<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Oct 13, 2016 at 3:19 PM, Gianluca Cecchi <span dir="ltr">&lt;<a href="mailto:gianluca.cecchi@gmail.com" target="_blank">gianluca.cecchi@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="gmail-h5">On Thu, Oct 13, 2016 at 2:59 PM, Simone Tiraboschi <span dir="ltr">&lt;<a href="mailto:stirabos@redhat.com" target="_blank">stirabos@redhat.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote"><span class="gmail-m_1768930124544364791gmail-">On Thu, Oct 13, 2016 at 2:45 PM, Simone Tiraboschi <span dir="ltr">&lt;<a href="mailto:stirabos@redhat.com" target="_blank">stirabos@redhat.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote"><span class="gmail-m_1768930124544364791gmail-m_-3654086585600054739gmail-">On Thu, Oct 13, 2016 at 11:23 AM, Piotr Kliczewski <span dir="ltr">&lt;<a href="mailto:pkliczew@redhat.com" target="_blank">pkliczew@redhat.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div><div><div><div>Gianluca,<br><br></div>The port needs to be open on machines where vdsm is installed.<br><br></div>@Simone can you take a look why after running host deploy at 2016-10-03 23:28:47,891<br></div>we are not able to talk to vdsm anymore?<br></div></div></div></blockquote><div><br></div></span><div>OK, I&#39;m on it.</div></div></div></div></blockquote><div><br></div></span><div>Gianluca, can you please share somehow the output of </div><div>  ss -at<br></div><div>on all your hosts, your /var/log/ovirt-hosted-eng<wbr>ine-ha/agent.log and /var/log/ovirt-hosted-engine-h<wbr>a/broker.log</div><div>(maybe I simply lost them within this long thread).</div><div><div class="gmail-m_1768930124544364791gmail-h5"><div><br></div></div></div></div></div></div></blockquote></div></div></div></div></div></blockquote><div><br></div><div>Thanks, the only errors that I see on agent and broker logs are:</div><div><br></div><div><div>Thread-6::INFO::2016-10-13 12:29:40,783::engine_health::124::engine_health.CpuLoadNoEngine::(action) VM is up on this host with healthy engine</div><div>Thread-1::ERROR::2016-10-13 12:29:42,859::notifications::39::ovirt_hosted_engine_ha.broker.notifications.Notifications::(send_email) [Errno 101] Network is unreachable</div><div>Traceback (most recent call last):</div><div>  File &quot;/usr/lib/python2.7/site-packages/ovirt_hosted_engine_ha/broker/notifications.py&quot;, line 26, in send_email</div><div>    timeout=float(cfg[&quot;smtp-timeout&quot;]))</div><div>  File &quot;/usr/lib64/python2.7/smtplib.py&quot;, line 255, in __init__</div><div>    (code, msg) = self.connect(host, port)</div><div>  File &quot;/usr/lib64/python2.7/smtplib.py&quot;, line 315, in connect</div><div>    self.sock = self._get_socket(host, port, self.timeout)</div><div>  File &quot;/usr/lib64/python2.7/smtplib.py&quot;, line 290, in _get_socket</div><div>    return socket.create_connection((host, port), timeout)</div><div>  File &quot;/usr/lib64/python2.7/socket.py&quot;, line 571, in create_connection</div><div>    raise err</div><div>error: [Errno 101] Network is unreachable</div></div><div><br></div><div>when it tries to send an email (it cannot reach the smtp server) but vdsm communication seams fine.</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div><div class="gmail-h5"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div><div class="gmail-m_1768930124544364791gmail-h5"><div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div><div class="gmail-m_1768930124544364791gmail-m_-3654086585600054739gmail-h5"><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div><br></div>Thanks,<br></div>Piotr </div></blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"></div><div class="gmail-m_1768930124544364791gmail-m_-3654086585600054739gmail-m_4886196798990722809HOEnZb"><div class="gmail-m_1768930124544364791gmail-m_-3654086585600054739gmail-m_4886196798990722809h5"><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Oct 13, 2016 at 11:15 AM, Gianluca Cecchi <span dir="ltr">&lt;<a href="mailto:gianluca.cecchi@gmail.com" target="_blank">gianluca.cecchi@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><div><div class="gmail-m_1768930124544364791gmail-m_-3654086585600054739gmail-m_4886196798990722809m_-381612530129089967h5"><br><div class="gmail_quote">On Thu, Oct 13, 2016 at 11:13 AM, Gianluca Cecchi <span dir="ltr">&lt;<a href="mailto:gianluca.cecchi@gmail.com" target="_blank">gianluca.cecchi@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="gmail-m_1768930124544364791gmail-m_-3654086585600054739gmail-m_4886196798990722809m_-381612530129089967m_226225818622128876gmail-"><p dir="ltr">Il 13/Ott/2016 11:00, &quot;Piotr Kliczewski&quot; &lt;<a href="mailto:pkliczew@redhat.com" target="_blank">pkliczew@redhat.com</a>&gt; ha scritto:<br>
&gt;<br>
&gt; Gianluca,<br>
&gt;<br>
&gt; Checking the log it seems that we do not configure firewall:<br>
&gt;<br>
&gt; NETWORK/firewalldEnable=bool:&#39;<wbr>False&#39;<br>
&gt; NETWORK/iptablesEnable=bool:&#39;F<wbr>alse&#39;<br>
&gt;<br>
&gt; Please make sure that you reconfigure your firewall to open 54321 port or let host deploy to do it for you.<br>
&gt;<br>
&gt; Thanks,<br>
&gt; Piotr</p>
</span><p dir="ltr">Hi,<br>
at this moment Ihave:<br>
On hypervisor iptables service configured and active.<br>
On engine firewalld service configured and active.<br>
Do I have to open port 54321 on host?<br>
</p>
</blockquote></div></div></div>Actually it is already...<br><br>root@ovirt01 ~]# iptables -L -n<br>Chain INPUT (policy ACCEPT)<br>target     prot opt source               destination         <br>ACCEPT     udp  --  <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            udp dpt:53<br>ACCEPT     tcp  --  <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            tcp dpt:53<br>ACCEPT     udp  --  <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            udp dpt:67<br>ACCEPT     tcp  --  <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            tcp dpt:67<br>ACCEPT     all  --  192.168.1.212        <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>           <br>ACCEPT     all  --  <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            state RELATED,ESTABLISHED<br>ACCEPT     icmp --  <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>           <br>ACCEPT     all  --  <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>           <br>ACCEPT     tcp  --  <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            tcp dpt:54321<br>ACCEPT     tcp  --  <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            tcp dpt:111<br>ACCEPT     udp  --  <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            udp dpt:111<br>ACCEPT     tcp  --  <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            tcp dpt:22<br>ACCEPT     udp  --  <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            udp dpt:161<br>ACCEPT     tcp  --  <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            tcp dpt:16514<br>ACCEPT     tcp  --  <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            multiport dports 2223<br>ACCEPT     tcp  --  <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            multiport dports 5900:6923<br>ACCEPT     tcp  --  <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            multiport dports 49152:49216<br>REJECT     all  --  <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            reject-with icmp-host-prohibited<br><br>Chain FORWARD (policy ACCEPT)<br>target     prot opt source               destination         <br>ACCEPT     all  --  <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            <a href="http://192.168.122.0/24" target="_blank">192.168.122.0/24</a>     ctstate RELATED,ESTABLISHED<br>ACCEPT     all  --  <a href="http://192.168.122.0/24" target="_blank">192.168.122.0/24</a>     <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>           <br>ACCEPT     all  --  <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>           <br>REJECT     all  --  <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            reject-with icmp-port-unreachable<br>REJECT     all  --  <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            reject-with icmp-port-unreachable<br>REJECT     all  --  <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            PHYSDEV match ! --physdev-is-bridged reject-with icmp-host-prohibited<br><br>Chain OUTPUT (policy ACCEPT)<br>target     prot opt source               destination         <br>ACCEPT     udp  --  <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            udp dpt:68<br>[root@ovirt01 ~]# <br><br></div></div>
</blockquote></div><br></div>
</div></div></blockquote></div></div></div><br></div></div>
</blockquote></div></div></div><br></div></div></blockquote><div><br><br></div></div></div><div>ss log for host:<br> <a href="https://drive.google.com/file/d/0BwoPbcrMv8mvczVOeG1iUWZxS1U/view?usp=sharing" target="_blank">https://drive.google.com/<wbr>file/d/<wbr>0BwoPbcrMv8mvczVOeG1iUWZxS1U/<wbr>view?usp=sharing</a><br><br></div><div>ss log for engine<br><a href="https://drive.google.com/file/d/0BwoPbcrMv8mvWGx0QWstWG1TSWc/view?usp=sharing" target="_blank">https://drive.google.com/file/<wbr>d/<wbr>0BwoPbcrMv8mvWGx0QWstWG1TSWc/<wbr>view?usp=sharing</a><br><br></div><div>agent.log<br><a href="https://drive.google.com/file/d/0BwoPbcrMv8mvMFBrQ2lneFVwaGc/view?usp=sharing" target="_blank">https://drive.google.com/file/<wbr>d/<wbr>0BwoPbcrMv8mvMFBrQ2lneFVwaGc/<wbr>view?usp=sharing</a><br><br></div><div>broker.log<br><a href="https://drive.google.com/file/d/0BwoPbcrMv8mva2Jsc3BkNkpNZFE/view?usp=sharing" target="_blank">https://drive.google.com/file/<wbr>d/<wbr>0BwoPbcrMv8mva2Jsc3BkNkpNZFE/<wbr>view?usp=sharing</a><br></div></div><br></div><div class="gmail_extra">hih clarify<br></div></div>
</blockquote></div><br></div></div>