Re: [Users] Otopi pre-seeded answers and firewall settings

--_5271eb5c-54e3-4043-acb3-ff897e12c0b9_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi Didi=2C Date: Mon=2C 24 Mar 2014 03:36:32 -0400 From: didi(a)redhat.com To: giuseppe.ragusa(a)hotmail.com CC: users(a)ovirt.org Subject: Re: [Users] Otopi pre-seeded answers and firewall settings From: "Giuseppe Ragusa" <giuseppe.ragusa(a)hotmail.com&gt; To: &quot;Users(a)ovirt.org&quot; <users(a)ovirt.org&gt; Sent: Sunday=2C March 23=2C 2014 10:44:02 PM Subject: [Users] Otopi pre-seeded answers and firewall settings Hi all=2C I'm trying to automate as much as possible of ovirt-hosted-engine-setup and= engine-setup by means of otopi answer files passed in using "--config-appe= nd=3Dfilename.conf". I succeded in forcing engine-setup to leave my iptables settings alone with= : OVESETUP_CONFIG/firewallManager=3Dstr:iptables OVESETUP_CONFIG/updateFirewall=3Dbool:False but ovirt-hosted-engine-setup still modified my iptables settings even with= the following options: OVEHOSTED_NETWORK/firewallManager=3Dstr:iptables le this as we do> in engine-setup. If you carefully read the code you see t= hat you can make it do nothing by> setting this to a non-existent manager= =2C e.g.:> I will try this asap (reinstalling from scratch using latest 3.4 snapshot p= ackages + latest GlusterFS 3.5 nightly) and will report back. OVEHOSTED_NETWORK/iptablesEnable=3Dbool:False Nor do I anymore... it must have been my fault=2C sorry for the confusion Maybe I used the wrong option (deduced by looking inside source code). Does anybody have any hint/suggestion? es on the host=2C> and to prevent 'engine-setup' from configuring iptables = on the VM. Later=2C the engine> runs 'ovirt-host-deploy' which connects to = the host and configures there stuff - some by> itself=2C some using vdsm=2C= and some sent through them directly from the engine. This is> a process I = know less... The timestamp on the saved/modified iptables files suggests something happe= ning right at the end of setup (when Self-Hosted-Engine adds/registers host= ). st-deploy/* =2C> /var/log/ovirt-engine/*.log from the engine VM and /var/lo= g/vdsm/* from the host=2C> and also check iptables configuration at various= stages - during hosted-engine deploy> but before connecting to the engine= =2C after=2C etc.> --=20 /var/log/vdsm/* on host contain no references to iptables I will check on Engine logs as soon as I can start it up again (GlusterFS-b= ased NFS keeps crashing=2C maybe for OOM/leakage). Many thanks for your help=2C Giuseppe = --_5271eb5c-54e3-4043-acb3-ff897e12c0b9_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <html> <head> <style><!-- .hmmessage P { margin:0px=3B padding:0px } body.hmmessage { font-size: 12pt=3B font-family:Calibri } --></style></head> <body class=3D'hmmessage'><div dir=3D'ltr'>Hi Didi=2C<br><br><div><hr id=3D= "stopSpelling">Date: Mon=2C 24 Mar 2014 03:36:32 -0400<br>From: didi@redhat= .com<br>To: giuseppe.ragusa(a)hotmail.com&lt;br&gt;CC: users(a)ovirt.org&lt;br&gt;Subject: = Re: [Users] Otopi pre-seeded answers and firewall settings<br><br><div styl= e=3D"font-family:times new roman=2C new york=2C times=2C serif=3Bfont-size:= 12pt=3Bcolor:#000000=3B"><div></div><blockquote style=3D"border-left:2px so= lid #1010FF=3Bpadding-left:5px=3Bcolor:#000=3Bfont-weight:normal=3Bfont-sty= le:normal=3Btext-decoration:none=3Bfont-family:Helvetica=2CArial=2Csans-ser= if=3Bfont-size:12pt=3B"><b>From: </b>"Giuseppe Ragusa" &lt=3Bgiuseppe.ragus= a(a)hotmail.com&amp;gt=3B&lt;br&gt;&lt;b&gt;To: </b&gt;&quot;Users(a)ovirt.org&quot; &amp;lt=3Busers(a)ovirt.org&amp;g= t=3B<br><b>Sent: </b>Sunday=2C March 23=2C 2014 10:44:02 PM<br><b>Subject: = </b>[Users] Otopi pre-seeded answers and firewall settings<br><div><br></di= v><style><!--=0A= .ExternalClass .ecxhmmessage P {=0A= padding:0px=3B=0A= }=0A= =0A= .ExternalClass body.ecxhmmessage {=0A= font-size:12pt=3B=0A= font-family:Calibri=3B=0A= }=0A= =0A= --></style><div dir=3D"ltr">Hi all=2C<br>I'm trying to automate as much as = possible of ovirt-hosted-engine-setup and engine-setup by means of otopi an= swer files passed in using "--config-append=3Dfilename.conf".