Re: [ovirt-users] Hosted engine problem - Engine VM will not start

On 05/20/2014 10:41 AM, Sandro Bonazzola wrote: > Il 20/05/2014 16:36, Bob Doolittle ha scritto: >> On 05/20/2014 10:23 AM, Sandro Bonazzola wrote: >>> Il 20/05/2014 16:06, Bob Doolittle ha scritto: >>>> On 05/20/2014 09:42 AM, Sandro Bonazzola wrote: >>>>> Il 20/05/2014 15:09, Jiri Moskovcak ha scritto: >>>>>> On 05/20/2014 02:57 PM, Bob Doolittle wrote: >>>>>>> Well that was interesting. >>>>>>> When I ran hosted-engine --connect-storage, the Data Center went green, >>>>>>> and I could see an unattached ISO domain and ovirt-image-repository (but >>>>>>> no Data domain). >>>>>>> But after restarting ovirt-ha-broker and ovirt-ha-agent, the storage >>>>>>> disappeared again and the Data Center went red. >>>>>>> >>>>>>> In retrospect, there appears to be a problem with iptables/firewalld >>>>>>> that could be related. >>>>>>> I noticed two things: >>>>>>> - firewalld is stopped and disabled on the host >>>>> Correct, hosted engine support iptables only. >>>>> You should have iptables configured and enabled. >>>>>>> - I could not manually NFS mount (v3 or v4) from the host to the engine, >>>>>>> unless I did "service iptables stop" >>>>>>> >>>>>>> So it doesn't appear to me that hosted-engine did the right things with >>>>>>> firewalld/iptables. If these problems occurred during the --deploy, >>>>>>> could that result in this situation? >>>>> I don't think so >>>>>>> I have temporarily disabled iptables until I get things working, but >>>>>>> clearly that's insufficient to resolve the problem at this point. >>>>>> - iptables/firewalld is configured during the setup, which is Sandro's domain. Sandro, could you please take a look at this? >>>>> iptables configuration is performed by the engine when adding the host. >>>>> please attach iptables-save output from the host and host-deploy logs from the hosted-engine vm. >>>> host-deploy logs are ^^ in this thread. >>> I see ovirt-hosted-engine-setup logs, not /var/log/ovirt-engine/host-deploy logs. >> Oh sorry - from the engine then. Attached. >> >> But my problem is with the firewall on the host. >> >> I cannot NFS mount a share on the host (e.g. my Data Domain) on the engine. >> In this case the host is the NFS server, and the engine is the NFS client. >> Only the host firewall should be relevant, correct? >> >> Maybe what you are saying is that hosted-engine does not attempt to configure the iptables on the host to allow NFS shares? > Yes, to be clear: > ovirt-hosted-engine-setup just enable ports for spice / vnc connection from remote host to VM while performing OS install on the VM. > Once the VM is installed ovirt-engine configure iptables on the host using ovirt-host-deploy package when the host is added to the engine. > If you need other services on the host running the hosted engine you'll need to configure manually iptables. Thanks, Jirka - since Sandro says this NFS issue is irrelevant to Hosted operation, do you have any other suggestions or can I provide any additional data to help diagnose why my configuration is non-operational? I will eventually want to fix this and add Data and Export domains from my host, but for the moment it appears no NFS exports from the host are required for oVirt operation.

So where are my domains? :) Thanks, Bob > > >>>> I have attached iptables-save output. >>> I can't see anything blocking the mount from the hots toward the engine vm. >>> Can you attach iptables-save also from the engine vm? >>> (IIUC you've a nfs share there and you're trying to mount it from the host right?) >> Visa-versa. My Data domain is on my host. So is my Export domain, but I haven't tried to import it yet since the Datacenter is not operational. >> >> Thanks, >> Bob >> >