[07:35:31] <elukey>	 good morning folks :)
[07:36:20] <elukey>	 I am going to upgrade the ml-staging k8s cluster with the new cookbook, hopefully you will not see too much noise (alerts, irc spam, etc..) but something may fire. In case (please-ping|blame) me :)
[07:38:05] <XioNoX>	 good luck!
[07:42:05] <elukey>	 XioNoX: <3
[09:01:56] <XioNoX>	 is anyone here running Windows?
[09:04:05] <volans>	 no but I have a windows close by if needed
[09:09:55] <XioNoX>	 volans: it's for https://phabricator.wikimedia.org/T329264#8603805
[09:10:04] <XioNoX>	 dunno how correct the openssl instructions are
[09:10:31] <volans>	 I'll reply to you in private
[09:53:39] <klausman>	 XioNoX: I have another WIndows 10 installation for testing if needed.
[09:54:17] <XioNoX>	 klausman: thanks, I think Riccardo is almost out of that rabbit hole
[09:54:32] <klausman>	 Roger!
[10:00:05] <volans>	 yep, I ended up installing openssl in a different way
[10:04:22] <klausman>	 Isn't there a curl build for W10?
[10:16:45] <volans>	 curl is built-in,  s_client no
[10:16:53] <volans>	 builtin as in is available
[10:18:02] <claime>	 elukey: I'll be interested in your experience with the cookbook and things to do before/after
[10:18:19] <claime>	 we may have to upgrade aux-k8s relatively quickly
[10:18:30] <elukey>	 claime: sure! The cookbook is broken atm but when it works I'll let you know :D
[10:18:48] <elukey>	 yes the idea is that aux/dse/ml-* should benefit from the cookbook
[10:19:18] <elukey>	 in theory also wikikube prod ones, but since we can do only one reimage at the time we'll need to figure out a different way to run it 
[10:19:41] <elukey>	 (like we restrict the target worker nodes to reimage to say 2, and do the rest manually in paralle)
[10:19:44] <elukey>	 *parallel
[10:20:01] <elukey>	 the pre-requisite is only to have prepped a puppet change
[10:22:02] <claime>	 A'ight :D
[14:13:48] <cdanis>	 elukey: can I help with the cookbook :D
[14:17:10] <elukey>	 cdanis: o/ I have a very skilled python dev that is helping me right now, we should be close to a fix :D
[14:23:48] <klausman>	 The dev is your cat, isn't it?
[14:24:19] <elukey>	 nono the cat prefers Go :D
[14:25:04] <elukey>	 cdanis: I added the configs to do all k8s clusters so in theory we shouldn't add anything when it works
[14:25:10] <klausman>	 Good cat!
[14:42:12] <elukey>	 slyngs: o/ I left a comment in https://phabricator.wikimedia.org/T306661#8605007, the ganeti reimage cookbook seems broken
[14:42:36] <elukey>	 do you know what could be the issue? (Should I modify the dhcp config in puppet?)
[14:42:45] <slyngs>	 Yeah, you need to remove the host from /etc/dhcp/linux-host-entries.ttyS0-115200
[14:43:08] <slyngs>	 Once fully tested we'll remove the include altogether
[14:43:34] <slyngs>	 Like we've done here: https://gerrit.wikimedia.org/r/c/operations/puppet/+/727387
[14:44:51] <elukey>	 slyngs: shall I proceed with https://gerrit.wikimedia.org/r/c/operations/puppet/+/888225 to test the cookbook then?
[14:45:33] <slyngs>	 Yes, that should work
[14:46:30] <elukey>	 ack, and I need to run puppet on the install servers right?
[14:46:42] <elukey>	 (I mean only on those, or also elsewhere?)
