[08:42:25] 10Puppet, 10netbox, 10Infrastructure-Foundations, 10SRE, and 3 others: Netbox: use the netbox to also sync networks and network devices - https://phabricator.wikimedia.org/T329272 (10ayounsi) That's awesome! * Usecase #1 is to populate: https://gerrit.wikimedia.org/r/plugins/gitiles/operations/puppet/+/r... [09:09:56] 10Puppet, 10netbox, 10Infrastructure-Foundations, 10SRE, and 3 others: Netbox: use the netbox to also sync networks and network devices - https://phabricator.wikimedia.org/T329272 (10ayounsi) Usecase #2 is to replace the hardcoded values from: https://gerrit.wikimedia.org/r/plugins/gitiles/operations/pupp... [09:10:21] volans: I vaguely remember that I ran into something like this before, there is something very odd about the way evals are processed, IIRC they are processed right when the target is being entered, not sequentially [09:10:40] so it's effectively returning the value of bin/python3 -m certifi before it's getting set up [09:11:52] let me see whether I can find a reference for that [09:13:23] 10Puppet, 10netbox, 10Infrastructure-Foundations, 10SRE, and 3 others: Netbox: use the netbox to also sync networks and network devices - https://phabricator.wikimedia.org/T329272 (10ayounsi) Usecase #3 is to generate https://gerrit.wikimedia.org/r/plugins/gitiles/operations/puppet/+/refs/heads/production... [09:13:26] moritzm: ah, interesting. I came up with that after a couple of stackoverflow answers.. [09:16:05] looks like I didn't get the reply? [09:16:23] there's nothing really useful in the Makefile info/man page, but I found https://stackoverflow.com/questions/38227975/when-should-a-call-to-eval-be-evaluated-in-a-make-recipe where someome ran into the same issue [09:18:37] XioNoX: you were not here :) [09:18:57] volans: that wouldn't have happened on Slack ;) [09:30:38] moritzm: and do you have any suggestion on how to circumvent the issue? I just need to get a value after the venv is created and use it in 2 commands [09:31:00] I guess I could split that into 2 targets and the eval would work in the second target but a bit meh [09:35:32] hmmh, let me try an alternative fix [09:40:06] so, I think there's two options: 1. what you mentioned, creating a separate pip_install: target or 2. given that the certifi call only happens twice and is cheap we could just as well just run it in place, like https://paste.debian.net/hidden/6dfb6dbd/ (untested) [09:40:36] 3. write an Ant/Maven filed :-) [09:41:53] moritzm: the worry I have with 2. is that after the 'rm' the call will return empty string because certifi will notice that the cert is not there anymore [09:41:56] but I didn't test it [09:43:09] ah, yes. but we can simply swap the commands and first setup the symlink? [09:43:45] the symlink replaces the file [09:44:10] ah, right [09:44:11] * volans tries if ln -f works here [09:44:47] cd /tmp [09:44:49] touch foo [09:44:52] $ ln -svf /etc/debian_version foo [09:44:52] 'foo' -> '/etc/debian_version' [09:44:56] seems to work fine [09:45:03] Feb 14 09:44 foo -> /etc/debian_version [09:45:24] at least on bullseye [09:45:48] going for inline and single command [09:48:17] ack, sounds good [09:49:38] there might be even a solution to forcing eval, but not something within what I know about Makefiles (or even want to know at this point :-) [09:52:40] yeah [09:52:50] already too complicated for a very simple need [10:46:10] * volans will wipe the DB on netbox-next and import a fresh dump from production [10:52:04] 10Puppet, 10Infrastructure-Foundations, 10SRE, 10Patch-For-Review, 10Technical-Debt: Convert all of our site.pp/roles to the role/profile paradigm - https://phabricator.wikimedia.org/T159412 (10MoritzMuehlenhoff) >>! In T159412#8599008, @Dzahn wrote: > @Muehlenhoff Here was my attempt to fix the "mediaw... [11:57:35] 10Puppet, 10netbox, 10Infrastructure-Foundations, 10SRE, and 3 others: Netbox: use the netbox to also sync networks and network devices - https://phabricator.wikimedia.org/T329272 (10ayounsi) Usecase #4 is to centrally manage the list BGP routers (core routers or ToR switches) used for host to configure t... [13:15:16] 10Puppet, 10netbox, 10Infrastructure-Foundations, 10SRE, and 3 others: Netbox: use the netbox to also sync networks and network devices - https://phabricator.wikimedia.org/T329272 (10jbond) [13:36:51] 10Puppet, 10netbox, 10Infrastructure-Foundations, 10SRE, and 3 others: Netbox: use the netbox to also sync networks and network devices - https://phabricator.wikimedia.org/T329272 (10jbond) > alarms: true we can set based on the device model (false by default as we have more mx204s, then if mx480: true) J... [13:57:42] * volans errand to run bbiab [16:12:17] 10Puppet, 10netbox, 10Infrastructure-Foundations, 10SRE, and 3 others: Netbox: use the netbox to also sync networks and network devices - https://phabricator.wikimedia.org/T329272 (10jbond) > The OOB ones are tricky and should probably be kept for last, probably by fetching the OOB circuits, and not the d... [17:08:56] hi all, please fix the numerous puppet failures in the 'ldap-dev' cloud vps project, thanks. https://prometheus-alerts.wmcloud.org/?q=%40state%3Dactive&q=project%3Dldap-dev [17:15:00] taavi: those are mine, will do taavi, thanks [17:24:21] jbond: anything I need to note about removing (well, really, renaming) a PKI intermediate? [17:27:19] cdanis i dont think so thet relevent directories should be fully managed so the new files will get created and the old ones removed [17:27:28] lovely thanks [17:28:55] actully you may end up with some stale entries the cfssl-ocsp* systemd units (this is a genral issue i have seen with systemd units) [17:29:18] mmm ok [17:29:24] i think if you just systemctl stop $service && systemctl disable service and reload is the normal fix [17:29:32] I don't think I merged the patch that enables ocsp yet? [17:29:34] got it [17:30:01] it you only merged the one for the root-ca you should be fine [17:30:11] 👍 [17:30:13] thanks! [17:30:18] np [17:35:56] Notice: /Stage[main]/Cfssl/File[/etc/cfssl/ssl/k8s_aux]/ensure: removed [17:36:06] 👍 [17:51:15] jbond: another quick thing, is it expected that Hosts: auto doesn't work for this patch? https://gerrit.wikimedia.org/r/c/operations/puppet/+/889175 [17:51:32] I'm guessing because it doesn't touch any actual Puppet code it doesn't work? [17:52:17] cdanis: yes thats correct we only analyses pp files classes and defines [17:52:32] makes sense [17:52:38] we could probably analyeses the yaml files but i think that could get a bit messy [17:52:44] yeah it's tricky [17:53:09] we should just get a ton of compute for jenkins runners so we can just do full diffs all the time ;) [17:54:44] we could probably make auto the default now tbh, i just need to refactor some of the tests (i didn;t add enough coverage when i added the auto function) [17:55:32] and if auto is the default we can probably set check experimental to default as well at least try it out. its on my mind to do but no priority at the moment [17:55:42] all fair [18:34:17] 10netops, 10DBA, 10Data-Persistence, 10Infrastructure-Foundations, and 9 others: codfw row B switches upgrade - https://phabricator.wikimedia.org/T327991 (10JMeybohm) [19:17:05] 10Puppet, 10netbox, 10Infrastructure-Foundations, 10SRE, and 2 others: Netbox: use the netbox to also sync networks - https://phabricator.wikimedia.org/T329669 (10jbond) [19:17:18] 10Puppet, 10netbox, 10Infrastructure-Foundations, 10SRE, and 2 others: Netbox: use the netbox to also sync networks - https://phabricator.wikimedia.org/T329669 (10jbond) p:05Triage→03Medium [19:19:23] 10Puppet, 10netbox, 10Infrastructure-Foundations, 10SRE, and 2 others: Netbox: use the netbox to also sync networks - https://phabricator.wikimedia.org/T329669 (10jbond) [19:26:57] 10Puppet, 10netbox, 10Infrastructure-Foundations, 10SRE, and 2 others: Netbox: use the netbox to also sync networks - https://phabricator.wikimedia.org/T329669 (10jbond) [20:42:30] FYI I'll be out tomorrow, see you on Thu. ;) [20:48:22] enjoy!