[10:17:27] we probably could do a grep for "password" and "secret" and add show_diff => false to them (unrelated to this case, just for better security) [10:17:40] like all grant files should get it [10:22:36] there is also the Sensitive data type, but IIRC we need to complete the migration to puppet 6 first to be able to use it [13:18:25] hnowlan (cc btullis ) was thinking about merging this whitespace change today: https://gerrit.wikimedia.org/r/c/operations/puppet/+/1023440/1 would you like us to hold up until you have time to look? It seems to affect swift proxies and maps hosts [13:27:05] inflatador: lgtm for the maps hosts although I can't speak for the swift proxies [13:43:23] I don't think we're using nginx in production swift any more (we moved to envoy), but beta probably still does [13:49:45] hello on-callers! Me and urandom are upgrading the Java Truststores for Restbase Cassandra to a new version as prep step for PKI certs. This will involve a roll restart of cassandras [13:50:52] very nice! [13:50:54] Emperor ACK thanks. taavi I cc'd you on the change re: beta . If there's any other stakeholders we need to be aware of LMK. Will give a heads-up in operations before we rollout/merge [13:52:41] moritzm: AQS is already on PKI, then restbase and finally session store (hopefully done by end of next month) [13:52:54] so we can get rid of the cassandra-specific CAs in puppet privat etc.. [13:52:57] *private [13:55:51] exciting times! [15:15:06] volans: test-cookbook is awesome, TIL [15:16:02] <3 [15:16:05] thx [15:16:18] ah lol while I used test-cookbook you already reviewed my changes [15:16:25] he never sleeps [15:16:26] <3 [15:17:10] it's daytime right now, you know :D [15:22:39] which falsifies nothing about what i said [15:23:07] lol, doesn't prove it either :D [15:31:07] +1 for test-cookbook being awesome [15:31:37] basic puppet Q: if I have a class with an optional parameter with a default value (Optional[String] $thingy = "foo",) and a profile that also has an optional parameter it looks up (Optional[String] $thingy = lookup ("something"),), calls the class { class '': thingy -> $thingy, }; then if that lookup doesn't find anything so the class is called with thingy undefined, does that do what I'd expect (and have the effect of the class having [15:31:37] the default value "foo" here), or do you end up with $thingy in the class being set to undef instead? [15:35:19] Emperor: the class parameter would end up as `undef` [15:37:41] taavi: so is the usual idiom to have an if defined ( class with parameter passed ) else ( class without passing parameter ) ? [15:38:04] that feels inelegant [15:41:01] there are a few options here, neither of which feels particularly elegant :/ [15:41:02] presumably I could not declare the parameter as optional and have the class do the default thing if its undef, but that also feels wrong [15:41:11] You can do lookup("something", { default_value => "foo"}) [15:41:22] Which isn't a lot more elegant but avoids the if [15:41:34] claime: yeah, that means the default ends up declared in two places [15:41:43] yep [15:42:14] you could filter out undef values from your params, before passing them to your class [15:42:39] jhathaway: how so? [15:43:03] (I mean, that seems like a more natural solution, but I don't know how to do it) [15:43:45] or put a default in hiera (just another option, not nicer) [15:46:16] Emperor: you would need your parems as a hash, then use the * operator to define the class, https://www.puppet.com/docs/puppet/7/lang_resources#lang_resource_syntax-setting-attributes-from-hash [15:47:48] one way to do that is with wmflib::resource::dump_params, or build up the hash yourself [15:59:29] jhathaway: feel free to merge my apt repo change [15:59:57] ah now the lock is gone, I'll merge myself :) [16:00:06] jelto: cool