Maniphest T207417

ferm fail to start at boot in some cases
Closed, DuplicatePublic
Actions

Assigned To

None

Authored By

	Volans
	Oct 18 2018, 8:30 PM

Description

In some cases ferm fails to start at boot because of some failed resolution, as an example:

Oct 18 15:53:04 db2042 ferm[837]: DNS query for 'prometheus2003.codfw.wmnet' failed: query timed out
Oct 18 15:53:04 db2042 ferm[837]:  (warning).
Oct 18 15:53:04 db2042 systemd[1]: ferm.service: Main process exited, code=exited, status=255/n/a
Oct 18 15:53:04 db2042 systemd[1]: Failed to start ferm firewall configuration.
Oct 18 15:53:04 db2042 systemd[1]: ferm.service: Unit entered failed state.

This was on db2042 right after a reboot, but I've already seen this happening on other hosts too.
The subsequent puppet run didn't start the service either, although a simple start would fix the issue.

So we should investigate our puppet+systemd integration for ferm to make sure that ferm it's able to resolve hosts in its configuration when it starts and on failure (at least @reboot) it should be retried a couple of times and/or have puppet ensure that's it's running starting the service.

Related Objects

Mentioned In: T202051: db2042 (m3) master RAID battery failed

Event Timeline

Volans created this task.Oct 18 2018, 8:30 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 18 2018, 8:30 PM

Volans mentioned this in T202051: db2042 (m3) master RAID battery failed.Oct 18 2018, 8:30 PM

That should be https://phabricator.wikimedia.org/T148986, but it's also a generic issue for other system services as well, which also rely on working name resolution.

jijiki closed this task as a duplicate of T148986: Firewall sets not being loaded post-reboot due to a @resolve race.Oct 25 2018, 11:36 AM

ferm fail to start at boot in some casesClosed, DuplicatePublicActions

Description

Related Objects

Event Timeline

ferm fail to start at boot in some cases
Closed, DuplicatePublic
Actions