[10:56:15] 10netops, 10Infrastructure-Foundations, 10SRE: Rebuild Routinator (rpki) VMs with larger disk - https://phabricator.wikimedia.org/T292503 (10cmooney) A security update is now available which means we need to upgrade again: https://www.nlnetlabs.nl/news/2021/Nov/09/routinator-0.10.2-released/ I'll dig into... [12:07:06] 10CFSSL-PKI, 10Infrastructure-Foundations, 10Prod-Kubernetes, 10serviceops, and 2 others: Automate issuing of TLS certificates in kubernetes clusters - https://phabricator.wikimedia.org/T294560 (10JMeybohm) [13:27:48] 10CFSSL-PKI, 10Infrastructure-Foundations, 10Prod-Kubernetes, 10serviceops, and 2 others: Automate issuing of TLS certificates in kubernetes clusters - https://phabricator.wikimedia.org/T294560 (10JMeybohm) [14:11:00] jbond: I might need some context for https://gerrit.wikimedia.org/r/c/operations/software/netbox-extras/+/737914 [14:17:27] volans: T229397 [14:17:27] T229397: Puppet: get data (row, rack, site, and other information) from Netbox - https://phabricator.wikimedia.org/T229397 [14:20:50] yeah I got that was related (missing bug ID in the CR), but I thought there was some new context that I wasn't aware of :) [14:23:11] volans: looking at the ticket the last comment seemed to be to create a netbox script to create the data we need for hiera. thats what this new end point is for. fyi its still WIP [14:25:25] where is the mention of a customscript? I don't recall that bit [14:25:37] trying to reload context from Glacier™ [14:27:47] volans: " I'm wondering if we should convert John's patch into a Netbox script instead and take advantage of the speed and power of Django/Netbox internal APIs instead" https://phabricator.wikimedia.org/T229397#6574323 [14:28:15] 1+y ago... wow [14:29:22] I guess we can go that way too, sure [14:30:19] as apose to what, tbh i dont really care which way we do it, i this point i just want to get something out so we can start using it. if you have a better/prefered way say now (or forever hold your piece...) [14:33:43] as opposed of getting the data from the API, but either approach works, I'll review it in a bit unless is too early in the WIP [14:33:56] are you planning to still use the git approach like the automatic dns stuff? [14:34:22] well there is https://gerrit.wikimedia.org/r/c/operations/puppet/+/563186 (bit rotting for 12 months) which uses the API [14:35:40] yes, that's why I was wondering why starting on a different approach, and I was assuming there was some context (tests, discussions) that happened that made you decide to change approach [14:36:40] I'm ok with either tbh for the extraction part from Netbox, with no decision yet on the netbox/nautobot part hard to say what would be more future-proof [14:36:44] the reason to change was the comment linked above i.e. that using the netbox api directly is too slow. we had some chats offline about it as well where i got the impression this was your prefered route [14:36:58] at the same time I don't think either way will require too much refactor anyway, no matter which route we'll go [14:38:21] as to deployng i think ultimatly this would use git and whatever comes out of your unified approch for deploying git based repos. in the short term ill probably do some copy bast of the dns cookbook [14:41:01] the git based repos is more for human-updated repos but sure, for now we can replicate what we do for the dns automation stuff, seems the cleanest we have atm [14:46:56] manual vs automatic deploy was still in up in the air, however deployments need to be faily syncronised, so having so a systemd timer running on the pupetmasteres is a none starter. As such i think manual via git is probably the best starting option and we can iterate as use cases and pain points surface [14:48:55] yep agree [14:57:52] 10CAS-SSO, 10netbox, 10Infrastructure-Foundations, 10User-jbond: investigate netbox login issues - https://phabricator.wikimedia.org/T295148 (10jbond) [15:01:34] 10CAS-SSO, 10netbox, 10Infrastructure-Foundations, 10User-jbond: investigate netbox login issues - https://phabricator.wikimedia.org/T295148 (10jbond) > Solution > > I think that the solution would just be to add a user_can_authenticate(user) method to the CASGroupBackend class that either returns always T... [15:03:26] 10CAS-SSO, 10netbox, 10Infrastructure-Foundations, 10User-jbond: investigate netbox login issues - https://phabricator.wikimedia.org/T295148 (10Volans) I was thinking of maybe checking if `HTTP_CAS_USER` or any of the other `HTTP_X_CAS_*` headers are set, regardless of the value, like maybe `HTTP_X_CAS_CN... [16:27:49] 10CAS-SSO, 10netbox, 10Infrastructure-Foundations, 10User-jbond: investigate netbox login issues - https://phabricator.wikimedia.org/T295148 (10jbond) >>! In T295148#7495993, @Volans wrote: > I was thinking of maybe checking if `HTTP_CAS_USER` or any of the other `HTTP_X_CAS_*` headers are set, regardless... [18:48:13] 10SRE-tools, 10Infrastructure-Foundations, 10Observability-Metrics: wmflib.prometheus: add support for thanos backend - https://phabricator.wikimedia.org/T295498 (10Volans) p:05Triage→03Medium