[Users] Otopi pre-seeded answers and firewall settings
Yedidyah Bar David
didi at redhat.com
Tue Mar 25 08:05:33 UTC 2014
> From: "Giuseppe Ragusa" <giuseppe.ragusa at hotmail.com>
> To: "Yedidyah Bar David" <didi at redhat.com>
> Cc: "Users at ovirt.org" <users at ovirt.org>
> Sent: Tuesday, March 25, 2014 1:53:20 AM
> Subject: RE: [Users] Otopi pre-seeded answers and firewall settings
> Hi Didi,
> I found the references to NETWORK/iptablesEnable in my engine logs
> (/var/log/ovirt-engine/host-deploy/ovirt-*.log), but it didn't seem to work
> after all.
> Full logs attached.
> I resurrected my Engine by rebooting the (still only) host, then restarting
> ovirt-ha-agent (at startup the agent failed while trying to launch vdsm, but
> I found vdsm running and so tried manually...).
OK, so it's host-deploy that's doing that.
But it's not host-deploy itself - it's the engine that is talking to it, asking it to configure iptables.
I don't know how to make the agent don't do that. I searched a bit the sources (which I don't know)
and didn't find a simple way.
You can, however, try to override this by:
# mkdir -p /etc/ovirt-host-deploy.conf.d
# echo '[environment:enforce]' > /etc/ovirt-host-deploy.conf.d/99-prevent-iptables.conf
# echo 'NETWORK/iptablesEnable=bool:False' >> /etc/ovirt-host-deploy.conf.d/99-prevent-iptables.conf
Never tried that, and not sure it's recommended - if it does work, it means that host-deploy will not
update iptables, but the engine will think it did. So it's better to find a way to make the engine not do
that. Or, better yet, that you'll explain why you need this and somehow make the engine do what you want...
--
Didi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20140325/cae871d9/attachment-0001.html>
More information about the Users
mailing list