[02:30:48] <jinxer-wm>	 (PuppetDisabled) firing: Puppet disabled on ganeti2033:9100 - https://wikitech.wikimedia.org/wiki/Puppet/Runbooks#Puppet_Disabled - https://grafana.wikimedia.org/d/yOxVDGvWk/puppet?var-cluster=ganeti&viewPanel=14 - https://alerts.wikimedia.org/?q=alertname%3DPuppetDisabled
[06:30:48] <jinxer-wm>	 (PuppetDisabled) firing: Puppet disabled on ganeti2033:9100 - https://wikitech.wikimedia.org/wiki/Puppet/Runbooks#Puppet_Disabled - https://grafana.wikimedia.org/d/yOxVDGvWk/puppet?var-cluster=ganeti&viewPanel=14 - https://alerts.wikimedia.org/?q=alertname%3DPuppetDisabled
[06:42:09] <wikibugs>	 10SRE-tools, 06collaboration-services, 06Infrastructure-Foundations, 10Puppet-Core, and 5 others: Migrate roles to puppet7 - https://phabricator.wikimedia.org/T349619#9734108 (10MoritzMuehlenhoff)
[09:05:49] <jinxer-wm>	 (PuppetDisabled) resolved: Puppet disabled on ganeti2033:9100 - https://wikitech.wikimedia.org/wiki/Puppet/Runbooks#Puppet_Disabled - https://grafana.wikimedia.org/d/yOxVDGvWk/puppet?var-cluster=ganeti&viewPanel=14 - https://alerts.wikimedia.org/?q=alertname%3DPuppetDisabled
[10:37:01] <wikibugs>	 10SRE-tools, 06collaboration-services, 06Infrastructure-Foundations, 10Puppet-Core, and 5 others: Migrate roles to puppet7 - https://phabricator.wikimedia.org/T349619#9734938 (10MoritzMuehlenhoff)
[10:49:27] <eoghan>	 Hi folks, I have a host (lists that currently has a private IP address that needs to have a public one. What's the right process for getting this done? I can't find any suggestions on wikitech
[10:55:38] <taavi>	 eoghan: essentially it's https://wikitech.wikimedia.org/wiki/Server_Lifecycle#Rename_while_reimaging without the relabel step
[10:57:02] <volans>	 which lists? 2 are physical, one is a vm
[10:57:05] <XioNoX>	 eoghan: why does it need a public IP?
[10:57:37] <volans>	 but the VM has already a public IP so I guess the physical ones
[10:59:27] <moritzm>	 it needs a public IP since it receives and sends email
[10:59:36] <moritzm>	 the current lists server is a VM
[10:59:55] <volans>	 but there is a public VIP already
[10:59:58] <moritzm>	 but to increase capacity the new servers will be installed on baremetal hosts
[11:00:03] <moritzm>	 not for lists1004
[11:00:52] <moritzm>	 I guess decom of lists1004 and then reinstalling with the public FQDN is the best solution?
[11:01:24] <volans>	 how would the failover between 1004 and 2001 work?
[11:01:56] <volans>	 if we depend on the host IP
[11:02:03] <moritzm>	 there is not yet any failover, the current hosts is an SPOF. and the future method for that needs be sorted out eventually
[11:02:26] <moritzm>	 it's also not yet clear to which extend the web part of mailman will be split from the mail part
[11:02:55] <moritzm>	 the immediate next step is to move the current single system setup from 1001/VM/buster to 1004/hw/bookworm
[11:03:01] <XioNoX>	 can't they be on a private IP and share the VIP for inbound and outbound mail? (active/passive)
[11:03:02] <moritzm>	 all subsequent steps to be planned
[11:03:47] <XioNoX>	 I'm always a bit on the fence with allocating public IPs, so I prefer to ask questions before it's too late
[11:04:42] <moritzm>	 this is moving an existing, long unowned setup from an OS going EOL in two months to the same setup, but with an actual owner and a current OS
[11:04:54] <moritzm>	 all those questions can be asked when that step is completed
[11:05:27] <XioNoX>	 ah ok, I thought the host was already running on private IP
[11:05:58] <eoghan>	 XioNoX: I'd love to get to that stage, but I think for the moment we'd be better off going with the simpler/faster approach of copying the existing VM (and assigning a public IP) so we can upgrade off buster, then rearchitect this later. There's a lot of improvements to the service we can do, but for the moment the OS upgrade is more pressing
[11:06:09] <eoghan>	 taavi: Thanks!
[11:06:24] <moritzm>	 no, no. the current setup is already on public IP for > 10 years :-)
[11:06:46] <moritzm>	 the fact that 1004 got installe with a private IP was simply a racking snafu
[11:07:39] <XioNoX>	 alright, fair enough :)
[11:08:19] <XioNoX>	 eoghan: don't hesitate to ping me during the rearchitecturing part
[11:08:30] <eoghan>	 Of course, thanks!
[14:36:30] <moritzm>	 FYI, I'm rebooting netmon1003 in a bit
[14:37:06] <volans>	 k
[19:59:54] <wikibugs>	 10SRE-tools: Spicerack cookbooks TODO list - https://phabricator.wikimedia.org/T203943#9737477 (10BCornwall)
[20:02:06] <wikibugs>	 10SRE-tools: Create a spicerack cookbook for restoring an etcd cluster from backups - https://phabricator.wikimedia.org/T203944#9737486 (10BCornwall)
[20:02:33] <wikibugs>	 10SRE-tools: Covert deploy_apache_change.sh to a spicerack cookbook - https://phabricator.wikimedia.org/T203948#9737481 (10BCornwall) 05Open→03Declined Declining due to inactivity. Do please re-open if/when the need arises to change from Puppet to a cookbook.