Re: [Users] Otopi pre-seeded answers and firewall settings

------=_Part_6204719_2070674809.1395646592134 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Right. Actually I do not think we provide in hosted-engine deploy means to disable this as we do in engine-setup. If you carefully read the code you see that you can make it do nothing by setting this to a non-existent manager, e.g.: OVEHOSTED_NETWORK/firewallManager=str:nonexistent Where did you get this from? Can't find it in the code. The above should prevent 'hosted-engine --deploy' from configuring iptables on the host, and to prevent 'engine-setup' from configuring iptables on the VM. Later, the engine runs 'ovirt-host-deploy' which connects to the host and configures there stuff - some by itself, some using vdsm, and some sent through them directly from the engine. This is a process I know less... You can look at and/or post more relevant logs - /var/log/ovirt-engine/host-deploy/* , /var/log/ovirt-engine/*.log from the engine VM and /var/log/vdsm/* from the host, and also check iptables configuration at various stages - during hosted-engine deploy but before connecting to the engine, after, etc. -- Didi ------=_Part_6204719_2070674809.1395646592134 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <html><body><div style=3D"font-family: times new roman, new york, times, se= rif; font-size: 12pt; color: #000000"><div></div><blockquote style=3D"borde= r-left:2px solid #1010FF;margin-left:5px;padding-left:5px;color:#000;font-w= eight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,A= rial,sans-serif;font-size:12pt;"><b>From: </b>"Giuseppe Ragusa" &lt;giusepp= e.ragusa(a)hotmail.com&amp;gt;&lt;br&gt;&lt;b&gt;To: </b&gt;&quot;Users(a)ovirt.org&quot; &amp;lt;users(a)ovirt.or= g&gt;<br><b>Sent: </b>Sunday, March 23, 2014 10:44:02 PM<br><b>Subject: </b= style><!-- .hmmessage P { margin:0px; padding:0px } body.hmmessage { font-size: 12pt; font-family:Calibri } --></style><div dir=3D"ltr">Hi all,<br>I'm trying to automate as much as po= ssible of ovirt-hosted-engine-setup and engine-setup by means of otopi answ= er files passed in using "--config-append=3Dfilename.conf".<br><div><br></d= iv>I succeded in forcing engine-setup to leave my iptables settings alone w= ith:<br><div><br></div>OVESETUP_CONFIG/firewallManager=3Dstr:iptables<br>OV= ESETUP_CONFIG/updateFirewall=3Dbool:False</div></blockquote><div><br></div>= <div>Right.</div><div><br></div><blockquote style=3D"border-left:2px solid = #1010FF;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font= -style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;f= ont-size:12pt;"><div dir=3D"ltr"><br><div><br></div>but ovirt-hosted-engine= -setup still modified my iptables settings even with the following options:= <br><div><br></div>OVEHOSTED_NETWORK/firewallManager=3Dstr:iptables</div></= blockquote><div><br></div><div>Actually I do not think we provide in hosted= -engine deploy means to disable this as we do</div><div>in engine-setup. If= you carefully read the code you see that you can make it do nothing by</di= v><div>setting this to a non-existent manager, e.g.:</div><div><br></div><d= iv><span style=3D"font-family: Helvetica, Arial, sans-serif;" data-mce-styl= e=3D"font-family: Helvetica, Arial, sans-serif;">OVEHOSTED_NETWORK/firewall= Manager=3Dstr:nonexistent</span></div><div><br></div><blockquote style=3D"b= order-left:2px solid #1010FF;margin-left:5px;padding-left:5px;color:#000;fo= nt-weight:normal;font-style:normal;text-decoration:none;font-family:Helveti= ca,Arial,sans-serif;font-size:12pt;"><div dir=3D"ltr"><br>OVEHOSTED_NETWORK= /iptablesEnable=3Dbool:False</div></blockquote><div><br></div><div>Where di= d you get this from? Can't find it in the code.</div><div><br></div><blockq= uote style=3D"border-left:2px solid #1010FF;margin-left:5px;padding-left:5p= x;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font= -family:Helvetica,Arial,sans-serif;font-size:12pt;"><div dir=3D"ltr"><br><d= iv><br></div>Maybe I used the wrong option (deduced by looking inside sourc= e code).<br><div><br></div>Does anybody have any hint/suggestion?</div></bl= ockquote><div><br></div><div>The above should prevent 'hosted-engine --depl= oy' from configuring iptables on the host,</div><div>and to prevent 'engine= -setup' from configuring iptables on the VM. Later, the engine</div><div>ru= ns 'ovirt-host-deploy' which connects to the host and configures there stuf= f - some by</div><div>itself, some using vdsm, and some sent through them d= irectly from the engine. This is</div><div>a process I know less...</div><d= iv><br></div><div>You can look at and/or post more relevant logs -&nbsp;/va= r/log/ovirt-engine/host-deploy/* ,</div><div>/var/log/ovirt-engine/*.log fr= om the engine VM&nbsp;<span style=3D"font-size: 12pt;">and /var/log/vdsm/* = from the host,</span></div><div><span style=3D"font-size: 12pt;">and also c= heck iptables configuration at various stages - during hosted-engine deploy= </span></div><div><span style=3D"font-size: 12pt;">but before connecting to= the engine, after, etc.</span></div><div>-- <br></div><div><span name=3D"x= "></span>Didi<br><span name=3D"x"></span><br></div></div></body></html> ------=_Part_6204719_2070674809.1395646592134--