[08:04:19] <XioNoX>	 fyi there has been some sabotage overnight on long distance optical fibers in France, and our drmrs<->eqiad link is down since about that time
[08:05:01] <fabfur>	 XioNoX: ah, no good
[08:05:19] <fabfur>	 should we do something about to mitigate eventual issues? 
[08:05:34] <XioNoX>	 backup link took over as expected, so nothing to do
[08:06:01] <XioNoX>	 just be vigilant if we see signs of issues over there
[08:12:25] <fabfur>	 tnx
[08:17:14] <XioNoX>	 The latency from home to bast6003 is ~175ms so my packets are taking the scenic route
[08:17:49] <XioNoX>	 and having ~5% packet loss
[08:20:07] <XioNoX>	 so it might be useful to edit the geo-maps to redirect FR users to ams instead, dunno what people thing
[08:21:19] <XioNoX>	 basically most paths between the north and south of france are cut
[08:22:34] <volans>	 so we should send north of france to esams and south to drmrs ideally?
[08:22:46] <volans>	 I know we can't right now :)
[08:22:51] <XioNoX>	 yeah exactly
[08:23:04] <XioNoX>	 there are more people above the cuts than below :)
[08:23:35] <XioNoX>	 and we can depool otherwise we will send north africa through the cuts
[08:23:37] <brouberol>	 Naive q: can we route with that geographic granularity?
[08:23:47] <fabfur>	 what about some simple 
[08:23:55] <fabfur>	 https://www.irccloud.com/pastebin/9epUPrRq/
[08:24:01] <fabfur>	 too naive? 
[08:24:11] <XioNoX>	 fabfur: yeah that's what I had in mind
[08:24:33] <XioNoX>	 we can see an increase of NEL reports for france
[08:24:40] <XioNoX>	 but under the alerting threshold
[08:26:52] <klausman>	 A question about alerting: if I add role memebership etc etc for a host (eg. https://gerrit.wikimedia.org/r/c/operations/puppet/+/1057205) without the hw being in-place and installed, will that lead to alerts? If so, is there a way to put in a long-term (as in days, maybe two weeks) silence for such a host?
[08:27:41] <XioNoX>	 brouberol: depends on the maxmind geoIP DB. For the US we can split by states for example, same with Brazil or Russia, but dunno if they have this granularity for France
[08:27:56] <volans>	 klausman: site.pp is safe, if it doens't match any host nothing happen, the rest depends on how they are used by who
[08:28:00] <brouberol>	 XioNoX: understood, thanks
[08:28:27] <klausman>	 volans: ack, thanks
[08:29:58] <XioNoX>	 fabfur: can you send a CR?
[08:30:00] <volans>	 as for downtime, icinga doesn't allow to downtime something it doesn't know exists. Alertmanager silences are regexes so unrelated to the host and could be put. But again, depending on how the data is used it might alert something else unrelated to the host (like pybal because host in etcd but not reachable, etc...)
[08:30:21] <fabfur>	 XioNoX: sure, I was preparing it, is there some phab ticket already opened for this? 
[08:30:32] <XioNoX>	 fabfur: nop
[08:31:32] <fabfur>	 ack, I'll create one and maybe you could add some details if you want
[08:32:00] <fabfur>	 should be a private one? 
[08:33:18] <XioNoX>	 nothing secret
[08:33:32] <XioNoX>	 fabfur: I can take care of it, one sec
[08:33:49] <fabfur>	 https://phabricator.wikimedia.org/T371216
[08:34:00] <fabfur>	 really quick and dirty, add/edit as you wish
[08:34:08] <fabfur>	 I'll prepare the very simple CR
[08:35:49] <fabfur>	 https://gerrit.wikimedia.org/r/c/operations/dns/+/1057812
[08:37:06] <XioNoX>	 fabfur: I updated the task description
[08:37:12] <fabfur>	 tnx
[08:38:42] <XioNoX>	 fabfur: +1
[08:39:15] <fabfur>	 anyone has some objection to merge this and run authdns-update now? 
[08:41:47] <fabfur>	 gone in 3 ... 2 ... 1
[08:42:06] <fabfur>	 merged
[08:42:24] <fabfur>	 authdns-update run 
[08:44:01] <fabfur>	 done
[08:57:26] <volans>	 fwiw, if we deem than useful/necessary, there are 109 subdivisions in France in the maxmind db (might include larger/smaller division) and they could be used to map the traffic if deemed useful/necessary
[08:57:48] <volans>	 related gdnsd docs (assuming up to date ;) ) is https://github.com/gdnsd/gdnsd/wiki/GdnsdPluginGeoip#geoip2-location-data-hierarchy
[09:14:12] <XioNoX>	 fabfur: thx, NEL shows a clear improvement 
[09:14:26] <fabfur>	 thx to you for noticing this!
