[00:20:30] 10netops, 10Infrastructure-Foundations, 10SRE, 10Traffic: Remove static routes for LVS VIPs from core routers - https://phabricator.wikimedia.org/T300877 (10BBlack) I can fill in the scenario/story part a bit! For background: * Technically, LVS and pybal are separate things running on the same server. L... [08:28:23] 10SRE-tools, 10Infrastructure-Foundations, 10Observability-Alerting: Spicerack: add support for Alertmanager - https://phabricator.wikimedia.org/T293209 (10fgiunchedi) >>! In T293209#7675209, @Volans wrote: >>>! In T293209#7675048, @fgiunchedi wrote: >>>>! In T293209#7670485, @Volans wrote: >>> - To suppor... [08:51:21] 10netops, 10Infrastructure-Foundations, 10SRE, 10Traffic: Remove static routes for LVS VIPs from core routers - https://phabricator.wikimedia.org/T300877 (10akosiaris) >>! In T300877#7677259, @BBlack wrote: > I can fill in the scenario/story part a bit! For background: > > * Without static routes, if pyb... [08:55:44] 10netops, 10Infrastructure-Foundations, 10SRE, 10Traffic: Remove static routes for LVS VIPs from core routers - https://phabricator.wikimedia.org/T300877 (10Volans) For the human-generated part that seems easy to prevent automating the process via a cookbook that can have all the checks and fail safes need... [09:01:14] 10netops, 10Infrastructure-Foundations, 10SRE, 10Traffic: Remove static routes for LVS VIPs from core routers - https://phabricator.wikimedia.org/T300877 (10akosiaris) >>! In T300877#7677666, @Volans wrote: > For the human-generated part that seems easy to prevent automating the process via a cookbook that... [09:16:05] 10SRE-tools, 10homer, 10netbox, 10netops, and 3 others: Investigate Capirca - https://phabricator.wikimedia.org/T273865 (10ayounsi) 05In progress→03Resolved We're now using Capirca to manage most of our router ACLs [09:22:44] 10netops, 10Infrastructure-Foundations, 10SRE, 10Traffic: Remove static routes for LVS VIPs from core routers - https://phabricator.wikimedia.org/T300877 (10akosiaris) Re-reading my reply, I realized I may appear pro having those static routes (I am actually not) whereas my intent was to just provide a dat... [11:01:51] 10Puppet, 10Infrastructure-Foundations, 10good first task: Routinator: use tmpfs - https://phabricator.wikimedia.org/T300955 (10Aklapper) [14:50:27] 10netops, 10Data-Engineering, 10Infrastructure-Foundations, 10Product-Analytics, and 2 others: Maybe restrict domains accessible by webproxy - https://phabricator.wikimedia.org/T300977 (10Ottomata) [15:30:59] 10SRE-tools, 10Infrastructure-Foundations, 10serviceops: Add a kubernetes module to spicerack - https://phabricator.wikimedia.org/T300879 (10Joe) More in detail, I would reduce the choices to a match between python-kubernetes, which we already use in imagecatalog, and kubectl. I started taking a look at how... [15:57:29] 10netops, 10Infrastructure-Foundations, 10SRE, 10Traffic-Icebox, 10Patch-For-Review: Create Generalised blocking strategy - https://phabricator.wikimedia.org/T270618 (10MoritzMuehlenhoff) > I think we could also take the decision to no bother with this additional complexity and take the stance that if so... [15:58:51] 10SRE-tools, 10Infrastructure-Foundations, 10SRE: Pairing tool for new SREs using sudo under supervision - https://phabricator.wikimedia.org/T299989 (10MoritzMuehlenhoff) Ack, I'll have a closer look over the course of February [15:59:09] 10SRE-tools, 10Infrastructure-Foundations, 10SRE, 10User-MoritzMuehlenhoff: Pairing tool for new SREs using sudo under supervision - https://phabricator.wikimedia.org/T299989 (10MoritzMuehlenhoff) [17:15:50] 10netops, 10Data-Engineering, 10Infrastructure-Foundations, 10Product-Analytics, and 2 others: Maybe restrict domains accessible by webproxy - https://phabricator.wikimedia.org/T300977 (10jbond) Thanks for creating this task Andrew, Just wanted to copy paste the following from the parent task in-case there... [19:58:38] 10Puppet, 10Infrastructure-Foundations, 10SRE: Refactor P:base::firewall to pull host directly from puppetdb - https://phabricator.wikimedia.org/T300957 (10Peachey88)