diff options
Diffstat (limited to 'zarb-ml/mageia-sysadm/2010-October/000054.html')
| -rw-r--r-- | zarb-ml/mageia-sysadm/2010-October/000054.html | 131 |
1 files changed, 131 insertions, 0 deletions
diff --git a/zarb-ml/mageia-sysadm/2010-October/000054.html b/zarb-ml/mageia-sysadm/2010-October/000054.html new file mode 100644 index 000000000..21aa8a4ea --- /dev/null +++ b/zarb-ml/mageia-sysadm/2010-October/000054.html @@ -0,0 +1,131 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-sysadm] valstar is back + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20valstar%20is%20back&In-Reply-To=%3C20101026115600.GP21938%40mars-attacks.org%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="000046.html"> + <LINK REL="Next" HREF="000055.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-sysadm] valstar is back</H1> + <B>nicolas vigier</B> + <A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20valstar%20is%20back&In-Reply-To=%3C20101026115600.GP21938%40mars-attacks.org%3E" + TITLE="[Mageia-sysadm] valstar is back">boklm at mars-attacks.org + </A><BR> + <I>Tue Oct 26 13:56:00 CEST 2010</I> + <P><UL> + <LI>Previous message: <A HREF="000046.html">[Mageia-sysadm] valstar is back +</A></li> + <LI>Next message: <A HREF="000055.html">[Mageia-sysadm] valstar is back +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#54">[ date ]</a> + <a href="thread.html#54">[ thread ]</a> + <a href="subject.html#54">[ subject ]</a> + <a href="author.html#54">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>On Mon, 25 Oct 2010, Michael Scherer wrote: + +><i> Hi, +</I>><i> +</I>><i> so a quick report. +</I>><i> +</I>><i> Valstar is back, thanks to Sylvain Rochet ( gradator ). +</I>><i> It seems that the firewall was misconfigurated. +</I>><i> +</I>><i> So on 23/10/2010, I connected on the server to remove unused services +</I>><i> ( avahi, mandi, dbus, etc ). I have also removed shorewall, as we +</I>><i> disabled it on all servers at the moment ( I am more familiar with a +</I>><i> regular iptables initscripts ). +</I>><i> +</I>><i> Except that removing shorewall run service shorewall stop, which in turn +</I>><i> activate the firewall. +</I>><i> +</I>><i> All servers except one ( valstar ) had shorewall correctly turned off by +</I>><i> Pascal ( maat ). I took care of valstar, but i just disabled the service +</I>><i> with chkconfig. So once I removed the package, it started to drop +</I>><i> everything in INPUT. +</I>><i> According to the logs, this happened around 15h30 CEST +</I>><i> +</I>><i> Oct 23 15:28:59 valstar logger: Shorewall Stopped +</I>><i> +</I>><i> Since I was still logged in, I didn't see anything wrong ( as I assume +</I>><i> that the firewall will not cut working connection ) +</I>><i> +</I>><i> But after that, trying to connect again showed me a error. +</I>><i> +</I>><i> We ( dams and I ) decided to wait until monday ( as we couldn't do +</I>><i> anything when the DC was closed, and I was sick, so did maat ), and +</I>><i> discussed with gradator today, and decided that it was easiest to ask +</I>><i> for a reboot than to ask to maat to go to marseille this evening. +</I>><i> +</I>><i> On 25/10/2010, at 15:30 ( again ), gradator looked at the server, see it +</I>><i> was a firewall issue, rebooted it without firewall and so the server is +</I>><i> now ok. +</I> +The shorewall package had been reinstalled ? + +><i> I inspected it, it work fine, there is no firewall rules loaded upon +</I>><i> startup so the problem should not repeat itself. +</I>><i> +</I>><i> So, while I recognize I am at fault for this, I think that the shorewall +</I>><i> package have a unexpected side effect, and IMVHO, it should not setup a +</I>><i> restrictive firewall when we remove it ( and I do not say this only +</I>><i> because I am ashamed of causing the problem ). +</I>><i> +</I>><i> In the future, how could we avoid problem like this ? +</I>><i> +</I>><i> Easiest answer is to have servers with RAC, but we don't except on +</I>><i> alamut. I am not sure we can add one if we manage to get one. +</I>><i> +</I>><i> Another solution is a serial cable. But this can be tricky to set up +</I>><i> ( we did for zarb ) +</I> +Regarding this issue, we can have a default firewall config deployed by +puppet. Maybe puppet can also be useful to recover access to machines +in some cases. + +</PRE> + + + + + + + + + + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="000046.html">[Mageia-sysadm] valstar is back +</A></li> + <LI>Next message: <A HREF="000055.html">[Mageia-sysadm] valstar is back +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#54">[ date ]</a> + <a href="thread.html#54">[ thread ]</a> + <a href="subject.html#54">[ subject ]</a> + <a href="author.html#54">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm +mailing list</a><br> +</body></html> |