[08:40:52] <marostegui>	 I have a host which as soon as it finishes the debian installer, it reboots and goes again into the debian installer....have anyone seen this before?
[08:55:15] <moritzm>	 haven't seen that so far, no. is that a new model or a machine type we already use?
[08:56:36] <marostegui>	 No, it is a normal host, I've reimaged plenty of them
[08:56:38] <marostegui>	 It is a dbproxy
[09:00:01] <moritzm>	 It sounds like some issue/failure in setting (or resetting) the boot order via IPMI? the reimage cookbook configures a one time selection of PXE and it sounds like in this case the the "only select PXE once" aspect fails
[09:00:27] <moritzm>	 it's probably best if Riccardo has a look when he's around
[09:06:34] <marostegui>	 moritzm: Yeah, I will wait. It is interesting cause when I hit abort after after Unable to verify that the host rebooted into the new OS, it might still be in the Debian installer, please verify manually with: sudo install-console dbproxy1022.eqiad.wmnet, then the installer finishes and the host reboots into the OS 
[09:07:08] <marostegui>	 I could probably complete the steps manually after I get to the OS via install_console, but I'd rather get this figured out first
[09:09:56] <marostegui>	 I am going to manually remove the pxe override and see what happens once this debian installer run finishes
[09:12:00] <XioNoX>	 marostegui: you can try this manually when D-I is running to narrow down the issue: https://wikitech.wikimedia.org/wiki/SRE/Dc-operations/Platform-specific_documentation/Dell_Documentation#Changing_BIOS_Boot_Order
[09:12:10] <XioNoX>	 so when it reboots it goes to the disk
[09:13:52] <marostegui>	 Yeah I just did it via IPMI tool
[09:14:04] <marostegui>	 thanks XioNoX 
[09:21:45] <moritzm>	 I just logged in via the install console and can confirm it's currentls still in d-i, installing base packages ATM
[09:22:57] <marostegui>	 yeah
[09:23:06] <marostegui>	 And it looks like forcing an override doesn't work
[09:23:18] <marostegui>	 I still get Boot parameter data: 8000020000
[09:23:40] <marostegui>	 After executing the "boodev none" which, returns correctly
[09:23:44] <marostegui>	 Password:
[09:23:45] <marostegui>	 Set Boot Device to none
[09:23:45] <marostegui>	 XD
[09:24:44] <godog>	 cdanis: re: pontoon bootstrap, it'll need some work to run on bookworm/puppetserver, I've filed https://phabricator.wikimedia.org/T352640
[09:26:28] <Emperor>	 Who owns reviewer-bot? It just added _ joe_ and j.bond as reviewers to https://gerrit.wikimedia.org/r/c/operations/puppet/+/979893 and probably should no longer be adding john :-/
[09:26:34] * volans reading backlog marostegui 
[09:27:50] <volans>	 Emperor: that's based on https://www.mediawiki.org/wiki/Git/Reviewers#operations/puppet
[09:28:03] <volans>	 it's opt-in and people manages their own
[09:29:11] <marostegui>	 volans: I think we've identified that the PXE settings are the ones creating issues
[09:29:34] <Emperor>	 volans: OK, well if he still wants spamming with my rubbish puppet changes, he's welcome to keep getting the emails :)
[09:30:44] <volans>	 marostegui: the cookbook does check that the bios params are back to normal should log if not IIRC
[09:30:47] <volans>	 checking
[09:31:19] <marostegui>	 volans: it does
[09:31:22] <marostegui>	 volans: but they aren't
[09:31:27] <marostegui>	 from what I can see with a get 5 manually
[09:31:30] <volans>	 mmmh
[09:31:30] <volans>	 2023-12-04 08:55:17,950 marostegui 444718 [INFO] Checked BIOS boot parameters are back to normal
[09:31:36] <marostegui>	 yeah but they aren't
[09:31:42] <volans>	 what's the value?
[09:31:47] <marostegui>	 Boot parameter data: 8000020000
[09:32:02] <marostegui>	 According to wikitech: In case of overrides the Boot parameter data bitmask will be different from 0000000000 and the line below will show the overridden values.
[09:32:18] <volans>	 that's not entirely accurte
[09:33:13] <volans>	 marostegui: see https://gerrit.wikimedia.org/r/plugins/gitiles/operations/software/spicerack/+/refs/heads/master/spicerack/ipmi.py#18
[09:33:22] <volans>	 those are unrelated bits
[09:33:41] <marostegui>	 Then the question is back to...why is pxebooting all the time?
