8:12 p.m.
This is a cryptographically signed message in MIME format.
--------------ms080302090803080702030807
Content-Type: multipart/mixed;
boundary="------------030801030701060503020105"
This is a multi-part message in MIME format.
--------------030801030701060503020105
Content-Type: text/plain; charset=ISO-8859-2; format=flowed
Content-Transfer-Encoding: quoted-printable
Hello all,
is there any way to make custom iptables rules persistent during host=20
upgrade? I have for example zabbix agents installed on all hosts and=20
thus iptables rule allowing connections from our zabbix server. Sadly I=20
have to manually restore iptables backup after host upgrade (initiated=20
from oVirt manager).
And another question I have always wanted to ask... It looks like host=20
upgrade is upgrading just vdsm components and no others virtualization st=
uff
this was updatet after clicking to "host upgrade"
Jun 18 18:21:38 Updated: iproute-2.6.32-32.el6_5.x86_64
Jun 18 18:21:59 Installed: vdsm-python-zombiereaper-4.14.7-3.el6ev.noarch=
Jun 18 18:21:59 Updated: vdsm-python-4.14.7-3.el6ev.x86_64
Jun 18 18:21:59 Updated: vdsm-xmlrpc-4.14.7-3.el6ev.noarch
Jun 18 18:21:59 Updated: vdsm-cli-4.14.7-3.el6ev.noarch
Jun 18 18:22:26 Updated: vdsm-4.14.7-3.el6ev.x86_64
Jun 18 18:22:27 Updated:=20
2:qemu-kvm-rhev-tools-0.12.1.2-2.415.el6_5.10.x86_64
and after that I run yum update and updated this components (honestly=20
this one was rhev host but ovirt behave the same)
Jun 18 18:26:59 Updated: selinux-policy-3.7.19-231.el6_5.3.noarch
Jun 18 18:27:03 Updated: tzdata-2014d-1.el6.noarch
Jun 18 18:27:10 Updated: glibc-2.12-1.132.el6_5.2.x86_64
Jun 18 18:27:22 Updated: glibc-common-2.12-1.132.el6_5.2.x86_64
Jun 18 18:27:22 Updated: audit-libs-2.2-4.el6_5.x86_64
Jun 18 18:27:22 Updated: libxml2-2.7.6-14.el6_5.1.x86_64
Jun 18 18:27:22 Updated: libcurl-7.19.7-37.el6_5.3.x86_64
Jun 18 18:27:23 Updated: 2:qemu-img-rhev-0.12.1.2-2.415.el6_5.10.x86_64
Jun 18 18:27:23 Updated: libtasn1-2.3-6.el6_5.x86_64
Jun 18 18:27:23 Updated: gnutls-2.8.5-14.el6_5.x86_64
Jun 18 18:27:25 Updated: openssl-1.0.1e-16.el6_5.14.x86_64
Jun 18 18:27:25 Updated: spice-server-0.12.4-6.el6_5.2.x86_64
Jun 18 18:27:25 Updated: gnutls-utils-2.8.5-14.el6_5.x86_64
Jun 18 18:27:25 Updated: pm-utils-1.2.5-10.el6_5.1.x86_64
Jun 18 18:27:28 Updated: libvirt-client-0.10.2-29.el6_5.9.x86_64
Jun 18 18:27:30 Updated: libvirt-0.10.2-29.el6_5.9.x86_64
Jun 18 18:27:30 Updated: libvirt-python-0.10.2-29.el6_5.9.x86_64
Jun 18 18:27:30 Updated: mom-0.4.0-1.el6ev.noarch
Jun 18 18:27:30 Updated: libvirt-lock-sanlock-0.10.2-29.el6_5.9.x86_64
Jun 18 18:27:32 Updated: 2:qemu-kvm-rhev-0.12.1.2-2.415.el6_5.10.x86_64
Jun 18 18:27:32 Updated: python-rhsm-1.9.7-1.el6_5.x86_64
Jun 18 18:27:32 Updated: curl-7.19.7-37.el6_5.3.x86_64
Jun 18 18:27:33 Updated: libxml2-python-2.7.6-14.el6_5.1.x86_64
Jun 18 18:27:33 Updated: audit-libs-python-2.2-4.el6_5.x86_64
Jun 18 18:27:33 Updated: audit-2.2-4.el6_5.x86_64
Jun 18 18:27:33 Updated: mdadm-3.2.6-7.el6_5.2.x86_64
Jun 18 18:27:33 Updated: python-cpopen-1.3-2.el6_5.x86_64
Jun 18 18:28:30 Updated: selinux-policy-targeted-3.7.19-231.el6_5.3.noarc=
h
Jun 18 18:28:30 Updated: python-pthreading-0.1.3-1.el6ev.noarch
I believe qemu-img-rhev, spice-server, libvirt, mom,... are important=20
components too. Should not be upgraded as well?
Thanks for clarification,
Jiri
--------------030801030701060503020105
Content-Type: text/x-vcard; charset=utf-8;
name="jiri_slezka.vcf"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="jiri_slezka.vcf"
begin:vcard
fn;quoted-printable:Ing. Ji=3DC5=3D99=3DC3=3DAD Sl=3DC3=3DA9=3DC5=3DBEka
n;quoted-printable;quoted-printable:Sl=3DC3=3DA9=3DC5=3DBEka;Ji=3DC5=3D99=
=3DC3=3DAD
org;quoted-printable;quoted-printable:Slezsk=3DC3=3DA1 univerzita v Opav=3D=
C4=3D9B;Centrum informa=3DC4=3D8Dn=3DC3=3DADch technologi=3DC3=3DAD
adr;quoted-printable;quoted-printable:Na Rybn=3DC3=3DAD=3DC4=3D8Dku 1;;CI=
T, Slezsk=3DC3=3DA1 univerzita v Opav=3DC4=3D9B;Opava;;74601;Czech Republ=
ic
email;internet:jiri.slezka@slu.cz
title;quoted-printable:Spr=3DC3=3DA1vce s=3DC3=3DADt=3DC4=3D9B a aplikac=3D=
C3=3DAD
tel;work:+420 553 684 696
x-mozilla-html:FALSE
url:http://www.slu.cz
version:2.1
end:vcard
--------------030801030701060503020105--
--------------ms080302090803080702030807
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: Elektronicky podpis S/MIME
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJZjCC
BJswggODoAMCAQICEFVyFjoambpWOjuqgDsl/VswDQYJKoZIhvcNAQEFBQAwOzELMAkGA1UE
BhMCTkwxDzANBgNVBAoTBlRFUkVOQTEbMBkGA1UEAxMSVEVSRU5BIFBlcnNvbmFsIENBMB4X
DTEyMTEyNzAwMDAwMFoXDTE0MTEyNzIzNTk1OVowZTELMAkGA1UEBhMCQ1oxJTAjBgNVBAoM
HFNsZXpza8OhIHVuaXZlcnppdGEgdiBPcGF2xJsxGDAWBgNVBAMMD0ppxZnDrSBTbMOpxb5r
YTEVMBMGCSqGSIb3DQEJAhYGc2xlemthMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtbqepY7nJ2kyAZxv/HS4tUEyXDh2ovWpQEI3triEqomfGE0aOqkHB0j/z2Oq0IeC+U91
TIpAoTPP+7fYR5rpcTfWPOW745RW4rJ6lj57Y+ZSqY0ID9vHe2nBxSnY2mWGIg///MWSbWrX
Pbsxoemn6rb5ZP/1W9oPbkdTI3omEsdX2JlLbjYG3tcwxMvvQUMz3XEXMPz/Vi4SsG+1N49X
C+Qw/KI9tYoUqVDZPTQhS4S/zu/ediv2ZH7MwIWo23lhkFU83fDtrpgwsrjIgfHNqIhak0Ly
EuiQlxQGrvBplO29S1odQlJBIOpNQU99DElbtNRb1O3LFAUw4dTjMe7ObwIDAQABo4IBbzCC
AWswHwYDVR0jBBgwFoAUY01DWhlIP8RGwQK6v+4O5YK3ZqYwHQYDVR0OBBYEFGLVBIcIvL2c
hB6HdEbdqflwgrTTMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQG
CCsGAQUFBwMEBggrBgEFBQcDAjAYBgNVHSAEETAPMA0GCysGAQQBsjEBAgIdMD8GA1UdHwQ4
MDYwNKAyoDCGLmh0dHA6Ly9jcmwudGNzLnRlcmVuYS5vcmcvVEVSRU5BUGVyc29uYWxDQS5j
