[02:30:48] (PuppetDisabled) firing: Puppet disabled on ganeti2033:9100 - https://wikitech.wikimedia.org/wiki/Puppet/Runbooks#Puppet_Disabled - https://grafana.wikimedia.org/d/yOxVDGvWk/puppet?var-cluster=ganeti&viewPanel=14 - https://alerts.wikimedia.org/?q=alertname%3DPuppetDisabled [06:30:48] (PuppetDisabled) firing: Puppet disabled on ganeti2033:9100 - https://wikitech.wikimedia.org/wiki/Puppet/Runbooks#Puppet_Disabled - https://grafana.wikimedia.org/d/yOxVDGvWk/puppet?var-cluster=ganeti&viewPanel=14 - https://alerts.wikimedia.org/?q=alertname%3DPuppetDisabled [06:42:09] 10SRE-tools, 06collaboration-services, 06Infrastructure-Foundations, 10Puppet-Core, and 5 others: Migrate roles to puppet7 - https://phabricator.wikimedia.org/T349619#9734108 (10MoritzMuehlenhoff) [09:05:49] (PuppetDisabled) resolved: Puppet disabled on ganeti2033:9100 - https://wikitech.wikimedia.org/wiki/Puppet/Runbooks#Puppet_Disabled - https://grafana.wikimedia.org/d/yOxVDGvWk/puppet?var-cluster=ganeti&viewPanel=14 - https://alerts.wikimedia.org/?q=alertname%3DPuppetDisabled [10:37:01] 10SRE-tools, 06collaboration-services, 06Infrastructure-Foundations, 10Puppet-Core, and 5 others: Migrate roles to puppet7 - https://phabricator.wikimedia.org/T349619#9734938 (10MoritzMuehlenhoff) [10:49:27] Hi folks, I have a host (lists that currently has a private IP address that needs to have a public one. What's the right process for getting this done? I can't find any suggestions on wikitech [10:55:38] eoghan: essentially it's https://wikitech.wikimedia.org/wiki/Server_Lifecycle#Rename_while_reimaging without the relabel step [10:57:02] which lists? 2 are physical, one is a vm [10:57:05] eoghan: why does it need a public IP? [10:57:37] but the VM has already a public IP so I guess the physical ones [10:59:27] it needs a public IP since it receives and sends email [10:59:36] the current lists server is a VM [10:59:55] but there is a public VIP already [10:59:58] but to increase capacity the new servers will be installed on baremetal hosts [11:00:03] not for lists1004 [11:00:52] I guess decom of lists1004 and then reinstalling with the public FQDN is the best solution? [11:01:24] how would the failover between 1004 and 2001 work? [11:01:56] if we depend on the host IP [11:02:03] there is not yet any failover, the current hosts is an SPOF. and the future method for that needs be sorted out eventually [11:02:26] it's also not yet clear to which extend the web part of mailman will be split from the mail part [11:02:55] the immediate next step is to move the current single system setup from 1001/VM/buster to 1004/hw/bookworm [11:03:01] can't they be on a private IP and share the VIP for inbound and outbound mail? (active/passive) [11:03:02] all subsequent steps to be planned [11:03:47] I'm always a bit on the fence with allocating public IPs, so I prefer to ask questions before it's too late [11:04:42] this is moving an existing, long unowned setup from an OS going EOL in two months to the same setup, but with an actual owner and a current OS [11:04:54] all those questions can be asked when that step is completed [11:05:27] ah ok, I thought the host was already running on private IP [11:05:58] XioNoX: I'd love to get to that stage, but I think for the moment we'd be better off going with the simpler/faster approach of copying the existing VM (and assigning a public IP) so we can upgrade off buster, then rearchitect this later. There's a lot of improvements to the service we can do, but for the moment the OS upgrade is more pressing [11:06:09] taavi: Thanks! [11:06:24] no, no. the current setup is already on public IP for > 10 years :-) [11:06:46] the fact that 1004 got installe with a private IP was simply a racking snafu [11:07:39] alright, fair enough :) [11:08:19] eoghan: don't hesitate to ping me during the rearchitecturing part [11:08:30] Of course, thanks! [14:36:30] FYI, I'm rebooting netmon1003 in a bit [14:37:06] k [19:59:54] 10SRE-tools: Spicerack cookbooks TODO list - https://phabricator.wikimedia.org/T203943#9737477 (10BCornwall) [20:02:06] 10SRE-tools: Create a spicerack cookbook for restoring an etcd cluster from backups - https://phabricator.wikimedia.org/T203944#9737486 (10BCornwall) [20:02:33] 10SRE-tools: Covert deploy_apache_change.sh to a spicerack cookbook - https://phabricator.wikimedia.org/T203948#9737481 (10BCornwall) 05Open→03Declined Declining due to inactivity. Do please re-open if/when the need arises to change from Puppet to a cookbook.