Re: [Users] Can I use couple nodes just for storage?
by Roy Golan
On Mar 26, 2014 8:22 PM, Roy Golan <rgolan(a)redhat.com> wrote:
>
>
> On Mar 26, 2014 5:29 PM, Eliezer Croitoru <eliezer(a)ngtech.co.il> wrote:
> >
> > On 03/26/2014 02:20 AM, Maurice James wrote:
> > > Why not use those nodes as NFS or Gluster storage?
> > I have no problem with that but ovirt gives me the option to manage with
> > the engine node.
> > If you have a way please let me know.
> > I am unsure about my options now(long week)
> >
> > Are there any web interface management for gluster?
>
> Ovirt engine web admin is the web interface for fluster. Go create a cluster and make sure you check bluster service and check out virt service (among other to ignore missing VT flag)
Hope Gluster guys will excuse my android's auto completion ;-)
>
> > Thanks, (
> > Eliezer
> > _______________________________________________
> > Users mailing list
> > Users(a)ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
10 years, 8 months
Re: [Users] Can I use couple nodes just for storage?
by Roy Golan
On Mar 26, 2014 5:29 PM, Eliezer Croitoru <eliezer(a)ngtech.co.il> wrote:
>
> On 03/26/2014 02:20 AM, Maurice James wrote:
> > Why not use those nodes as NFS or Gluster storage?
> I have no problem with that but ovirt gives me the option to manage with
> the engine node.
> If you have a way please let me know.
> I am unsure about my options now(long week)
>
> Are there any web interface management for gluster?
Ovirt engine web admin is the web interface for fluster. Go create a cluster and make sure you check bluster service and check out virt service (among other to ignore missing VT flag)
> Thanks, (
> Eliezer
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
10 years, 8 months
[Users] External user issues
by Maurice James
--_1573e63a-7fda-477d-b863-7eed5445248d_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
I may have to open a bug for this one=2C but im going to throw it out here =
anyway to see if anyone else has run in to it
3.4.0-0.13.rc.el6Connected to Active DirectoryGroups added to UI in: =
System >> UsersGroup VMadmins added
User Joe Smith is a member of group VMadmins in Active DIrectory
User Joe Smith can now login to the user portal.
If I look at the User tab in the admin portal I can see:
addomain.com/OU/VMadmins @addomain.com
and
Joe Smith =
jsmith(a)addomain.com
All is well. After a several minutes I see the following change with the us=
er
jsmith Smith =
jsmith(a)addomain.com
When that change happens that user can no longer login until I delete that =
entry within the UI. Then the user can log in again and the entry look like=
:
Joe Smith =
jsmith(a)addomain.com=20
What gives? =
--_1573e63a-7fda-477d-b863-7eed5445248d_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<style><!--
.hmmessage P
{
margin:0px=3B
padding:0px
}
body.hmmessage
{
font-size: 12pt=3B
font-family:Calibri
}
--></style></head>
<body class=3D'hmmessage'><div dir=3D'ltr'>I may have to open a bug for thi=
s one=2C but im going to throw it out here anyway to see if anyone else has=
run in to it<div><br></div><div><span class=3D"gwt-InlineLabel">3.4.0-0.13=
.rc.el6</span></div><div><span class=3D"gwt-InlineLabel">Connected to Activ=
e Directory</span></div><div>Groups added to UI in:</div><div> =3B &nbs=
p=3B  =3B  =3B  =3B  =3B  =3B  =3B  =3B System =
>=3B>=3B Users</div><div>Group VMadmins added</div><div><br></div><div>=
User Joe Smith is a member of group VMadmins in Active DIrectory</div><div>=
<br></div><div>User Joe Smith can now login to the user portal.</div><div><=
br></div><div>If I look at the User tab in the admin portal I can see:</div=
><div><br></div><div>addomain.com/OU/VMadmins  =3B  =3B  =3B &n=
bsp=3B  =3B  =3B  =3B  =3B  =3B  =3B  =3B  =
=3B  =3B  =3B  =3B  =3B  =3B  =3B @addomain.com</di=
v><div><br></div><div>and</div><div><br></div><div>Joe  =3B  =3B &n=
bsp=3B  =3B  =3B  =3B  =3B  =3B  =3B  =3B  =
=3B Smith  =3B  =3B  =3B  =3B  =3B  =3B  =3B &n=
bsp=3B  =3B  =3B  =3B  =3B  =3B  =3B  =3B  =
=3B  =3B  =3B  =3B  =3B  =3B  =3B  =3B  =3B=
jsmith(a)addomain.com</div><div><br></div><div>All is well. After a several =
minutes I see the following change with the user</div><div><br></div><div><=
br></div><div>jsmith  =3B  =3B  =3B  =3B  =3B  =3B =
 =3B  =3B  =3B Smith  =3B  =3B  =3B  =3B  =
=3B  =3B  =3B  =3B  =3B  =3B  =3B  =3B  =3B=
 =3B  =3B  =3B  =3B  =3B  =3B  =3B  =3B &n=
bsp=3B  =3B jsmith(a)addomain.com</div><div><br></div><div><br></div><div=
>When that change happens that user can no longer login until I delete that=
entry within the UI. Then the user can log in again and the entry look lik=
e:</div><div><br></div><div>Joe  =3B  =3B  =3B  =3B  =
=3B  =3B  =3B  =3B  =3B  =3B  =3B Smith  =3B &n=
bsp=3B  =3B  =3B  =3B  =3B  =3B  =3B  =3B  =
=3B  =3B  =3B  =3B  =3B  =3B  =3B  =3B  =3B=
 =3B  =3B  =3B  =3B  =3B  =3B jsmith(a)addomain.com<=
/div><div> =3B</div><div><br></div><div>What gives?</div> </=
div></body>
</html>=
--_1573e63a-7fda-477d-b863-7eed5445248d_--
10 years, 8 months
[Users] Acceptance test
by Koen Vanoppen
Dear all,
No I'm not spamming :-). I just have a question not regarding errors or
bugs :-).
We are using oVirt for some time now in Brussels Airport. Now after the
implementation we have to put oVirt to the test...
Does anybody knows if there are some existing test documents for testing a
ovirt environment on up time and toughness? I have added a example from a
VMWare environment from the windows system engineers.
Hope someone can provide me with some documents :-).
Kind regards,
Koen
10 years, 8 months
[Users] VM Status "Unknown"
by Ryan Womer
--_000_6F811DD54D1A4D478D542041B5BC6A0B01D0C2B5A6CYEX01CytechS_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
During a migration, the destination host lost connectivity to the san and c=
rashed.
Once the server came back up, 3 VMs that didn't finish migrating have been =
stuck in status "Unknown." Vdsclient doesn't list any of the vms on eithe=
r host. Qemu doesn't have them listed as mounted on either host. Action =
vm start and stop result in "Status: 409".
The disks for all 3 VMs are listed as green in the WebAdmin. I've tried "a=
ction vm <name> start" "action vm <name> stop" "update vm <name> --status-=
state down" no joy. They remain in "unknown."
--_000_6F811DD54D1A4D478D542041B5BC6A0B01D0C2B5A6CYEX01CytechS_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoNormal">During a migration, the destination host lost connec=
tivity to the san and crashed.
<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p> </o:p></p>
<p class=3D"MsoNormal">Once the server came back up, 3 VMs that didn’=
t finish migrating have been stuck in status “Unknown.” &n=
bsp; Vdsclient doesn’t list any of the vms on either host.  =
; Qemu doesn’t have them listed as mounted on either host. Acti=
on vm start and
stop result in “Status: 409”. <o:p></o:p></p>
<p class=3D"MsoNormal"><o:p> </o:p></p>
<p class=3D"MsoNormal">The disks for all 3 VMs are listed as green in the W=
ebAdmin. I’ve tried “action vm <name> start”&=
nbsp; “action vm <name> stop” “update vm <name&g=
t; --status-state down” no joy. They remain in “unk=
nown.”<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p> </o:p></p>
<p class=3D"MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>
--_000_6F811DD54D1A4D478D542041B5BC6A0B01D0C2B5A6CYEX01CytechS_--
10 years, 8 months
[Users] API read-only access / roles
by Sven Kieske
Hi,
is nobody interested in this feature at all?
it would be a huge security gain, while lowering
the bars for having a read only user if this could get shipped with 3.4:
Am 19.02.2014 15:32, schrieb Sven Kieske:> I just looked into my test vm
with the 3.4 beta
> and I can't see such an user there.
