This is a cryptographically signed message in MIME format. --------------ms000401060805040709010003 Content-Type: multipart/mixed; boundary="------------040406050709050909000604" This is a multi-part message in MIME format. --------------040406050709050909000604 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable

----- Original Message -----

...

From: "Ji=C5=99=C3=AD Sl=C3=A9=C5=BEka" <jiri.slezka@slu.cz> To: users@ovirt.org Sent: Wednesday, June 18, 2014 8:12:09 PM Subject: [ovirt-users] host upgrade from ovirt manager and custom ipta= bles rules

Hello all,

is there any way to make custom iptables rules persistent during host upgrade? I have for example zabbix agents installed on all hosts and thus iptables rule allowing connections from our zabbix server. Sadly = I have to manually restore iptables backup after host upgrade (initiated=

...

from oVirt manager).

This should be achievable by defining the iptables rules you wish to us= e when [re]installing using the engine-config tool:

thanks a lot for reply

1. Check the existing iptables rules: sudo engine-config -g IPTablesConfig

this displays whole iptables template. Interesting thing is that there=20 is a variable @CUSTOM_RULES@. Maybe custom rules could be defined this wa= y?

2. Define the desired iptables: sudo engine-config -s IPTablesConfig=3D"Your rules"

I entered... engine-config -s IPTablesConfig=3D"-A INPUT -p tcp -m state --state NEW -= m=20 tcp -s xx.xx.xx.xx --dport 10050 -j ACCEPT" =2E..and it looks like this overwrite entire IPTablesConfig template...

3. Verify the changes sudo engine-config -g IPTablesConfig

=2E..because this displays only just my one line above. I have copy of default template but I have no idea how to set this=20 variable with multi line text. I tried inserting \n but it is not=20 converted to newlines. Any ideas? Btw. these variables are stored in database? Thanks in advance, Jiri

4. Restart the engine for changes to take effect

5. Reinstall the host and verify the iptables rule.

...

And another question I have always wanted to ask... It looks like host=

...

upgrade is upgrading just vdsm components and no others virtualization= stuff

this was updatet after clicking to "host upgrade"

Jun 18 18:21:38 Updated: iproute-2.6.32-32.el6_5.x86_64 Jun 18 18:21:59 Installed: vdsm-python-zombiereaper-4.14.7-3.el6ev.noa= rch Jun 18 18:21:59 Updated: vdsm-python-4.14.7-3.el6ev.x86_64 Jun 18 18:21:59 Updated: vdsm-xmlrpc-4.14.7-3.el6ev.noarch Jun 18 18:21:59 Updated: vdsm-cli-4.14.7-3.el6ev.noarch Jun 18 18:22:26 Updated: vdsm-4.14.7-3.el6ev.x86_64 Jun 18 18:22:27 Updated: 2:qemu-kvm-rhev-tools-0.12.1.2-2.415.el6_5.10.x86_64

and after that I run yum update and updated this components (honestly this one was rhev host but ovirt behave the same)

Jun 18 18:26:59 Updated: selinux-policy-3.7.19-231.el6_5.3.noarch Jun 18 18:27:03 Updated: tzdata-2014d-1.el6.noarch Jun 18 18:27:10 Updated: glibc-2.12-1.132.el6_5.2.x86_64 Jun 18 18:27:22 Updated: glibc-common-2.12-1.132.el6_5.2.x86_64 Jun 18 18:27:22 Updated: audit-libs-2.2-4.el6_5.x86_64 Jun 18 18:27:22 Updated: libxml2-2.7.6-14.el6_5.1.x86_64 Jun 18 18:27:22 Updated: libcurl-7.19.7-37.el6_5.3.x86_64 Jun 18 18:27:23 Updated: 2:qemu-img-rhev-0.12.1.2-2.415.el6_5.10.x86_6= 4 Jun 18 18:27:23 Updated: libtasn1-2.3-6.el6_5.x86_64 Jun 18 18:27:23 Updated: gnutls-2.8.5-14.el6_5.x86_64 Jun 18 18:27:25 Updated: openssl-1.0.1e-16.el6_5.14.x86_64 Jun 18 18:27:25 Updated: spice-server-0.12.4-6.el6_5.2.x86_64 Jun 18 18:27:25 Updated: gnutls-utils-2.8.5-14.el6_5.x86_64 Jun 18 18:27:25 Updated: pm-utils-1.2.5-10.el6_5.1.x86_64 Jun 18 18:27:28 Updated: libvirt-client-0.10.2-29.el6_5.9.x86_64 Jun 18 18:27:30 Updated: libvirt-0.10.2-29.el6_5.9.x86_64 Jun 18 18:27:30 Updated: libvirt-python-0.10.2-29.el6_5.9.x86_64 Jun 18 18:27:30 Updated: mom-0.4.0-1.el6ev.noarch Jun 18 18:27:30 Updated: libvirt-lock-sanlock-0.10.2-29.el6_5.9.x86_64=

...

