[07:56:15] 10netbox, 10Infrastructure-Foundations, 10SRE: Grant cn=nda some sort of read only access to Netbox - https://phabricator.wikimedia.org/T302870 (10ayounsi) I agree that having more levels of NDA wouldn't be a good path forward. My previous comment was towards auditing if there was anything that shouldn't be... [09:45:15] 10netbox, 10Infrastructure-Foundations, 10SRE: Grant cn=nda some sort of read only access to Netbox - https://phabricator.wikimedia.org/T302870 (10akosiaris) >>! In T302870#8021449, @Dzahn wrote: > Before we talk about technical implementation and putting this on ice. I am wondering..has anyone even had spec... [10:32:18] 10netbox, 10netops, 10Infrastructure-Foundations: Netbox: use FHRP Groups feature - https://phabricator.wikimedia.org/T311218 (10ayounsi) p:05Triage→03Low [10:32:29] 10netbox, 10netops, 10Infrastructure-Foundations: Netbox: use FHRP Groups feature - https://phabricator.wikimedia.org/T311218 (10ayounsi) [10:32:31] 10netbox, 10Infrastructure-Foundations, 10Patch-For-Review: Upgrade Netbox to 3.2 - https://phabricator.wikimedia.org/T296452 (10ayounsi) [10:48:05] 10netbox, 10netops, 10Infrastructure-Foundations: Netbox: use FHRP Groups feature - https://phabricator.wikimedia.org/T311218 (10ayounsi) https://netbox-next.wikimedia.org/ipam/fhrp-groups/1/ {F35267517} Some quick thoughts: * It help get rid of duplicate IPs as a VIP is assigned to the group, which is the... [13:35:18] 10SRE-tools, 10Discovery, 10Infrastructure-Foundations, 10Discovery-Search (Current work), 10IPv6: Some elastic hosts do not have IPv6 DNS records - https://phabricator.wikimedia.org/T271143 (10bking) 05Open→03Resolved [13:35:26] 10netbox, 10Infrastructure-Foundations, 10IPv6, 10User-jbond: Some clusters do not have DNS for IPv6 addresses (TRACKING TASK) - https://phabricator.wikimedia.org/T253173 (10bking) [14:18:56] It seems the motd snippet which prints the "Virtual machine on ganeti cluster" also needs updating after https://gerrit.wikimedia.org/r/c/operations/puppet/+/807546/ ? On VMs it's currently printing an empty value after Puppet has run [14:20:19] moritzm: yes that was me [14:20:27] I've merged a change in puppet and on in the netbox side [14:20:35] but the cookbook supposed to make those values updated is failing [14:20:42] I'm debugging why [14:20:52] I can revert though the puppet change if that's causing any harm [14:21:34] I was checking privately with jbond if he had encountered this issue earlier [14:27:10] 10CAS-SSO, 10Infrastructure-Foundations, 10SRE: Upgrade IDPs to CAS 6.5/Bullseye and enable webauthn - https://phabricator.wikimedia.org/T305518 (10MoritzMuehlenhoff) [14:28:02] 10CAS-SSO, 10Infrastructure-Foundations, 10SRE: Update CAS to 6.5 - https://phabricator.wikimedia.org/T311235 (10MoritzMuehlenhoff) [14:29:10] 10CAS-SSO, 10Infrastructure-Foundations, 10SRE: Update CAS to 6.5 - https://phabricator.wikimedia.org/T311235 (10MoritzMuehlenhoff) cas 6.5.5 has been built and uploaded to apt.wikimedia.org. It's currently installed on idp-test.wikimedia.org and functionality is working fine. The WMF-specific theming needs... [14:29:13] and he's fixing it now, so I should fi the issue in a minute [14:29:56] 10CAS-SSO, 10Infrastructure-Foundations, 10SRE: Enable webauthn in CAS to replace U2F - https://phabricator.wikimedia.org/T311236 (10MoritzMuehlenhoff) [14:30:49] excellent, thanks [14:33:14] and now puppet is broken, damn, sorry, fixing [15:04:34] 10CAS-SSO, 10Infrastructure-Foundations, 10SRE, 10Patch-For-Review: Enable webauthn in CAS to replace U2F - https://phabricator.wikimedia.org/T311236 (10MoritzMuehlenhoff) Status update: With a hacked-up config on idp-test.w.o and when configuring a user to pass mfa-webauthn to the Groovy script I'm gettin... [15:31:07] 10CAS-SSO, 10Infrastructure-Foundations, 10SRE: Enable webauthn in CAS to replace U2F - https://phabricator.wikimedia.org/T311236 (10jbond) >but that bails out with a bean error related to the fasterxml parser, Wonder if this is related to the [[ https://gerrit.wikimedia.org/r/plugins/gitiles/operations/sof... [15:35:35] 10CAS-SSO, 10Infrastructure-Foundations, 10SRE: Enable webauthn in CAS to replace U2F - https://phabricator.wikimedia.org/T311236 (10MoritzMuehlenhoff) >>! In T311236#8023420, @jbond wrote: >>but that bails out with a bean error related to the fasterxml parser, > Wonder if this is related to the [[ https://... [17:31:45] 10netops, 10Infrastructure-Foundations, 10SRE, 10Traffic: Upgrade to Bird 2 - https://phabricator.wikimedia.org/T310574 (10ssingh) During the upgrade to bird2 today, the bird side of things seems to have caused no issues. The bird2 service started successfully and the configuration file was correct. Howeve... [17:57:48] 10netbox, 10Infrastructure-Foundations, 10SRE: Grant cn=nda some sort of read only access to Netbox - https://phabricator.wikimedia.org/T302870 (10Dzahn) Thank you for the examples. That makes sense to me. Especially if Dell advises to keep them secret.