[14:50:16] <slyngs>	 Install server should be fine, unless I misunderstood how it works :-)
[14:50:22] <slyngs>	 I'm not helping, I know
[14:50:45] <elukey>	 nono it is fine, just did it :)
[14:53:46] <elukey>	 ok it seems that now it works :)
[14:54:15] <elukey>	 ml-staging-etcd2001 got removed from puppet etc.. so it didn't show up in my cookbook's list, I'll reimage it manually
[14:54:52] <slyngs>	 Wonderful, sorry, should have made the DHCP thing clear. In the long run the include will just go away, but volans says that I need to test EVERYTHING before I'm allowed to do so :-) 
[14:54:56] <slyngs>	 Or something like that
[14:55:36] <elukey>	 always listen to volans since he is a wise person :) No problem though! It is good so we can now test both cookbooks :)
[14:58:50] <volans>	 slyngs: I said that before removing the hardcoded data we should make sure that the cookbooks works, and then once removing the DHCP hardcoded data it becomes the official (and only) way to perform Ganeti VM reimages. And should be documented and communicated.
[14:59:27] <volans>	 Because the cookbook got merged, people will inevitably find it and use it... ideally the testing should happen within a reasonably short timeframe from when its merged.
[14:59:55] <slyngs>	 They already found it, so you are very correct :-)
[15:10:16] <XioNoX>	 arturo: hello! I was looking at ipt-netflow and was wondering if there was an equivalent for nftables as they're not planning on porting it over https://github.com/aabc/ipt-netflow/issues/45
[15:14:34] <cdanis>	 XioNoX: has anyone implemented ebpf-netflow :D
[15:15:00] <XioNoX>	 cdanis: or go directly with smartnics? :)
[15:15:45] <cdanis>	 🤔
[15:16:59] <elukey>	 slyngs: if you have a min, the reimage cookbook seems stuck in checking the uptime for ml-staging-etcd2002 (checked the ganeti console and it is blank)
[15:17:00] <XioNoX>	 cdanis: I was not expected Walmart https://medium.com/walmartglobaltech/introducing-walmarts-l3af-project-how-do-we-use-ebpf-to-provide-network-visibility-in-a-8b9ae4d26200
[15:17:08] <XioNoX>	 expecting*
[15:17:13] <hare>	 apergos: are you still the best person to contact regarding dumps?
[15:17:16] <slyngs>	 elukey: Sure
[15:17:25] <cdanis>	 XioNoX: hah! me neither
[15:21:27] <topranks>	 yeah unexpected wallmart go figure.  looks pretty cool all in all 
[15:22:27] <apergos>	 hare:  yes, me and Hannah both
[15:22:48] <hare>	 apergos: I emailed ops-dumps a couple weeks ago about hosting a mirror of RDF data; did you receive that?
[15:22:49] <apergos>	 if it's something emailable, there's the ops-dumps@wikimedia alias
[15:23:01] <apergos>	 hrm
[15:23:22] <apergos>	 got the subject line handy? I thought we'd gotten all replies in, let's see
[15:24:15] <hare>	 "XML dumps mirror (actually RDF)"
[15:25:50] <apergos>	 nop0e nothing in jan or feb with a subject line even close to that
[15:26:20] <hare>	 To: Ops-Dumps <ops-dumps@wikimedia.org>
[15:26:25] <apergos>	 lemme check spam but it would be odd if both Hannah and I got it in jumnk mail
[15:26:27] <hare>	 Is that the right address?
[15:27:58] <apergos>	 in my spam folder
[15:28:11] <apergos>	 that's bad indeed
[15:28:29] <arturo>	 XioNoX: RE: netflow, I'll ask some friends and let you know
[15:28:50] <XioNoX>	 thx!
[15:29:42] <apergos>	 pulled it out, will respond Monday with Hannah and I looking at it together. (Also reported it as not spam, grrr)
[15:30:01] <apergos>	 thanks for pinging me, I never would have known
[15:32:25] <apergos>	 hare:  ^^
[15:59:10] <elukey>	 folks the ml-staging k8s cluster is currently half broken, the upgrade cookbook didn't work (still having some issues with the ganeti vm reimage and etcd is gone now)
[15:59:28] <elukey>	 I tried to downtime all, if you see any weird alert please ack or ignore them :)
[16:00:30] <volans>	 :(