[09:16:02] <XioNoX>	 volans: thx, I don't think it's worth the hassle, but it's good to know it's a possibility
[09:22:42] <volans>	 ack
[12:08:33] <hnowlan>	 so re recommendation-api: "fault filter abort" is actually from envoy 
[12:08:47] <hnowlan>	 not clear if the service gives a more useful 503
[12:08:51] <kamila_>	 hnowlan: you might know, do we think it's having user impact? I suspect not, correct?
[12:09:03] <hnowlan>	 I think it is but it's a handful of RPS
[12:09:16] <hnowlan>	 honestly I have no idea how much this service is used 
[12:09:27] <hnowlan>	 aiui the liftwing apis for this are the Proper way
[12:10:23] <claime>	 service logs are empty save for a startup finished message
[12:10:30] <hnowlan>	 a service that has an error rate of 20% on a good day is not something to worry *too* much about when it gets worse though 
[12:10:37] <hnowlan>	 so we should silence the alerts 
[12:10:53] <kamila_>	 +1
[12:11:10] <hnowlan>	 outside of the codebase there's just so little to know about the service when it's so terse with outputs and there are no docs 
[12:11:46] <kamila_>	 yeah
[12:11:48] <kamila_>	 silencing it
[12:12:09] <hnowlan>	 ty!
[12:12:40] <hnowlan>	 there are two app-level errors 
[12:12:42] <hnowlan>	 TypeError: Cannot read properties of undefined (reading 'pages')
[12:13:20] <hnowlan>	 but that is not really keeping with the frequency of error served
[12:13:45] <kamila_>	 silenced for 1d
[12:14:07] <kamila_>	 if we are going to be roping in SWEs, I assume an incident doc would be handy?
[12:15:00] <hnowlan>	 yeah couldn't hurt 
[12:15:12] <hnowlan>	 looped research in 
[12:15:14] <kamila_>	 ok, on it
[12:16:22] <kamila_>	 hnowlan: thanks! on slack I assume? mind adding me to the thread?
[12:17:48] <hnowlan>	 yep sure
[12:18:02] <kamila_>	 ty <3
[12:38:59] <hnowlan>	 kinda at a loss. If internal API or m2-master (which it directly connects to!!) were down we'd see much scarier things
[12:44:46] <elukey>	 the old recommendation api (yes there is a newer one on liftwing, the codebase is being revamped but it is currently ~7y old as well) should be used by the Android apps via Restbase
[12:45:01] <hnowlan>	 Seems only the android app uses recommendation-api damnit too slow :D
[12:45:25] <elukey>	 https://en.wikipedia.org/api/rest_v1/#/Recommendation
[12:45:37] <hnowlan>	 so not ideal but not too noticeable 
[12:45:55] <elukey>	 but I am pretty sure those are all abandoned or not really used features, as you were saying the failure rate is already high
[12:46:27] <elukey>	 is the service down now?
[12:48:26] <hnowlan>	 flapping but mostly yeah 
[12:48:44] <elukey>	 lovely
[12:48:53] <hnowlan>	 we're at about 70% errors :[ https://grafana.wikimedia.org/goto/SHf_gm9IR?orgId=1
[12:48:54] <elukey>	 also the service is abandoned/unowned since ages
[12:49:12] <hnowlan>	 I think all signs point to setting page: false
[12:49:22] <elukey>	 I agree yes
[12:49:33] <elukey>	 we can add a comment in service.yaml explaining why
[12:50:41] <hnowlan>	 oh, page isn't set to true. These are probedown errors
[12:53:24] <akosiaris>	 25-30% standard failure rate is absurd. 
[12:53:37] <akosiaris>	 it's all hidden behind RESTBase caching at the best I think
[12:54:08] <akosiaris>	 also, it's weird cause I see just the android app using it, but ... apparently it's used against commons and wikidata?
[12:54:37] <akosiaris>	 which... is a bit weird, but maybe I am missing something
[12:57:05] <p858snake|cloud>	 if its abandoned and unowned, is there a task to rip it out of the android app?
[12:57:25] <akosiaris>	 no
[12:57:33] <akosiaris>	 quite the contrary in fact
[12:57:37] <akosiaris>	 there's a task to get it owned
[12:58:15] <cdanis>	 brouberol: XioNoX: MaxMind actually does provide subdivision data in many countries, but their SLA for its accuracy is much much lower outside the USA, so we don't use it
[12:58:57] <hnowlan>	 it's... recovering?
[12:59:33] <cdanis>	 some day when we maybe have per-ipblock mapping in probenet, we could potentially turn up the sample rate here, and push a new and correct map for FR quickly
[13:01:40] <akosiaris>	 some someone tell me why with 30% failure rate at https://grafana.wikimedia.org/d/VTCkm29Wz/envoy-telemetry?orgId=1&var-datasource=eqiad%20prometheus%2Fops&var-origin=restbase&var-origin_instance=All&var-destination=recommendation-api&from=now-7d&to=now&viewPanel=16 the probe never fired before?
[13:03:49] <hnowlan>	 the probe is for robots.txt, maybe there's a threshold of wreckedness required for *that* to fail rather than the API requests
[13:06:36] <brouberol>	 cdanis: ack thanks
[13:07:16] <hnowlan>	 curling robots.txt works atm for example, but the pods themselves are still serving 503s every now and then *shrug* 
[13:08:49] <akosiaris>	 ~30%?
[13:09:03] <akosiaris>	 it's been like that for 6+ months from what I see?
[13:09:37] <cdanis>	 I couldn't get further back than 6 months either
[13:14:03] <hnowlan>	 yeah makes no sense 
[13:15:16] <akosiaris>	 I am this close to excluding it from the probedown alert tbh
[13:15:28] <hnowlan>	 I'd cosign that 
[13:15:31] <akosiaris>	 it's been at 30% for 6 months and noone has cared
[13:18:30] <kamila_>	 I am clearly not a neutral party in this rn, but +1 :D 
[13:19:02] <cdanis>	 kamila_: is help needed with the NEL pages btw? I'm just catching up
[13:19:34] <kamila_>	 cdanis: I have no idea what to do with them, so if you're ahead of me, then yes :D 
[13:19:52] <kamila_>	 they're just RU and flappy and I don't know of anything on our side that would be causing them, was about to ping traffic
[13:19:54] <cdanis>	 the answer in this case is probably also "silence it" but I'll look a bit
[13:20:00] <kamila_>	 mhm
[13:20:57] <eoghan>	 Yeah, I was looking too and I think silencing makes sense. It's not from any one ISP if I'm reading it correctly, all going to text-lb.esams. 
[13:21:37] <cdanis>	 eoghan: yeah, and not just that, but the distribution of ISPs in the spikes at a glance matches the distribution in the background nouse
[13:21:45] <cdanis>	 s/nouse/noise/
[13:23:09] <bblack>	 FWIW https://www.thousandeyes.com/outages/ also showing some issues in AMS area
[13:24:02] <eoghan>	 Can we silence by country? I know we can silence the NELByCountryHigh, but dunno if we want to silence the main one for too long. 
[13:38:41] <cdanis>	 eoghan: I think it should be safe to do that yes
[13:39:29] <akosiaris>	 https://gerrit.wikimedia.org/r/c/operations/puppet/+/1057874 for recommendation-api probes
[13:42:45] <kamila_>	 akosiaris: +1'd w
[13:42:50] <kamila_>	 *with inline comment
[13:42:52] <akosiaris>	 thanks
[13:44:16] <sukhe>	 cdanis: can we silence by a country?
[13:44:38] <cdanis>	 sukhe: I don't know that we've ever done it, but that was certainly the intent behind the per-country metric+alert
[13:44:52] <sukhe>	 I am failing at karma again (the alertmanager one)
[13:44:54] <cdanis>	 as eoghan said silencing the main alert is also required
[13:44:57] <cdanis>	 yeah I'm taking a look
[13:45:42] <volans>	 I don't think we've ever fine-tuned the per-country thresholds, so they might need to be double checked if we silence the main one and relate to the per-country ones
[13:47:10] <kamila_>	 there is an approximately 0% chance that it's something dumb like "ru.w.o uses recommendation-api", right? :D 
[13:47:56] <cdanis>	 kamila_: yes :)
[13:48:14] <kamila_>	 good, just checking :D
[13:49:03] <cdanis>	 I think I've silenced the main alert, but I can't be sure because the alert had already fallen out of karma's short-term memory
[13:49:20] <cdanis>	 I do think you can get alertmanager labels for a page from the annotations in the victorops web UI, maybe
[13:49:27] <cdanis>	 I'll look at that after/during my meeting
[13:49:32] <sukhe>	 thanks <3
[13:49:33] <kamila_>	 thanks cdanis <3 
[13:50:36] <kamila_>	 is anyone familiar with one of these BGP looking glass thingies? I'd be curious to see if we can see BGP flapping or something
[13:51:07] <sukhe>	 I recommend https://ioda.inetintel.cc.gatech.edu/country/RU
[13:51:13] <sukhe>	 (not just BGP)
[13:53:22] <kamila_>	 thanks sukhe, appreciated!
[13:54:36] <akosiaris>	 fabfur: puppet-merging yours as well? Added mszabo to ldap_only_users (5ae9024b44) 
[13:54:55] <fabfur>	 ah sorry. completely forgot to finalize merge
[13:55:05] <fabfur>	 merge if you can, otherwise I'll do 
[13:55:10] <akosiaris>	 {{done}}
[13:55:16] <fabfur>	 tnx!
[14:31:09] <mszabo>	 I was looking at that patch actually and had a PBKAC: I thought the "run puppet compiler" button was a link to some results and not a button, and was shocked when it gave a run notification
[14:32:06] <claime>	 mszabo: yeah, it runs PCC https://wikitech.wikimedia.org/wiki/Help:Puppet-compiler
[14:57:22] <ottomata>	 _joe_: sukhe  https://gerrit.wikimedia.org/r/c/operations/puppet/+/1052791 Rewrite /beacon/event -> EventLogging rest handler is ready for review.  On its own it won't do anything until we remove the varnish handling of /beacon/event
[14:58:05] <sukhe>	 ottomata: I won't pretend to review this bit but happy to do the varnish part and rollout :)
[14:58:47] <_joe_>	 ottomata: oh only for mediawiki.org?
[14:59:52] <ottomata>	 _joe_:  yes.  
[15:00:53] <ottomata>	 we are ONLY doing this to support MediaWikiPingback events.  These are sent by mediawiki core code hardcoded to mediawiki.org/beacon/event.  And we need to support old 3rd party installed MW versions for like...5 years
[16:26:27] <ottomata>	 _joe_: thanks for +1.  Should I feel confident merging that myself?  I'm happy if you are pretty sure it isn't going to break thigns
[16:26:42] <_joe_>	 ottomata: so the way it should work is
[16:26:57] <_joe_>	 you check for when the mw infra deployment windows are
[16:27:22] <_joe_>	 you merge the change, run puppet on the deployment host, then you do a scap deployment
[16:30:42] <claime>	 The scap deployment in question: https://wikitech.wikimedia.org/wiki/MediaWiki_On_Kubernetes#The_scap_way without --k8s-only so it also deploys to jobrunners, but it doesn't rebuild the image for no reason
[16:31:19] <claime>	 Hmm, actually you can do it with --k8s-only, it'll be deployed to jobrunners by puppet
[16:39:34] <_joe_>	 it's irrelevant to jobrunners, too
[16:39:45] <claime>	 yep
[17:20:40] <ottomata>	 Hm, okay!  _joe_  can I just schedule this then and be around for a mw infra window and someone else will do it?  i've rarely done full MW deploys: i usually just do individual files.  
[17:21:09] <_joe_>	 ottomata: sync-file does a full sync now :)
[17:31:11] <sukhe>	 on-callers: we just upgraded cp4052 in prod to ATS 9.2.5 up from ATS 9.2.1. no issues expected as such but please note in case we get paged (or otherwise)
[17:31:54] <sukhe>	 actually, from 9.1.4 so even worse in a way :)
[17:32:10] <sukhe>	 (9.2.1 was the older build we had on a canary host but never rolled it out)
[17:32:29] <ottomata>	 _joe_:  okay so what I'm hearing is I should schedule it in a mw infra window and do it myself, ya?
[17:33:56] <_joe_>	 ottomata: yes, you don't need to modify the calendar, just give a heads up in #serviceops I guess
[17:34:08] <ottomata>	 okay, i'll add for tomorrow anyway just in case
[17:47:58] <swfrench-wmf>	 greetings! we’re about 8 weeks away from the September 2024 DC switchover [0] (eqiad to codfw): services and traffic will be depooled in eqiad on the 24th, MediaWiki will switch on the 25th, and eqiad will be repooled for (active/active) services and traffic on 2 October. all actions will target 15:00 UTC.
[17:47:58] <swfrench-wmf>	 if you have tasks related to supporting the switchover, please file them under [1]. thanks!
[17:47:58] <swfrench-wmf>	 [0] https://wikitech.wikimedia.org/wiki/Switch_Datacenter
[17:47:58] <swfrench-wmf>	 [1] https://phabricator.wikimedia.org/T370962
[17:48:20] <sukhe>	 it's that time of the year again!