Re: [ovirt-users] How to notify cluster nodes after "engine-config --set IPTablesConfigSiteCustom..." ?

On Wed, Nov 23, 2016 at 1:54 PM, <aleksey.maksimov(a)it-kb.ru&gt; wrote: >  "As I wrote there, you can also do this manually" > >  How? I am not sure I understand the question. The same way you configure iptables on non-oVirt-hosts machines. If you mean "How to imitate the way the engine does this during host deploy", then I don't know - you can check engine sources for that. I am guessing that you can get the values of IPTablesConfig and IPTablesConfigSiteCustom with engine-config, replace inside the latter "@CUSTOM_RULES@" with the contents of the former, then copy the result to the host and load it with iptables-restore (and/or copy to /etc/sysconfig/iptables and restart iptables service). >  23.11.2016, 14:23, "Yedidyah Bar David" <didi(a)redhat.com&gt;: >>  On Wed, Nov 23, 2016 at 12:51 PM, <aleksey.maksimov(a)it-kb.ru&gt; wrote: >>>   Hi Didi! >>> >>>   https://www.mail-archive.com/users@ovirt.org/msg37193.html >>> >>>   "Move to maintenance and reinstall" to add the iptables rules ? >>> >>>   Are you serious? >>> >>>   There is no other way (without reinstalling the hosts) ? >> >>  AFAIK, using ovirt-host-deploy, no. >> >>  I am not aware of an engine API or vdsm verb to do this, but these are >>  not my main area of expertise. >> >>  As I wrote there, you can also do this manually. >> >>  The oVirt engine is not a replacement for configuration management >>  systems. If you have complex needs, might as well uncheck this >>  checkbox and use other means. >> >>  Best, >> >>>   23.11.2016, 13:07, "Yedidyah Bar David" <didi(a)redhat.com&gt;: >>>>   On Wed, Nov 23, 2016 at 12:02 PM, <aleksey.maksimov(a)it-kb.ru&gt; wrote: >>>>>    Hmm. I just rebooted the host, but the iptables rules have not been updated :( >>>>> >>>>>    On Engine server my custom iptables rules are visible: >>>>> >>>>>    # engine-config --get IPTablesConfigSiteCustom >>>>> >>>>>    IPTablesConfigSiteCustom: >>>>>    -A INPUT -p tcp --dport 2301 -j ACCEPT -m comment --comment 'HPE System Management Homepage' >>>>>    -A INPUT -p tcp --dport 2381 -j ACCEPT -m comment --comment 'HPE System Management Homepage (Secure port)' >>>>>     version: general >>>>> >>>>>    How to update the configuration on the hosts ? >>>>> >>>>>    23.11.2016, 11:30, &quot;aleksey.maksimov(a)it-kb.ru&quot; <aleksey.maksimov(a)it-kb.ru&gt;: >>>>>>    Hello oVirt guru`s ! >>>>>> >>>>>>    oVirt Engine Version: 4.0.5.5-1.el7.centos >>>>>> >>>>>>    I updated the configuration of the firewall on the Engine server with "engine-config --set IPTablesConfigSiteCustom...". >>>>>>    How to notify cluster nodes (all virtualization hosts) about the changes without reboot? >>>> >>>>   Please check the other thread here "[ovirt-users] Hook to add firewall >>>>   rules". Thanks. >>>> >>>>>    _______________________________________________ >>>>>    Users mailing list >>>>>    Users(a)ovirt.org >>>>>    http://lists.ovirt.org/mailman/listinfo/users >>>> >>>>   -- >>>>   Didi >> >>  -- >>  Didi -- Didi