3:53 p.m.
Hello,
tried to simulate some maintenance operations and restart the f18 server
where I installed the engine, version
3.2.0-1.20130113.gitc954518
I'm unable to connect to it after
shutdown -r now
The engine seems started correctly
Even after
systemctl restart ovirt-engine.service
I'm not able to connect via web
I can see this in httpd logs:
[Tue Jan 15 13:38:08.512923 2013] [mpm_prefork:notice] [pid 1132] AH00170:
caught SIGWINCH, shutting down gracefully
[Tue Jan 15 13:38:50.950219 2013] [core:notice] [pid 1097] SELinux policy
enabled; httpd running as context system_u:system_r:httpd_t:s0
[Tue Jan 15 13:38:51.014967 2013] [suexec:notice] [pid 1097] AH01232:
suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Jan 15 13:38:52.000997 2013] [ssl:notice] [pid 1097] AH01886: SSL FIPS
mode disabled
[Tue Jan 15 13:38:52.146753 2013] [auth_digest:notice] [pid 1097] AH01757:
generating secret for digest authentication ...
[Tue Jan 15 13:38:53.000950 2013] [lbmethod_heartbeat:notice] [pid 1097]
AH02282: No slotmem from mod_heartmonitor
[Tue Jan 15 13:38:53.001039 2013] [ssl:notice] [pid 1097] AH01886: SSL FIPS
mode disabled
[Tue Jan 15 13:38:53.012520 2013] [mpm_prefork:notice] [pid 1097] AH00163:
Apache/2.4.3 (Fedora) OpenSSL/1.0.1c-fips configured -- resuming normal
operations
[Tue Jan 15 13:38:53.012539 2013] [core:notice] [pid 1097] AH00094: Command
line: '/usr/sbin/httpd -D FOREGROUND'
# getenforce
Permissive
# systemctl status httpd.service
httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled)
Active: active (running) since Tue, 2013-01-15 13:38:53 CET; 9min ago
Main PID: 1097 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0
B/sec"
CGroup: name=systemd:/system/httpd.service
├ 1097 /usr/sbin/httpd -DFOREGROUND
├ 1267 /usr/sbin/httpd -DFOREGROUND
├ 1268 /usr/sbin/httpd -DFOREGROUND
├ 1269 /usr/sbin/httpd -DFOREGROUND
├ 1270 /usr/sbin/httpd -DFOREGROUND
└ 1271 /usr/sbin/httpd -DFOREGROUND
Jan 15 13:38:53 f18engine.ceda.polimi.it systemd[1]: Started The Apache
HTTP Server.
# systemctl status ovirt-engine.service
ovirt-engine.service - oVirt Engine
Loaded: loaded (/usr/lib/systemd/system/ovirt-engine.service; enabled)
Active: active (running) since Tue, 2013-01-15 13:38:53 CET; 9min ago
Process: 1233 ExecStart=/usr/bin/engine-service start (code=exited,
status=0/SUCCESS)
Main PID: 1274 (java)
CGroup: name=systemd:/system/ovirt-engine.service
└ 1274 engine-service -server -XX:+TieredCompilation -Xms1g -Xmx1g
-XX:PermSize=256m -XX:MaxPermSize=256m -D...
Jan 15 13:38:51 f18engine systemd[1]: Starting oVirt Engine...
Jan 15 13:38:53 f18engine engine-service[1233]: Started engine process 1274.
Jan 15 13:38:53 f18engine engine-service[1233]: Starting engine-service: [
OK ]
Jan 15 13:38:53 f18engine systemd[1]: Started oVirt Engine.
On browser I get after trying
server is taking to much to answer...
Before shutdown it was ok....
4:22 p.m.
------=_Part_6325422_1330700309.1358256137411
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
----- Original Message -----
Hello,
tried to simulate some maintenance operations and restart the f18
server where I installed the engine, version
3.2.0-1.20130113.gitc954518
I'm unable to connect to it after
shutdown -r now
The engine seems started correctly
Even after
systemctl restart ovirt-engine.service
I'm not able to connect via web
I can see this in httpd logs:
[Tue Jan 15 13:38:08.512923 2013] [mpm_prefork:notice] [pid 1132]
AH00170: caught SIGWINCH, shutting down gracefully
[Tue Jan 15 13:38:50.950219 2013] [core:notice] [pid 1097] SELinux
policy enabled; httpd running as context
system_u:system_r:httpd_t:s0
[Tue Jan 15 13:38:51.014967 2013] [suexec:notice] [pid 1097] AH01232:
suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Jan 15 13:38:52.000997 2013] [ssl:notice] [pid 1097] AH01886:
SSL FIPS mode disabled
[Tue Jan 15 13:38:52.146753 2013] [auth_digest:notice] [pid 1097]
AH01757: generating secret for digest authentication ...
[Tue Jan 15 13:38:53.000950 2013] [lbmethod_heartbeat:notice] [pid
1097] AH02282: No slotmem from mod_heartmonitor
[Tue Jan 15 13:38:53.001039 2013] [ssl:notice] [pid 1097] AH01886:
SSL FIPS mode disabled
[Tue Jan 15 13:38:53.012520 2013] [mpm_prefork:notice] [pid 1097]
AH00163: Apache/2.4.3 (Fedora) OpenSSL/1.0.1c-fips configured --
resuming normal operations
[Tue Jan 15 13:38:53.012539 2013] [core:notice] [pid 1097] AH00094:
Command line: '/usr/sbin/httpd -D FOREGROUND'
# getenforce
Permissive
# systemctl status httpd.service
httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled)
Active: active (running) since Tue, 2013-01-15 13:38:53 CET; 9min ago
Main PID: 1097 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic:
0 B/sec"
CGroup: name=3Dsystemd:/system/httpd.service
=E2=94=9C 1097 /usr/sbin/httpd -DFOREGROUND
=E2=94=9C 1267 /usr/sbin/httpd -DFOREGROUND
=E2=94=9C 1268 /usr/sbin/httpd -DFOREGROUND
=E2=94=9C 1269 /usr/sbin/httpd -DFOREGROUND
=E2=94=9C 1270 /usr/sbin/httpd -DFOREGROUND
=E2=94=94 1271 /usr/sbin/httpd -DFOREGROUND
Jan 15 13:38:53 f18engine.ceda.polimi.it systemd[1]: Started The
Apache HTTP Server.
# systemctl status ovirt-engine.service
ovirt-engine.service - oVirt Engine
Loaded: loaded (/usr/lib/systemd/system/ovirt-engine.service;
enabled)
Active: active (running) since Tue, 2013-01-15 13:38:53 CET; 9min ago
Process: 1233 ExecStart=3D/usr/bin/engine-service start (code=3Dexited,
status=3D0/SUCCESS)
Main PID: 1274 (java)
CGroup: name=3Dsystemd:/system/ovirt-engine.service
=E2=94=94 1274 engine-service -server -XX:+TieredCompilation -Xms1g -Xmx1=
g
-XX:PermSize=3D256m -XX:MaxPermSize=3D256m -D...
Jan 15 13:38:51 f18engine systemd[1]: Starting oVirt Engine...
Jan 15 13:38:53 f18engine engine-service[1233]: Started engine
process 1274.
Jan 15 13:38:53 f18engine engine-service[1233]: Starting
engine-service: [ OK ]
Jan 15 13:38:53 f18engine systemd[1]: Started oVirt Engine.
On browser I get after trying
server is taking to much to answer...
Before shutdown it was ok....
