----- Original Message -----
From: "Chris Adams" <cma@cmadams.net> To: users@ovirt.org Sent: Monday, November 17, 2014 11:22:42 PM Subject: Re: [ovirt-users] iptables management
Once upon a time, Alon Bar-Lev <alonbl@redhat.com> said:
I guess you mean engine setup, right?
Yes, that and hosted-engine --deploy.
hosted-engine --deploy does not touch iptables of the engine VM. engine-setup inside that VM does that. hosted-engine --deploy does two other things: 1. It changes iptables to let you access the engine VM console (spice/vnc) 2. Later, when it adds itself as a host to the engine, it tells the engine to configure iptables for itself as a host (just as is the default when adding hosts through the gui). We have an open bug [1] to make that configurable. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1080823
Each time you run engine-setup you will be prompt if you want to override iptables settings. If you choose to override, the current settings will be backed up and you can diff and re-apply your own. If you choose to keep your settings, setup will write the iptables rules into own location and you can diff and apply the changes manually.
Okay, so that's the only time iptables are changed? That makes sense, and I can work with that. Thanks. -- Chris Adams <cma@cmadams.net> _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- Didi