Page MenuHomePhabricator
Create Task
Maniphest T138685

notebook1001 shown as DOWN in icinga, due to firewall rules
Closed, ResolvedPublic
Actions

Description

icinga reports notebook1001 as a DOWN host. but it is actually up.

There are iptables rules on it that don't appear to be puppetized and probably prevent icinga from connecting to it.

From puppet just base::firewall is included but there are things like

Chain DOCKER-ISOLATION (1 references)

That should probably be done with ferm rules (and base::firewall would leave the standard holes for icinga open)

Event Timeline

Dzahn created this task.Jun 25 2016, 9:36 PM
Restricted Application added subscribers: Zppix, Aklapper. · View Herald TranscriptJun 25 2016, 9:36 PM
Dzahn added a project: SRE.Jun 25 2016, 9:37 PM
Dzahn added a subscriber: madhuvishy.

https://icinga.wikimedia.org/cgi-bin/icinga/extinfo.cgi?type=1&host=notebook1001

Peachey88 added a project: Jupyter-Hub.Jun 26 2016, 1:50 AM
Krenair subscribed.Jun 26 2016, 2:54 AM
Dzahn added a comment.Jun 27 2016, 10:58 AM

Briefly talked to Yuvi and Madhu. These rules come from the docker package.

fgiunchedi triaged this task as Medium priority.Jul 12 2016, 10:13 AM
Dzahn added a comment.Sep 16 2016, 1:21 AM

still marked as DOWN in Icinga for a couple months now. notebook1002 does not have this issue

Dzahn closed this task as Resolved.Jan 3 2019, 12:03 AM
Dzahn claimed this task.
Dzahn added a project: Analytics.

no response since 2016 and meanwhile there is no more notebook1001. closing.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL