----- Original Message -----
From: "Dan Kenigsberg" <danken@redhat.com> To: "Ofer Schreiber" <oschreib@redhat.com>, "Andrew Cathrow" <acathrow@redhat.com> Cc: engine-devel@ovirt.org, dougsland@redhat.com Sent: Monday, January 30, 2012 6:58:07 AM Subject: [Engine-devel] New oVirt-engine RPMs available - Release Candidates
<snip>
4) VDS Bootstrap
If you check the box for iptables then it breaks the system with an invalid rule
Looking at the error from my system "Jan 29 21:38:50 host1 iptables.init[1637]: iptables: Applying firewall rules: iptables-restore v1.4.12: physdev: option "--physdev-is-bridged" cannot be inverted."
The problem is that we are using "-A FORWARD -m physdev ! --physdev-is-bridged -j REJECT --reject-with icmp-host-prohibited"
-vs-
"-I FORWARD -m physdev --physdev-is-bridged -j ACCEPT"
On the point of iptables, why do we open libvirt tls port and the snmp port.
This as these iptables rules are kept within Engine, I'll keep that question for them.
After I fixed iptables I still had a problem, the host was showing as non-operational with the error message "NETWORK_UNREACHABLE" (there's a literal missing there)
Looking at the host it appears that the management bridge wasn't created.
The bootstrap log is attached. It shows the operation failing but still marked the bootstrap as successful. (also in the log we have rhn/satellite references that need to be removed)
I've not looked at the reason for the failure yet, but an empty line at the end of my ifcfg-em1 file looks suspicious.
You are correct (too bad I've noticed your suspicion only after reading the log)
Sun, 29 Jan 2012 21:30:05 DEBUG makeBridge found the following bridge paramaters: ['ONBOOT=yes', 'BOOTPROTO=none', 'IPADDR=172.16.31.230', 'DNS1=172.16.31.4', 'NM_CONTROLLED=no', 'NETMASK=255.255.255.0', 'DNS2=172.16.31.1', 'GATEWAY=172.16.31.1', ''] Sun, 29 Jan 2012 21:30:05 DEBUG ['/usr/share/vdsm/addNetwork', 'ovirtmgmt', '', '', 'em1', 'ONBOOT=yes', 'BOOTPROTO=none', 'IPADDR=172.16.31.230', 'DNS1=172.16.31.4', 'NM_CONTROLLED=no', 'NETMASK=255.255.255.0', 'DNS2=172.16.31.1', 'GATEWAY=172.16.31.1', '', 'blockingdhcp=true', 'skipLibvirt=True'] Sun, 29 Jan 2012 21:30:05 DEBUG Sun, 29 Jan 2012 21:30:05 DEBUG Traceback (most recent call last): File "/usr/lib64/python2.7/runpy.py", line 162, in _run_module_as_main "__main__", fname, loader, pkg_name) File "/usr/lib64/python2.7/runpy.py", line 72, in _run_code exec code in run_globals File "/usr/share/vdsm/configNetwork.py", line 924, in <module> main() File "/usr/share/vdsm/configNetwork.py", line 890, in main kwargs = _parseKwargs(sys.argv[3:]) File "/usr/share/vdsm/configNetwork.py", line 876, in _parseKwargs return dict(arg.split('=', 1) for arg in args) ValueError: dictionary update sequence element #11 has length 1; 2 is required
addNetwork script breaks down in tears if it sees the empty arg '', which is passed to it by makeBridge. makeBridge should become more robust - but until then, please del lines with no key=value form from ifcfg.
Yeah, I did that to work around it, funnily enough vdsm adds emtpy lines when it makes it's config file!
Dan.