Jun 18 18:27:32 Updated: 2:qemu-kvm-rhev-0.12.1.2-2.415.el6_5.10.x86_6= 4 Jun 18 18:27:32 Updated: python-rhsm-1.9.7-1.el6_5.x86_64 Jun 18 18:27:32 Updated: curl-7.19.7-37.el6_5.3.x86_64 Jun 18 18:27:33 Updated: libxml2-python-2.7.6-14.el6_5.1.x86_64 Jun 18 18:27:33 Updated: audit-libs-python-2.2-4.el6_5.x86_64 Jun 18 18:27:33 Updated: audit-2.2-4.el6_5.x86_64 Jun 18 18:27:33 Updated: mdadm-3.2.6-7.el6_5.2.x86_64 Jun 18 18:27:33 Updated: python-cpopen-1.3-2.el6_5.x86_64 Jun 18 18:28:30 Updated: selinux-policy-targeted-3.7.19-231.el6_5.3.no= arch Jun 18 18:28:30 Updated: python-pthreading-0.1.3-1.el6ev.noarch

I believe qemu-img-rhev, spice-server, libvirt, mom,... are important components too. Should not be upgraded as well?

Thanks for clarification,

Jiri

_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users

--------------040406050709050909000604 Content-Type: text/x-vcard; charset=utf-8; name="jiri_slezka.vcf" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="jiri_slezka.vcf" YmVnaW46dmNhcmQNCmZuO3F1b3RlZC1wcmludGFibGU6SW5nLiBKaT1DNT05OT1DMz1BRCBT bD1DMz1BOT1DNT1CRWthDQpuO3F1b3RlZC1wcmludGFibGU7cXVvdGVkLXByaW50YWJsZTpT bD1DMz1BOT1DNT1CRWthO0ppPUM1PTk5PUMzPUFEDQpvcmc7cXVvdGVkLXByaW50YWJsZTtx dW90ZWQtcHJpbnRhYmxlOlNsZXpzaz1DMz1BMSB1bml2ZXJ6aXRhIHYgT3Bhdj1DND05QjtD ZW50cnVtIGluZm9ybWE9QzQ9OERuPUMzPUFEY2ggdGVjaG5vbG9naT1DMz1BRA0KYWRyO3F1 b3RlZC1wcmludGFibGU7cXVvdGVkLXByaW50YWJsZTpOYSBSeWJuPUMzPUFEPUM0PThEa3Ug MTs7Q0lULCBTbGV6c2s9QzM9QTEgdW5pdmVyeml0YSB2IE9wYXY9QzQ9OUI7T3BhdmE7Ozc0 NjAxO0N6ZWNoIFJlcHVibGljDQplbWFpbDtpbnRlcm5ldDpqaXJpLnNsZXprYUBzbHUuY3oN CnRpdGxlO3F1b3RlZC1wcmludGFibGU6U3ByPUMzPUExdmNlIHM9QzM9QUR0PUM0PTlCIGEg YXBsaWthYz1DMz1BRA0KdGVsO3dvcms6KzQyMCA1NTMgNjg0IDY5Ng0KeC1tb3ppbGxhLWh0 bWw6RkFMU0UNCnVybDpodHRwOi8vd3d3LnNsdS5jeg0KdmVyc2lvbjoyLjENCmVuZDp2Y2Fy ZA0KDQo= --------------040406050709050909000604-- --------------ms000401060805040709010003 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: Elektronicky podpis S/MIME MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJZjCC BJswggODoAMCAQICEFVyFjoambpWOjuqgDsl/VswDQYJKoZIhvcNAQEFBQAwOzELMAkGA1UE BhMCTkwxDzANBgNVBAoTBlRFUkVOQTEbMBkGA1UEAxMSVEVSRU5BIFBlcnNvbmFsIENBMB4X DTEyMTEyNzAwMDAwMFoXDTE0MTEyNzIzNTk1OVowZTELMAkGA1UEBhMCQ1oxJTAjBgNVBAoM HFNsZXpza8OhIHVuaXZlcnppdGEgdiBPcGF2xJsxGDAWBgNVBAMMD0ppxZnDrSBTbMOpxb5r YTEVMBMGCSqGSIb3DQEJAhYGc2xlemthMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAtbqepY7nJ2kyAZxv/HS4tUEyXDh2ovWpQEI3triEqomfGE0aOqkHB0j/z2Oq0IeC+U91 TIpAoTPP+7fYR5rpcTfWPOW745RW4rJ6lj57Y+ZSqY0ID9vHe2nBxSnY2mWGIg///MWSbWrX Pbsxoemn6rb5ZP/1W9oPbkdTI3omEsdX2JlLbjYG3tcwxMvvQUMz3XEXMPz/Vi4SsG+1N49X C+Qw/KI9tYoUqVDZPTQhS4S/zu/ediv2ZH7MwIWo23lhkFU83fDtrpgwsrjIgfHNqIhak0Ly EuiQlxQGrvBplO29S1odQlJBIOpNQU99DElbtNRb1O3LFAUw4dTjMe7ObwIDAQABo4IBbzCC AWswHwYDVR0jBBgwFoAUY01DWhlIP8RGwQK6v+4O5YK3ZqYwHQYDVR0OBBYEFGLVBIcIvL2c hB6HdEbdqflwgrTTMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQG CCsGAQUFBwMEBggrBgEFBQcDAjAYBgNVHSAEETAPMA0GCysGAQQBsjEBAgIdMD8GA1UdHwQ4 MDYwNKAyoDCGLmh0dHA6Ly9jcmwudGNzLnRlcmVuYS5vcmcvVEVSRU5BUGVyc29uYWxDQS5j cmwwcgYIKwYBBQUHAQEEZjBkMDoGCCsGAQUFBzAChi5odHRwOi8vY3J0LnRjcy50ZXJlbmEu b3JnL1RFUkVOQVBlcnNvbmFsQ0EuY3J0MCYGCCsGAQUFBzABhhpodHRwOi8vb2NzcC50Y3Mu