<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Oct 13, 2016 at 2:45 PM, Simone Tiraboschi <span dir="ltr"><<a href="mailto:stirabos@redhat.com" target="_blank">stirabos@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote"><span class="gmail-">On Thu, Oct 13, 2016 at 11:23 AM, Piotr Kliczewski <span dir="ltr"><<a href="mailto:pkliczew@redhat.com" target="_blank">pkliczew@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div><div><div><div>Gianluca,<br><br></div>The port needs to be open on machines where vdsm is installed.<br><br></div>@Simone can you take a look why after running host deploy at 2016-10-03 23:28:47,891<br></div>we are not able to talk to vdsm anymore?<br></div></div></div></blockquote><div><br></div></span><div>OK, I'm on it.</div><div><div class="gmail-h5"><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div><br></div>Thanks,<br></div>Piotr </div></blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"></div><div class="gmail-m_-3817524585943684998HOEnZb"><div class="gmail-m_-3817524585943684998h5"><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Oct 13, 2016 at 11:15 AM, Gianluca Cecchi <span dir="ltr"><<a href="mailto:gianluca.cecchi@gmail.com" target="_blank">gianluca.cecchi@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><div><div class="gmail-m_-3817524585943684998m_-381612530129089967h5"><br><div class="gmail_quote">On Thu, Oct 13, 2016 at 11:13 AM, Gianluca Cecchi <span dir="ltr"><<a href="mailto:gianluca.cecchi@gmail.com" target="_blank">gianluca.cecchi@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="gmail-m_-3817524585943684998m_-381612530129089967m_226225818622128876gmail-"><p dir="ltr">Il 13/Ott/2016 11:00, "Piotr Kliczewski" <<a href="mailto:pkliczew@redhat.com" target="_blank">pkliczew@redhat.com</a>> ha scritto:<br>
><br>
> Gianluca,<br>
><br>
> Checking the log it seems that we do not configure firewall:<br>
><br>
> NETWORK/firewalldEnable=bool:'<wbr>False'<br>
> NETWORK/iptablesEnable=bool:'F<wbr>alse'<br>
><br>
> Please make sure that you reconfigure your firewall to open 54321 port or let host deploy to do it for you.<br>
><br>
> Thanks,<br>
> Piotr</p>
</span><p dir="ltr">Hi,<br>
at this moment Ihave:<br>
On hypervisor iptables service configured and active.<br>
On engine firewalld service configured and active.<br>
Do I have to open port 54321 on host?<br>
</p>
</blockquote></div></div></div>Actually it is already...<br><br>root@ovirt01 ~]# iptables -L -n<br>Chain INPUT (policy ACCEPT)<br>target prot opt source destination <br>ACCEPT udp -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> udp dpt:53<br>ACCEPT tcp -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> tcp dpt:53<br>ACCEPT udp -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> udp dpt:67<br>ACCEPT tcp -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> tcp dpt:67<br>ACCEPT all -- 192.168.1.212 <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <br>ACCEPT all -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> state RELATED,ESTABLISHED<br>ACCEPT icmp -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <br>ACCEPT all -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <br>ACCEPT tcp -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> tcp dpt:54321<br>ACCEPT tcp -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> tcp dpt:111<br>ACCEPT udp -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> udp dpt:111<br>ACCEPT tcp -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> tcp dpt:22<br>ACCEPT udp -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> udp dpt:161<br>ACCEPT tcp -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> tcp dpt:16514<br>ACCEPT tcp -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> multiport dports 2223<br>ACCEPT tcp -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> multiport dports 5900:6923<br>ACCEPT tcp -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> multiport dports 49152:49216<br>REJECT all -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> reject-with icmp-host-prohibited<br><br>Chain FORWARD (policy ACCEPT)<br>target prot opt source destination <br>ACCEPT all -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://192.168.122.0/24" target="_blank">192.168.122.0/24</a> ctstate RELATED,ESTABLISHED<br>ACCEPT all -- <a href="http://192.168.122.0/24" target="_blank">192.168.122.0/24</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <br>ACCEPT all -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <br>REJECT all -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> reject-with icmp-port-unreachable<br>REJECT all -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> reject-with icmp-port-unreachable<br>REJECT all -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> PHYSDEV match ! --physdev-is-bridged reject-with icmp-host-prohibited<br><br>Chain OUTPUT (policy ACCEPT)<br>target prot opt source destination <br>ACCEPT udp -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> udp dpt:68<br>[root@ovirt01 ~]# <br><br></div></div>
</blockquote></div><br></div>
</div></div></blockquote></div></div></div><br></div></div>
</blockquote></div><br><br></div><div class="gmail_extra">In the mean time I confirmed that even without ipv6 the situation doesn't change<br><br></div><div class="gmail_extra">global maintenance<br></div><div class="gmail_extra">stop ovirt-engine service<br>create no-ipv6.conf under /etc/sysctl.d of engine<br></div><div class="gmail_extra">systemctl restart network<br></div><div class="gmail_extra">no more ipv6<br></div><div class="gmail_extra">shutdown engine<br></div><div class="gmail_extra">exit from maintenance and after a while engine is powered on<br><br></div><div class="gmail_extra">on host<br>vdsm 6767 vdsm 24u IPv4 15528247 0t0 TCP *:54321 (LISTEN)<br>vdsm 6767 vdsm 82u IPv4 15528876 0t0 TCP ovirt01.mydomain:54321->ovirt.mydomain:52980 (ESTABLISHED)<br>vdsm 6767 vdsm 110u IPv4 15534849 0t0 TCP ovirt01.mydomain:54321->ovirt.mydomain:52984 (ESTABLISHED)<br><br></div><div class="gmail_extra">on engine now<br>[root@ovirt host-deploy]# netstat -an|grep 54321<br>tcp 0 0 <a href="http://192.168.1.212:52984">192.168.1.212:52984</a> <a href="http://192.168.1.211:54321">192.168.1.211:54321</a> ESTABLISHED<br>tcp 0 0 <a href="http://192.168.1.212:52980">192.168.1.212:52980</a> <a href="http://192.168.1.211:54321">192.168.1.211:54321</a> ESTABLISHED<br>[root@ovirt host-deploy]# <br><br></div><div class="gmail_extra">but vdsmd has the same errors. Also restarting vdsmd<br><br>Oct 13 14:49:20 ovirt01.mydomain vdsm[6767]: vdsm vds.dispatcher ERROR SSL error during reading data: unexpected eof<br><br></div><div class="gmail_extra">how can I force the creation of the ovirt-host-mgtmt file?<br></div><div class="gmail_extra">I just see that has been generated this one file<br>ovirt-host-mgmt-20161013124548-ovirt01.mydomain-null.log<br></div><div class="gmail_extra">here:<br></div><div class="gmail_extra"><a href="https://drive.google.com/file/d/0BwoPbcrMv8mvbXI3cndGcEtXbWs/view?usp=sharing">https://drive.google.com/file/d/0BwoPbcrMv8mvbXI3cndGcEtXbWs/view?usp=sharing</a><br><br><br><br></div></div>