Page MenuHomePhabricator
Create Task
Maniphest T327877

Disable NETBIOS on some IPMI
Closed, ResolvedPublic
Actions

Description

A 2h capture on the blocked traffic on the management routers (https://logstash.wikimedia.org/app/dashboards#/view/69b9fbe0-3c1b-11e8-90f7-4958fd3a62b4) shows that those 5 hosts' IPMI are trying to talk Netbios (port 137) to 10.0.1.1, 10.18.128.15 and 10.18.128.16

10.65.5.18 - ms-be1059.mgmt.eqiad.wmnet.
10.65.5.76 - cloudvirt1019.mgmt.eqiad.wmnet.
10.65.1.134 - db1140.mgmt.eqiad.wmnet.
10.193.2.207 - db2100.mgmt.codfw.wmnet.
10.65.1.133 - db1139.mgmt.eqiad.wmnet.

Not sure if they're old hosts or some steps in their configuration got missed, but it would be safer to disable it.

Event Timeline

ayounsi created this task.Jan 25 2023, 10:18 AM
ayounsi triaged this task as Low priority.Jan 25 2023, 10:21 AM
ayounsi added a subscriber: RobH.
Maintenance_bot added a project: SRE.Jan 25 2023, 10:29 AM
RobH added a comment.Jan 25 2023, 2:24 PM

Please note all 5 of these host are old HP ProLiants. I'm not sure where this setting is on these hosts, but I'm assuming in the bios and each of these will require downtime/reboot to disable.

As this is going to require some troubleshooting, perhaps one of the Data-Persistence folks can advise which of the 4 machines of theirs we can take down to troubleshoot to disable netbios?

RobH moved this task from Backlog to Hardware Failure / Troubleshoot on the ops-eqiad board.Jan 25 2023, 2:24 PM
RobH moved this task from Backlog to Hardware Failure / Troubleshoot on the ops-codfw board.
RobH added projects: cloud-services-team (Hardware), Data-Persistence.
ayounsi added a comment.Jan 25 2023, 2:29 PM

Note that it's on their IPMI/ILO interfaces, not sure they need to go down.

RobH added a comment.EditedJan 25 2023, 3:08 PM

I've disabled the multicast discovery on the ilom interface for db1140 (10.65.1.134) as a test to see if it stops the netbios port broadcasts from the ilom interfaces.

https://logstash.wikimedia.org/app/dashboards#/view/69b9fbe0-3c1b-11e8-90f7-4958fd3a62b4?_g=h@1be52a8&_a=h@71b611e

It didn't fix it, going to have to keep tinkering.

Stashbot added a comment.Jan 25 2023, 3:43 PM

Mentioned in SAL (#wikimedia-sre) [2023-01-25T15:43:34Z] <robh> netbios wins disabled on db1140 ilom and ilom reset T327877

Stashbot added a comment.Jan 25 2023, 3:50 PM

Mentioned in SAL (#wikimedia-sre) [2023-01-25T15:50:22Z] <robh> db1139 ilom wins/netbios disabled and ilom reset T327877

RobH added a comment.Jan 25 2023, 3:57 PM

Arzhel linked to some docs and commented netbios is called wins in HP ilom, and I had noticed the wins enablement under IPv4 so disabled and the issue went away for db1140. Going to disable on the rest of them.

  • login to https interface
  • navigate to ilom dedicated port ipv4 settings and disable WINs at bottom of page and apply
  • navigate to home, diagnotics, reset ilom

I've now done this for all the hosts listed, watching them all resolve off sending the netbios/wins traffic via the logstash view for each host (just changed the source IP from earlier link)

RobH closed this task as Resolved.Jan 25 2023, 4:41 PM
RobH claimed this task.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits