Re: [Users] Host installation failed ovirt 3.2

18 Oct 2013

      ----- Original Message -----
...
From: "Sven Kieske" <S.Kieske@mittwald.de>
To: users@ovirt.org
Sent: Friday, October 18, 2013 5:43:39 PM
Subject: Re: [Users] Host installation failed ovirt 3.2
This problem occured again, this time, deploying an centOS netinstall.
Steps to reproduce:
1. install CentOS 6.4. x64 netinstall, use the target "minimal
installation".
2. add repos for epel and ovirt.
3. install vdsm on host through webadmin
actual result:
In Webadmin:
"Failed to install Host server4 Failed to execute stage 'Closing up':
Command '/sbin/service' failed to execute."
2013-10-18 16:29:11 DEBUG otopi.plugins.otopi.services.rhel plugin.execute:412 execute-output: ('/sbin/service', 'iptables', 'start') stdout:
iptables: Applying firewall rules: [FAILED]

2013-10-18 16:29:11 DEBUG otopi.plugins.otopi.services.rhel plugin.execute:417 execute-output: ('/sbin/service', 'iptables', 'start') stderr:
iptables-restore: line 61 failed
...
I attached the complete host-deploy log. it fails at reloading iptables
however, the default ovirt-iptables config is present in
/etc/sysconfig/iptables and is loaded (this was checked by
 "service iptables status" command)
also manual restarting the service works fine:
service iptables restart
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: mangle filter na[  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]
next step was "reinstall" host through webadmin, which worked fine,
the host rebooted.
any hints?
I have no access to centos... and unsure what is happening... need your help.

It looks like there is some problem in first apply of firewall rules...

Can you please checkout this sequence which is similar to what happening at host-deploy:

1. have default /etc/sysconfig/iptables (you can find it as backuped up /etc/sysconfig/iptables.*)
2. restart iptables
3. move /etc/sysconfig/iptables /etc/sysconfig/iptables.old
4. move /etc/sysconfig/<ovirt> /etc/sysconfig/iptables
5. restart iptables

I hope we see same failure, so it will be easier to debug.

I've never seen this issue... with same file content restart 1 does not work, restart 2 does... this is strange.

Thanks,
Alon
...
On 18.10.2013 10:44, Sven Kieske wrote:
...
Hi,
this config was already in /etc/sysconfig/iptables (you forget some
empty lines, but the rest is identical), here is the outcome:
service iptables stop
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: nat filter mangl[  OK  ]
iptables: Unloading modules:                               [  OK  ]
[root@vroot4 ~]# service iptables start
iptables: Applying firewall rules:                         [  OK  ]
[root@vroot4 ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state
RELATED,ESTABLISHED
2    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
dpt:54321
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
dpt:22
5    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp
dpt:161
6    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
dpt:16514
7    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0
multiport dports 5634:6166
8    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0
multiport dports 49152:49216
9    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
dpt:24007
10   ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp
dpt:111
11   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
dpt:38465
12   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
dpt:38466
13   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
dpt:38467
14   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
dpt:39543
15   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
dpt:55863
16   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
dpt:38468
17   ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp
dpt:963
18   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
dpt:965
19   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
dpt:4379
20   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
dpt:139
21   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
dpt:445
22   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
dpts:24009:24108
23   REJECT     all  --  0.0.0.0/0            0.0.0.0/0
reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0
PHYSDEV match ! --physdev-is-bridged reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination
So there is no error, reloading it by hand.
I tried to then add the host again via webadmin, and it succeeds.
So I really don't know what the problem was :(
On 17.10.2013 17:52, Alon Bar-Lev wrote:
...
----- Original Message -----
...
On 17.10.2013 16:15, Alon Bar-Lev wrote:
...
Please send the entire host-deploy log so I can see what iptables rules
are
there.
_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users