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
iptables?=20
Y.=20
------=_Part_6325422_1330700309.1358256137411
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
<html><head><style type=3D'text/css'>p { margin: 0;
}</style></head><body><=
div style=3D'font-family: times new roman,new york,times,serif; font-size: =
12pt; color: #000000'><hr id=3D"zwchr"><blockquote
style=3D"border-left:2px=
solid rgb(16, 16, 255);margin-left:5px;padding-left:5px;color:#000;font-we=
ight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Ar=
ial,sans-serif;font-size:12pt;"><div
dir=3D"ltr"><div><br></div>Hello,<div>=
tried to simulate some maintenance operations and restart the f18 server wh=
ere I installed the engine,
version</div><div>3.2.0-1.20130113.gitc954518</=
div><div><br></div><div>I'm unable to connect to it
after </div>
<div>shutdown -r now</div><div><br></div><div
style=3D"">The engine seems s=
tarted correctly</div><div style=3D""><br></div><div
style=3D"">Even after&=
nbsp;</div><div style=3D""><br></div><div
style=3D"">systemctl restart ovir=
t-engine.service </div><div style=3D"">
I'm not able to connect via web</div><div>I can see this in httpd
logs:<br>=
<div><br></div><div><div>[Tue Jan 15 13:38:08.512923 2013]
[mpm_prefork:not=
ice] [pid 1132] AH00170: caught SIGWINCH, shutting down gracefully</div>
<div>[Tue Jan 15 13:38:50.950219 2013] [core:notice] [pid 1097] SELinux pol=
icy enabled; httpd running as context system_u:system_r:httpd_t:s0</div><di=
v>[Tue Jan 15 13:38:51.014967 2013] [suexec:notice] [pid 1097] AH01232: suE=
XEC mechanism enabled (wrapper: /usr/sbin/suexec)</div>
<div>[Tue Jan 15 13:38:52.000997 2013] [ssl:notice] [pid 1097] AH01886: SSL=
FIPS mode disabled</div><div>[Tue Jan 15 13:38:52.146753 2013] [auth_diges=
t:notice] [pid 1097] AH01757: generating secret for digest authentication .=
..</div>
<div>[Tue Jan 15 13:38:53.000950 2013] [lbmethod_heartbeat:notice] [pid 109=
7] AH02282: No slotmem from mod_heartmonitor</div><div>[Tue Jan 15 13:38:53=
.001039 2013] [ssl:notice] [pid 1097] AH01886: SSL FIPS mode disabled</div>
<div>[Tue Jan 15 13:38:53.012520 2013] [mpm_prefork:notice] [pid 1097] AH00=
163: Apache/2.4.3 (Fedora) OpenSSL/1.0.1c-fips configured -- resuming norma=
l operations</div><div>[Tue Jan 15 13:38:53.012539 2013] [core:notice] [pid=
1097] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'</div>
</div><div><br></div></div><div><div>#
getenforce </div><div>Permissiv=
e</div></div><div><br></div><div><div>#
systemctl status httpd.service</div=
<div>httpd.service - The Apache HTTP
Server</div><div><span class=3D"" sty=
le=3D"white-space:pre">=09</span> Loaded: loaded
(/usr/lib/systemd/sy=
stem/httpd.service; enabled)</div>
<div><span class=3D""
style=3D"white-space:pre">=09</span> Active: ac=
tive (running) since Tue, 2013-01-15 13:38:53 CET; 9min
ago</div><div><span=
class=3D"" style=3D"white-space:pre">=09</span>Main PID:
1097 (httpd)</div=
<div><span class=3D""
style=3D"white-space:pre">=09</span> Status: "=
Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec=
"</div>
<div><span class=3D""
style=3D"white-space:pre">=09</span> CGroup: na=
me=3Dsystemd:/system/httpd.service</div><div><span class=3D""
style=3D"whit=
e-space:pre">=09=09</span> =E2=94=9C 1097 /usr/sbin/httpd
-DFOREGROUN=