>
> I created an RFE at: https://bugzilla.redhat.com/show_bug.cgi?id=1067036
>
>
> I really hope this can get included in 3.4 (I know it's late)
> as it should be a very very minor change at engine-setup.
>
> Thanks
>
> Am 19.02.2014 14:55, schrieb Sven Kieske:
>> Hi,
>>
>> reiterating on this somewhat old mail:
>>
>> Is there a read only user integrated in 3.4?
>>
>> Because it's a huge overhead to install somewhere
>> e.g. a freeipa server just to get read only access.
>>
>> Am 21.11.2013 09:52, schrieb Sander Grendelman:
>>> Hi Doron,
>>>
>>> The user I've defined in [1] works for me.
>>> A built-in login-/read-only role would be nice,
>>> but it's quite easy to define a custom role so
>>> more of a nice-to-have instead of a must-have.
>>>
>>> Thanks for asking!
>>>
>>> Sander.
>>>
>>> On Wed, Nov 20, 2013 at 5:40 PM, Doron Fediuck <dfediuck(a)redhat.com>
wrote:
>>>> Hi Sander,
>>>> We're closing the ovirt 3.4 scope, and wondering if you're handling
>>>> Zabbix based on [1].
>>>> If so please let me know and I'll update the 3.4 features list.
>>>>
>>>> Thanks,
>>>> Doron
>>>>
>>>> [1] http://lists.ovirt.org/pipermail/users/2013-November/017946.html
>>
>
--
Mit freundlichen Grüßen / Regards
Sven Kieske
Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
10 years, 8 months
[Users] Snapshots not visible in webadmin
by René Koch
Hi,
I created a snapshot of a virtual machine in my oVirt 3.4 environment
which worked fine, but in the Snapshots tab the snapshot isn't visible -
in Custom Preview Snapshot window I can see the snapshot (see attached
screenshot).
Do you have any idea why I can't see my snapshot or is this a already
known bug in 3.4 pre-release?
--
Best Regards
René Koch
Senior Solution Architect
============================================
LIS-Linuxland GmbH
Brünner Straße 163, A-1210 Vienna
Phone: +43 1 236 91 60
Mobile: +43 660 / 512 21 31
E-Mail: rkoch(a)linuxland.at
============================================
10 years, 8 months
[Users] External group permissions
by Maurice James
------=_NextPart_000_004C_01CF48B6.FF24C000
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
I used engine-manage-domains to allow external authentication from active
directory to my ovirt management ui. I assigned and ad group super user and
power user permissions on the DC. I cant get any user to login to the
webadmin portal. In the log says that they have no permission. Which right
do I have to assign to the group in order for its member to be able to login
to the web ui?
------=_NextPart_000_004C_01CF48B6.FF24C000
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns=3D"http://www.w3.org/TR/REC-html40"><head><META =
HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii"><meta name=3DGenerator content=3D"Microsoft Word 15 =
(filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]--></head><body lang=3DEN-US =
link=3D"#0563C1" vlink=3D"#954F72"><div class=3DWordSection1><p =
class=3DMsoNormal>I used engine-manage-domains to allow external =
authentication from active directory to my ovirt management ui. I =
assigned and ad group super user and power user permissions on the DC. I =
cant get any user to login to the webadmin portal. In the log says that =
they have no permission. Which right do I have to assign to the group in =
order for its member to be able to login to the web =
ui?<o:p></o:p></p></div></body></html>
------=_NextPart_000_004C_01CF48B6.FF24C000--
10 years, 8 months
[Users] Little issue
by Koen Vanoppen
Dear All,
My engine.log file continues to give the following error:
2014-03-25 10:04:55,381 WARN [org.ovirt.engine.core.vdsbroker.VdsManager]
(DefaultQuartzScheduler_Worker-35) Failed to refresh VDS , vds =
497c0af3-4897-46f4-bffa-049bcd0ae713 : buran, error =
java.lang.NullPointerException, continuing.: java.lang.NullPointerException
2014-03-25 10:05:10,705 WARN [org.ovirt.engine.core.vdsbroker.VdsManager]
(DefaultQuartzScheduler_Worker-42) Failed to refresh VDS , vds =
497c0af3-4897-46f4-bffa-049bcd0ae713 : buran, error =
java.lang.NullPointerException, continuing.: java.lang.NullPointerException
2014-03-25 10:05:25,945 WARN [org.ovirt.engine.core.vdsbroker.VdsManager]
(DefaultQuartzScheduler_Worker-9) Failed to refresh VDS , vds =
497c0af3-4897-46f4-bffa-049bcd0ae713 : buran, error =
java.lang.NullPointerException, continuing.: java.lang.NullPointerException
2014-03-25 10:05:41,189 WARN [org.ovirt.engine.core.vdsbroker.VdsManager]
(DefaultQuartzScheduler_Worker-72) Failed to refresh VDS , vds =
497c0af3-4897-46f4-bffa-049bcd0ae713 : buran, error =
java.lang.NullPointerException, continuing.: java.lang.NullPointerException
2014-03-25 10:05:56,449 WARN [org.ovirt.engine.core.vdsbroker.VdsManager]
(DefaultQuartzScheduler_Worker-67) Failed to refresh VDS , vds =
497c0af3-4897-46f4-bffa-049bcd0ae713 : buran, error =
java.lang.NullPointerException, continuing.: java.lang.NullPointerException
2014-03-25 10:06:11,763 WARN [org.ovirt.engine.core.vdsbroker.VdsManager]
(DefaultQuartzScheduler_Worker-5) Failed to refresh VDS , vds =
497c0af3-4897-46f4-bffa-049bcd0ae713 : buran, error =
java.lang.NullPointerException, continuing.: java.lang.NullPointerException
2014-03-25 10:06:27,164 WARN [org.ovirt.engine.core.vdsbroker.VdsManager]
(DefaultQuartzScheduler_Worker-49) Failed to refresh VDS , vds =
497c0af3-4897-46f4-bffa-049bcd0ae713 : buran, error =
java.lang.NullPointerException, continuing.: java.lang.NullPointerException
2014-03-25 10:06:42,463 WARN [org.ovirt.engine.core.vdsbroker.VdsManager]
(DefaultQuartzScheduler_Worker-76) Failed to refresh VDS , vds =
497c0af3-4897-46f4-bffa-049bcd0ae713 : buran, error =
java.lang.NullPointerException, continuing.: java.lang.NullPointerException
2014-03-25 10:06:57,814 WARN [org.ovirt.engine.core.vdsbroker.VdsManager]
(DefaultQuartzScheduler_Worker-1) Failed to refresh VDS , vds =
497c0af3-4897-46f4-bffa-049bcd0ae713 : buran, error =
java.lang.NullPointerException, continuing.: java.lang.NullPointerException
2014-03-25 10:07:13,167 WARN [org.ovirt.engine.core.vdsbroker.VdsManager]
(DefaultQuartzScheduler_Worker-49) Failed to refresh VDS , vds =
497c0af3-4897-46f4-bffa-049bcd0ae713 : buran, error =
java.lang.NullPointerException, continuing.: java.lang.NullPointerException
2014-03-25 10:07:28,504 WARN [org.ovirt.engine.core.vdsbroker.VdsManager]
(DefaultQuartzScheduler_Worker-81) Failed to refresh VDS , vds =
497c0af3-4897-46f4-bffa-049bcd0ae713 : buran, error =
java.lang.NullPointerException, continuing.: java.lang.NullPointerException
2014-03-25 10:07:43,887 WARN [org.ovirt.engine.core.vdsbroker.VdsManager]
(DefaultQuartzScheduler_Worker-93) Failed to refresh VDS , vds =
497c0af3-4897-46f4-bffa-049bcd0ae713 : buran, error =
java.lang.NullPointerException, continuing.: java.lang.NullPointerException
2014-03-25 10:07:59,305 WARN [org.ovirt.engine.core.vdsbroker.VdsManager]
(DefaultQuartzScheduler_Worker-90) Failed to refresh VDS , vds =
497c0af3-4897-46f4-bffa-049bcd0ae713 : buran, error =
java.lang.NullPointerException, continuing.: java.lang.NullPointerException
Over and over again...