<br><div><br><= /div>I succeded in forcing engine-setup to leave my iptables settings alone= with:<br><div><br></div>OVESETUP_CONFIG/firewallManager=3Dstr:iptables<br>= OVESETUP_CONFIG/updateFirewall=3Dbool:False</div></blockquote><div><br></di= v><div>&gt=3B Right.</div><div><br></div><blockquote style=3D"border-left:2= px solid #1010FF=3Bpadding-left:5px=3Bcolor:#000=3Bfont-weight:normal=3Bfon= t-style:normal=3Btext-decoration:none=3Bfont-family:Helvetica=2CArial=2Csan= s-serif=3Bfont-size:12pt=3B"><div dir=3D"ltr"><br><div><br></div>but ovirt-= hosted-engine-setup still modified my iptables settings even with the follo= wing options:<br><div><br></div>OVEHOSTED_NETWORK/firewallManager=3Dstr:ipt= ables</div></blockquote><div><br></div><div>&gt=3B Actually I do not think = we provide in hosted-engine deploy means to disable this as we do</div><div= n make it do nothing by</div><div>&gt=3B setting this to a non-existent man= ager=2C e.g.:</div><div>&gt=3B<br></div><div><span style=3D"font-family:Hel= vetica=2C Arial=2C sans-serif=3B" data-mce-style=3D"font-family: Helvetica= =2C Arial=2C sans-serif=3B">&gt=3B OVEHOSTED_NETWORK/firewallManager=3Dstr:= nonexistent<br><br>I will try this asap (reinstalling from scratch using la= test 3.4 snapshot packages + latest GlusterFS 3.5 nightly) and will report = back.<br></span></div><div><br></div><blockquote style=3D"border-left:2px s= olid #1010FF=3Bpadding-left:5px=3Bcolor:#000=3Bfont-weight:normal=3Bfont-st= yle:normal=3Btext-decoration:none=3Bfont-family:Helvetica=2CArial=2Csans-se= rif=3Bfont-size:12pt=3B"><div dir=3D"ltr"><br>OVEHOSTED_NETWORK/iptablesEna= ble=3Dbool:False</div></blockquote><div><br></div><div>&gt=3B Where did you= get this from? Can't find it in the code.<br><br>Nor do I anymore... it mu= st have been my fault=2C sorry for the confusion<br></div><div><br></div><b= lockquote style=3D"border-left:2px solid #1010FF=3Bpadding-left:5px=3Bcolor= :#000=3Bfont-weight:normal=3Bfont-style:normal=3Btext-decoration:none=3Bfon= t-family:Helvetica=2CArial=2Csans-serif=3Bfont-size:12pt=3B"><div dir=3D"lt= r"><br><div><br></div>Maybe I used the wrong option (deduced by looking ins= ide source code).<br><div><br></div>Does anybody have any hint/suggestion?<= /div></blockquote><div><br></div><div>&gt=3B The above should prevent 'host= ed-engine --deploy' from configuring iptables on the host=2C</div><div>&gt= =3B and to prevent 'engine-setup' from configuring iptables on the VM. Late= r=2C the engine</div><div>&gt=3B runs 'ovirt-host-deploy' which connects to= the host and configures there stuff - some by</div><div>&gt=3B itself=2C s= ome using vdsm=2C and some sent through them directly from the engine. This= is</div><div>&gt=3B a process I know less...<br><br>The timestamp on the s= aved/modified iptables files suggests something happening right at the end = of setup (when Self-Hosted-Engine adds/registers host).<br></div><div><br><= /div><div>&gt=3B You can look at and/or post more relevant logs -&nbsp=3B/v= ar/log/ovirt-engine/host-deploy/* =2C</div><div>&gt=3B /var/log/ovirt-engin= e/*.log from the engine VM&nbsp=3B<span style=3D"font-size:12pt=3B">and /va= r/log/vdsm/* from the host=2C</span></div><div><span style=3D"font-size:12p= t=3B">&gt=3B and also check iptables configuration at various stages - duri= ng hosted-engine deploy</span></div><div><span style=3D"font-size:12pt=3B">= &gt=3B but before connecting to the engine=2C after=2C etc.</span></div><di= v>&gt=3B -- <br></div><div>&gt=3B <span></span>Didi<br><span></span><br><sp= an style=3D"font-size:12pt=3B">/var/log/vdsm/* on host contain no reference= s to iptables</span><br>I will check on Engine logs as soon as I can start = it up again (GlusterFS-based NFS keeps crashing=2C maybe for OOM/leakage).<= br><br>Many thanks for your help=2C<br>Giuseppe<br><br></div></div></div> = </div></body> </html>= --_5271eb5c-54e3-4043-acb3-ff897e12c0b9_--