Page MenuHomePhabricator
Create Task
Maniphest T207175

add icinga1001 to send_nsca and pfw rules in FRACK
Closed, ResolvedPublic
Actions

Description

We have a new Icinga server, icinga1001.wikimedia.org (208.80.154.84, 2620:0:861:3:208:80:154:84) which will be replacing
einsteinium.wikimedia.org (208.80.155.119, 2620:0:861:4:208:80:155:119) in the future.

FRACK servers are sending passive check results with send_nsca to NSCA on the Icinga server.

Can we add icinga1001 here in parallel and send to both IP for a migration period?

Also, separately, einsteinium probably appears somewhere in pfw firewall rules and here it's the same question, could we please allow the new IP before removing the old IP and have both in there for a little while until the old server is actually retired?

Thanks!

Related Objects
Search...

Event Timeline

Dzahn created this task.Oct 16 2018, 2:48 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 16 2018, 2:48 PM
Dzahn added a parent task: T202782: upgrade icinga server to stretch and replace einsteinium.Oct 16 2018, 2:48 PM
cwdent added subscribers: ayounsi, cwdent.Oct 18 2018, 8:44 PM
[frack::puppet::private] 527140c add iptables/pfw rules for icinga1001

@Dzahn thanks for the heads up!

@ayounsi whenever you have time: 1539894800

cwdent added a project: netops.Oct 18 2018, 8:44 PM
ayounsi claimed this task.EditedOct 19 2018, 4:58 PM

From IRC, the Juniper diff seems to include more than what's mentioned in the description, at least:
saiph renaming and betelgeuse removal

I can provide you the diff if needed.

Stashbot subscribed.Oct 22 2018, 2:49 PM

Mentioned in SAL (#wikimedia-operations) [2018-10-22T14:49:18Z] <XioNoX> push firewall changes to pfw3-codfw - T207175

Stashbot added a comment.Oct 22 2018, 3:35 PM

Mentioned in SAL (#wikimedia-operations) [2018-10-22T15:35:57Z] <XioNoX> push firewall changes to pfw3-eqiad - T207175

ayounsi closed this task as Resolved.Oct 22 2018, 4:03 PM
Dzahn added a comment.EditedOct 22 2018, 7:00 PM

@ayounsi thank you :)

@cwdent has the send_nsca part also been done?

Dwisehaupt moved this task from Triage to Done on the fundraising-tech-ops board.Feb 13 2020, 9:31 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits