[11:42:06] I am having weird issues with ferm & ipv6- maybe it is my lack of understanding on how ferm and dns interact, but I am not going to touch anyhing today [11:43:42] I hate it because the "I cannto connect using IPv6 until I timeout" behaviour is not the same on each library, and that always throws me a curve ball [11:44:16] if it failed allways, no issue, but curl vs urlib vs others behave very differently [11:49:51] jynus: do you have a task,gerrit patch or something you are working on? [11:50:03] yeah, but I didn't want to bother you [11:50:10] at least this year :-) [11:51:05] it could be just a syntax issue: https://gerrit.wikimedia.org/r/c/operations/puppet/+/749561 [11:51:19] happy to look :) [11:55:30] I am not to worried about the patch anyway, my rant was about finding the solution- I thought at first it was other layers failing (TLS, authentication, etc.), and I had on purpose shot myself by disabling firewall logging [12:00:06] jynus: patch lgtm (added a minor nit/comment) what is the actual issue? [12:00:15] it doesn't work :-) [12:00:36] I compiled the config it generates [12:00:43] (that looked as I expected) [12:00:59] applied it manually on one server, and it didn't add the ip6 rules [12:02:28] which server, is it still there for me to look at ? [12:02:44] let me find the compiled rule [12:03:10] and you can even try for yourself [12:03:48] ack [12:05:21] see /etc/ferm/conf.d/10_minio-mediabackup-workers at https://puppet-compiler.wmflabs.org/pcc-worker1002/33086/backup1004.eqiad.wmnet/index.html [12:05:48] feel free to try it live on backup1004 (there is no traffic on that server now) [12:05:53] ack [12:06:15] then I run ip6tables -L (after reloading ferm) and no rule there [12:06:49] feel free to restart ferm too, a micro cut on an eqiad server is a non issue right now [12:07:57] let move also to pms, it will be offtopic here so we don't spam the channel [12:08:11] jynus: neiter of ms-backup100[12].eqiad.wmnet have AAAA rcords [12:08:15] sure [12:46:15] in the end "It was DNS"