-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Shutdown if iptables-save fails #1
Comments
One concern I have with exiting out is if there are any circumstances where an exit status of 1 from iptables-save could be transient, but I think it's entirely reasonable to expect that the exporter is run from something that will restart it. A related thought I have is that This project isn't a high priority for me at the moment, but I'd be happy to accept a PR improving on this in either or both ways. (Also eratta like switching to go modules and bringing in a more up to date prometheus lib, etc...) |
Thanks for a prompt reply. Yes, we run the exporter from systemd (like I presume most people would do), so automatic restarts are simple in that sense.
Yep, that also sounds reasonable. (We have alerts for that specific kind of scenario, as a generic fallback in case we don't have more specific alerts for a given service)
Would be an interesting experiment, but I don't really have really any Go experience from beforehand, and it's not really very high on my priority list either. 🙂 (= other work is more important at the moment) Given that the exporter typically works (if the capabilities are there), this is mostly for me about being able to properly handle edge cases. I'd suggest we leave the issue open for some time, if not for anything else that it keeps track of this discussion having taken place. Maybe it will scratch an itch for someone else with more time/urgency to get this improved. 😇 |
Thanks @eriksw for that exporter. I was about to write an uggly shellscript myself, when I found this project. Concerning the issue, I may add, that the semantics of prometheus exporters have never been, to change the HTTP-returncode, when an error occurs for the scraping. Signaling config- or scrape- errors in a dedicated metric is what node_exporter does for example (ie for textcollector metrics). Having an error metric and a last-successfull-scrape metric would be suggestion, if anyone diggs into that. |
Hi,
Thanks for an interesting exporter. We are currently investigating using it for one of our deployments.
When developing the Ansible role for deploying it to a server, I discovered that the error handling works in a slightly unusual way: if the capabilities for the process described in https://github.com/retailnext/iptables_exporter#required-permissions are not available, each request to
/metrics
will result in anexit status 1
error being logged to the syslog. The process will remain running.I think this is not perhaps an ideal error handling strategy. It would be better if
iptables-save
would be called right on start, and if it fails, abort the process (exit with a non-zero return code). That way, the semantics are much more clearer to the user that "something is not working as it should".Your thoughts on this, @eriksw?
The text was updated successfully, but these errors were encountered: