Fix some bugs

os/config/README.md

@@ -4,12 +4,16 @@
 
 For each machine, **one by one** do:
   - Check that cluster is healthy
-    - `sudo gluster peer status`
-    - `sudo gluster volume status all` (check Online Col, only `Y` must appear)
+    - Check gluster
+      - `sudo gluster peer status`
+      - `sudo gluster volume status all` (check Online Col, only `Y` must appear)
     - Check that Nomad is healthy
+      - `nomad server members`
+      - `nomad node status`
     - Check that Consul is healthy
+      - `consul members`
     - Check that Postgres is healthy
-  - Run `ansible-playbook -i production --limit <machine> site.yml`
+  - Run `ansible-playbook -i production.yml --limit <machine> site.yml`
   - Reboot
   - Check that cluster is healthy
 

os/config/roles/network/templates/rules.v4

@@ -3,12 +3,15 @@
 :FORWARD DROP [0:0]
 :OUTPUT ACCEPT [0:0]
 
-# Debug
+# Internet Control Message Protocol
 -A INPUT -p icmp -j ACCEPT
 
 # Administration
 -A INPUT -p tcp  --dport 22 -j ACCEPT
 
+# Diplonat needs everything open to communicate with IGD with the router
+-A INPUT -s 192.168.1.254 -j ACCEPT
+
 # Cluster
 {% for selected_host in groups['cluster_nodes'] %}
 -A INPUT -s {{ hostvars[selected_host]['ipv4'] }} -j ACCEPT

os/config/roles/network/templates/rules.v6

@@ -3,8 +3,10 @@
 :FORWARD DROP [0:0]
 :OUTPUT ACCEPT [0:0]
 
-# Debug
+# Internet Control Message Protocol
+# (required)
 -A INPUT -p icmp -j ACCEPT
+-A INPUT -p ipv6-icmp -j ACCEPT
 
 # Administration
 -A INPUT -p tcp --dport 22 -j ACCEPT
@@ -17,7 +19,7 @@
 # Local
 -A INPUT -i docker0 -j ACCEPT
 -A INPUT -s ::1/128 -j ACCEPT
--A INPUT -m conntrack --cstate ESTABLISHED,RELATED -j ACCEPT
+-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
 
 COMMIT