dGVyZW5hLm9yZzAdBgNVHREEFjAUgRJqaXJpLnNsZXprYUBzbHUuY3owDQYJKoZIhvcNAQEF BQADggEBAAXIoOnvYifhjAyW1oALfQSl8UemLGYSXiOsoosWx/2yG2/WlULU1lyqOkqztden dQdt5JZ1Y91HFWRmGGyq+a5kZseYRcpRxEKhJtLngrA24arcvouC/1Wev0RO4d0CKQa/wuC5 yfXIqhn60XJh51mHtbZ4k0jY+U/eNhTWns2Q0NZbR+u3SMrQRa31Df0wmMJvnZkd7cqKF3ur 543ojxAlIVDEUanWPndyljm4ZlAUxmwfmYTd0fRbCl+pDNG+gJnXQO6uvt/yoKNxAaBBFwh0 zmj8k6dCrcpeOKXw+T2mqjSO+6SQBQugGeOSxZA8gZ7rUtf6oNnIZwfxyqoHTVQwggTDMIID q6ADAgECAhBz/lf637jFCIF7Zrlr8C3vMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYDVQQGEwJV UzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUg VVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2 MDQGA1UEAxMtVVROLVVTRVJGaXJzdC1DbGllbnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWls MB4XDTA5MDUxODAwMDAwMFoXDTI4MTIzMTIzNTk1OVowOzELMAkGA1UEBhMCTkwxDzANBgNV BAoTBlRFUkVOQTEbMBkGA1UEAxMSVEVSRU5BIFBlcnNvbmFsIENBMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEAyBXZ9TNqI6GQDc+7BUTDqx9KNYUaIYWgT/jwQOJKQ5v+W7Gw v7RX3HWAQUtkGvbbT2+P0CVFNfnqy0r6+9rT7UWIEZQ25MyoDe/FPTftFnvjwpWeWDN/Ivv4 /+zmvtuuCmUlIofab4SLRuhAhig/v1YI4krpg6LpIvst+rYoH5HBw3H7U8ArTqQMoW6dVe3s 4SSHOgjiDRzkxE3Qyyf6hGTm0ZedViRbk7spLkPiQWo94kpl/JpfWoaHvIfHeYCWmVHGkA9k kZl9EN2sLAMq4Xhk/s49TvQrUBFL0VjUmwPwf/U7U7BTQ/vFL8QEKRo6rNdV6dEOldE7MX94 T64pLQIDAQABo4IBTTCCAUkwHwYDVR0jBBgwFoAUiYJnfcSdJnAAS7RQSHzePa4Ebn0wHQYD VR0OBBYEFGNNQ1oZSD/ERsECur/uDuWCt2amMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8E CDAGAQH/AgEAMBgGA1UdIAQRMA8wDQYLKwYBBAGyMQECAh0wWAYDVR0fBFEwTzBNoEugSYZH aHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VUTi1VU0VSRmlyc3QtQ2xpZW50QXV0aGVudGlj YXRpb25hbmRFbWFpbC5jcmwwbwYIKwYBBQUHAQEEYzBhMDgGCCsGAQUFBzAChixodHRwOi8v Y3J0LnVzZXJ0cnVzdC5jb20vVVROQUFBQ2xpZW50X0NBLmNydDAlBggrBgEFBQcwAYYZaHR0 cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQUFAAOCAQEABiupUy8T3Fw5FsyG n15Me3L77I1Vil6aCv9TTHb0Bj1Qz1fwos+vmYyq/qAZdj6ZAzL6dYM4irtrmqUME7LUG3bm lC5nmFnjkWwCkJqcyGBLVavKiFqNK+VplQMH0dQO/CQiLlmxY6Rf7dkjcuSczjpcbB9PqQDJ Hf76f0Utti6E3Q8noFkYTtV2JUX0mSZ522+fI/dDuysPBKOBJiy3ezX5PXdfQCHmfx2lllq9 0MsWOmy7YYuK/QQ5RArLLOHLzi4QmBrb4JPtSWRkCCCft6NQ8KLdyrTGfAw9514V3CeG5Do7 UloXq6kGUyudCXNkHAHD/TDShwNv5BUDejlfaDGCAwcwggMDAgEBME8wOzELMAkGA1UEBhMC TkwxDzANBgNVBAoTBlRFUkVOQTEbMBkGA1UEAxMSVEVSRU5BIFBlcnNvbmFsIENBAhBVchY6 Gpm6Vjo7qoA7Jf1bMAkGBSsOAwIaBQCgggGNMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEw HAYJKoZIhvcNAQkFMQ8XDTE0MDYxOTEyMjU0OVowIwYJKoZIhvcNAQkEMRYEFObeG9lTV7Jp hU98mEzM9r7qiXO5MF4GCSsGAQQBgjcQBDFRME8wOzELMAkGA1UEBhMCTkwxDzANBgNVBAoT BlRFUkVOQTEbMBkGA1UEAxMSVEVSRU5BIFBlcnNvbmFsIENBAhBVchY6Gpm6Vjo7qoA7Jf1b MGAGCyqGSIb3DQEJEAILMVGgTzA7MQswCQYDVQQGEwJOTDEPMA0GA1UEChMGVEVSRU5BMRsw GQYDVQQDExJURVJFTkEgUGVyc29uYWwgQ0ECEFVyFjoambpWOjuqgDsl/VswbAYJKoZIhvcN AQkPMV8wXTALBglghkgBZQMEASowCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3 DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG 9w0BAQEFAASCAQBoqr+WWA3clNPwTVQaqnObBxchnUF8bJMuh3goyG2XgXUnn+9kwlkKmOzk tKzxmC9LSYDAmxaYLTZOgIFq4yKGpPLhio+mDom3vFMLEi7bmJn0zNM6iczK8xH61Ga/84D1 vOVghwAwcQq0J/9iJ1QPcZSx4F+KO+Am/3pILXqMZ6tz2WjES08PiLJzDSy8o28j+B3EUD4H +iMXSWk4wQt6KJHw9xaZFXAH47LCbUQQl/nReqGNBc2G0o//IUy5u31aUKkSc1b4SSA4DHLc uDzB0+ndr6OL8UUb22PXx8ZLA6AK9usQ3q/Pj9Yo4PeJM8x8XgbtwVGnWBVtIKBDpZeEAAAA AAAA --------------ms000401060805040709010003--

----- Original Message -----

From: "Moti Asayag" <masayag@redhat.com> To: "Jiří Sléžka" <jiri.slezka@slu.cz>, "Alon Bar-Lev" <abarlev@redhat.com> Cc: users@ovirt.org Sent: Friday, June 20, 2014 1:12:58 AM Subject: Re: [ovirt-users] host upgrade from ovirt manager and custom iptables rules

----- Original Message -----

...

From: "Jiří Sléžka" <jiri.slezka@slu.cz> To: "Moti Asayag" <masayag@redhat.com> Cc: users@ovirt.org Sent: Thursday, June 19, 2014 3:25:49 PM Subject: Re: [ovirt-users] host upgrade from ovirt manager and custom iptables rules

...

----- Original Message -----

...

From: "Jiří Sléžka" <jiri.slezka@slu.cz> To: users@ovirt.org Sent: Wednesday, June 18, 2014 8:12:09 PM Subject: [ovirt-users] host upgrade from ovirt manager and custom iptables rules

Hello all,

is there any way to make custom iptables rules persistent during host upgrade? I have for example zabbix agents installed on all hosts and thus iptables rule allowing connections from our zabbix server. Sadly I have to manually restore iptables backup after host upgrade (initiated from oVirt manager).

This should be achievable by defining the iptables rules you wish to use when [re]installing using the engine-config tool:

thanks a lot for reply

...

1. Check the existing iptables rules: sudo engine-config -g IPTablesConfig

this displays whole iptables template. Interesting thing is that there is a variable @CUSTOM_RULES@. Maybe custom rules could be defined this way?

Adding Alon to reply on @CUSTOM_RULES@

These are to be replaced with gluster specific or virt specific or both, see IPTablesConfigForVirt, IPTablesConfigForGluster. I must note that there is no real support for manual modification of the iptables rules, as once you change it, you do not enjoy future product updates, such as upcoming kdump fence listener daemon. However, moti, we can add another vdc config for user defined rules, it should be sufficient in most cases.

...

...

2. Define the desired iptables: sudo engine-config -s IPTablesConfig="Your rules"

I entered...

engine-config -s IPTablesConfig="-A INPUT -p tcp -m state --state NEW -m tcp -s xx.xx.xx.xx --dport 10050 -j ACCEPT"

...and it looks like this overwrite entire IPTablesConfig template...

...

3. Verify the changes sudo engine-config -g IPTablesConfig

...because this displays only just my one line above.

I have copy of default template but I have no idea how to set this variable with multi line text. I tried inserting \n but it is not converted to newlines. Any ideas?

to me i worked by pasting the file content in the command line: engine-config -s IPTablesConfig=" <paste multi-line content>"

...

Btw. these variables are stored in database?

Yes, in vdc_options table:

select * from vdc_options where option_name = 'IPTablesConfig';

...

Thanks in advance,

Jiri

...

4. Restart the engine for changes to take effect

5. Reinstall the host and verify the iptables rule.

...

And another question I have always wanted to ask... It looks like host upgrade is upgrading just vdsm components and no others virtualization stuff

this was updatet after clicking to "host upgrade"

Jun 18 18:21:38 Updated: iproute-2.6.32-32.el6_5.x86_64 Jun 18 18:21:59 Installed: vdsm-python-zombiereaper-4.14.7-3.el6ev.noarch Jun 18 18:21:59 Updated: vdsm-python-4.14.7-3.el6ev.x86_64 Jun 18 18:21:59 Updated: vdsm-xmlrpc-4.14.7-3.el6ev.noarch Jun 18 18:21:59 Updated: vdsm-cli-4.14.7-3.el6ev.noarch Jun 18 18:22:26 Updated: vdsm-4.14.7-3.el6ev.x86_64 Jun 18 18:22:27 Updated: 2:qemu-kvm-rhev-tools-0.12.1.2-2.415.el6_5.10.x86_64

and after that I run yum update and updated this components (honestly this one was rhev host but ovirt behave the same)

Jun 18 18:26:59 Updated: selinux-policy-3.7.19-231.el6_5.3.noarch Jun 18 18:27:03 Updated: tzdata-2014d-1.el6.noarch Jun 18 18:27:10 Updated: glibc-2.12-1.132.el6_5.2.x86_64 Jun 18 18:27:22 Updated: glibc-common-2.12-1.132.el6_5.2.x86_64 Jun 18 18:27:22 Updated: audit-libs-2.2-4.el6_5.x86_64 Jun 18 18:27:22 Updated: libxml2-2.7.6-14.el6_5.1.x86_64 Jun 18 18:27:22 Updated: libcurl-7.19.7-37.el6_5.3.x86_64 Jun 18 18:27:23 Updated: 2:qemu-img-rhev-0.12.1.2-2.415.el6_5.10.x86_64 Jun 18 18:27:23 Updated: libtasn1-2.3-6.el6_5.x86_64 Jun 18 18:27:23 Updated: gnutls-2.8.5-14.el6_5.x86_64 Jun 18 18:27:25 Updated: openssl-1.0.1e-16.el6_5.14.x86_64 Jun 18 18:27:25 Updated: spice-server-0.12.4-6.el6_5.2.x86_64 Jun 18 18:27:25 Updated: gnutls-utils-2.8.5-14.el6_5.x86_64 Jun 18 18:27:25 Updated: pm-utils-1.2.5-10.el6_5.1.x86_64 Jun 18 18:27:28 Updated: libvirt-client-0.10.2-29.el6_5.9.x86_64 Jun 18 18:27:30 Updated: libvirt-0.10.2-29.el6_5.9.x86_64 Jun 18 18:27:30 Updated: libvirt-python-0.10.2-29.el6_5.9.x86_64 Jun 18 18:27:30 Updated: mom-0.4.0-1.el6ev.noarch Jun 18 18:27:30 Updated: libvirt-lock-sanlock-0.10.2-29.el6_5.9.x86_64 Jun 18 18:27:32 Updated: 2:qemu-kvm-rhev-0.12.1.2-2.415.el6_5.10.x86_64 Jun 18 18:27:32 Updated: python-rhsm-1.9.7-1.el6_5.x86_64 Jun 18 18:27:32 Updated: curl-7.19.7-37.el6_5.3.x86_64 Jun 18 18:27:33 Updated: libxml2-python-2.7.6-14.el6_5.1.x86_64 Jun 18 18:27:33 Updated: audit-libs-python-2.2-4.el6_5.x86_64 Jun 18 18:27:33 Updated: audit-2.2-4.el6_5.x86_64 Jun 18 18:27:33 Updated: mdadm-3.2.6-7.el6_5.2.x86_64 Jun 18 18:27:33 Updated: python-cpopen-1.3-2.el6_5.x86_64 Jun 18 18:28:30 Updated: selinux-policy-targeted-3.7.19-231.el6_5.3.noarch Jun 18 18:28:30 Updated: python-pthreading-0.1.3-1.el6ev.noarch

I believe qemu-img-rhev, spice-server, libvirt, mom,... are important components too. Should not be upgraded as well?

Thanks for clarification,

Jiri

_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users

_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users

This is a cryptographically signed message in MIME format. --------------ms080602070905010903070203 Content-Type: multipart/mixed; boundary="------------090604040009000802020806" This is a multi-part message in MIME format. --------------090604040009000802020806 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable Dne 20.6.2014 7:34, Moti Asayag napsal(a):

----- Original Message -----

...

From: "Alon Bar-Lev" <alonbl@redhat.com> To: "Moti Asayag" <masayag@redhat.com> Cc: "Ji=C5=99=C3=AD Sl=C3=A9=C5=BEka" <jiri.slezka@slu.cz>, users@ovir=

t.org

...

Sent: Friday, June 20, 2014 1:19:25 AM Subject: Re: [ovirt-users] host upgrade from ovirt manager and custom = iptables rules

----- Original Message -----

...

From: "Moti Asayag" <masayag@redhat.com> To: "Ji=C5=99=C3=AD Sl=C3=A9=C5=BEka" <jiri.slezka@slu.cz>, "Alon Bar= -Lev" <abarlev@redhat.com> Cc: users@ovirt.org Sent: Friday, June 20, 2014 1:12:58 AM Subject: Re: [ovirt-users] host upgrade from ovirt manager and custom=

...

...

iptables rules

...

From: "Ji=C5=99=C3=AD Sl=C3=A9=C5=BEka" <jiri.slezka@slu.cz> To: "Moti Asayag" <masayag@redhat.com> Cc: users@ovirt.org Sent: Thursday, June 19, 2014 3:25:49 PM Subject: Re: [ovirt-users] host upgrade from ovirt manager and custo= m iptables rules

...

----- Original Message -----

...

From: "Ji=C5=99=C3=AD Sl=C3=A9=C5=BEka" <jiri.slezka@slu.cz> To: users@ovirt.org Sent: Wednesday, June 18, 2014 8:12:09 PM Subject: [ovirt-users] host upgrade from ovirt manager and custom iptables rules

Hello all,

is there any way to make custom iptables rules persistent during h= ost upgrade? I have for example zabbix agents installed on all hosts a= nd thus iptables rule allowing connections from our zabbix server. Sa=

----- Original Message ----- dly

...

...

...

I have to manually restore iptables backup after host upgrade (initi= ated from oVirt manager).

This should be achievable by defining the iptables rules you wish t= o use when [re]installing using the engine-config tool:

thanks a lot for reply

...

1. Check the existing iptables rules: sudo engine-config -g IPTablesConfig

this displays whole iptables template. Interesting thing is that the= re is a variable @CUSTOM_RULES@. Maybe custom rules could be defined th= is way?

Adding Alon to reply on @CUSTOM_RULES@

These are to be replaced with gluster specific or virt specific or bot= h, see IPTablesConfigForVirt, IPTablesConfigForGluster.

I must note that there is no real support for manual modification of t= he iptables rules, as once you change it, you do not enjoy future product=

...

updates, such as upcoming kdump fence listener daemon.

However, moti, we can add another vdc config for user defined rules, i= t should be sufficient in most cases.

Sounds reasonable.

Jiri, would you like to open RFE for it ?

Of course, Bug 1111513 - [RFE] custom iptables rules Thanks! Jiri

...

...

...

...

2. Define the desired iptables: sudo engine-config -s IPTablesConfig=3D"Your rules"

I entered...

engine-config -s IPTablesConfig=3D"-A INPUT -p tcp -m state --state =

NEW -m

...

...

...

tcp -s xx.xx.xx.xx --dport 10050 -j ACCEPT"

...and it looks like this overwrite entire IPTablesConfig template..= =2E

...

3. Verify the changes sudo engine-config -g IPTablesConfig

...because this displays only just my one line above.

I have copy of default template but I have no idea how to set this variable with multi line text. I tried inserting \n but it is not converted to newlines. Any ideas?

to me i worked by pasting the file content in the command line: engine-config -s IPTablesConfig=3D" <paste multi-line content>"

...

Btw. these variables are stored in database?

Yes, in vdc_options table:

select * from vdc_options where option_name =3D 'IPTablesConfig';

...

Thanks in advance,

Jiri

...

4. Restart the engine for changes to take effect

5. Reinstall the host and verify the iptables rule.

...

And another question I have always wanted to ask... It looks like =

host

...

...

...

upgrade is upgrading just vdsm components and no others virtualiza= tion stuff

this was updatet after clicking to "host upgrade"

Jun 18 18:21:38 Updated: iproute-2.6.32-32.el6_5.x86_64 Jun 18 18:21:59 Installed: vdsm-python-zombiereaper-4.14.7-3.el6ev.noarch Jun 18 18:21:59 Updated: vdsm-python-4.14.7-3.el6ev.x86_64 Jun 18 18:21:59 Updated: vdsm-xmlrpc-4.14.7-3.el6ev.noarch Jun 18 18:21:59 Updated: vdsm-cli-4.14.7-3.el6ev.noarch Jun 18 18:22:26 Updated: vdsm-4.14.7-3.el6ev.x86_64 Jun 18 18:22:27 Updated: 2:qemu-kvm-rhev-tools-0.12.1.2-2.415.el6_5.10.x86_64

and after that I run yum update and updated this components (hones= tly this one was rhev host but ovirt behave the same)

Jun 18 18:26:59 Updated: selinux-policy-3.7.19-231.el6_5.3.noarch Jun 18 18:27:03 Updated: tzdata-2014d-1.el6.noarch Jun 18 18:27:10 Updated: glibc-2.12-1.132.el6_5.2.x86_64 Jun 18 18:27:22 Updated: glibc-common-2.12-1.132.el6_5.2.x86_64 Jun 18 18:27:22 Updated: audit-libs-2.2-4.el6_5.x86_64 Jun 18 18:27:22 Updated: libxml2-2.7.6-14.el6_5.1.x86_64 Jun 18 18:27:22 Updated: libcurl-7.19.7-37.el6_5.3.x86_64 Jun 18 18:27:23 Updated: 2:qemu-img-rhev-0.12.1.2-2.415.el6_5.10.x86_64 Jun 18 18:27:23 Updated: libtasn1-2.3-6.el6_5.x86_64 Jun 18 18:27:23 Updated: gnutls-2.8.5-14.el6_5.x86_64 Jun 18 18:27:25 Updated: openssl-1.0.1e-16.el6_5.14.x86_64 Jun 18 18:27:25 Updated: spice-server-0.12.4-6.el6_5.2.x86_64 Jun 18 18:27:25 Updated: gnutls-utils-2.8.5-14.el6_5.x86_64 Jun 18 18:27:25 Updated: pm-utils-1.2.5-10.el6_5.1.x86_64 Jun 18 18:27:28 Updated: libvirt-client-0.10.2-29.el6_5.9.x86_64 Jun 18 18:27:30 Updated: libvirt-0.10.2-29.el6_5.9.x86_64 Jun 18 18:27:30 Updated: libvirt-python-0.10.2-29.el6_5.9.x86_64 Jun 18 18:27:30 Updated: mom-0.4.0-1.el6ev.noarch Jun 18 18:27:30 Updated: libvirt-lock-sanlock-0.10.2-29.el6_5.9.x8= 6_64 Jun 18 18:27:32 Updated: 2:qemu-kvm-rhev-0.12.1.2-2.415.el6_5.10.x86_64 Jun 18 18:27:32 Updated: python-rhsm-1.9.7-1.el6_5.x86_64 Jun 18 18:27:32 Updated: curl-7.19.7-37.el6_5.3.x86_64 Jun 18 18:27:33 Updated: libxml2-python-2.7.6-14.el6_5.1.x86_64 Jun 18 18:27:33 Updated: audit-libs-python-2.2-4.el6_5.x86_64 Jun 18 18:27:33 Updated: audit-2.2-4.el6_5.x86_64 Jun 18 18:27:33 Updated: mdadm-3.2.6-7.el6_5.2.x86_64 Jun 18 18:27:33 Updated: python-cpopen-1.3-2.el6_5.x86_64 Jun 18 18:28:30 Updated: selinux-policy-targeted-3.7.19-231.el6_5.3.noarch Jun 18 18:28:30 Updated: python-pthreading-0.1.3-1.el6ev.noarch

I believe qemu-img-rhev, spice-server, libvirt, mom,... are import= ant components too. Should not be upgraded as well?

