A collection and discussion point for additional netbox reports.
Description
Details
Subject | Repo | Branch | Lines +/- | |
---|---|---|---|---|
Add network report | operations/software/netbox-extras | master | +142 -0 |
Related Objects
- Mentioned In
- rOSNE0702545ce908: Add network report
T253173: Some clusters do not have DNS for IPv6 addresses (TRACKING TASK) - Mentioned Here
- T283483: Various netbox alerts running for days
T273248: wikireplicas last-minute infra work to discuss / resolve
T253173: Some clusters do not have DNS for IPv6 addresses (TRACKING TASK)
Event Timeline
An idea that came up in discussing DNS automation with @ayounsi is to verify interface names match, and/or automate updating interface names from PuppetDB into Netbox.
If an interface have a v4 and v6 IP, their DNS names should match.
lightweight version of that is to only check a device's primary IPs.
Figure out how to alert on "zombie" hosts, still online, but not in puppet and with a planned/staged state.
See also T253173#6722217
Report servers that either have a missing primary_ipv6 or have a primary_ipv6 without a DNS name set.
Report duplicated interfaces on switches (and switch stack). For example if xe-2/0/18 and ge-2/0/18 are present. Or if xe-2/0/18 exists twice on 2 different VC members.
Report to check for duplicate IPs with different netmasks.
When an IP is marked as VIP for example, Netbox allows to create it duplicated with different netmasks like 10.0.0.0/32 and 10.0.0.0/27.
We should alert if this happens as it's an indication that something has not worked properly.
We set a netmask of /32 (correct one) for all VIPs and not the subnet netmask as Netbox does by default.
See also T273248#6791839
Change 674977 had a related patch set uploaded (by Ayounsi; author: Ayounsi):
[operations/software/netbox-extras@master] Add network report
I don't remember what we discussed here, could you add details?
Did the lightweight version, as there are devices with multiple IPs/FQDN (eg. restbase).
Done
Done
Done
Done, let me know if the implementation is correct though.
Change 674977 merged by Ayounsi:
[operations/software/netbox-extras@master] Add network report
Any suggestions what we can do about monitoring situation of the reports? Just spent some time cleaning out unhandled Icinga alerts but we always have the netbox alerts there.. see how long they have been CRIT. If it was really CRIT we would not leave them like that for a longer time, right? So they are apparently just WARN. What would you think about changing them to WARN level? Or, alternatively, can we actually fix them?