Project

General

Profile

Actions

action #68095

closed

Migrate osd workers from SuSEfirewall2 to firewalld

Added by okurz almost 4 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
High
Assignee:
Category:
-
Target version:
Start date:
2020-06-15
Due date:
% Done:

0%

Estimated time:
Tags:

Description

Motivation

SuSEfirewall2 is not going to be supported anymore in current versions of openSUSE or SLE distributions. Our o3 workers already run firewalld just fine including multi-machine tests. We can not easily check the firewall status compared to firewalld where the systemd service is more helpful (#68092)

Acceptance criteria

Suggestions


Related issues 1 (0 open1 closed)

Related to openQA Infrastructure - action #73633: OSD partially unresponsive, triggering 500 responses, spotty response visible in monitoring panels but no alert triggered (yet)Resolvednicksinger2020-10-202020-11-17

Actions
Actions #1

Updated by okurz almost 4 years ago

  • Description updated (diff)
Actions #2

Updated by okurz over 3 years ago

  • Tags changed from caching, openQA, sporadic, arm, ipmi, worker to worker
Actions #3

Updated by ggardet_arm over 3 years ago

This task is blocking all upgrades to Leap 15.2 in CI and in o3. And Leap 15.1 EOL is getting close (November 2020).
Could we move forward?

Actions #4

Updated by okurz over 3 years ago

  • Priority changed from Normal to High

yes, this is becoming more important now. Bumping prio to "High".

Actions #5

Updated by okurz over 3 years ago

#64700#note-4 has examples for clone-job calls which sends jobs to another job group and such so that they do not show up intermixed with normal validation hosts.

Actions #6

Updated by mkittler over 3 years ago

  • Status changed from Workable to In Progress
  • Assignee set to mkittler

I'm going to use our staging setup to test this. Hence I'm currently checking whether MM tests work generally in our staging setup.

Actions #7

Updated by mkittler over 3 years ago

I've created SR https://gitlab.suse.de/openqa/salt-states-openqa/-/merge_requests/378 which has been tested on openqaworker11 (staging worker) and openqaworker3 (production worker).

TODOs:

  • Merge the SR as the pipeline passes now.
  • Enable salt-minion again on openqaworker3 after the SR has been merged. (I left it disabled so its setup isn't reverted again.)
  • Uninstall SuSEfirewall2 from all workers.
Actions #8

Updated by mkittler over 3 years ago

The SR has been merged and applied on all workers. I've also uninstalled SuSEfirewall2. It looks good so far. I couldn't enable salt-minion on openqaworker3 because it is currently offline.

Actions #9

Updated by mkittler over 3 years ago

  • Status changed from In Progress to Feedback

openqaworker3 is online again and I enabled salt-minion. Looks like it runs MM jobs (e.g. https://openqa.suse.de/tests/4849371#dependencies).

Actions #10

Updated by mkittler over 3 years ago

  • Status changed from Feedback to Resolved
Actions #11

Updated by mkittler over 3 years ago

No TODOs left. I've seen successful MM tests in production and our monitoring should be sufficient to catch further problems so I'm marking the ticket as resolved.

Actions #12

Updated by okurz over 3 years ago

  • Related to action #73633: OSD partially unresponsive, triggering 500 responses, spotty response visible in monitoring panels but no alert triggered (yet) added
Actions

Also available in: Atom PDF