[08:21:28] <arnaudb>	 sal is down? I have a 404 on it, that doesn't look like "down" though ^^
[08:24:06] <fabfur>	 don't see any possibly related messages on -operations
[08:24:26] <fabfur>	 up again?
[08:25:41] <arnaudb>	 fabfur: ah I missed it! not up from my pov I'm affraid
[08:26:16] <fabfur>	 https://wikitech.wikimedia.org/wiki/Server_Admin_Log I see latest updates 
[08:27:33] <p858snake|cloud>	 arnaudb: are you talking about the SAL on wikitech, or the elasticsearch powered mirror on toolforge?
[08:28:54] <arnaudb>	 https://sal.toolforge.org/ → that one on toolforge, I forgot about the wikitech one!
[08:30:03] <p858snake|cloud>	 fyi @bd808 looks like the webservice is down
[10:00:13] <arturo>	 arnaudb p858snake|cloud fabfur I just restarted the SAL webservice on toolforge
[10:00:22] <arnaudb>	 thanks arturo !
[10:00:28] <fabfur>	 thanks!
[10:12:24] <arturo>	 np
[13:46:43] <revi>	 hashar: that was quick, thx!
[13:52:34] <hnowlan>	 general heads-up if users report any issues related to video, commons (ie almost all of) videoscaling has been moved back to shellbox
[14:10:22] <hashar>	 revi: sometime yes, I merge the integration/config as I witness them :]
[14:10:52] <revi>	 I was pretty lucky then xD
[15:48:15] <urandom>	 topranks: are you around?
[15:48:52] <urandom>	 I tried https://netbox.wikimedia.org/extras/scripts/4/ (for the first time), and accidentally the whole thing
[15:49:03] <topranks>	 urandom: I’m at a conference but during a break right now
[15:49:07] <topranks>	 what’s up?
[15:49:28] <urandom>	 whoops, don't worry, we can get it sorted
[15:49:39] <XioNoX>	 it picked IPs from the parent subnet it seems like
[15:49:54] <urandom>	 and didn't add domain names
[15:50:02] <urandom>	 (which seems to be what the cookbook was mad about)
[15:50:20] <urandom>	 https://phabricator.wikimedia.org/T378730
[15:50:29] <XioNoX>	 dns cookbook, probably, yeah. I'm surprised we don't have netbox validators for that (or they didn't kick in)
[15:50:42] <topranks>	 uh ok sorry bout that hmm
[15:51:04] <topranks>	 definitely had tested it but must have made some error
[15:51:25] <urandom>	 it took quite a while before we were able to use it in anger :)
[15:52:20] <topranks>	 what’s the urgency on it?  I can take a proper look tomorrow morning eu time if it can wait
[15:52:59] <urandom>	 I don't know, I guess it prevents the dns cookbook from running atm?  Beyond that the urgency is low.
[15:53:04] <topranks>	 it should start at ‘a’ alright, maybe an error there
[15:53:09] <XioNoX>	 the root of the issue is taht the primary IP of aqs1022 is a /12
[15:53:11] <XioNoX>	 https://netbox.wikimedia.org/ipam/ip-addresses/18146/
[15:54:48] <topranks>	 XioNoX: if you can delete the dns names or IPs for now to unblock the dns cookbook I’ll do some debugging in the morning and get it fixed up
[15:55:07] <XioNoX>	 yeah don't worry
[15:55:20] <topranks>	 thanks <3
[15:57:17] <XioNoX>	 urandom: how many extra IPs do you need?
[15:57:24] <urandom>	 XioNoX: two
[15:59:30] <XioNoX>	 urandom: cool, you can try the dns cookbook now
[15:59:42] <urandom>	 trying...
[16:04:35] <urandom>	 Ok, I think that part succeeded, and that I'm now presented with diff from someone else's change?
[16:04:44] <urandom>	 the removal of a genetic host?
[16:04:49] <urandom>	 what's the convention here?
[16:04:56] <urandom>	 go/abort?
[16:05:16] <sukhe>	 we check SAL for which host it is usually
[16:05:20] <sukhe>	 can you tell us which one it is?
[16:05:26] <urandom>	 ganeti1044.mgmt.eqiad.wmnet
[16:05:27] <XioNoX>	 urandom: send the diff here
[16:05:49] <urandom>	 https://www.irccloud.com/pastebin/BN4v8mHZ/
[16:06:18] <XioNoX>	 urandom: probably because of this: https://netbox.wikimedia.org/extras/changelog/195033/
[16:06:58] <urandom>	 auh, yeah
[16:07:01] <XioNoX>	 urandom: anyway, it's fine to accept
[16:07:18] <urandom>	 TIL
[16:07:21] <urandom>	 XioNoX: \o/
[16:07:24] <urandom>	 thank you!
[16:07:47] <XioNoX>	 urandom: so there is a deeper problem, which I don't get https://netbox.wikimedia.org/extras/scripts/results/110137/
[16:08:09] <XioNoX>	 it tries to add /12 and /56 IPs
[16:08:23] <XioNoX>	 while it's nowhere on the host nor in puppetdb
[16:09:28] <urandom>	 yeah, that's weird.  It's supposed to be /22 and /64?
