Page MenuHomePhabricator
Create Task
Maniphest T179042

Setup eqsin RIPE Atlas anchor
Closed, ResolvedPublic
Actions

Description

Also see T167425. Inspired from T174637:

  • Assign IPs (103.102.166.20; 2001:0df2:e500:201:103:102:166:20) https://gerrit.wikimedia.org/r/#/c/386538/
  • Obtain image
  • load image on the device (see. https://atlas.ripe.net/docs/anchor-installation/ )
  • Rack device (or at least assign rack space)
  • Add device to racktables
  • Configure switch port in sandbox vlan
  • Connect anchor's uplink and console
  • Verify connectivity to the anchor
  • On the RIPE website, go to the "My Atlas" menu and then "Anchors", and check the box "software is installed"
  • Add anchor to monitoring

Details

SubjectRepoBranchLines +/-
eqsin: add ripe-atlas ping measurement monitoringoperations/puppetproduction+1 -0
Customize query in gerrit

Related Objects

Event Timeline

ayounsi created this task.Oct 25 2017, 9:40 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 25 2017, 9:40 PM
faidon renamed this task from Setup eqsin atlas anchor to Setup eqsin RIPE Atlas anchor.Oct 26 2017, 5:22 PM
faidon triaged this task as Medium priority.
faidon updated the task description. (Show Details)
faidon updated the task description. (Show Details)
faidon added a comment.Oct 26 2017, 5:24 PM

Image has been downloaded to the install* servers.

Cmjohnson moved this task from Backlog to Up next on the ops-eqiad board.Oct 30 2017, 2:24 PM
Cmjohnson added a comment.Nov 6 2017, 2:23 PM

I have connected the Ripe atlas anchor to iron if you want to load the image.

Cmjohnson assigned this task to RobH.Nov 28 2017, 5:23 PM
Cmjohnson removed a project: ops-eqiad.

This did not get setup before shipping to Singapore...assigning to @RobH

RobH added a project: ops-eqsin.Nov 28 2017, 7:33 PM
RobH removed RobH as the assignee of this task.Dec 8 2017, 7:17 AM
RobH updated the task description. (Show Details)
RobH updated the task description. (Show Details)
ayounsi assigned this task to faidon.Dec 8 2017, 7:35 AM
ayounsi updated the task description. (Show Details)
Framawiki subscribed.Jan 1 2018, 5:27 PM
BBlack added a project: Traffic.Feb 13 2018, 1:16 PM
BBlack moved this task from Backlog to Asia Cache DC on the Traffic board.Feb 13 2018, 1:21 PM
Liuxinyu970226 subscribed.Feb 26 2018, 2:26 PM
faidon added a comment.Mar 7 2018, 3:10 PM

I believe this was blocked until today on an SFP replacement (T188923). It seems that the IP of the Atlas is responding now, and we even receive an SSH banner. So I just submitted the form on the RIPE Atlas panel. Now we're waiting on RIPE before this is fully online:

Thank you for installing the software for your RIPE Atlas anchor!

It may take up to a week to run the tests for your anchor.
We will keep you informed throughout the process of finalising your anchor.

faidon updated the task description. (Show Details)Mar 7 2018, 3:10 PM
BBlack added a comment.Mar 8 2018, 2:41 PM

Ping monitoring for this anchor merged in with: https://gerrit.wikimedia.org/r/#/c/417267/1/modules/netops/manifests/monitoring.pp

What we're missing in configuration for the last checkbox at the top is the measurement checks at the bottom of the same file referenced above, which won't be possible until the probe anchor is fully set up on the RIPE side and measurements are defined with IDs.

Also ping @ayounsi - From both the outside world and our monitoring hosts in eqiad, the atlas's ipv4 is pingable, but not ipv6. Probably network configuration issue somewhere.

BBlack mentioned this in T156027: Configuration for Asia Cache DC hosts.Mar 8 2018, 2:48 PM
ayounsi added a comment.Mar 8 2018, 10:37 PM

The IPv6 issue seems to be on the Atlas, most likely not configured yet.

From the router interface I can't ping its global IP:
ping 2001:df2:e500:201:103:102:166:20 source 2001:df2:e500:201::1

But I can ping its link-local address:
ping fe80::200:24ff:fed2:3df0 interface ae1.530

BBlack added a comment.Mar 9 2018, 12:34 PM

Oh makes sense, maybe the initial image install just has the v4 and RIPE has to configure the v6 during their bringup process?

faidon added a comment.Mar 9 2018, 12:35 PM

That is correct to my knowledge -- that was the case with our other anchors.

faidon reassigned this task from faidon to ayounsi.Mar 12 2018, 2:53 PM

Just heard from RIPE:

I just finished the provisioning of sg-sin-as14907.anchors.atlas.ripe.net and noticed that port 5666 is filtered.

Can you please make sure that there are no ACLs in place? An atlas anchor needs unfiltered access to and from the internet.

IIRC, we have an exception in our ACLs for 5666 for the Atlases IPs (both IPv4 & IPv6), so it's likely that eqsin's (and esams'?) wasn't added to the IP set. @ayounsi, could you check this out and modify accordingly? Thanks :)

ayounsi added a comment.Mar 12 2018, 2:59 PM

Should be good now for eqsin.

ayounsi reassigned this task from ayounsi to faidon.Mar 12 2018, 3:59 PM
faidon reassigned this task from faidon to ayounsi.Mar 13 2018, 12:01 PM

We're happy to announce that your RIPE Atlas anchor is functioning properly and is now connected to the RIPE Atlas network.

You can see your anchor when logged in to the RIPE Atlas website.

The direct link to the probe page for the anchor is here:
https://atlas.ripe.net/probes/6345/

[…]

Only thing left is monitoring, right?

gerritbot subscribed.Mar 13 2018, 12:07 PM

Change 419156 had a related patch set uploaded (by BBlack; owner: BBlack):
[operations/puppet@production] eqsin: add ripe-atlas ping measurement monitoring

https://gerrit.wikimedia.org/r/419156

gerritbot added a project: Patch-For-Review.Mar 13 2018, 12:07 PM

Change 419156 merged by BBlack:
[operations/puppet@production] eqsin: add ripe-atlas ping measurement monitoring

https://gerrit.wikimedia.org/r/419156

BBlack closed this task as Resolved.Mar 13 2018, 12:15 PM
BBlack updated the task description. (Show Details)
In T179042#4046290, @faidon wrote:

Only thing left is monitoring, right?

I think so AFAIK, and done above, showing green in icinga.

Liuxinyu970226 unsubscribed.Mar 13 2018, 12:24 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL