4:19 p.m.
On Thu, Oct 13, 2016 at 2:59 PM, Simone Tiraboschi <stirabos(a)redhat.com>
wrote:
On Thu, Oct 13, 2016 at 2:45 PM, Simone Tiraboschi <stirabos(a)redhat.com>
wrote:
>
>
> On Thu, Oct 13, 2016 at 11:23 AM, Piotr Kliczewski <pkliczew(a)redhat.com>
> wrote:
>
>> Gianluca,
>>
>> The port needs to be open on machines where vdsm is installed.
>>
>> @Simone can you take a look why after running host deploy at 2016-10-03
>> 23:28:47,891
>> we are not able to talk to vdsm anymore?
>>
>
> OK, I'm on it.
>
Gianluca, can you please share somehow the output of
ss -at
on all your hosts, your /var/log/ovirt-hosted-engine-ha/agent.log and
/var/log/ovirt-hosted-engine-ha/broker.log
(maybe I simply lost them within this long thread).
>
>
>>
>> Thanks,
>> Piotr
>>
>
>> On Thu, Oct 13, 2016 at 11:15 AM, Gianluca Cecchi <
>> gianluca.cecchi(a)gmail.com> wrote:
>>
>>>
>>>
>>> On Thu, Oct 13, 2016 at 11:13 AM, Gianluca Cecchi <
>>> gianluca.cecchi(a)gmail.com> wrote:
>>>
>>>> Il 13/Ott/2016 11:00, "Piotr Kliczewski"
<pkliczew(a)redhat.com> ha
>>>> scritto:
>>>> >
>>>> > Gianluca,
>>>> >
>>>> > Checking the log it seems that we do not configure firewall:
>>>> >
>>>> > NETWORK/firewalldEnable=bool:'False'
>>>> > NETWORK/iptablesEnable=bool:'False'
>>>> >
>>>> > Please make sure that you reconfigure your firewall to open 54321
>>>> port or let host deploy to do it for you.
>>>> >
>>>> > Thanks,
>>>> > Piotr
>>>>
>>>> Hi,
>>>> at this moment Ihave:
>>>> On hypervisor iptables service configured and active.
>>>> On engine firewalld service configured and active.
>>>> Do I have to open port 54321 on host?
>>>>
>>> Actually it is already...
>>>
>>> root@ovirt01 ~]# iptables -L -n
>>> Chain INPUT (policy ACCEPT)
>>> target prot opt source destination
>>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
>>> dpt:53
>>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>>> dpt:53
>>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
>>> dpt:67
>>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>>> dpt:67
>>> ACCEPT all -- 192.168.1.212 0.0.0.0/0
>>> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
>>> RELATED,ESTABLISHED
>>> ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
>>> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
>>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>>> dpt:54321
>>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>>> dpt:111
>>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
>>> dpt:111
>>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>>> dpt:22
>>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
>>> dpt:161
>>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>>> dpt:16514
>>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
>>> multiport dports 2223
>>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
>>> multiport dports 5900:6923
>>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
>>> multiport dports 49152:49216
>>> REJECT all -- 0.0.0.0/0 0.0.0.0/0
>>> reject-with icmp-host-prohibited
>>>
>>> Chain FORWARD (policy ACCEPT)
>>> target prot opt source destination
>>> ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 ctstate
>>> RELATED,ESTABLISHED
>>> ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
>>> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
>>> REJECT all -- 0.0.0.0/0 0.0.0.0/0
>>> reject-with icmp-port-unreachable
>>> REJECT all -- 0.0.0.0/0 0.0.0.0/0
>>> reject-with icmp-port-unreachable
>>> REJECT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV
>>> match ! --physdev-is-bridged reject-with icmp-host-prohibited
>>>
>>> Chain OUTPUT (policy ACCEPT)
>>> target prot opt source destination
>>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
>>> dpt:68
>>> [root@ovirt01 ~]#
>>>
>>>
>>
>
ss log for host:
https://drive.google.com/file/d/0BwoPbcrMv8mvczVOeG1iUWZxS1U/view?usp=sha...
ss log for engine
https://drive.google.com/file/d/0BwoPbcrMv8mvWGx0QWstWG1TSWc/view?usp=sha...
agent.log
https://drive.google.com/file/d/0BwoPbcrMv8mvMFBrQ2lneFVwaGc/view?usp=sha...
broker.log
https://drive.google.com/file/d/0BwoPbcrMv8mva2Jsc3BkNkpNZFE/view?usp=sha...
hih clarify