Bug 1600562

Summary: Installing prometheus should update iptable rules for node-exporter
Product: OpenShift Container Platform Reporter: Simon Pasquier <spasquie>
Component: MonitoringAssignee: Simon Pasquier <spasquie>
Status: CLOSED ERRATA QA Contact: Junqi Zhao <juzhao>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 3.9.0CC: aos-bugs, dapark, fbranczy, gnunn, jokerman, juzhao, mmccomas, oourfali, pdwyer, pep, spasquie
Target Milestone: ---   
Target Release: 3.10.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: the 9100 port is blocked on all nodes by default. Consequence: Prometheus can't scrape the node_exporter service running on the other nodes and which listens on port 9100. Fix: the firewall configuration is modified to allow incoming TCP traffic for the 9000-1000 port range. Result: Prometheus can scrape the node_exporter services.
Story Points: ---
Clone Of: 1563888 Environment:
Last Closed: 2018-08-31 06:18:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1563888, 1603144    
Bug Blocks:    
Attachments:
Description Flags
node exporter targets could be accessed none

Comment 5 Junqi Zhao 2018-08-21 07:04:13 UTC
# netstat -anlp | grep 9100
tcp6       0      0 :::9100                 :::*                    LISTEN      5869/node_exporter  
tcp6       0      0 172.16.120.79:9100      172.16.120.57:36830     ESTABLISHED 5869/node_exporter 


and node-exporter target could be accessed without error, see the attached picture

openshift-ansible version: 3.10.29-1

Comment 6 Junqi Zhao 2018-08-21 07:04:44 UTC
Created attachment 1477423 [details]
node exporter targets could be accessed

Comment 8 errata-xmlrpc 2018-08-31 06:18:10 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:2376