Any ideas?
Kind regards,
Koen
10 years, 8 months
Re: [Users] Otopi pre-seeded answers and firewall settings
by Giuseppe Ragusa
--_64b96cf8-fdd4-4df4-bf3e-459817379ccc_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hi Joshua=2C
many thanks for your suggestion which I suppose would work perfectly=2C but=
I actually want iptables (CentOS 6.5 here=2C so no firewalld) rules in pla=
ce all the time=2C but only "MY OWN" iptables rules =3B>
Regards=2C
Giuseppe
Date: Tue=2C 25 Mar 2014 18:04:04 -0400
Subject: Re: [Users] Otopi pre-seeded answers and firewall settings
From: josh(a)wrale.com
To: giuseppe.ragusa(a)hotmail.com
Perhaps you could add the iptables and firewalld packages to yum.conf as ex=
cludes. I don't know if this would fail silently=2C but if so=2C the engin=
e installer would never know.
Thanks=2C
=0A=
Joshua
On Tue=2C Mar 25=2C 2014 at 5:49 PM=2C Giuseppe Ragusa <giuseppe.ragusa@hot=
mail.com> wrote:
=0A=
=0A=
=0A=
=0A=
Hi Didi=2C
many thanks for your invaluable help!
I'll try your suggestion (/etc/ovirt-host-deploy.conf.d/99-prevent-iptables=
.conf) asap and then I will report back.
By the way: I have a really custom iptables setup (multiple separated netwo=
rks on hypervisor hosts)=2C so I suppose it's best to hand tune firewall ru=
les and then leave them alone (I pre-configure them=2C so the setup procedu=
re won't be impeded in its communication needs anyway AND I will always gua=
rantee the most stringent filtering possible with default deny ecc.).
=0A=
Many thanks again=2C
Giuseppe
Date: Tue=2C 25 Mar 2014 04:05:33 -0400
From: didi(a)redhat.com
To: giuseppe.ragusa(a)hotmail.com
=0A=
CC: users(a)ovirt.org
Subject: Re: [Users] Otopi pre-seeded answers and firewall settings
=0A=
From: "Giuseppe Ragusa" <giuseppe.ragusa(a)hotmail.com>
=0A=
To: "Yedidyah Bar David" <didi(a)redhat.com>
Cc: "Users(a)ovirt.org" <users(a)ovirt.org>
=0A=
Sent: Tuesday=2C March 25=2C 2014 1:53:20 AM
Subject: RE: [Users] Otopi pre-seeded answers and firewall settings
Hi Didi=2C
I found the references to NETWORK/iptablesEnable in my engine logs (/var/lo=
g/ovirt-engine/host-deploy/ovirt-*.log)=2C but it didn't seem to work after=
all.
=0A=
Full logs attached.
I resurrected my Engine by rebooting the (still only) host=2C then restarti=
ng ovirt-ha-agent (at startup the agent failed while trying to launch vdsm=
=2C but I found vdsm running and so tried manually...).=0A=
OK=2C so it's host-deploy that's doing that.But it's not host-deploy itself=
- it's the engine that is talking to it=2C asking it to configure iptables=
.I don't know how to make the agent don't do that. I searched a bit the sou=
rces (which I don't know)=0A=
and didn't find a simple way.
