Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ol-home0 provisioning needs rsync ferm/input #4723

Closed
1 task done
Tracked by #5757
mekarpeles opened this issue Mar 4, 2021 · 1 comment
Closed
1 task done
Tracked by #5757

ol-home0 provisioning needs rsync ferm/input #4723

mekarpeles opened this issue Mar 4, 2021 · 1 comment
Labels
Lead: @cclauss Issues overseen by Chris (Python3 & Dev-ops lead 2019-2021) [managed] Needs: Triage This issue needs triage. The team needs to decide who should own it, what to do, by when. [managed]

Comments

@mekarpeles
Copy link
Member

mekarpeles commented Mar 4, 2021
edited by cclauss
Loading

The issue was that we were updating /etc/ferm/ferm.conf rules even though these were auto-generated daily. We should have been putting them in /etc/ferm/input/ as is described in @abezella's guide:
https://docs.google.com/document/d/1W4DtLPlzCUszovOj1yA6uy5Ws8GY_cpjlxu5VOo2aQo/edit#heading=h.3dy6vkm

The second issue is, restarting ferm via sudo service ferm reload causes Docker iptables to go haywire.
The solution is to restart docker with sudo systemctl restart docker

HOW DO WE DETECT FERM RULES CHANGES FROM ANSIBLE.

  • If we reprovision ol-home0 this ferm/input rule needs to be a step, e.g. adding:
    saddr $CLUSTER proto tcp dport rsync ACCEPT;
    to /ol-home0:/etc/ferm/input/rsync.conf

Related to #680

Originally posted by @mekarpeles in #4706 (comment)
@mekarpeles mekarpeles added the Lead: @cclauss Issues overseen by Chris (Python3 & Dev-ops lead 2019-2021) [managed] label Mar 4, 2021
@mekarpeles mekarpeles added the Needs: Triage This issue needs triage. The team needs to decide who should own it, what to do, by when. [managed] label Mar 10, 2021
@cclauss cclauss mentioned this issue Mar 12, 2021
Closed
5 tasks
This was referenced Nov 11, 2021
Closed
Closed
@cclauss cclauss added the Priority: 1 Do this week, receiving emails, time sensitive, . [managed] label Nov 11, 2021
@cdrini cdrini removed the Priority: 1 Do this week, receiving emails, time sensitive, . [managed] label Nov 15, 2021
@cclauss
Copy link
Contributor

cclauss commented Dec 9, 2021

Rsync works between ol-home0 and ol-www0. We will reopen this if we run into rsync issues.

@cclauss cclauss closed this as completed Dec 9, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Lead: @cclauss Issues overseen by Chris (Python3 & Dev-ops lead 2019-2021) [managed] Needs: Triage This issue needs triage. The team needs to decide who should own it, what to do, by when. [managed]
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mekarpeles @cclauss @cdrini