9:43 p.m.
On 05/20/2014 10:41 AM, Sandro Bonazzola wrote:
Il 20/05/2014 16:36, Bob Doolittle ha scritto:
> On 05/20/2014 10:23 AM, Sandro Bonazzola wrote:
>> Il 20/05/2014 16:06, Bob Doolittle ha scritto:
>>> On 05/20/2014 09:42 AM, Sandro Bonazzola wrote:
>>>> Il 20/05/2014 15:09, Jiri Moskovcak ha scritto:
>>>>> On 05/20/2014 02:57 PM, Bob Doolittle wrote:
>>>>>> Well that was interesting.
>>>>>> When I ran hosted-engine --connect-storage, the Data Center went
green,
>>>>>> and I could see an unattached ISO domain and
ovirt-image-repository (but
>>>>>> no Data domain).
>>>>>> But after restarting ovirt-ha-broker and ovirt-ha-agent, the
storage
>>>>>> disappeared again and the Data Center went red.
>>>>>>
>>>>>> In retrospect, there appears to be a problem with
iptables/firewalld
>>>>>> that could be related.
>>>>>> I noticed two things:
>>>>>> - firewalld is stopped and disabled on the host
>>>> Correct, hosted engine support iptables only.
>>>> You should have iptables configured and enabled.
>>>>>> - I could not manually NFS mount (v3 or v4) from the host to the
engine,
>>>>>> unless I did "service iptables stop"
>>>>>>
>>>>>> So it doesn't appear to me that hosted-engine did the right
things with
>>>>>> firewalld/iptables. If these problems occurred during the
--deploy,
>>>>>> could that result in this situation?
>>>> I don't think so
>>>>>> I have temporarily disabled iptables until I get things working,
but
>>>>>> clearly that's insufficient to resolve the problem at this
point.
>>>>> - iptables/firewalld is configured during the setup, which is
Sandro's domain. Sandro, could you please take a look at this?
>>>> iptables configuration is performed by the engine when adding the host.
>>>> please attach iptables-save output from the host and host-deploy logs
from the hosted-engine vm.
>>> host-deploy logs are ^^ in this thread.
>> I see ovirt-hosted-engine-setup logs, not /var/log/ovirt-engine/host-deploy
logs.
> Oh sorry - from the engine then. Attached.
>
> But my problem is with the firewall on the host.
>
> I cannot NFS mount a share on the host (e.g. my Data Domain) on the engine.
> In this case the host is the NFS server, and the engine is the NFS client.
> Only the host firewall should be relevant, correct?
>
> Maybe what you are saying is that hosted-engine does not attempt to configure the
iptables on the host to allow NFS shares?
Yes, to be clear:
ovirt-hosted-engine-setup just enable ports for spice / vnc connection from remote host
to VM while performing OS install on the VM.
Once the VM is installed ovirt-engine configure iptables on the host using
ovirt-host-deploy package when the host is added to the engine.
If you need other services on the host running the hosted engine you'll need to
configure manually iptables.
Thanks,
Jirka - since Sandro says this NFS issue is irrelevant to Hosted
operation, do you have any other suggestions or can I provide any
additional data to help diagnose why my configuration is non-operational?
I will eventually want to fix this and add Data and Export domains from
my host, but for the moment it appears no NFS exports from the host are
required for oVirt operation.
So where are my domains? :)
Thanks,
Bob
>>> I have attached iptables-save output.
>> I can't see anything blocking the mount from the hots toward the engine vm.
>> Can you attach iptables-save also from the engine vm?
>> (IIUC you've a nfs share there and you're trying to mount it from the
host right?)
> Visa-versa. My Data domain is on my host. So is my Export domain, but I haven't
tried to import it yet since the Datacenter is not operational.
>
> Thanks,
> Bob
>