D</div><div><span class=3D""
style=3D"white-space:pre">=09=09</span> =
=E2=94=9C 1267 /usr/sbin/httpd -DFOREGROUND</div>
<div><span class=3D""
style=3D"white-space:pre">=09=09</span> =E2=94=
=9C 1268 /usr/sbin/httpd -DFOREGROUND</div><div><span class=3D""
style=3D"w=
hite-space:pre">=09=09</span> =E2=94=9C 1269 /usr/sbin/httpd
-DFOREGR=
OUND</div><div><span class=3D""
style=3D"white-space:pre">=09=09</span> &nb=
sp;=E2=94=9C 1270 /usr/sbin/httpd -DFOREGROUND</div>
<div><span class=3D""
style=3D"white-space:pre">=09=09</span> =E2=94=
=94 1271 /usr/sbin/httpd
-DFOREGROUND</div><div><br></div><div>Jan 15 13:38=
:53 <a href=3D"http://f18engine.ceda.polimi.it"
target=3D"_blank">f18engine=
.ceda.polimi.it</a> systemd[1]: Started The Apache HTTP Server.</div>
</div><div><br></div><div><div># systemctl status
ovirt-engine.service</div=
<div>ovirt-engine.service - oVirt
Engine</div><div><span class=3D"" style=
=3D"white-space:pre">=09</span> Loaded: loaded
(/usr/lib/systemd/syst=
em/ovirt-engine.service; enabled)</div>
<div><span class=3D""
style=3D"white-space:pre">=09</span> Active: ac=
tive (running) since Tue, 2013-01-15 13:38:53 CET; 9min
ago</div><div><span=
class=3D"" style=3D"white-space:pre">=09</span> Process:
1233 ExecStart=3D=
/usr/bin/engine-service start (code=3Dexited, status=3D0/SUCCESS)</div>
<div><span class=3D""
style=3D"white-space:pre">=09</span>Main PID: 1274 (j=
ava)</div><div><span class=3D""
style=3D"white-space:pre">=09</span> =
CGroup: name=3Dsystemd:/system/ovirt-engine.service</div><div><span class=
=3D"" style=3D"white-space:pre">=09=09</span>
=E2=94=94 1274 engine-s=
ervice -server -XX:+TieredCompilation -Xms1g -Xmx1g -XX:PermSize=3D256m -XX=
:MaxPermSize=3D256m -D...</div>
<div><br></div><div>Jan 15 13:38:51 f18engine systemd[1]: Starting
oVirt En=
gine...</div><div>Jan 15 13:38:53 f18engine engine-service[1233]: Started e=
ngine process 1274.</div><div>Jan 15 13:38:53 f18engine engine-service[1233=
]: Starting engine-service: [ OK ]</div>
<div>Jan 15 13:38:53 f18engine systemd[1]: Started oVirt
Engine.</div></div=
<div><br></div><div style=3D"">On
browser I get after trying </div><d=
iv
style=3D"">server is taking to much to answer...</div><div
style=3D""><b=
r></div><div style=3D"">
Before shutdown it was ok....</div><div
style=3D""><br></div><div><br></div=
</div>
<br>_______________________________________________<br>Users mailing
list<b=
r>Users@ovirt.org<br>http://lists.ovirt.org/mailman/listinfo/users<br></blo=
ckquote><br><div>iptables?</div><div>Y.</div><div><br></div></div></body></=
html>
------=_Part_6325422_1330700309.1358256137411--
5:10 p.m.
On Tue, Jan 15, 2013 at 2:22 PM, Yaniv Kaul wrote:
iptables?
engine was configured asking to set up / override iptables, so I thought it
had to be ok.
...
oVirt Engine will be installed using the following configuration:
=================================================================
override-httpd-config: yes
http-port: 80
https-port: 443
host-fqdn: f18engine.Xxxxt
auth-pass: ********
org-name: YYYYY
default-dc-type: ISCSI
db-remote-install: local
db-local-pass: ********
nfs-mp: /ISO
config-nfs: yes
override-iptables: yes
Proceed with the configuration listed above? (yes|no): yes
...
Configuring Firewall (iptables)... [ DONE ]
...
In engine setup log file:
...