cmwwcgYIKwYBBQUHAQEEZjBkMDoGCCsGAQUFBzAChi5odHRwOi8vY3J0LnRjcy50ZXJlbmEu
b3JnL1RFUkVOQVBlcnNvbmFsQ0EuY3J0MCYGCCsGAQUFBzABhhpodHRwOi8vb2NzcC50Y3Mu
dGVyZW5hLm9yZzAdBgNVHREEFjAUgRJqaXJpLnNsZXprYUBzbHUuY3owDQYJKoZIhvcNAQEF
BQADggEBAAXIoOnvYifhjAyW1oALfQSl8UemLGYSXiOsoosWx/2yG2/WlULU1lyqOkqztden
dQdt5JZ1Y91HFWRmGGyq+a5kZseYRcpRxEKhJtLngrA24arcvouC/1Wev0RO4d0CKQa/wuC5
yfXIqhn60XJh51mHtbZ4k0jY+U/eNhTWns2Q0NZbR+u3SMrQRa31Df0wmMJvnZkd7cqKF3ur
543ojxAlIVDEUanWPndyljm4ZlAUxmwfmYTd0fRbCl+pDNG+gJnXQO6uvt/yoKNxAaBBFwh0
zmj8k6dCrcpeOKXw+T2mqjSO+6SQBQugGeOSxZA8gZ7rUtf6oNnIZwfxyqoHTVQwggTDMIID
q6ADAgECAhBz/lf637jFCIF7Zrlr8C3vMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYDVQQGEwJV
UzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUg
VVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2
MDQGA1UEAxMtVVROLVVTRVJGaXJzdC1DbGllbnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWls
MB4XDTA5MDUxODAwMDAwMFoXDTI4MTIzMTIzNTk1OVowOzELMAkGA1UEBhMCTkwxDzANBgNV
BAoTBlRFUkVOQTEbMBkGA1UEAxMSVEVSRU5BIFBlcnNvbmFsIENBMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAyBXZ9TNqI6GQDc+7BUTDqx9KNYUaIYWgT/jwQOJKQ5v+W7Gw
v7RX3HWAQUtkGvbbT2+P0CVFNfnqy0r6+9rT7UWIEZQ25MyoDe/FPTftFnvjwpWeWDN/Ivv4
/+zmvtuuCmUlIofab4SLRuhAhig/v1YI4krpg6LpIvst+rYoH5HBw3H7U8ArTqQMoW6dVe3s
4SSHOgjiDRzkxE3Qyyf6hGTm0ZedViRbk7spLkPiQWo94kpl/JpfWoaHvIfHeYCWmVHGkA9k
kZl9EN2sLAMq4Xhk/s49TvQrUBFL0VjUmwPwf/U7U7BTQ/vFL8QEKRo6rNdV6dEOldE7MX94
T64pLQIDAQABo4IBTTCCAUkwHwYDVR0jBBgwFoAUiYJnfcSdJnAAS7RQSHzePa4Ebn0wHQYD
VR0OBBYEFGNNQ1oZSD/ERsECur/uDuWCt2amMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8E
CDAGAQH/AgEAMBgGA1UdIAQRMA8wDQYLKwYBBAGyMQECAh0wWAYDVR0fBFEwTzBNoEugSYZH
aHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VUTi1VU0VSRmlyc3QtQ2xpZW50QXV0aGVudGlj
YXRpb25hbmRFbWFpbC5jcmwwbwYIKwYBBQUHAQEEYzBhMDgGCCsGAQUFBzAChixodHRwOi8v
Y3J0LnVzZXJ0cnVzdC5jb20vVVROQUFBQ2xpZW50X0NBLmNydDAlBggrBgEFBQcwAYYZaHR0
cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQUFAAOCAQEABiupUy8T3Fw5FsyG
n15Me3L77I1Vil6aCv9TTHb0Bj1Qz1fwos+vmYyq/qAZdj6ZAzL6dYM4irtrmqUME7LUG3bm
lC5nmFnjkWwCkJqcyGBLVavKiFqNK+VplQMH0dQO/CQiLlmxY6Rf7dkjcuSczjpcbB9PqQDJ
Hf76f0Utti6E3Q8noFkYTtV2JUX0mSZ522+fI/dDuysPBKOBJiy3ezX5PXdfQCHmfx2lllq9
