Opened 3 years ago

Last modified 3 years ago

#12111 assigned Bug/Something is broken

yser has three services failed

Reported by: Daniel Kahn Gillmor Owned by: IMC linksunten
Priority: Medium Component: Tech
Keywords: yser.mayfirst.org systemd service-cleanup Cc: Jamie McClelland, IMC linksunten
Sensitive: no

Description

yser has three services on it which are currently in a failed state:

0 yser:~# systemctl | grep failed
● firewall.service                                                  loaded failed failed    LSB: Start firewall at boot time
● varnishlog.service                                                loaded failed failed    Varnish HTTP accelerator log daemon
● varnishncsa.service                                               loaded failed failed    Varnish HTTP accelerator log daemon
0 yser:~# 

For each of these services, we probably need to make a decision:

  • if the service isn't needed at all, we should at least systemctl disable the service; and maybe remove any related packages as well.
  • if the service is needed but systemd is confused, we should tweak the .service file so that systemd understands the system state better
  • if the service is needed and it really is down for some reason, we should diagnose it and fix it, ideally figuring out how to help it avoid being broken in the future.

Change History (5)

comment:1 Changed 3 years ago by JaimeV

Cc: Jamie McClelland added
Owner: set to Daniel Kahn Gillmor
Status: newassigned

I'll copy jamie here and assign back to you since I think you both have a better sense of the history of the setup on yser. Let me know if I can be of any help.

comment:2 Changed 3 years ago by Daniel Kahn Gillmor

Owner: Daniel Kahn Gillmor deleted
Status: assignednew

Sorry, but i really don't know the history here. I'm willing to take action if someone will tell me what action to take, in which case, please note it here and reassign to me. But i don't have the time to dive into full diagnosis and option review so i don't think i can own the ticket in its current state.

comment:3 Changed 3 years ago by Jamie McClelland

Cc: IMC linksunten added

The linksunten folks are the ones who should be able to help us get to the bottom of this.

comment:4 Changed 3 years ago by IMC linksunten

Thanks a lot for the heads-up. We've disabled all three services.

The two varnish services are noch needed as we currently control varnish through runit.

Up to now we've used /etc/init.d/firewall as a firewall but this is probably a reminiscence of The Old Days™. The current script is propably not even started at boot time. What do you propose as a good way to control iptables? ufw?

comment:5 Changed 3 years ago by JaimeV

Owner: set to IMC linksunten
Status: newassigned

If your firewall needs are simple and you like programmatic interfaces you could also try ferm http://ferm.foo-projects.org/ which is fun to use. It doesn't run as a daemon, just creates the iptables rules for you every time you reload it. That's just a suggestion, we don't actually use that anywhere in MFPL but I have tried it for other projects.

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.