[04:58:20] 10SRE-tools, 10netops, 10DC-Ops, 10SRE: Allow idrac tftp fetching of firmware updates (either to existing tftp or new solution) - https://phabricator.wikimedia.org/T283771 (10Papaul) One other option is to use a bash script and a text file with the IP addresses of the nodes (see below) Note: This was test... [08:15:52] 10SRE-tools, 10netops, 10DC-Ops, 10SRE: Allow idrac tftp fetching of firmware updates (either to existing tftp or new solution) - https://phabricator.wikimedia.org/T283771 (10ayounsi) @RobH what are the conclusions of yesterday's experiment? Is it ok to rollback the network change? @Papaul that looks usef... [08:44:34] 10SRE-tools, 10netops, 10DC-Ops, 10SRE: Allow idrac tftp fetching of firmware updates (either to existing tftp or new solution) - https://phabricator.wikimedia.org/T283771 (10cmooney) @papaul that looks like a nice approach. One thing we need to consider @ayounsi is that this makes the connection to the i... [11:02:20] 10SRE-tools, 10netops, 10DC-Ops, 10SRE: Allow idrac tftp fetching of firmware updates (either to existing tftp or new solution) - https://phabricator.wikimedia.org/T283771 (10jbond) From the very original post regarding a tftp server in general i think option B is the better choice. i'm also thinking we m... [11:54:16] 10SRE-tools, 10netops, 10DC-Ops, 10SRE: Allow idrac tftp fetching of firmware updates (either to existing tftp or new solution) - https://phabricator.wikimedia.org/T283771 (10MoritzMuehlenhoff) >>! In T283771#7151163, @jbond wrote: > From the very original post regarding a tftp server in general i think op... [13:32:27] jbond, moritzm, the tftp task went a bit in all the directions, but separating the webproxies could be an opportunity to fix https://phabricator.wikimedia.org/T242715 :) [13:58:10] it's also worth considering to revisit whether it's actually useful to have the web proxies in the edges, looking at the access.log in esams, it's just a few requests to security.debian.org/debug.debian.org and a handful of requests to ocsp.digicert.com [13:58:52] having the go against eqiad/codfq would have no measurable perfomance loss and keep things simpler [14:08:07] that wouldn't solve the SPOF, but I agree that the leaner we can keep the POPs, the better [14:11:54] 10SRE-tools, 10netops, 10DC-Ops, 10SRE: Allow idrac tftp fetching of firmware updates (either to existing tftp or new solution) - https://phabricator.wikimedia.org/T283771 (10RobH) Ok so in testing yesterday we got the idrac firmware to load over TFTP, but it seems they don't support TFTP for DUP files lik... [14:16:33] 10netbox: Request to add Custom fields in Netbox - https://phabricator.wikimedia.org/T284614 (10ayounsi) Some thoughts: The "config-FY" set is an abstraction of a list of hardware features, and is not divisible. So for that using 1 field would make more sens to me instead of 2. Unless we need to report on all "c... [15:55:31] 10netops, 10SRE: Cloud IPv6 subnets - https://phabricator.wikimedia.org/T187929 (10cmooney) I agree on option 2 above that it makes sense to assign a /48 for cloud services at each site. Some people these days are assigning a /64 per-VM so we should provide space to cater for potential future cases such as th... [15:58:31] 10CFSSL-PKI, 10Packaging, 10User-jbond: Package Latest version go-cfssl - https://phabricator.wikimedia.org/T283840 (10jbond) ` bundler_test.go:895: {"code":1220,"message":"x509: certificate signed by unknown authority"} # relates to : FAIL FAIL github.com/cloudflare/cfssl/bundler 16.170s ` [16:02:59] 10CFSSL-PKI, 10Packaging, 10User-jbond: Package Latest version go-cfssl - https://phabricator.wikimedia.org/T283840 (10jbond) > executable file not found in $PATH For this i patched the commands to use .bin/path which by checking `/proc/$(pidof go test)/cdw.bin/cfssl` looked right to me but i still get `... [16:05:52] 10netbox: Request to add Custom fields in Netbox - https://phabricator.wikimedia.org/T284614 (10faidon) >>! In T284614#7147294, @wiki_willy wrote: > ++ @faidon, who might be able to provide more feedback on this. Some background that I think most know, but just to make sure we're all in the same page: for FY21-... [17:01:17] 10CFSSL-PKI, 10Packaging, 10User-jbond: Package Latest version go-cfssl - https://phabricator.wikimedia.org/T283840 (10jbond) > TestHandshakeClientCertRSA Not sure why but all of theses tests run very slowly almost like OpenSSL is hanging and waiting for input, possibly due to using insecure options? for no... [17:08:47] 10CFSSL-PKI, 10Packaging, 10User-jbond: Package Latest version go-cfssl - https://phabricator.wikimedia.org/T283840 (10jbond) [20:24:03] 10Mail, 10Znuny, 10User-jbond: Clean up OTRS/Znuny addresses handles by gsuite - https://phabricator.wikimedia.org/T284145 (10DC) (VRTS admin:) Except of `glam@wikimedia.org`, all listed mail addresses are deactivated in Znuny/OTRS, so no further actions necessary. For `glam@wikimedia.org` there is still a q... [23:39:35] 10SRE-tools, 10netops, 10DC-Ops, 10SRE, 10Patch-For-Review: Allow idrac tftp fetching of firmware updates (either to existing tftp or new solution) - https://phabricator.wikimedia.org/T283771 (10Dzahn) I reverted the firewall (ferm) change that allowed mgmt to connect to install since as comments above s...