----- Original Message -----
From: "Sven Kieske" <S.Kieske(a)mittwald.de>
To: users(a)ovirt.org
Sent: Friday, October 18, 2013 5:43:39 PM
Subject: Re: [Users] Host installation failed ovirt 3.2
This problem occured again, this time, deploying an centOS netinstall.
Steps to reproduce:
1. install CentOS 6.4. x64 netinstall, use the target "minimal
installation".
2. add repos for epel and ovirt.
3. install vdsm on host through webadmin
actual result:
In Webadmin:
"Failed to install Host server4 Failed to execute stage 'Closing up':
Command '/sbin/service' failed to execute."
2013-10-18 16:29:11 DEBUG otopi.plugins.otopi.services.rhel plugin.execute:412
execute-output: ('/sbin/service', 'iptables', 'start') stdout:
iptables: Applying firewall rules: [FAILED]
2013-10-18 16:29:11 DEBUG otopi.plugins.otopi.services.rhel plugin.execute:417
execute-output: ('/sbin/service', 'iptables', 'start') stderr:
iptables-restore: line 61 failed
I attached the complete host-deploy log. it fails at reloading
iptables
however, the default ovirt-iptables config is present in
/etc/sysconfig/iptables and is loaded (this was checked by
"service iptables status" command)
also manual restarting the service works fine:
service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: mangle filter na[ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
next step was "reinstall" host through webadmin, which worked fine,
the host rebooted.
any hints?
I have no access to centos... and unsure what is happening... need your help.
It looks like there is some problem in first apply of firewall rules...
Can you please checkout this sequence which is similar to what happening at host-deploy:
1. have default /etc/sysconfig/iptables (you can find it as backuped up
/etc/sysconfig/iptables.*)
2. restart iptables
3. move /etc/sysconfig/iptables /etc/sysconfig/iptables.old
4. move /etc/sysconfig/<ovirt> /etc/sysconfig/iptables
5. restart iptables
I hope we see same failure, so it will be easier to debug.
I've never seen this issue... with same file content restart 1 does not work, restart
2 does... this is strange.
Thanks,
Alon
On 18.10.2013 10:44, Sven Kieske wrote:
> Hi,
>
> this config was already in /etc/sysconfig/iptables (you forget some
> empty lines, but the rest is identical), here is the outcome:
>
> service iptables stop
> iptables: Flushing firewall rules: [ OK ]
> iptables: Setting chains to policy ACCEPT: nat filter mangl[ OK ]
> iptables: Unloading modules: [ OK ]
> [root@vroot4 ~]# service iptables start
> iptables: Applying firewall rules: [ OK ]
> [root@vroot4 ~]# service iptables status
> Table: filter
> Chain INPUT (policy ACCEPT)
> num target prot opt source destination
> 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
> RELATED,ESTABLISHED
> 2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
> 3 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
> dpt:54321
> 4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
> dpt:22
> 5 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
> dpt:161
> 6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
> dpt:16514
> 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
> multiport dports 5634:6166
> 8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
> multiport dports 49152:49216
> 9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
> dpt:24007
> 10 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
> dpt:111
> 11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
> dpt:38465
> 12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
> dpt:38466
> 13 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
> dpt:38467
> 14 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
> dpt:39543
> 15 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
> dpt:55863
> 16 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
> dpt:38468
> 17 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
> dpt:963
> 18 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
> dpt:965
> 19 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
> dpt:4379
> 20 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
> dpt:139
> 21 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
> dpt:445
> 22 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
> dpts:24009:24108
> 23 REJECT all -- 0.0.0.0/0 0.0.0.0/0
> reject-with icmp-host-prohibited
>
> Chain FORWARD (policy ACCEPT)
> num target prot opt source destination
> 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0
> PHYSDEV match ! --physdev-is-bridged reject-with icmp-host-prohibited
>
> Chain OUTPUT (policy ACCEPT)
> num target prot opt source destination
>
>
> So there is no error, reloading it by hand.
>
> I tried to then add the host again via webadmin, and it succeeds.
>
> So I really don't know what the problem was :(
>
>
> On 17.10.2013 17:52, Alon Bar-Lev wrote:
>>
>>
>> ----- Original Message -----
>>>
>>> On 17.10.2013 16:15, Alon Bar-Lev wrote:
>>>> Please send the entire host-deploy log so I can see what iptables rules
>>>> are
>>>> there.
>>>>
>>>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
>
http://lists.ovirt.org/mailman/listinfo/users
>
>
>
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users