Thanks for clarification,

Jiri

_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users

_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users

--------------090604040009000802020806 Content-Type: text/x-vcard; charset=utf-8; name="jiri_slezka.vcf" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="jiri_slezka.vcf" YmVnaW46dmNhcmQNCmZuO3F1b3RlZC1wcmludGFibGU6SW5nLiBKaT1DNT05OT1DMz1BRCBT bD1DMz1BOT1DNT1CRWthDQpuO3F1b3RlZC1wcmludGFibGU7cXVvdGVkLXByaW50YWJsZTpT bD1DMz1BOT1DNT1CRWthO0ppPUM1PTk5PUMzPUFEDQpvcmc7cXVvdGVkLXByaW50YWJsZTtx dW90ZWQtcHJpbnRhYmxlOlNsZXpzaz1DMz1BMSB1bml2ZXJ6aXRhIHYgT3Bhdj1DND05QjtD ZW50cnVtIGluZm9ybWE9QzQ9OERuPUMzPUFEY2ggdGVjaG5vbG9naT1DMz1BRA0KYWRyO3F1 b3RlZC1wcmludGFibGU7cXVvdGVkLXByaW50YWJsZTpOYSBSeWJuPUMzPUFEPUM0PThEa3Ug MTs7Q0lULCBTbGV6c2s9QzM9QTEgdW5pdmVyeml0YSB2IE9wYXY9QzQ9OUI7T3BhdmE7Ozc0 NjAxO0N6ZWNoIFJlcHVibGljDQplbWFpbDtpbnRlcm5ldDpqaXJpLnNsZXprYUBzbHUuY3oN CnRpdGxlO3F1b3RlZC1wcmludGFibGU6U3ByPUMzPUExdmNlIHM9QzM9QUR0PUM0PTlCIGEg YXBsaWthYz1DMz1BRA0KdGVsO3dvcms6KzQyMCA1NTMgNjg0IDY5Ng0KeC1tb3ppbGxhLWh0 bWw6RkFMU0UNCnVybDpodHRwOi8vd3d3LnNsdS5jeg0KdmVyc2lvbjoyLjENCmVuZDp2Y2Fy ZA0KDQo= --------------090604040009000802020806-- --------------ms080602070905010903070203 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: Elektronicky podpis S/MIME MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJZjCC BJswggODoAMCAQICEFVyFjoambpWOjuqgDsl/VswDQYJKoZIhvcNAQEFBQAwOzELMAkGA1UE BhMCTkwxDzANBgNVBAoTBlRFUkVOQTEbMBkGA1UEAxMSVEVSRU5BIFBlcnNvbmFsIENBMB4X DTEyMTEyNzAwMDAwMFoXDTE0MTEyNzIzNTk1OVowZTELMAkGA1UEBhMCQ1oxJTAjBgNVBAoM HFNsZXpza8OhIHVuaXZlcnppdGEgdiBPcGF2xJsxGDAWBgNVBAMMD0ppxZnDrSBTbMOpxb5r YTEVMBMGCSqGSIb3DQEJAhYGc2xlemthMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAtbqepY7nJ2kyAZxv/HS4tUEyXDh2ovWpQEI3triEqomfGE0aOqkHB0j/z2Oq0IeC+U91 TIpAoTPP+7fYR5rpcTfWPOW745RW4rJ6lj57Y+ZSqY0ID9vHe2nBxSnY2mWGIg///MWSbWrX Pbsxoemn6rb5ZP/1W9oPbkdTI3omEsdX2JlLbjYG3tcwxMvvQUMz3XEXMPz/Vi4SsG+1N49X C+Qw/KI9tYoUqVDZPTQhS4S/zu/ediv2ZH7MwIWo23lhkFU83fDtrpgwsrjIgfHNqIhak0Ly EuiQlxQGrvBplO29S1odQlJBIOpNQU99DElbtNRb1O3LFAUw4dTjMe7ObwIDAQABo4IBbzCC AWswHwYDVR0jBBgwFoAUY01DWhlIP8RGwQK6v+4O5YK3ZqYwHQYDVR0OBBYEFGLVBIcIvL2c hB6HdEbdqflwgrTTMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQG CCsGAQUFBwMEBggrBgEFBQcDAjAYBgNVHSAEETAPMA0GCysGAQQBsjEBAgIdMD8GA1UdHwQ4 MDYwNKAyoDCGLmh0dHA6Ly9jcmwudGNzLnRlcmVuYS5vcmcvVEVSRU5BUGVyc29uYWxDQS5j cmwwcgYIKwYBBQUHAQEEZjBkMDoGCCsGAQUFBzAChi5odHRwOi8vY3J0LnRjcy50ZXJlbmEu b3JnL1RFUkVOQVBlcnNvbmFsQ0EuY3J0MCYGCCsGAQUFBzABhhpodHRwOi8vb2NzcC50Y3Mu dGVyZW5hLm9yZzAdBgNVHREEFjAUgRJqaXJpLnNsZXprYUBzbHUuY3owDQYJKoZIhvcNAQEF BQADggEBAAXIoOnvYifhjAyW1oALfQSl8UemLGYSXiOsoosWx/2yG2/WlULU1lyqOkqztden dQdt5JZ1Y91HFWRmGGyq+a5kZseYRcpRxEKhJtLngrA24arcvouC/1Wev0RO4d0CKQa/wuC5 yfXIqhn60XJh51mHtbZ4k0jY+U/eNhTWns2Q0NZbR+u3SMrQRa31Df0wmMJvnZkd7cqKF3ur 543ojxAlIVDEUanWPndyljm4ZlAUxmwfmYTd0fRbCl+pDNG+gJnXQO6uvt/yoKNxAaBBFwh0 