You can=2C however=2C try to override this by:# mkdir -p /etc/ovirt-host-de=
ploy.conf.d# echo '[environment:enforce]' > /etc/ovirt-host-deploy.conf.d/9=
9-prevent-iptables.conf=0A=
# echo 'NETWORK/iptablesEnable=3Dbool:False' >> /etc/ovirt-host-deploy.conf=
.d/99-prevent-iptables.conf
Never tried that=2C and not sure it's recommended - if it does work=2C it m=
eans that host-deploy will not=0A=
update iptables=2C but the engine will think it did. So it's better to find=
a way to make the engine not dothat. Or=2C better yet=2C that you'll expla=
in why you need this and somehow make the engine do what you want...=0A=
-- Didi
=0A=
_______________________________________________
=0A=
Users mailing list
=0A=
Users(a)ovirt.org
=0A=
http://lists.ovirt.org/mailman/listinfo/users
=0A=
=
--_64b96cf8-fdd4-4df4-bf3e-459817379ccc_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<style><!--
.hmmessage P
{
margin:0px=3B
padding:0px
}
body.hmmessage
{
font-size: 12pt=3B
font-family:Calibri
}
--></style></head>
<body class=3D'hmmessage'><div dir=3D'ltr'>Hi Joshua=2C<br>many thanks for =
your suggestion which I suppose would work perfectly=2C but I actually want=
iptables (CentOS 6.5 here=2C so no firewalld) rules in place all the time=
=2C but only "MY OWN" iptables rules =3B>=3B<br><br>Regards=2C<br>Giusepp=
e<br><br><div><hr id=3D"stopSpelling">Date: Tue=2C 25 Mar 2014 18:04:04 -04=
00<br>Subject: Re: [Users] Otopi pre-seeded answers and firewall settings<b=
r>From: josh(a)wrale.com<br>To: giuseppe.ragusa(a)hotmail.com<br><br><div dir=
=3D"ltr"><div>Perhaps you could add the iptables and firewalld packages to =
yum.conf as excludes. =3B I don't know if this would fail silently=2C b=
ut if so=2C the engine installer would never know.<br><br></div>Thanks=2C<b=
r>=0A=
Joshua<br></div><div class=3D"ecxgmail_extra"><br><br><div class=3D"ecxgmai=
l_quote">On Tue=2C Mar 25=2C 2014 at 5:49 PM=2C Giuseppe Ragusa <span dir=
=3D"ltr"><=3B<a href=3D"mailto:giuseppe.ragusa@hotmail.com" target=3D"_bl=
ank">giuseppe.ragusa(a)hotmail.com</a>>=3B</span> wrote:<br>=0A=
<blockquote class=3D"ecxgmail_quote" style=3D"border-left:1px #ccc solid=3B=
padding-left:1ex=3B">=0A=
=0A=
=0A=
<div><div dir=3D"ltr">Hi Didi=2C<br>many thanks for your invaluable help!<b=
r><br>I'll try your suggestion (/etc/ovirt-host-deploy.conf.d/99-prevent-ip=
tables.conf) asap and then I will report back.<br><br>By the way: I have a =
really custom iptables setup (multiple separated networks on hypervisor hos=
ts)=2C so I suppose it's best to hand tune firewall rules and then leave th=
em alone (I pre-configure them=2C so the setup procedure won't be impeded i=
n its communication needs anyway AND I will always guarantee the most strin=
gent filtering possible with default deny ecc.).<br>=0A=
<br>Many thanks again=2C<br>Giuseppe<br><br><div><hr>Date: Tue=2C 25 Mar 20=
14 04:05:33 -0400<br>From: <a href=3D"mailto:didi@redhat.com" target=3D"_bl=
ank">didi(a)redhat.com</a><br>To: <a href=3D"mailto:giuseppe.ragusa@hotmail.c=
om" target=3D"_blank">giuseppe.ragusa(a)hotmail.com</a><br>=0A=
CC: <a href=3D"mailto:users@ovirt.org" target=3D"_blank">users(a)ovirt.org</a=
><br>Subject: Re: [Users] Otopi pre-seeded answers and firewall settings<br=
><br><div style=3D"font-size:12pt=3Bfont-family:times new roman=2Cnew york=
=2Ctimes=2Cserif=3B">=0A=
<div></div><blockquote style=3D"padding-left:5px=3Bfont-size:12pt=3Bfont-st=
yle:normal=3Bfont-family:Helvetica=2CArial=2Csans-serif=3Btext-decoration:n=
one=3Bfont-weight:normal=3Bborder-left:2px solid #1010ff=3B"><b>From: </b>"=
Giuseppe Ragusa" <=3B<a href=3D"mailto:giuseppe.ragusa@hotmail.com" targe=
t=3D"_blank">giuseppe.ragusa(a)hotmail.com</a>>=3B<br>=0A=
<b>To: </b>"Yedidyah Bar David" <=3B<a href=3D"mailto:didi@redhat.com" ta=
rget=3D"_blank">didi(a)redhat.com</a>>=3B<br><b>Cc: </b>"<a href=3D"mailto:=
Users(a)ovirt.org" target=3D"_blank">Users(a)ovirt.org</a>" <=3B<a href=3D"ma=
ilto:users@ovirt.org" target=3D"_blank">users(a)ovirt.org</a>>=3B<br>=0A=
<b>Sent: </b>Tuesday=2C March 25=2C 2014 1:53:20 AM<br><b>Subject: </b>RE: =
[Users] Otopi pre-seeded answers and firewall settings<br><div><br></div><d=
iv dir=3D"ltr">Hi Didi=2C<br>I found the references to NETWORK/iptablesEnab=
le in my engine logs (/var/log/ovirt-engine/host-deploy/ovirt-*.log)=2C but=
it didn't seem to work after all.<br>=0A=
<div><br></div>Full logs attached.<br><div><br></div>I resurrected my Engin=
e by rebooting the (still only) host=2C then restarting ovirt-ha-agent (at =
startup the agent failed while trying to launch vdsm=2C but I found vdsm ru=
nning and so tried manually...).</div>=0A=
</blockquote><div><br></div><div>OK=2C so it's host-deploy that's doing tha=
t.</div><div>But it's not host-deploy itself - it's the engine that is talk=
ing to it=2C asking it to configure iptables.</div><div>I don't know how to=
make the agent don't do that. I searched a bit the sources (which I don't =
know)</div>=0A=
<div>and didn't find a simple way.</div><div><br></div><div>You can=2C howe=
ver=2C try to override this by:</div><div># mkdir -p /etc/ovirt-host-deploy=
.conf.d</div><div># echo '[environment:enforce]' >=3B =3B/etc/ovirt-h=
ost-deploy.conf.d/99-prevent-iptables.conf</div>=0A=
<div># echo 'NETWORK/iptablesEnable=3Dbool:False' >=3B>=3B =3B/etc/=
ovirt-host-deploy.conf.d/99-prevent-iptables.conf</div><div><br></div><div>=
Never tried that=2C and not sure it's recommended - if it does work=2C it m=
eans that host-deploy will not</div>=0A=
<div>update iptables=2C but the engine will think it did. So it's better to=
find a way to make the engine not do</div><div>that. Or=2C better yet=2C t=
hat you'll explain why you need this and somehow make the engine do what yo=
u want...</div>=0A=
<span class=3D"ecxHOEnZb"><font color=3D"#888888"><div><span style=3D"font-=
size:12pt=3B">-- =3B</span></div><div>Didi</div><div><br></div></font><=
/span></div></div> </div></div>=0A=
<br>_______________________________________________<br>=0A=
Users mailing list<br>=0A=
<a href=3D"mailto:Users@ovirt.org">Users(a)ovirt.org</a><br>=0A=
<a href=3D"http://lists.ovirt.org/mailman/listinfo/users" target=3D"_blank"=
>http://lists.ovirt.org/mailman/listinfo/users</a><br>=0A=
<br></blockquote></div><br></div></div> </div></body>
</html>=
--_64b96cf8-fdd4-4df4-bf3e-459817379ccc_--
10 years, 8 months
