5:41 p.m.
Il 20/05/2014 16:36, Bob Doolittle ha scritto:
On 05/20/2014 10:23 AM, Sandro Bonazzola wrote:
> Il 20/05/2014 16:06, Bob Doolittle ha scritto:
>> On 05/20/2014 09:42 AM, Sandro Bonazzola wrote:
>>> Il 20/05/2014 15:09, Jiri Moskovcak ha scritto:
>>>> On 05/20/2014 02:57 PM, Bob Doolittle wrote:
>>>>> Well that was interesting.
>>>>> When I ran hosted-engine --connect-storage, the Data Center went
green,
>>>>> and I could see an unattached ISO domain and ovirt-image-repository
(but
>>>>> no Data domain).
>>>>> But after restarting ovirt-ha-broker and ovirt-ha-agent, the storage
>>>>> disappeared again and the Data Center went red.
>>>>>
>>>>> In retrospect, there appears to be a problem with iptables/firewalld
>>>>> that could be related.
>>>>> I noticed two things:
>>>>> - firewalld is stopped and disabled on the host
>>> Correct, hosted engine support iptables only.
>>> You should have iptables configured and enabled.
>>>>> - I could not manually NFS mount (v3 or v4) from the host to the
engine,
>>>>> unless I did "service iptables stop"
>>>>>
>>>>> So it doesn't appear to me that hosted-engine did the right
things with
>>>>> firewalld/iptables. If these problems occurred during the --deploy,
>>>>> could that result in this situation?
>>> I don't think so
>>>>> I have temporarily disabled iptables until I get things working, but
>>>>> clearly that's insufficient to resolve the problem at this
point.
>>>> - iptables/firewalld is configured during the setup, which is
Sandro's domain. Sandro, could you please take a look at this?
>>> iptables configuration is performed by the engine when adding the host.
>>> please attach iptables-save output from the host and host-deploy logs from
the hosted-engine vm.
>> host-deploy logs are ^^ in this thread.
> I see ovirt-hosted-engine-setup logs, not /var/log/ovirt-engine/host-deploy logs.
Oh sorry - from the engine then. Attached.
But my problem is with the firewall on the host.
I cannot NFS mount a share on the host (e.g. my Data Domain) on the engine.
In this case the host is the NFS server, and the engine is the NFS client.
Only the host firewall should be relevant, correct?
Maybe what you are saying is that hosted-engine does not attempt to configure the
iptables on the host to allow NFS shares?
Yes, to be clear:
ovirt-hosted-engine-setup just enable ports for spice / vnc connection from remote host to
VM while performing OS install on the VM.
Once the VM is installed ovirt-engine configure iptables on the host using
ovirt-host-deploy package when the host is added to the engine.
If you need other services on the host running the hosted engine you'll need to
configure manually iptables.
>> I have attached iptables-save output.
> I can't see anything blocking the mount from the hots toward the engine vm.
> Can you attach iptables-save also from the engine vm?
> (IIUC you've a nfs share there and you're trying to mount it from the host
right?)
Visa-versa. My Data domain is on my host. So is my Export domain, but I haven't tried
to import it yet since the Datacenter is not operational.
Thanks,
Bob
--
Sandro Bonazzola
Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com