ceph-mgr prometheus module does not open 9283 in iptables
Bug #2064097 reported by
Vern Hart
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Ceph Monitor Charm |
New
|
Undecided
|
Unassigned | ||
Bug Description
After applying CIS hardening to our ceph-mon units, we can no longer get the ceph metrics in prometheus/grafana.
We're getting a connection timeout ("context deadline exceeded") in the scrape target.
After some investigation it seems port 9283 is no longer accessible because the CIS hardening changes the default firewall policy to DROP.
As a work-around, we can allow the port:
iptables -I INPUT -p tcp --dport 9238 -j ACCEPT
| tags: | added: cis-hardening |
To post a comment you must log in.
