 years ago, but a) that's 10 years ago and from what we 've seen in the past it doesn't apply anymore b) I gather the things running in the containers not seeing the leap second aren't gonna complain anyway [12:09:12] ignorance is bliss etc [12:09:32] yeah, worse case scenario we have logs 1 sec in the future I think [13:27:59] Hello Service Ops :-) We're beginning the process of building a new Kubernetes cluster, so we're in need of your blessing and your guidance. [13:28:24] There is the start of a design document here: https://docs.google.com/document/d/1mxkgIvtUpv6W6kvVPGEdkiJ0NW07vTsrsgMZx87Ltn8/edit [13:28:45] ...and a workboard in Phab here: https://phabricator.wikimedia.org/tag/dse-kubernetes-cluster/ [13:30:04] can we get access to the doc? [13:30:20] 10serviceops, 10Wikimedia-Developer-Portal, 10Goal, 10Service-deployment-requests: New Service Request: developer-portal - https://phabricator.wikimedia.org/T297140 (10bd808) >>! In T297140#8019383, @JMeybohm wrote: > This has been deployed for some time so I moved it to the Done column, but I see 2 remain... [13:30:41] This project evolved from 'Lift Wing' so it's primarily myself, elukey and klausman who will be involved in the initial build, I believe. [13:31:16] Oh, sorry question_mark I thought it was accessible WMF wide. I'll try to share it now. [13:31:48] thanks [13:32:52] I've added a few people, but I think that odimitrievic owns the shared folder. I'll ping her too. [13:38:28] thanks ben, I left a few questions but they may be answered already by other materials [13:40:35] Great, thanks mark. [15:31:00] 10serviceops, 10SRE, 10Patch-For-Review: Requesting SSH keypair for deployment server keyholder to push to Gerrit - https://phabricator.wikimedia.org/T310620 (10JMeybohm) I would assume we can reuse the `pwstore/pw.git/deployment-key-passphrase` for this as the audience is the same as well? [16:23:46] 10serviceops, 10SRE, 10Patch-For-Review: Requesting SSH keypair for deployment server keyholder to push to Gerrit - https://phabricator.wikimedia.org/T310620 (10akosiaris) 05Open→03Resolved [16:23:50] 10serviceops, 10SRE, 10Patch-For-Review: Requesting SSH keypair for deployment server keyholder to push to Gerrit - https://phabricator.wikimedia.org/T310620 (10akosiaris) >>! In T310620#8020287, @JMeybohm wrote: > I would assume we can reuse the `pwstore/pw.git/deployment-key-passphrase` for this as the aud... [16:24:34] 10serviceops, 10SRE, 10Patch-For-Review: Requesting SSH keypair for deployment server keyholder to push to Gerrit - https://phabricator.wikimedia.org/T310620 (10akosiaris) a:03akosiaris key generated, change merged, keyholder and keyholder-proxy restart and rearmed. I think we are done on this front! I am... [16:56:50] 10serviceops, 10SRE: Requesting SSH keypair for deployment server keyholder to push to Gerrit - https://phabricator.wikimedia.org/T310620 (10dancy) Thank you @akosiaris ! What's the official way to collect the public key? [17:04:10] 10serviceops, 10SRE: Requesting SSH keypair for deployment server keyholder to push to Gerrit - https://phabricator.wikimedia.org/T310620 (10akosiaris) >>! In T310620#8020587, @dancy wrote: > Thank you @akosiaris ! > > What's the official way to collect the public key? Can't say we have an official way to... [17:39:56] 10serviceops, 10SRE: Requesting SSH keypair for deployment server keyholder to push to Gerrit - https://phabricator.wikimedia.org/T310620 (10dancy) Beautiful. I added the public key to Gerrit's trainbranchbot using the following command: ` echo ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA9PnDpx0+F5mgJUbLxiCOFm2G5an... [23:17:57] 10serviceops, 10DNS, 10SRE, 10Traffic, and 2 others: Setup redirect of policy.wikimedia.org to Advocacy portal on Foundation website - https://phabricator.wikimedia.org/T310738 (10Dzahn) >>! In T310738#8018422, @Varnent wrote: > We are "closing" this site on the VIP site. So, essentially whenever we want o... [23:57:26] 10serviceops, 10MW-on-K8s, 10Performance-Team (Radar): mw-on-k8s apache config missing cache-control for /static/ files - https://phabricator.wikimedia.org/T309358 (10Krinkle) 05Resolved→03Open Re-opening for now. I closed it on the assumption it woud roll out more or less by itself within a few days, bu...