2013-01-12 15:00:38::DEBUG::engine-setup::886::root:: configuring iptables
2013-01-12 15:00:38::DEBUG::engine-setup::917::root:: # Generated by
ovirt-engine installer
#filtering rules
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 111 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 892 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 892 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 875 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 875 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 662 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 662 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2049 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 32803 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 32769 -j ACCEPT
#drop all rule
-A INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
2013-01-12 15:00:38::DEBUG::common_utils::699::root:: successfully copied
file /etc/ovirt-engine/iptables.example to target destination
/etc/sysconfig/iptables
2013-01-12 15:00:38::DEBUG::common_utils::707::root:: setting file
/etc/sysconfig/iptables uid/gid ownership
2013-01-12 15:00:38::DEBUG::common_utils::710::root:: setting file
/etc/sysconfig/iptables mode to -1
2013-01-12 15:00:38::DEBUG::engine-setup::932::root:: Restarting the
iptables service
2013-01-12 15:00:38::DEBUG::common_utils::1208::root:: stopping iptables
2013-01-12 15:00:38::DEBUG::common_utils::1245::root:: executing action
iptables on service stop
2013-01-12 15:00:38::DEBUG::common_utils::427::root:: Executing command -->
'/sbin/service iptables stop'
2013-01-12 15:00:38::DEBUG::common_utils::465::root:: output =
2013-01-12 15:00:38::DEBUG::common_utils::466::root:: stderr = Redirecting
to /bin/systemctl stop iptables.service
2013-01-12 15:00:38::DEBUG::common_utils::467::root:: retcode = 0
2013-01-12 15:00:38::DEBUG::common_utils::1198::root:: starting iptables
2013-01-12 15:00:38::DEBUG::common_utils::1245::root:: executing action
iptables on service start
2013-01-12 15:00:38::DEBUG::common_utils::427::root:: Executing command -->
'/sbin/service iptables start'
2013-01-12 15:00:38::DEBUG::common_utils::465::root:: output =
2013-01-12 15:00:38::DEBUG::common_utils::466::root:: stderr = Redirecting
to /bin/systemctl start iptables.service
2013-01-12 15:00:38::DEBUG::common_utils::467::root:: retcode = 0
2013-01-12 15:00:38::DEBUG::setup_sequences::59::root:: running _startEngine
...
BTW: I have a similar problem with an all-in-one f18 + ovirt nightly setup
running as a VM
after engine-upgrade to 3.2.0-1.20130115.git2970f58
I'm not able to reach webadmin portal from the host but only if for example
I run firefox from inside the engine itself exporting DISPAY env var.
What would be the config expected for an f18 engine?
In my case:
1) engine standalone as physical server
It seems I have
firewalld enabled
iptables disabled
ip6tables disabled
ebtables ?
but setup should have enabled it from the optionschosen.... but I don't see
it in logfile, while I see
2013-01-12 15:00:38::DEBUG::engine-setup::1567::root:: using chkconfig to
enable engine to load on system startup.
2013-01-12 15:00:38::DEBUG::common_utils::427::root:: Executing command -->
'/sbin/chkconfig ovirt-engine on'
2013-01-12 15:00:38::DEBUG::common_utils::465::root:: output =
2013-01-12 15:00:38::DEBUG::common_utils::466::root:: stderr = Note:
Forwarding request to 'systemctl enable ovirt-engine.service'.
ln -s '/usr/lib/systemd/system/ovirt-engine.service'
'/etc/systemd/system/multi-user.target.wants/ovirt-engine.service'
So could it be a bug not enabling iptables during engine-setup???
At this moment my situation:
# systemctl status firewalld.service
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: active (running) since Tue, 2013-01-15 13:38:40 CET; 1h 17min ago
Main PID: 469 (firewalld)
CGroup: name=systemd:/system/firewalld.service
└ 469 /usr/bin/python -Es /usr/sbin/firewalld --nofork
Jan 15 13:38:40 f18engine systemd[1]: Started firewalld - dynamic firewall
daemon.
# systemctl status iptables.service
iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled)
Active: inactive (dead)
CGroup: name=systemd:/system/iptables.service
# systemctl status ip6tables.service
ip6tables.service - IPv6 firewall with ip6tables
Loaded: loaded (/usr/lib/systemd/system/ip6tables.service; disabled)
Active: inactive (dead)
CGroup: name=systemd:/system/ip6tables.service
# systemctl status ebtables.service
ebtables.service - SYSV: Ethernet Bridge filtering tables
Loaded: loaded (/etc/rc.d/init.d/ebtables)
Active: inactive (dead)
CGroup: name=systemd:/system/ebtables.service
# systemctl show ebtables.service| grep onflict
Conflicts=shutdown.target
ConflictedBy=firewalld.service
so there is a problem between ebtables and firewalld (but perhaps this
service has to run only on hypervisor and not engine?)
