If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Disabled RSBAC on db1.iddb.scl2.svc.mozilla.com

RESOLVED WONTFIX

Status

Enterprise Information Security
General
RESOLVED WONTFIX
5 years ago
2 years ago

People

(Reporter: jlaz, Assigned: kang)

Tracking

Details

Over the weekend, db1.iddb.scl2.svc.mozilla.com ASR'd and rebooted on its own due to a possible hardware problem that has yet to be determined.  Upon a successful reboot, networking was unavailable.   I was able to open a console to the box, but since RSBAC is enabled on this host, root logins were disabled.

I rebooted the host and added a kernel argument to boot the OS with RSBAC in softmode, and network connectivity was restored after boot.  

Let us know what we can do so that we can re-enable RSBAC on this host and ensure that network connectivity is available upon reboot.
Assignee: nobody → gdestuynder
Component: Security Assurance: Applications → Security Assurance: Operations
does this still happen?
Flags: needinfo?(jlaz)
(Reporter)

Comment 2

4 years ago
Has not happened since the last occurrence.  Looping in gene so that we can get RSBAC enabled just in case we need downtime
Flags: needinfo?(jlaz)
Flags: needinfo?(gene)

Comment 3

4 years ago
Jlaz, do you suspect that if we disable softmode that we will again lose network connectivity? Do you suspect that if we disable softmode and the machine ends up rebooting that we'll see a recurrence of the loss of network connectivity on boot?
Flags: needinfo?(gene) → needinfo?(jlaz)
(Reporter)

Comment 4

4 years ago
I don't think we'd lose connectivity (or at least, that's what the expected behavior should be)

Closing out as we've already decomm'd SCL2
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Flags: needinfo?(jlaz)
Resolution: --- → WONTFIX
Component: Operations Security (OpSec): General → General
Product: mozilla.org → Enterprise Information Security
You need to log in before you can comment on or make changes to this bug.