Project

General

Profile

action #68095

Migrate osd workers from SuSEfirewall2 to firewalld

Added by okurz over 1 year ago. Updated 12 months ago.

Status:
Resolved
Priority:
High
Assignee:
Target version:
Start date:
2020-06-15
Due date:
% Done:

0%

Estimated time:
Tags:

Description

Motivation

SuSEfirewall2 is not going to be supported anymore in current versions of openSUSE or SLE distributions. Our o3 workers already run firewalld just fine including multi-machine tests. We can not easily check the firewall status compared to firewalld where the systemd service is more helpful (#68092)

Acceptance criteria

Suggestions


Related issues

Related to openQA Infrastructure - action #73633: OSD partially unresponsive, triggering 500 responses, spotty response visible in monitoring panels but no alert triggered (yet)Resolved2020-10-202020-11-17

History

#1 Updated by okurz over 1 year ago

  • Description updated (diff)

#2 Updated by okurz about 1 year ago

  • Tags changed from caching, openQA, sporadic, arm, ipmi, worker to worker

#3 Updated by ggardet_arm about 1 year ago

This task is blocking all upgrades to Leap 15.2 in CI and in o3. And Leap 15.1 EOL is getting close (November 2020).
Could we move forward?

#4 Updated by okurz about 1 year ago

  • Priority changed from Normal to High

yes, this is becoming more important now. Bumping prio to "High".

#5 Updated by okurz about 1 year ago

#64700#note-4 has examples for clone-job calls which sends jobs to another job group and such so that they do not show up intermixed with normal validation hosts.

#6 Updated by mkittler about 1 year ago

  • Status changed from Workable to In Progress
  • Assignee set to mkittler

I'm going to use our staging setup to test this. Hence I'm currently checking whether MM tests work generally in our staging setup.

#7 Updated by mkittler about 1 year ago

I've created SR https://gitlab.suse.de/openqa/salt-states-openqa/-/merge_requests/378 which has been tested on openqaworker11 (staging worker) and openqaworker3 (production worker).

TODOs:

  • Merge the SR as the pipeline passes now.
  • Enable salt-minion again on openqaworker3 after the SR has been merged. (I left it disabled so its setup isn't reverted again.)
  • Uninstall SuSEfirewall2 from all workers.

#8 Updated by mkittler 12 months ago

The SR has been merged and applied on all workers. I've also uninstalled SuSEfirewall2. It looks good so far. I couldn't enable salt-minion on openqaworker3 because it is currently offline.

#9 Updated by mkittler 12 months ago

  • Status changed from In Progress to Feedback

openqaworker3 is online again and I enabled salt-minion. Looks like it runs MM jobs (e.g. https://openqa.suse.de/tests/4849371#dependencies).

#10 Updated by mkittler 12 months ago

  • Status changed from Feedback to Resolved

#11 Updated by mkittler 12 months ago

No TODOs left. I've seen successful MM tests in production and our monitoring should be sufficient to catch further problems so I'm marking the ticket as resolved.

#12 Updated by okurz 11 months ago

  • Related to action #73633: OSD partially unresponsive, triggering 500 responses, spotty response visible in monitoring panels but no alert triggered (yet) added

Also available in: Atom PDF