2) engine configured as an all-in-one in a vm
[g.cecchi@f18aio ~]$ sudo systemctl status firewalld.service
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled)
Active: inactive (dead)
CGroup: name=systemd:/system/firewalld.service
[g.cecchi@f18aio ~]$ sudo systemctl status iptables.service
iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled)
Active: active (exited) since Tue, 2013-01-15 14:42:46 CET; 18min ago
Process: 31480 ExecStop=/usr/libexec/iptables/iptables.init stop
(code=exited, status=0/SUCCESS)
Process: 31523 ExecStart=/usr/libexec/iptables/iptables.init start
(code=exited, status=0/SUCCESS)
CGroup: name=systemd:/system/iptables.service
Jan 15 14:42:46 f18aio.localdomain.local systemd[1]: Starting IPv4 firewall
with iptables...
Jan 15 14:42:46 f18aio.localdomain.local iptables.init[31523]: iptables:
Applying firewall rules: WARNING: The state match is ob...tead.
Jan 15 14:42:46 f18aio.localdomain.local iptables.init[31523]: [ OK ]
Jan 15 14:42:46 f18aio.localdomain.local systemd[1]: Started IPv4 firewall
with iptables.
[g.cecchi@f18aio ~]$ sudo systemctl status ip6tables.service
ip6tables.service - IPv6 firewall with ip6tables
Loaded: loaded (/usr/lib/systemd/system/ip6tables.service; disabled)
Active: inactive (dead)
CGroup: name=systemd:/system/ip6tables.service
[g.cecchi@f18aio ~]$ sudo systemctl status ebtables.service
ebtables.service - SYSV: Ethernet Bridge filtering tables
Loaded: loaded (/etc/rc.d/init.d/ebtables)
Active: inactive (dead)
CGroup: name=systemd:/system/ebtables.service
Gianluca
6:16 p.m.
On Tue, Jan 15, 2013 at 3:10 PM, Gianluca Cecchi wrote:
BTW: I have a similar problem with an all-in-one f18 + ovirt nightly
setup
running as a VM
after engine-upgrade to 3.2.0-1.20130115.git2970f58
I found this interesting thing on my All-in-one server.
engine-setup ran on 18/12 12:34. Its log
/var/log/ovirt-engine/engine-setup_2012_12_18_12_12_34.log
contains the lines I reported above.
But if now I go in /etc/sysconfig
# ll iptables*
-rw-------. 1 root root 770 Dec 18 13:02 iptables
-rw-------. 1 root root 1449 Dec 18 13:02 iptables.20121218130224
-rw-------. 1 root root 1740 Nov 8 13:11 iptables-config
So it seems it was overridden by something else.
iptables.20121218130224 contains the engine directives I find in
engine-setup log file
Could it be that the host deploy part of AIO incorrectly replaced the
engine iptables setup instead of merging with it?
How could I merge them all?
See
current iptables (not ok for engine):
https://docs.google.com/file/d/0BwoPbcrMv8mvTmR6bThxTTJOdVU/edit
iptables at engine-setup time (ok):
https://docs.google.com/file/d/0BwoPbcrMv8mvaEprOFB1Z3JoMzg/edit
Gianluca
6:25 p.m.
On Tue, Jan 15, 2013 at 4:16 PM, Gianluca Cecchi wrote:
See
current iptables (not ok for engine):
https://docs.google.com/file/d/0BwoPbcrMv8mvTmR6bThxTTJOdVU/edit
iptables at engine-setup time (ok):
https://docs.google.com/file/d/0BwoPbcrMv8mvaEprOFB1Z3JoMzg/edit
the not working file has this in its first line, I didn't notice before
# oVirt default firewall configuration. Automatically generated by vdsm
bootstrap script.
my merged apparently working file here:
https://docs.google.com/file/d/0BwoPbcrMv8mvYmJIU3oyeFlfZ3c/edit
Gianluca
4329
days inactive
4329
days old
4 comments
2 participants
participants (2)
-
Gianluca Cecchi -
Yaniv Kaul