--------=_MB05829694-0576-4C65-A28B-FE7AAA10548D Content-Type: text/plain; format=flowed; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi I would like to add rules into the iptables of the Hosted Engine VM in=20 Ovirt. I am wanting to monitor the Ovirt Engine using Nagios -> NRPE and I=20 would like to open port 5666 the version is oVirt Engine Version: 4.1.1.8-1.el7.centos I have tried using the normal process for iptables (iptables-save etc),=20 but it seems that the file /etc/sysconfig/iptables is ignored when the Ovirt Engine VM starts. How can I add permanent iptables rules into the Engine VM? Kind regards Andrew --------=_MB05829694-0576-4C65-A28B-FE7AAA10548D Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <?xml version=3D"1.0" encoding=3D"utf-16"?><html><head> <style id=3D"signatureStyle"><!--#x7210a5928a8d46b, #x7210a5928a8d46b #x136= 253a26533439c817a2d4cd93dbb00 #xea120d60c95044d #xb71224f920234978acc74f4d2= 3143069, #x7210a5928a8d46b #x136253a26533439c817a2d4cd93dbb00 #xea120d60c95= 044d {font-family: Tahoma; font-size: 12pt;} #x7210a5928a8d46b, #x7210a5928a8d46b #x136253a26533439c817a2d4cd93dbb00 #xe= a120d60c95044d, #x7210a5928a8d46b #x136253a26533439c817a2d4cd93dbb00, #x721= 0a5928a8d46b {font-family: 'Segoe UI'; font-size: 12pt;} #x7210a5928a8d46b #x136253a26533439c817a2d4cd93dbb00 {font-family: 'Segoe UI'; font-size: 12pt; color: rgb(0, 0, 0); margin-left= : 0px; margin-right: 8px; background-color: rgb(255, 255, 255);} #x7210a5928a8d46b #x136253a26533439c817a2d4cd93dbb00 #xea120d60c95044d #xb7= 1224f920234978acc74f4d23143069 p.MsoNormal, #x7210a5928a8d46b #x136253a2653= 3439c817a2d4cd93dbb00 #xea120d60c95044d p.MsoNormal {margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-seri= f;} #x7210a5928a8d46b #x136253a26533439c817a2d4cd93dbb00 #xea120d60c95044d #xb7= 1224f920234978acc74f4d23143069 div.WordSection1, #x7210a5928a8d46b #x136253= a26533439c817a2d4cd93dbb00 #xea120d60c95044d div.WordSection1 {page: WordSection1;} --></style> <style><![CDATA[#xcc10ef20af594fb9a2ace3c3ec715127 .plain tt{ font-family:monospace; font-size:100%; font-weight:normal; font-style:normal; } #xcc10ef20af594fb9a2ace3c3ec715127 .plain div{ white-space:pre-wrap; } #xcc10ef20af594fb9a2ace3c3ec715127{ font-family:'Segoe UI'; font-size:12pt; color:#000; margin-left:0px; margin-right:8px; background-color:#FFF; } #xcc10ef20af594fb9a2ace3c3ec715127 .plain tt{ font-family:'Segoe UI'; font-size:12pt; } #xcc10ef20af594fb9a2ace3c3ec715127 #x926e53639d9245c,#xcc10ef20af594fb9a2ac= e3c3ec715127 #x926e53639d9245c #x136253a26533439c817a2d4cd93dbb00 #xea120d6= 0c95044d #xb71224f920234978acc74f4d23143069,#xcc10ef20af594fb9a2ace3c3ec715= 127 #x926e53639d9245c #x136253a26533439c817a2d4cd93dbb00 #xea120d60c95044d{ font-family:Tahoma; font-size:12pt; } #xcc10ef20af594fb9a2ace3c3ec715127 #x926e53639d9245c,#xcc10ef20af594fb9a2ac= e3c3ec715127 #x926e53639d9245c #x136253a26533439c817a2d4cd93dbb00 #xea120d6= 0c95044d,#xcc10ef20af594fb9a2ace3c3ec715127 #x926e53639d9245c #x136253a2653= 3439c817a2d4cd93dbb00,#xcc10ef20af594fb9a2ace3c3ec715127 #x926e53639d9245c{ font-family:'Segoe UI'; font-size:12pt; } #xcc10ef20af594fb9a2ace3c3ec715127 #x926e53639d9245c #x136253a26533439c817a= 2d4cd93dbb00{ font-family:'Segoe UI'; font-size:12pt; color:#000; margin-left:0px; margin-right:8px; background-color:#FFF; } #xcc10ef20af594fb9a2ace3c3ec715127 #x926e53639d9245c #x136253a26533439c817a= 2d4cd93dbb00 #xea120d60c95044d #xb71224f920234978acc74f4d23143069 p.MsoNorm= al,#xcc10ef20af594fb9a2ace3c3ec715127 #x926e53639d9245c #x136253a26533439c8= 17a2d4cd93dbb00 #xea120d60c95044d p.MsoNormal{ margin:0cm 0cm 0.0001pt; font-size:11pt; font-family:Calibri,sans-serif; } #xcc10ef20af594fb9a2ace3c3ec715127 #x926e53639d9245c #x136253a26533439c817a= 2d4cd93dbb00 #xea120d60c95044d #xb71224f920234978acc74f4d23143069 div.WordS= ection1,#xcc10ef20af594fb9a2ace3c3ec715127 #x926e53639d9245c #x136253a26533= 439c817a2d4cd93dbb00 #xea120d60c95044d div.WordSection1{ page:WordSection1; } #xcc10ef20af594fb9a2ace3c3ec715127 #x828a9ef720e045b9a398538faa289985 .plai= n tt{ font-family:monospace; font-size:100%; font-weight:normal; font-style:normal; } #xcc10ef20af594fb9a2ace3c3ec715127 #x828a9ef720e045b9a398538faa289985 .plai= n div{ white-space:pre-wrap; } #xcc10ef20af594fb9a2ace3c3ec715127 #x828a9ef720e045b9a398538faa289985{ font-family:'Segoe UI'; font-size:12pt; color:#000; margin-left:0px; margin-right:8px; background-color:#FFF; } #xcc10ef20af594fb9a2ace3c3ec715127 #x828a9ef720e045b9a398538faa289985 .plai= n tt{ font-family:'Segoe UI'; font-size:12pt; } #xcc10ef20af594fb9a2ace3c3ec715127{ font-family:Tahoma; font-size:12pt; }]]><!--body {font-family: Tahoma; font-size: 12pt;} --></style> </head> <body><div><div id=3D"xcc10ef20af594fb9a2ace3c3ec715127"> <div><div>Hi</div><div><br /></div><div>I would like to add rules into the= iptables of the Hosted Engine VM in Ovirt.</div><div>I am wanting to monito= r the Ovirt Engine using Nagios -> NRPE and I would like to open port 56= 66</div><div><div id=3D"x828a9ef720e045b9a398538faa289985"> <div class=3D"plain"><tt style=3D"word-wrap:break-word"><div><br /></div><d= iv>the version is=20 <span class=3D"gwt-InlineLabel">oVirt Engine Version: 4.1.1.8-1.el7.centos<= /span> </div><div>I have tried using the normal process for iptables (iptables-sav= e etc), but it seems that the file=C2=A0</div><div><code class=3D"filename"=
/etc/sysconfig/iptables</code> </div><div>is ignored when the Ovirt Engine VM starts. </div><div><br /></d= iv><div>How can I add permanent iptables rules into the Engine VM?</div><di= v><br /></div></tt></div></div></div><div id=3D"signature_old"><div id=3D"x= 926e53639d9245c"><div style=3D"font-family: Tahoma;"><span id=3D"x89c8d9902= b0345bca5fb60b10010a8ea"> <div id=3D"x136253a26533439c817a2d4cd93dbb00"><div id=3D"signature_old"><di= v id=3D"xea120d60c95044d"><div class=3D"WordSection1"><div id=3D"xb71224f92= 0234978acc74f4d23143069"><div class=3D"WordSection1"><p class=3D"MsoNormal"= <font style=3D"font-size: 14pt;">Kind regards</font></p><p class=3D"MsoNor= mal"><font style=3D"font-size: 14pt;"><br /></font></p><p class=3D"MsoNorma= l"><font style=3D"font-size: 14pt;">Andrew=C2=A0</font></p></div></div></di= v></div></div></div></span></div></div></div></div></div></div><div><br /><= /div> </body></html> --------=_MB05829694-0576-4C65-A28B-FE7AAA10548D--
On Mon, May 29, 2017 at 1:14 PM, Andrew Dent <adent@ctcroydon.com.au> wrote:
Hi
I would like to add rules into the iptables of the Hosted Engine VM in Ovirt. I am wanting to monitor the Ovirt Engine using Nagios -> NRPE and I would like to open port 5666
the version is oVirt Engine Version: 4.1.1.8-1.el7.centos I have tried using the normal process for iptables (iptables-save etc), but it seems that the file /etc/sysconfig/iptables is ignored when the Ovirt Engine VM starts.
What do you mean in "ignored"? What's the output of 'iptables-save'? Did you ask to configure the firewall during engine-setup?
How can I add permanent iptables rules into the Engine VM?
On the engine vm (unlike hosts), the only thing that touches iptables is engine-setup. Before doing that it asks you if you want to configure the firewall. There aren't currently means to add your custom rules - either you manage it all by yourself or you let engine-setup do that. Alternatively, it's recommended to use firewalld. engine-setup can add to firewalld the stuff it wants, and you still can add your own stuff. If I got you wrong and you refer to the hosts (not engine), see also: https://www.ovirt.org/blog/2016/12/extension-iptables-rules-oVirt-hosts/ Best,
Kind regards
Andrew
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- Didi
participants (2)
-
Andrew Dent -
Yedidyah Bar David