zmj8k6dCrcpeOKXw+T2mqjSO+6SQBQugGeOSxZA8gZ7rUtf6oNnIZwfxyqoHTVQwggTDMIID q6ADAgECAhBz/lf637jFCIF7Zrlr8C3vMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYDVQQGEwJV UzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUg VVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2 MDQGA1UEAxMtVVROLVVTRVJGaXJzdC1DbGllbnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWls MB4XDTA5MDUxODAwMDAwMFoXDTI4MTIzMTIzNTk1OVowOzELMAkGA1UEBhMCTkwxDzANBgNV BAoTBlRFUkVOQTEbMBkGA1UEAxMSVEVSRU5BIFBlcnNvbmFsIENBMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEAyBXZ9TNqI6GQDc+7BUTDqx9KNYUaIYWgT/jwQOJKQ5v+W7Gw v7RX3HWAQUtkGvbbT2+P0CVFNfnqy0r6+9rT7UWIEZQ25MyoDe/FPTftFnvjwpWeWDN/Ivv4 /+zmvtuuCmUlIofab4SLRuhAhig/v1YI4krpg6LpIvst+rYoH5HBw3H7U8ArTqQMoW6dVe3s 4SSHOgjiDRzkxE3Qyyf6hGTm0ZedViRbk7spLkPiQWo94kpl/JpfWoaHvIfHeYCWmVHGkA9k kZl9EN2sLAMq4Xhk/s49TvQrUBFL0VjUmwPwf/U7U7BTQ/vFL8QEKRo6rNdV6dEOldE7MX94 T64pLQIDAQABo4IBTTCCAUkwHwYDVR0jBBgwFoAUiYJnfcSdJnAAS7RQSHzePa4Ebn0wHQYD VR0OBBYEFGNNQ1oZSD/ERsECur/uDuWCt2amMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8E CDAGAQH/AgEAMBgGA1UdIAQRMA8wDQYLKwYBBAGyMQECAh0wWAYDVR0fBFEwTzBNoEugSYZH aHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VUTi1VU0VSRmlyc3QtQ2xpZW50QXV0aGVudGlj YXRpb25hbmRFbWFpbC5jcmwwbwYIKwYBBQUHAQEEYzBhMDgGCCsGAQUFBzAChixodHRwOi8v Y3J0LnVzZXJ0cnVzdC5jb20vVVROQUFBQ2xpZW50X0NBLmNydDAlBggrBgEFBQcwAYYZaHR0 cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQUFAAOCAQEABiupUy8T3Fw5FsyG n15Me3L77I1Vil6aCv9TTHb0Bj1Qz1fwos+vmYyq/qAZdj6ZAzL6dYM4irtrmqUME7LUG3bm lC5nmFnjkWwCkJqcyGBLVavKiFqNK+VplQMH0dQO/CQiLlmxY6Rf7dkjcuSczjpcbB9PqQDJ Hf76f0Utti6E3Q8noFkYTtV2JUX0mSZ522+fI/dDuysPBKOBJiy3ezX5PXdfQCHmfx2lllq9 0MsWOmy7YYuK/QQ5RArLLOHLzi4QmBrb4JPtSWRkCCCft6NQ8KLdyrTGfAw9514V3CeG5Do7 UloXq6kGUyudCXNkHAHD/TDShwNv5BUDejlfaDGCAwcwggMDAgEBME8wOzELMAkGA1UEBhMC TkwxDzANBgNVBAoTBlRFUkVOQTEbMBkGA1UEAxMSVEVSRU5BIFBlcnNvbmFsIENBAhBVchY6 Gpm6Vjo7qoA7Jf1bMAkGBSsOAwIaBQCgggGNMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEw HAYJKoZIhvcNAQkFMQ8XDTE0MDYyMDA4MzczOVowIwYJKoZIhvcNAQkEMRYEFHaFaOUiDtzG wCCELOIOhEMwPzW+MF4GCSsGAQQBgjcQBDFRME8wOzELMAkGA1UEBhMCTkwxDzANBgNVBAoT BlRFUkVOQTEbMBkGA1UEAxMSVEVSRU5BIFBlcnNvbmFsIENBAhBVchY6Gpm6Vjo7qoA7Jf1b MGAGCyqGSIb3DQEJEAILMVGgTzA7MQswCQYDVQQGEwJOTDEPMA0GA1UEChMGVEVSRU5BMRsw GQYDVQQDExJURVJFTkEgUGVyc29uYWwgQ0ECEFVyFjoambpWOjuqgDsl/VswbAYJKoZIhvcN AQkPMV8wXTALBglghkgBZQMEASowCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3 DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG 9w0BAQEFAASCAQAjhaFoJ9nlN8V0+zRhP0bGcD77atvLtyVc8LQvF8uRBG4QISY1MscpChxS IZr3qMi+d1UxLRI4s5npX8MsKesRGHOVNXpAinvhSXt+rMRD+W6wbdNAsziwrIxk7KChXF0w /98DiJ/UhXrmLiL/3t+m9ICgJSwnCRc4/gBJLVByj6NzTSwhW8X3PCg3ujIPiWO+bTLrg77t TBx9ObeWXuuEdcIRL2Xdmq0NLTKCeWBANC0g+Q2jMGuowGOxBRPbrCBHLoxGHN1lEgQ+pPzX UGdysx82vGv2OzDIPnlhPF+wf68N+5Nep9b1Tc02gRlhQlbvdfqda08NIaPgDPhWUcKSAAAA AAAA --------------ms080602070905010903070203--