On Thu, Oct 13, 2016 at 3:19 PM, Gianluca Cecchi <gianluca.cecchi@gmail.com> wrote:

On Thu, Oct 13, 2016 at 2:59 PM, Simone Tiraboschi <stirabos@redhat.com> wrote:

On Thu, Oct 13, 2016 at 2:45 PM, Simone Tiraboschi <stirabos@redhat.com> wrote:

On Thu, Oct 13, 2016 at 11:23 AM, Piotr Kliczewski <pkliczew@redhat.com> wrote:
Gianluca,

The port needs to be open on machines where vdsm is installed.

@Simone can you take a look why after running host deploy at 2016-10-03 23:28:47,891
we are not able to talk to vdsm anymore?

OK, I'm on it.

Gianluca, can you please share somehow the output of
ss -at
on all your hosts, your /var/log/ovirt-hosted-engine-ha/agent.log and /var/log/ovirt-hosted-engine-ha/broker.log
(maybe I simply lost them within this long thread).

Thanks, the only errors that I see on agent and broker logs are:

Thread-6::INFO::2016-10-13 12:29:40,783::engine_health::124::engine_health.CpuLoadNoEngine::(action) VM is up on this host with healthy engine

Thread-1::ERROR::2016-10-13 12:29:42,859::notifications::39::ovirt_hosted_engine_ha.broker.notifications.Notifications::(send_email) [Errno 101] Network is unreachable

Traceback (most recent call last):

File "/usr/lib/python2.7/site-packages/ovirt_hosted_engine_ha/broker/notifications.py", line 26, in send_email

timeout=float(cfg["smtp-timeout"]))

File "/usr/lib64/python2.7/smtplib.py", line 255, in __init__

(code, msg) = self.connect(host, port)

File "/usr/lib64/python2.7/smtplib.py", line 315, in connect

self.sock = self._get_socket(host, port, self.timeout)

File "/usr/lib64/python2.7/smtplib.py", line 290, in _get_socket

return socket.create_connection((host, port), timeout)

File "/usr/lib64/python2.7/socket.py", line 571, in create_connection

raise err

error: [Errno 101] Network is unreachable

when it tries to send an email (it cannot reach the smtp server) but vdsm communication seams fine.

Thanks,
Piotr

On Thu, Oct 13, 2016 at 11:15 AM, Gianluca Cecchi <gianluca.cecchi@gmail.com> wrote:

On Thu, Oct 13, 2016 at 11:13 AM, Gianluca Cecchi <gianluca.cecchi@gmail.com> wrote:
Il 13/Ott/2016 11:00, "Piotr Kliczewski" <pkliczew@redhat.com> ha scritto:
>
> Gianluca,
>
> Checking the log it seems that we do not configure firewall:
>
> NETWORK/firewalldEnable=bool:'False'
> NETWORK/iptablesEnable=bool:'False'
>
> Please make sure that you reconfigure your firewall to open 54321 port or let host deploy to do it for you.
>
> Thanks,
> Piotr

Hi,
at this moment Ihave:
On hypervisor iptables service configured and active.
On engine firewalld service configured and active.
Do I have to open port 54321 on host?

Actually it is already...

root@ovirt01 ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp -- 0.0.0.0/0            0.0.0.0/0            udp dpt:53
ACCEPT     tcp -- 0.0.0.0/0            0.0.0.0/0            tcp dpt:53
ACCEPT     udp -- 0.0.0.0/0            0.0.0.0/0            udp dpt:67
ACCEPT     tcp -- 0.0.0.0/0            0.0.0.0/0            tcp dpt:67
ACCEPT     all -- 192.168.1.212        0.0.0.0/0
ACCEPT     all -- 0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
ACCEPT     icmp -- 0.0.0.0/0            0.0.0.0/0
ACCEPT     all -- 0.0.0.0/0            0.0.0.0/0
ACCEPT     tcp -- 0.0.0.0/0            0.0.0.0/0            tcp dpt:54321
ACCEPT     tcp -- 0.0.0.0/0            0.0.0.0/0            tcp dpt:111
ACCEPT     udp -- 0.0.0.0/0            0.0.0.0/0            udp dpt:111
ACCEPT     tcp -- 0.0.0.0/0            0.0.0.0/0            tcp dpt:22
ACCEPT     udp -- 0.0.0.0/0            0.0.0.0/0            udp dpt:161
ACCEPT     tcp -- 0.0.0.0/0            0.0.0.0/0            tcp dpt:16514
ACCEPT     tcp -- 0.0.0.0/0            0.0.0.0/0            multiport dports 2223
ACCEPT     tcp -- 0.0.0.0/0            0.0.0.0/0            multiport dports 5900:6923
ACCEPT     tcp -- 0.0.0.0/0            0.0.0.0/0            multiport dports 49152:49216
REJECT     all -- 0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all -- 0.0.0.0/0            192.168.122.0/24     ctstate RELATED,ESTABLISHED
ACCEPT     all -- 192.168.122.0/24     0.0.0.0/0
ACCEPT     all -- 0.0.0.0/0            0.0.0.0/0
REJECT     all -- 0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all -- 0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all -- 0.0.0.0/0            0.0.0.0/0            PHYSDEV match ! --physdev-is-bridged reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp -- 0.0.0.0/0            0.0.0.0/0            udp dpt:68
[root@ovirt01 ~]#

ss log for host:
https://drive.google.com/file/d/0BwoPbcrMv8mvczVOeG1iUWZxS1U/view?usp=sharing

ss log for engine
https://drive.google.com/file/d/0BwoPbcrMv8mvWGx0QWstWG1TSWc/view?usp=sharing

agent.log
https://drive.google.com/file/d/0BwoPbcrMv8mvMFBrQ2lneFVwaGc/view?usp=sharing

broker.log
https://drive.google.com/file/d/0BwoPbcrMv8mva2Jsc3BkNkpNZFE/view?usp=sharing

hih clarify