Project

General

Profile

action #68095

Migrate osd workers from SuSEfirewall2 to firewalld

Added by okurz 7 months ago. Updated 3 months ago.

Status:
Resolved
Priority:
High
Assignee:
mkittler
Target version:
openQA Project - Ready
Start date:
2020-06-15
Due date:
% Done:

0%

Estimated time:
Tags:
worker

Description

Motivation

SuSEfirewall2 is not going to be supported anymore in current versions of openSUSE or SLE distributions. Our o3 workers already run firewalld just fine including multi-machine tests. We can not easily check the firewall status compared to firewalld where the systemd service is more helpful (#68092)

Acceptance criteria

Suggestions

Related issues

Related to openQA Infrastructure - action #73633: OSD partially unresponsive, triggering 500 responses, spotty response visible in monitoring panels but no alert triggered (yet)Resolved2020-10-202020-11-17

History

#1 Updated by okurz 7 months ago

  • Description updated (diff)

#2 Updated by okurz 6 months ago

  • Tags changed from caching, openQA, sporadic, arm, ipmi, worker to worker

#3 Updated by ggardet_arm 4 months ago

This task is blocking all upgrades to Leap 15.2 in CI and in o3. And Leap 15.1 EOL is getting close (November 2020).
Could we move forward?

#4 Updated by okurz 4 months ago

  • Priority changed from Normal to High

yes, this is becoming more important now. Bumping prio to "High".

#5 Updated by okurz 3 months ago

#64700#note-4 has examples for clone-job calls which sends jobs to another job group and such so that they do not show up intermixed with normal validation hosts.

#6 Updated by mkittler 3 months ago

  • Status changed from Workable to In Progress
  • Assignee set to mkittler

I'm going to use our staging setup to test this. Hence I'm currently checking whether MM tests work generally in our staging setup.

#7 Updated by mkittler 3 months ago

I've created SR https://gitlab.suse.de/openqa/salt-states-openqa/-/merge_requests/378 which has been tested on openqaworker11 (staging worker) and openqaworker3 (production worker).

TODOs:

  • Merge the SR as the pipeline passes now.
  • Enable salt-minion again on openqaworker3 after the SR has been merged. (I left it disabled so its setup isn't reverted again.)
  • Uninstall SuSEfirewall2 from all workers.

#8 Updated by mkittler 3 months ago

The SR has been merged and applied on all workers. I've also uninstalled SuSEfirewall2. It looks good so far. I couldn't enable salt-minion on openqaworker3 because it is currently offline.

#9 Updated by mkittler 3 months ago

  • Status changed from In Progress to Feedback

openqaworker3 is online again and I enabled salt-minion. Looks like it runs MM jobs (e.g. https://openqa.suse.de/tests/4849371#dependencies).

#10 Updated by mkittler 3 months ago

  • Status changed from Feedback to Resolved

#11 Updated by mkittler 3 months ago

No TODOs left. I've seen successful MM tests in production and our monitoring should be sufficient to catch further problems so I'm marking the ticket as resolved.

#12 Updated by okurz 2 months ago

  • Related to action #73633: OSD partially unresponsive, triggering 500 responses, spotty response visible in monitoring panels but no alert triggered (yet) added

Also available in: Atom PDF