[16:09:32] <XioNoX>	 yeah
[16:09:40] <XioNoX>	 I manually fixed it
[16:09:57] <XioNoX>	 but it will bite us again
[16:10:03] <urandom>	 yeah
[16:11:05] <XioNoX>	 anyway, I'll investigate
[17:24:43] <XioNoX>	 I have to step away for today and tomorrow is a holiday in France.
[17:25:10] <XioNoX>	 topranks, I put all my findings on https://phabricator.wikimedia.org/T378751 if you have time to poke at it tomorrow
[17:25:43] <XioNoX>	 urandom: watch out if you need to do anything similar for any of those 3 types of hosts defined in the task as `NO_VIP_RE`
[17:26:39] <urandom>	 XioNoX: ok
[17:27:03] <topranks>	 XioNoX: thanks.  Yeah I definitely did not consider that or use those in my tests
[17:27:30] <XioNoX>	 topranks: your script to add extra IP works fine if not everything around it is broken :)
[17:27:40] <topranks>	 I’m sure it won’t be difficult to fix I’ll have a look tomorrow, going from IP -> vlan -> subnet also strikes me as a way to tackle
[18:21:10] <hnowlan>	 just to note I have a diff for recent mx changes in external_services for admin_ng in deployment-charts, I'm just gonna roll head with them. they seem reasonable
[18:23:13] <cdanis>	 hnowlan: it would probably be a decent idea for us to auto-deploy external_services tbh
[18:24:03] <hnowlan>	 yeah true
[18:34:58] <hnowlan>	 cdanis: long story short we moved to using shellbox-video for videoscaling earlier. it was going fine but over time long-running jobs have run us out of capacity 
[18:35:14] <cdanis>	 ahh
[18:35:16] <hnowlan>	 given that the pods running jobs aren't ready, we can't just do an apply to scale up
[18:35:53] <cdanis>	 hm that seems like a problem we have to fix eventually heh
[18:35:56] <hnowlan>	 at this point it's looking like rolling back might just be the best course of action 
[18:35:57] <cdanis>	 can we kubectl scale the deployment for now?
[18:36:08] <cdanis>	 and then modify the values in helm to match?
[18:36:10] <hnowlan>	 yeah we could just edit the replicaset to add more replicas I *think* 
[18:36:20] <cdanis>	 you need to edit the deployment, the deployment owns the replicaset
[18:36:31] <hnowlan>	 ahh right
[18:36:43] <cdanis>	 I made that mistake during a different mw-k8s outage ;)
[18:36:45] <cdanis>	 umm
[18:37:20] <hnowlan>	 at this point I am considering just rolling back the mediawiki-config change 
[18:37:32] <cdanis>	 that's reasonable
[18:37:42] <cdanis>	 I think it would also be fine to kubectl scale the deployment + merge a similar change to helm values
[18:38:03] <hnowlan>	 we've already bumped replicas by 16, but that apply is going to eventually fail 
[18:38:49] <hnowlan>	 I'm leaning towards the latter 
[18:38:51] <swfrench-wmf>	 can we just make maxUnavailable 100% ?
[18:39:28] <swfrench-wmf>	 I'm not entirely sure that applies to _exiting_ an update, is the problem
[18:40:01] <swfrench-wmf>	 i.e., I'm not sure if it only applies to _progressing_ an update
[18:41:21] <swfrench-wmf>	 (I realize that has implications for how aggressive the update is when scaling the replicasets)
[18:43:10] <swfrench-wmf>	 but also, +1 to rollback maybe being the right strategy if this aspect needs a bit of a rethink in order to be confident it's stable
[18:43:36] <hnowlan>	 yeah, I think that's safest 
[18:43:40] <cdanis>	 is the apply still running?
[18:43:45] <hnowlan>	 It's getting late here and I'm fighting trick-or-treaters 
[18:43:47] <hnowlan>	 cdanis: yeah
[18:44:56] <cdanis>	 yeah, maybe that's best then
[18:45:06] <cdanis>	 although, would it be enough to run helm without `atomic`?
[18:45:43] <hnowlan>	 I dunno, there's no guarantee that they won't just get overwhelmed after we scale up
[18:45:53] <cdanis>	 oh after you scale up the concurrency
[18:45:55] <cdanis>	 sure
[18:46:01] <cdanis>	 ok I'm +1 for rollback
[18:46:33] <swfrench-wmf>	 hnowlan: if you need to go, we can take care of the rollback / backport
[18:47:39] <hnowlan>	 https://gerrit.wikimedia.org/r/c/operations/mediawiki-config/+/1085464
[18:48:43] <hnowlan>	 swfrench-wmf: if you could sync that it would be great, I kinda need to move in the next few minutes but I will be back in ~30 minutes or so 
[18:49:08] <swfrench-wmf>	 +1'd and yeah, I can drive that
[18:49:17] <_joe_>	 I'm -1 on rolling back
[18:49:23] <_joe_>	 let me explain why
[18:49:43] <_joe_>	 if the load is unusually high, k8s has some way to cope with it for us, if uneasy
[18:49:47] <_joe_>	 baremetal does not
[18:50:23] <_joe_>	 but YMMV
[18:51:05] <hnowlan>	 it *is* just a matter of numbers in this case 
[18:51:15] <hnowlan>	 you can run more jobs on the metal videoscalers 
[18:51:23] <hnowlan>	 (and we don't page for them, but we do for shellbox-video)
[18:52:10] <_joe_>	 we can rollback and see if it kills videoscalers :)
[18:52:10] <kamila_>	 I agree with _joe_ 
[18:52:36] <hnowlan>	 I doubt it will kill them fwiw
[18:52:41] <cdanis>	 _joe_: I think we're also holding up a backport window right now
[18:52:49] <hnowlan>	 yeah we are 
[18:52:56] <_joe_>	 or, we can rollback, while we're rolled back we can scale up
[18:53:09] <swfrench-wmf>	 this is kind of the problem, yeah - we've changed a couple of things about how capacity is "represented" (for lack of a better term), and unfortunately that's tangled with a bunch of other things, like how pybal alerts are useless
[18:53:11] <_joe_>	 and see if videoscalers hold up
[18:53:36] <_joe_>	 pybal is useless in general when it comes to k8s
[18:53:43] <hnowlan>	 so I am +1 on rollback to unblock the window and then fix things after
[18:53:45] <swfrench-wmf>	 precisely, yeah
[18:53:46] <_joe_>	 anyways, sure, roll back
[18:54:17] <swfrench-wmf>	 I can take that from here, then
[18:54:35] <hnowlan>	 thank you swfrench-wmf! 
[18:56:43] <hnowlan>	 it does make this any less annoying but this is more or less the same situation as thumbor 
[18:56:56] <hnowlan>	 we could absolutely beat the crap out of a few metal instances and clog them with processes 
[18:57:05] <hnowlan>	 er *it doesn't
[18:57:59] <cdanis>	 the other option is DIY loadbalancing instead of abusing readiness probes ;)
[18:58:06] <cdanis>	 I've implemented that before
[18:58:29] <hnowlan>	 that's exactly what we did for thumbor
[18:58:34] <hnowlan>	 and it suuuuucks :D
[18:58:35] <cdanis>	 oh neat, I didn't know
[18:58:37] <cdanis>	 ahaha
[18:58:53] <hnowlan>	 we actually want to get rid of it and go to a single-worker-per-pod thing and let k8s sort it out
[18:59:28] <cdanis>	 the miss penalty is a lot less for subsecond tasks, at least
[18:59:59] <hnowlan>	 okay, I have to scoot briefly - I will be back in ~30 mins but I have my phone and can get back to a computer so please let me know if needed
[19:03:27] <swfrench-wmf>	 thanks for sticking around, h.nowlan! good luck with candy distribution :)
[19:10:50] <swfrench-wmf>	 alright, now that we're no longer blocking the train, I might go ahead and test out the maxUnavailable hack - any objections to that, or better yet, someone who knows authoritatively that will not help?
[19:22:28] <swfrench-wmf>	 aaand never mind. it turns out we've not wired strategy overrides into the shellbox chart.
[19:24:23] <swfrench-wmf>	 I'll try applying once we drift below the default of 25%
[19:39:44] <hnowlan>	 thanks for handling the rollout swfrench-wmf! I'm around now if there's any follow-up
[19:42:46] <swfrench-wmf>	 hnowlan: no problem at all. I don't think there's much immediate follow-up - I'm just waiting for %-unavailable to drift below 25% and then I'll try applying you changes.
[19:43:00] <swfrench-wmf>	 *your
[19:43:36] <hnowlan>	 might be a while :D I suspect a few of those jobs will be a few more hours 
[19:44:30] <cdanis>	 hnowlan: have we thought about sharded transcodes?  I'm guessing that involves even a few extra complexities than the ones I was already thinking of, but
[19:45:01] <hnowlan>	 it was something we talked about way back at the start of this project 
[19:45:09] <hnowlan>	 "it'll be quicker to lift and shift" I said 
[19:45:12] <hnowlan>	 lolol :<
[19:45:15] <cdanis>	 😅
[19:45:18] <cdanis>	 you might still be right!
[19:45:32] <hnowlan>	 it would require a good bit of work on TMH 
[19:46:19] <cdanis>	 hm interesting, I was imagining ways to split up individual transcodes but keep it transparent to 'clients'
[19:46:34] <cdanis>	 I've stayed far away from TMH though :)
[19:48:02] <hnowlan>	 what I would imagine is a process where if we get a video larger than $x, we use ffmpeg to split the file up and stick them in a queue which get encoded as normal and then something that again uses ffmpeg to stitch them back together 
[19:48:53] <kamila_>	 ^ that (and that could be transparent for tmh) 
[19:49:24] <hnowlan>	 there are a lot of assumptions about ffmpeg splitting being format-friendly though 
[20:25:04] <swfrench-wmf>	 shellbox-video is now upsized in codfw - the answer to my question from before: yes, maxUnavailable applies not update exit, not just progress
[20:26:58] <swfrench-wmf>	 interesting typo ... that should say "applies to updated exit"