[09:33:45] <marostegui>	 if it shouldn't?
[09:34:10] <volans>	 that's because the hardware is not "getting" what IPMI is setting apaprently, it happened to me  few times with particularly old hardware
[09:34:30] <marostegui>	 volans: Should I try an ipmi restart?
[09:34:37] <volans>	 ths is a new host, wierd
[09:34:49] <volans>	 I'd try to reset the ipmi yeah
[09:34:53] <volans>	 and see if that helps
[09:34:58] <marostegui>	 ok, let me do that
[09:39:32] <marostegui>	 Boot parameter data: 0000000000
[09:39:55] <volans>	 at least something changed :D
[09:40:00] <volans>	 let's see
[09:40:12] <marostegui>	 yeah, still finishing the installer
[09:40:16] <marostegui>	 let's see on reboot
[09:40:33] <volans>	 is the reimage cookbook still ongoing or did it timeout?
[09:40:50] <marostegui>	 it timed out, but I will hit "go" once it is on the OS login
[09:41:29] <volans>	 +1
[09:41:31] <volans>	 thx
[09:45:30] <marostegui>	 nope
[09:45:34] <marostegui>	 It went again into the installer
[09:45:37] <marostegui>	 and Boot parameter data: 8000020000
[09:45:39] <marostegui>	 wtf?
[09:46:41] <volans>	 let me see to check things from another angle
[09:47:00] <volans>	 so I bet that the host has the fixed value to boot into pxe
[09:47:10] <volans>	 the one we set via ipmi is just the override one
[09:47:23] <volans>	 marostegui: can I try one thing?
[09:47:41] <marostegui>	 volans: you can try anything you want
[09:47:58] * volans trying the provision cookbook to see if it would want to change any value
[09:48:04] <volans>	 and then checking via redfish the other params
[09:48:40] <volans>	 marostegui: dbproxy1022 right?
[09:48:45] <volans>	 (double checking)
[09:48:53] <marostegui>	 yep
[09:50:16] <volans>	 Updated value for attribute BIOS.Setup.1-1 -> SetBootOrderEn: NIC.Embedded.1-1-1,HardDisk.List.1-1 => HardDisk.List.1-1,NIC.Embedded.1-1-1
[09:50:27] <volans>	 Updated value for attribute BIOS.Setup.1-1 -> BiosBootSeq (marked Set On Import to True): NIC.Embedded.1-1-1, HardDisk.List.1-1 => HardDisk.List.1-1, NIC.Embedded.1-1-1
[09:51:02] <volans>	 the host was not properly setup AFAICT or it was changed afterwords or a firmware upgrade changed some setting...
[09:51:10] <volans>	 I'll let you know once it's done
[09:51:19] <marostegui>	 I have the installer opened too
[09:51:32] <marostegui>	 volans: I wonder if some other dbproxy will have the same issue (so far it is the only one)
[09:51:36] <volans>	 the host might or might not get rebooted (depends on the idrac)
[09:51:40] <marostegui>	 The only one I have seenthough
[09:52:51] <volans>	 we could check the logs for their runs when provisioned the first time or re-check them if you want, it would not take too long to do
[09:53:02] <marostegui>	 volans: nah, it is okay
[09:57:16] <marostegui>	 volans: no pxe this time \o/
[09:57:44] <marostegui>	 volans: would it be worth it to add how you fixed this to the wikitech doc?
[09:57:44] <volans>	 the cookbook is still finishing, not sure if idrac has rebooted the host mid-reimage though
[09:58:18] <marostegui>	 volans: i don't think so, I had it opened
[09:58:19] <volans>	 sorry I meant mid-d-i
[09:58:29] <volans>	 ok cookbook finished
[09:58:37] <volans>	 I just run
[09:58:37] <volans>	 sudo cookbook sre.hosts.provision --no-dhcp --no-users --no-switch dbproxy1022
[09:58:43] <marostegui>	 I just hit "go"
[09:58:53] <marostegui>	 volans: Ah ok! Thanks
[09:58:56] <volans>	 and that can be run anytime, as long as you are ok with the host being rebooted
[09:59:14] * marostegui adds it to his notes
[09:59:17] <marostegui>	 thanks volans 
[09:59:21] <volans>	 the only bit that is used-dependent (if you add it to the docs) is the --enable-virtualization flag
[09:59:37] <volans>	 that we enable only where needed
[10:00:36] <marostegui>	 yeah, I am going to add it to the docs
[10:00:40] <marostegui>	 Just in case
[10:00:49] <volans>	 ack, thx
[10:00:54] <marostegui>	 thank you for the help
[10:02:50] <volans>	 anytime :)
[14:30:13] <cdanis>	 godog: ah thanks, was wondering if it was related to that, but the error message was very unhelpful :)
[14:33:06] <godog>	 yeah quite obscure alright, nothing I've seen before and after some poking I guessed it must be that, I still have a pontoon puppet buster around and things work just fine there
[16:10:32] <roy649>	 Is this something worth worrying about: 
[16:10:33] <roy649>	 [04449ea4-3e03-4d65-a853-81b4e8b4beae] Caught exception of type Wikimedia\Rdbms\DBQueryError
[16:10:51] <roy649>	 happened when I tried to save an edit on enwiki
[16:11:30] <AntiComposite>	 roy649, https://phabricator.wikimedia.org/T352628
[16:12:22] <roy649>	 thanks
[19:11:25] <inflatador>	 I'm setting up some WDQS benchmarks for https://phabricator.wikimedia.org/T336443 . Was looking at https://wikitech.wikimedia.org/wiki/Kafka/Kafka-main-raid-performance-testing-2019 for I/O testing, is this still best practice or are there other suggestions?
[21:50:46] <urandom>	 anyone seen this? "Error: The CRL issued by 'CN=Wikimedia_Internal_Root_CA,OU=Cloud Services,O=Wikimedia Foundation\, Inc,L=San Francisco,ST=California,C=US' has expired, verify time is synchronized" (when running puppet agent?)
[21:51:17] <urandom>	 (and the time is correct)
[21:53:01] <inflatador>	 urandom I wanna say that error really means a cert/key mismatch
[21:53:48] <urandom>	 oh.  well that would be an unfortunately worded error message then.
[21:55:36] <urandom>	 ooooh, would this be the result of an unplanned transition to Puppet 7?
[21:55:51] <inflatador>	 yeah, that could be it too
[21:56:00] <urandom>	 I mean, this host is being stood up new and seems to have defaulted to 7
[21:56:13] <urandom>	 but it started when I applied the role.
[21:56:18] <urandom>	 is a downgrade possible?
[21:57:10] <inflatador>	 that I dunno...let me remember what happened, because I def saw that before
[22:01:43] <inflatador>	 OK, here's how I got that error message, it was after reimaging some hosts a couple weeks back. It does seem puppet 7 related https://phabricator.wikimedia.org/T351354#9340944
[22:02:09] <inflatador>	 I didn't put the exact error but I'm 99% sure it's the same one you're seeing
[22:05:13] <inflatador>	 if you do decide to stick with puppet 7, you have to use the --new flag with the cookbook and add some hieradata a la https://gerrit.wikimedia.org/r/c/operations/puppet/+/975824/1/hieradata/hosts/cloudelastic1010.yaml
[22:05:27] <inflatador>	 FWiW Puppet 7 seems to work fine for us
[22:06:43] <urandom>	 would a reimage be necessary?  it was imaged with 7 I think
[22:07:28] <urandom>	 it was puppet 7 and puppet runs were clean before I moved out of insetup
[22:11:03] <urandom>	 yeah, moritz.m canary-ed one other host in this cluster (without reimaging), and it's a hieradata change like the above
[22:15:53] <urandom>	 inflatador: could you sanity-check https://gerrit.wikimedia.org/r/c/operations/puppet/+/980049?
[23:06:13] <mutante>	 urandom: the change looks like what we did for other hosts, +1ed
[23:06:34] <mutante>	 urandom: regadless, you can also find "fix forward" and "roll back" instructions on https://phabricator.wikimedia.org/T349619
[23:06:47] <mutante>	 if you wanted to go another route
[23:07:11] <mutante>	 if the host is new and was already 7 it is likely because your "insetup" role is already converted to puppet7 on a role level
[23:08:50] <mutante>	 ultimately you would want to convert your entire prod role and remove the hiera stuff at host level. same Hiera keys but in hieradata/role/common/ instead of hierdata/hosts/
[23:09:53] <mutante>	 the cookbooks for this are 'sre.puppet.migrate-host' and 'sre.puppet.migrate-role'. so you use those and don't have to do a full reimage
[23:42:21] <inflatador>	 urandom ACK, just +1'd
[23:50:57] <urandom>	 mutante: perfect; thanks!