Page MenuHomePhabricator
Create Task
Maniphest T149253

Firewall rules production/labs for prometheus-node-exporter
Closed, ResolvedPublic
Actions

Description

I'm going through the list of hosts unreachable by prometheus servers in eqiad and all labvirt* labnodepool* labnet* can't be reached on tcp/9100 (node-exporter port). I'm guessing it is the production/labs ACLs that prevent this, can we punch a hole in the firewall for this?
In terms of tcp connections what doesn't work is e.g. 10.64.32.198 -> 10.64.20.25:9100
Technically now prometheus hosts are "monitoring hosts", namely prometheus100[12] in eqiad and prometheus200[12] in codfw, if that makes a difference!

Related Objects
Search...

Event Timeline

fgiunchedi created this task.Oct 26 2016, 10:21 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 26 2016, 10:21 PM
Krenair added a project: Cloud-Services.Oct 26 2016, 10:26 PM
fgiunchedi updated the task description. (Show Details)Nov 3 2016, 3:28 PM
akosiaris closed this task as Resolved.Nov 3 2016, 5:00 PM
akosiaris claimed this task.
akosiaris subscribed.

After a couple of rounds, finally done. Tested with telnet on a few hosts and seems to work fine.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL