[06:55:55] https://github.com/netbox-community/netbox/discussions/6500 [07:58:36] thx, having a look :) [08:04:05] 10Puppet, 10SRE: Allow the deployment of users to a host without their ssh key via the admin module - https://phabricator.wikimedia.org/T212429 (10elukey) 05Open→03Resolved This was done ages ago, probably a dupe of others tasks, closing it! [08:10:02] 10CAS-SSO, 10Analytics, 10Patch-For-Review, 10User-Elukey: Secure Hue/Superset/Turnilo/Yarn/Piwik with CAS (and possibly 2FA) - https://phabricator.wikimedia.org/T159584 (10elukey) 05Open→03Resolved All the UIs are now behind CAS, and we opened T280691 to enforce 2FA properly. [09:25:46] 10Puppet, 10User-jbond: Ensure puppet sends the correct ircd signals to update config and motd - https://phabricator.wikimedia.org/T284052 (10jbond) [11:04:17] 10Packaging, 10Maps, 10Product-Infrastructure-Team-Backlog, 10SRE, 10serviceops: Packaging PostGIS 3.1 for the new Maps stack - https://phabricator.wikimedia.org/T277064 (10hnowlan) postgis 3.1.1 running on maps1009 successfully. Just to note for posterity and reference, we hit some issues upgrading, w... [11:05:02] 10Packaging, 10Maps, 10Product-Infrastructure-Team-Backlog, 10SRE, 10serviceops: Packaging PostGIS 3.1 for the new Maps stack - https://phabricator.wikimedia.org/T277064 (10hnowlan) 05Open→03Resolved [11:33:02] 10Puppet, 10Wikimedia-IRC-RC-Server, 10User-jbond: Ensure puppet sends the correct ircd signals to update config and motd - https://phabricator.wikimedia.org/T284052 (10Peachey88) [13:03:18] 10netops, 10SRE, 10Traffic, 10User-jbond: varnish filtering: should we automatically update public_cloud_nets - https://phabricator.wikimedia.org/T270391 (10jbond) Nice work :) >>! In T270391#7120197, @cmooney wrote: > There is this script for AWS that @ema pointed me towards: > > https://gerrit.wikimed... [14:43:01] 10Puppet, 10SRE-OnFire, 10User-jbond: Create SRE checklist for puppet - https://phabricator.wikimedia.org/T284073 (10jbond) p:05Triage→03Medium [14:44:42] 10CAS-SSO, 10SRE, 10Patch-For-Review, 10User-jbond: Cookbook for centralised logouts and session status queries - https://phabricator.wikimedia.org/T283242 (10jbond) [14:52:56] 10CFSSL-PKI, 10SRE, 10Patch-For-Review: Additional CFSSL tasks - https://phabricator.wikimedia.org/T281369 (10jbond) [14:55:56] 10Puppet, 10GitLab (Initialization), 10Patch-For-Review, 10Release-Engineering-Team (Radar), and 2 others: Puppetise gitlab-ansible playbook - https://phabricator.wikimedia.org/T283076 (10jbond) [14:55:58] 10CFSSL-PKI, 10SRE, 10Patch-For-Review, 10User-jbond: Additional CFSSL tasks - https://phabricator.wikimedia.org/T281369 (10jbond) [14:56:23] 10CAS-SSO, 10Puppet, 10Orchestrator, 10SRE, 10User-jbond: Puppet host certs do not contain Subject Alt Name entries - https://phabricator.wikimedia.org/T273637 (10jbond) [14:56:47] 10Puppet, 10SRE, 10Patch-For-Review, 10User-jbond: Review puppetmaster SSL configueration - https://phabricator.wikimedia.org/T268040 (10jbond) [14:58:36] 10netbox, 10SRE, 10Patch-For-Review, 10User-jbond: Add SSO support to netbox - https://phabricator.wikimedia.org/T244849 (10jbond) [15:08:45] 10netops, 10Data-Persistence-Backup, 10SRE: Understand (and mitigate) the backup speed differences between backup1002->backup2002 and backup2002->backup1002 - https://phabricator.wikimedia.org/T274234 (10jcrespo) FYI, cross-dc backups are now in a "normal state" meaning we should only have those a few hours... [15:15:52] 10CAS-SSO, 10SRE, 10observability, 10User-jbond: thanos u/i gives errors if left idle for a few hours - https://phabricator.wikimedia.org/T268233 (10jbond) [15:17:58] 10netops, 10SRE, 10Traffic, 10User-jbond: varnish filtering: should we automatically update public_cloud_nets - https://phabricator.wikimedia.org/T270391 (10cmooney) Thanks jbond appreciate the feedback. Your improvements to the script look great. Nice work on the parsing, much cleaner than my shite, and... [15:27:03] 10SRE-tools, 10User-jbond: Create base cook book for rebooting/restarting servers/daemons - https://phabricator.wikimedia.org/T284079 (10jbond) p:05Triage→03Medium [15:28:08] 10Puppet, 10SRE-tools, 10SRE, 10User-jbond: Private puppet commit hook checks current state of folder, not what is staged - https://phabricator.wikimedia.org/T278187 (10jbond) [15:35:18] 10CAS-SSO, 10User-jbond: CAS update service script to sync memcache - https://phabricator.wikimedia.org/T273484 (10jbond) p:05Triage→03Low [15:39:47] 10Puppet, 10User-jbond: Puppet CI should use rspec-parallel - https://phabricator.wikimedia.org/T284080 (10jbond) p:05Triage→03Medium [15:41:13] 10CFSSL-PKI, 10SRE, 10Patch-For-Review, 10User-jbond: Additional CFSSL tasks - https://phabricator.wikimedia.org/T281369 (10jbond) [15:44:36] 10Puppet, 10User-jbond: Add type validation to puppetmaster::standalone - https://phabricator.wikimedia.org/T284082 (10jbond) p:05Triage→03Low [15:50:34] 10netops, 10SRE, 10Traffic, 10User-jbond: varnish filtering: should we automatically update public_cloud_nets - https://phabricator.wikimedia.org/T270391 (10jbond) > One thing I do think we should include is some sort of IP aggregation completely agree, its an oversight that it missed > I'm not sure if Ne... [16:12:43] 10netbox: netbox import from PuppetDB: it should ignore 192.168.0.0/16 - https://phabricator.wikimedia.org/T283813 (10ayounsi) 05Open→03Resolved a:03ayounsi Merged and existing IPs deleted. [16:54:00] jbond, volans: meh, the debmonitor sysusers runs into https://phabricator.wikimedia.org/T256098 [16:54:39] I've upgraded ulsfo and this doesn't affect every role, but it does hit the bastions [16:55:10] since they have an "all-users" group which includes every single user and which exceeds 1024 chars [16:55:46] :/ [16:55:50] I'ved pinged https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969926 to get this backported in a buster point release [16:56:29] ack, do we have a way to circumvent the issue for now? [16:56:46] internally patching glibc isn't a wise idea, so I think I'll revert the buster builds to switch back to adduser until this is fixed in glibc [16:56:51] sorry, I'm in the training so can't look too deep right now [16:57:00] there's no real workaround unfortunately [16:57:03] ok [16:57:12] this his stat* hosts before, and was worked around there [16:57:42] we can continue to use sysusers on stretch and bullseye at least (and fall back in buster once it's backported) [16:57:53] k [16:58:03] if you need the old deb package [16:58:12] we can just use the previous one [16:58:25] and just remove the new one from apt [16:58:44] 10Puppet, 10Patch-For-Review, 10User-jbond: Investigate hiera lookup dot notation - https://phabricator.wikimedia.org/T256221 (10jbond) this works as expected see the [[ https://puppet-compiler.wmflabs.org/compiler1003/29769/ | CR linked ]] which produced the following PCC output ` Class[Profile::Sretest]... [17:05:37] 10Puppet, 10Patch-For-Review, 10User-jbond: Investigate hiera lookup dot notation - https://phabricator.wikimedia.org/T256221 (10jbond) 05Open→03Resolved a:03jbond [18:38:45] yeah, but we still want 0.3.0 otherwise for buster, just with adduser instad of systemd-sysusers,so a new build seems better [21:10:25] ack works for me, I'm out tomorrow (bank holiday here), but I can help Thursday to make the release if needed [21:50:48] 10netops, 10SRE, 10Traffic, 10User-jbond: varnish filtering: should we automatically update public_cloud_nets - https://phabricator.wikimedia.org/T270391 (10Volans) >>! In T270391#7126325, @cmooney wrote: > I'm not sure if Netbox is the right place to *store* this data, but happy to discuss. You folk know...