Re: [Users] Otopi pre-seeded answers and firewall settings

------=_Part_7217620_1697178960.1395734733807 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit OK, so it's host-deploy that's doing that. But it's not host-deploy itself - it's the engine that is talking to it, asking it to configure iptables. I don't know how to make the agent don't do that. I searched a bit the sources (which I don't know) and didn't find a simple way. You can, however, try to override this by: # mkdir -p /etc/ovirt-host-deploy.conf.d # echo '[environment:enforce]' > /etc/ovirt-host-deploy.conf.d/99-prevent-iptables.conf # echo 'NETWORK/iptablesEnable=bool:False' >> /etc/ovirt-host-deploy.conf.d/99-prevent-iptables.conf Never tried that, and not sure it's recommended - if it does work, it means that host-deploy will not update iptables, but the engine will think it did. So it's better to find a way to make the engine not do that. Or, better yet, that you'll explain why you need this and somehow make the engine do what you want... -- Didi ------=_Part_7217620_1697178960.1395734733807 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <html><body><div style=3D"font-family: times new roman, new york, times, se= rif; font-size: 12pt; color: #000000"><div></div><blockquote style=3D"borde= r-left:2px solid #1010FF;margin-left:5px;padding-left:5px;color:#000;font-w= eight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,A= rial,sans-serif;font-size:12pt;" data-mce-style=3D"border-left: 2px solid #= 1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-weight: norm= al; font-style: normal; text-decoration: none; font-family: Helvetica,Arial= ,sans-serif; font-size: 12pt;"><b>From: </b>"Giuseppe Ragusa" &lt;giuseppe.= ragusa(a)hotmail.com&amp;gt;&lt;br&gt;&lt;b&gt;To: </b>"Yedidyah Bar David" &amp;lt;didi(a)redhat.c= om&gt;<br><b>Cc: </b&gt;&quot;Users(a)ovirt.org&quot; &amp;lt;users(a)ovirt.org&amp;gt;&lt;br&gt;&lt;b&gt;Sent: = </b>Tuesday, March 25, 2014 1:53:20 AM<br><b>Subject: </b>RE: [Users] Otopi= pre-seeded answers and firewall settings<br><div><br></div><style><!-- .hmmessage P { margin:0px; padding:0px } body.hmmessage { font-size: 12pt; font-family:Calibri } --></style><div dir=3D"ltr">Hi Didi,<br>I found the references to NETWORK/i= ptablesEnable in my engine logs (/var/log/ovirt-engine/host-deploy/ovirt-*.= log), but it didn't seem to work after all.<br><div><br></div>Full logs att= ached.<br><div><br></div>I resurrected my Engine by rebooting the (still on= ly) host, then restarting ovirt-ha-agent (at startup the agent failed while= trying to launch vdsm, but I found vdsm running and so tried manually...).= </div></blockquote><div><br></div><div>OK, so it's host-deploy that's doing= that.</div><div>But it's not host-deploy itself - it's the engine that is = talking to it, asking it to configure iptables.</div><div>I don't know how = to make the agent don't do that. I searched a bit the sources (which I don'= t know)</div><div>and didn't find a simple way.</div><div><br></div><div>Yo= u can, however, try to override this by:</div><div># mkdir -p /etc/ovirt-ho= st-deploy.conf.d</div><div># echo '[environment:enforce]' &gt;&nbsp;/etc/ov= irt-host-deploy.conf.d/99-prevent-iptables.conf</div><div># echo 'NETWORK/i= ptablesEnable=3Dbool:False' &gt;&gt;&nbsp;/etc/ovirt-host-deploy.conf.d/99-= prevent-iptables.conf</div><div><br></div><div>Never tried that, and not su= re it's recommended - if it does work, it means that host-deploy will not</= div><div>update iptables, but the engine will think it did. So it's better = to find a way to make the engine not do</div><div>that. Or, better yet, tha= t you'll explain why you need this and somehow make the engine do what you = want...</div><div><span style=3D"font-size: 12pt;">--&nbsp;</span></div><di= v>Didi</div><div><br></div></div></body></html> ------=_Part_7217620_1697178960.1395734733807--