Page MenuHomePhabricator
Create Task
Maniphest T327980

eqiad1 VMs can no longer contact the nova metadata service
Closed, ResolvedPublic
Actions

Description

For example, here's a VM asking the metadata service about its hostname:

$ curl http://169.254.169.254/latest/meta-data/hostname
<html><body><h1>504 Gateway Time-out</h1>
The server didn't respond in time.
</body></html>

I'm guessing this has to do with recent firewall changes, for example

https://gerrit.wikimedia.org/r/c/operations/puppet/+/868070

or

https://gerrit.wikimedia.org/r/c/operations/puppet/+/883571

This means we can't create new working VMs at all. This is likely also breaking Magnum and Heat. Trove seems to still work, I think because it uses config-drive rather than the metadata service.

Details

SubjectRepoBranchLines +/-
fix nova-metadata firewall rulesoperations/puppetproduction+6 -2
Customize query in gerrit

Event Timeline

Andrew created this task.Jan 26 2023, 12:57 AM
Restricted Application added a project: cloud-services-team. · View Herald TranscriptJan 26 2023, 12:57 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Andrew triaged this task as Unbreak Now! priority.Jan 26 2023, 12:58 AM
Andrew updated the task description. (Show Details)
gerritbot added a comment.Jan 26 2023, 6:44 AM

Change 883696 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/puppet@production] fix nova-metadata firewall rules

https://gerrit.wikimedia.org/r/883696

gerritbot added a project: Patch-For-Review.Jan 26 2023, 6:44 AM
taavi claimed this task.Jan 26 2023, 6:49 AM
gerritbot added a comment.Jan 26 2023, 9:02 AM

Change 883696 merged by Arturo Borrero Gonzalez:

[operations/puppet@production] fix nova-metadata firewall rules

https://gerrit.wikimedia.org/r/883696

aborrero closed this task as Resolved.EditedJan 26 2023, 9:11 AM

Works now, thanks @taavi for the quick patch.

aborrero@tools-sgebastion-11:~$ curl http://169.254.169.254/latest/meta-data/hostname
tools-sgebastion-11.novalocal
Stashbot added a comment.Jan 26 2023, 9:26 AM

Mentioned in SAL (#wikimedia-cloud) [2023-01-26T09:26:23Z] <taavi> deleting instances leaked by T327980

Maintenance_bot removed a project: Patch-For-Review.Jan 26 2023, 9:30 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL