diff options
Diffstat (limited to 'zarb-ml/mageia-sysadm/2010-October/000046.html')
| -rw-r--r-- | zarb-ml/mageia-sysadm/2010-October/000046.html | 131 |
1 files changed, 131 insertions, 0 deletions
diff --git a/zarb-ml/mageia-sysadm/2010-October/000046.html b/zarb-ml/mageia-sysadm/2010-October/000046.html new file mode 100644 index 000000000..f5a8dfba4 --- /dev/null +++ b/zarb-ml/mageia-sysadm/2010-October/000046.html @@ -0,0 +1,131 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-sysadm] valstar is back + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20valstar%20is%20back&In-Reply-To=%3C1288017192.2503.62.camel%40akroma.ephaone.org%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="000053.html"> + <LINK REL="Next" HREF="000054.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-sysadm] valstar is back</H1> + <B>Michael Scherer</B> + <A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20valstar%20is%20back&In-Reply-To=%3C1288017192.2503.62.camel%40akroma.ephaone.org%3E" + TITLE="[Mageia-sysadm] valstar is back">misc at zarb.org + </A><BR> + <I>Mon Oct 25 16:33:12 CEST 2010</I> + <P><UL> + <LI>Previous message: <A HREF="000053.html">[Mageia-sysadm] mailling list subscription +</A></li> + <LI>Next message: <A HREF="000054.html">[Mageia-sysadm] valstar is back +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#46">[ date ]</a> + <a href="thread.html#46">[ thread ]</a> + <a href="subject.html#46">[ subject ]</a> + <a href="author.html#46">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>Hi, + +so a quick report. + +Valstar is back, thanks to Sylvain Rochet ( gradator ). +It seems that the firewall was misconfigurated. + +So on 23/10/2010, I connected on the server to remove unused services +( avahi, mandi, dbus, etc ). I have also removed shorewall, as we +disabled it on all servers at the moment ( I am more familiar with a +regular iptables initscripts ). + +Except that removing shorewall run service shorewall stop, which in turn +activate the firewall. + +All servers except one ( valstar ) had shorewall correctly turned off by +Pascal ( maat ). I took care of valstar, but i just disabled the service +with chkconfig. So once I removed the package, it started to drop +everything in INPUT. +According to the logs, this happened around 15h30 CEST + +Oct 23 15:28:59 valstar logger: Shorewall Stopped + +Since I was still logged in, I didn't see anything wrong ( as I assume +that the firewall will not cut working connection ) + +But after that, trying to connect again showed me a error. + +We ( dams and I ) decided to wait until monday ( as we couldn't do +anything when the DC was closed, and I was sick, so did maat ), and +discussed with gradator today, and decided that it was easiest to ask +for a reboot than to ask to maat to go to marseille this evening. + +On 25/10/2010, at 15:30 ( again ), gradator looked at the server, see it +was a firewall issue, rebooted it without firewall and so the server is +now ok. + +I inspected it, it work fine, there is no firewall rules loaded upon +startup so the problem should not repeat itself. + +So, while I recognize I am at fault for this, I think that the shorewall +package have a unexpected side effect, and IMVHO, it should not setup a +restrictive firewall when we remove it ( and I do not say this only +because I am ashamed of causing the problem ). + +In the future, how could we avoid problem like this ? + +Easiest answer is to have servers with RAC, but we don't except on +alamut. I am not sure we can add one if we manage to get one. + +Another solution is a serial cable. But this can be tricky to set up +( we did for zarb ) + +WDYT ? +-- +Michael Scherer + +</PRE> + + + + + + + + + + + + + + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="000053.html">[Mageia-sysadm] mailling list subscription +</A></li> + <LI>Next message: <A HREF="000054.html">[Mageia-sysadm] valstar is back +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#46">[ date ]</a> + <a href="thread.html#46">[ thread ]</a> + <a href="subject.html#46">[ subject ]</a> + <a href="author.html#46">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm +mailing list</a><br> +</body></html> |