0MsWOmy7YYuK/QQ5RArLLOHLzi4QmBrb4JPtSWRkCCCft6NQ8KLdyrTGfAw9514V3CeG5Do7
UloXq6kGUyudCXNkHAHD/TDShwNv5BUDejlfaDGCAwcwggMDAgEBME8wOzELMAkGA1UEBhMC
TkwxDzANBgNVBAoTBlRFUkVOQTEbMBkGA1UEAxMSVEVSRU5BIFBlcnNvbmFsIENBAhBVchY6
Gpm6Vjo7qoA7Jf1bMAkGBSsOAwIaBQCgggGNMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEw
HAYJKoZIhvcNAQkFMQ8XDTE0MDYxODE3MTIwOVowIwYJKoZIhvcNAQkEMRYEFB6pmPpBogwR
UeZocT+YbPGAx8OKMF4GCSsGAQQBgjcQBDFRME8wOzELMAkGA1UEBhMCTkwxDzANBgNVBAoT
BlRFUkVOQTEbMBkGA1UEAxMSVEVSRU5BIFBlcnNvbmFsIENBAhBVchY6Gpm6Vjo7qoA7Jf1b
MGAGCyqGSIb3DQEJEAILMVGgTzA7MQswCQYDVQQGEwJOTDEPMA0GA1UEChMGVEVSRU5BMRsw
GQYDVQQDExJURVJFTkEgUGVyc29uYWwgQ0ECEFVyFjoambpWOjuqgDsl/VswbAYJKoZIhvcN
AQkPMV8wXTALBglghkgBZQMEASowCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3
DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG
9w0BAQEFAASCAQAJSObC6KfVs5wlrqddla1vt3IFlRvtDxTlWy0PPPeJYnp0hwjzvF7dNDdR
kcdJzpKTDgWLWiyiSNT38YdfDsBzno/KU9J5dwzGYNuJFfHA+0Cz6lX5rdoBeyOFsqomtuiR
JC7xrQ9wuro10aUH1ilIl2CS0HX+WzKtvP49cRR6qucFm3aDZ3xJeIdFypTMWq/bpMEbCAm2
Sc/msV9gMDB7t9+F+xZgUcaqqGkNotJwtjIeqK86wUecUSC46nYVslMSu9sVzSQQ2p9KlkUk
eFXvX4tsXwVEM+JFtWkbCmxBizdYwQ/z3/pwbz8FrXwTafqdtBGsf/C7s8GLl8yvPxEZAAAA
AAAA
--------------ms080302090803080702030807--
1:08 a.m.
New subject: host upgrade from ovirt manager and custom iptables rules
----- Original Message -----
From: "Jiří Sléžka" <jiri.slezka(a)slu.cz>
To: users(a)ovirt.org
Sent: Wednesday, June 18, 2014 8:12:09 PM
Subject: [ovirt-users] host upgrade from ovirt manager and custom iptables rules
Hello all,
is there any way to make custom iptables rules persistent during host
upgrade? I have for example zabbix agents installed on all hosts and
thus iptables rule allowing connections from our zabbix server. Sadly I
have to manually restore iptables backup after host upgrade (initiated
from oVirt manager).
This should be achievable by defining the iptables rules you wish to use
when [re]installing using the engine-config tool:
1. Check the existing iptables rules:
sudo engine-config -g IPTablesConfig
2. Define the desired iptables:
sudo engine-config -s IPTablesConfig="Your rules"
3. Verify the changes
sudo engine-config -g IPTablesConfig
4. Restart the engine for changes to take effect
5. Reinstall the host and verify the iptables rule.
And another question I have always wanted to ask... It looks like
host
upgrade is upgrading just vdsm components and no others virtualization stuff
this was updatet after clicking to "host upgrade"
Jun 18 18:21:38 Updated: iproute-2.6.32-32.el6_5.x86_64
Jun 18 18:21:59 Installed: vdsm-python-zombiereaper-4.14.7-3.el6ev.noarch
Jun 18 18:21:59 Updated: vdsm-python-4.14.7-3.el6ev.x86_64
Jun 18 18:21:59 Updated: vdsm-xmlrpc-4.14.7-3.el6ev.noarch
Jun 18 18:21:59 Updated: vdsm-cli-4.14.7-3.el6ev.noarch
Jun 18 18:22:26 Updated: vdsm-4.14.7-3.el6ev.x86_64
Jun 18 18:22:27 Updated:
2:qemu-kvm-rhev-tools-0.12.1.2-2.415.el6_5.10.x86_64
and after that I run yum update and updated this components (honestly
this one was rhev host but ovirt behave the same)
Jun 18 18:26:59 Updated: selinux-policy-3.7.19-231.el6_5.3.noarch
Jun 18 18:27:03 Updated: tzdata-2014d-1.el6.noarch
Jun 18 18:27:10 Updated: glibc-2.12-1.132.el6_5.2.x86_64
Jun 18 18:27:22 Updated: glibc-common-2.12-1.132.el6_5.2.x86_64
Jun 18 18:27:22 Updated: audit-libs-2.2-4.el6_5.x86_64
Jun 18 18:27:22 Updated: libxml2-2.7.6-14.el6_5.1.x86_64
Jun 18 18:27:22 Updated: libcurl-7.19.7-37.el6_5.3.x86_64
Jun 18 18:27:23 Updated: 2:qemu-img-rhev-0.12.1.2-2.415.el6_5.10.x86_64
Jun 18 18:27:23 Updated: libtasn1-2.3-6.el6_5.x86_64
Jun 18 18:27:23 Updated: gnutls-2.8.5-14.el6_5.x86_64
Jun 18 18:27:25 Updated: openssl-1.0.1e-16.el6_5.14.x86_64
Jun 18 18:27:25 Updated: spice-server-0.12.4-6.el6_5.2.x86_64
Jun 18 18:27:25 Updated: gnutls-utils-2.8.5-14.el6_5.x86_64
Jun 18 18:27:25 Updated: pm-utils-1.2.5-10.el6_5.1.x86_64
Jun 18 18:27:28 Updated: libvirt-client-0.10.2-29.el6_5.9.x86_64
Jun 18 18:27:30 Updated: libvirt-0.10.2-29.el6_5.9.x86_64
Jun 18 18:27:30 Updated: libvirt-python-0.10.2-29.el6_5.9.x86_64
Jun 18 18:27:30 Updated: mom-0.4.0-1.el6ev.noarch
Jun 18 18:27:30 Updated: libvirt-lock-sanlock-0.10.2-29.el6_5.9.x86_64
Jun 18 18:27:32 Updated: 2:qemu-kvm-rhev-0.12.1.2-2.415.el6_5.10.x86_64
Jun 18 18:27:32 Updated: python-rhsm-1.9.7-1.el6_5.x86_64
Jun 18 18:27:32 Updated: curl-7.19.7-37.el6_5.3.x86_64
Jun 18 18:27:33 Updated: libxml2-python-2.7.6-14.el6_5.1.x86_64
Jun 18 18:27:33 Updated: audit-libs-python-2.2-4.el6_5.x86_64
Jun 18 18:27:33 Updated: audit-2.2-4.el6_5.x86_64
Jun 18 18:27:33 Updated: mdadm-3.2.6-7.el6_5.2.x86_64
Jun 18 18:27:33 Updated: python-cpopen-1.3-2.el6_5.x86_64
Jun 18 18:28:30 Updated: selinux-policy-targeted-3.7.19-231.el6_5.3.noarch
Jun 18 18:28:30 Updated: python-pthreading-0.1.3-1.el6ev.noarch
I believe qemu-img-rhev, spice-server, libvirt, mom,... are important
components too. Should not be upgraded as well?
Thanks for clarification,
Jiri
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
3:25 p.m.
This is a cryptographically signed message in MIME format.
--------------ms000401060805040709010003
Content-Type: multipart/mixed;
boundary="------------040406050709050909000604"
This is a multi-part message in MIME format.
--------------040406050709050909000604
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable
----- Original Message -----
> From: "Ji=C5=99=C3=AD Sl=C3=A9=C5=BEka" <jiri.slezka(a)slu.cz>
> To: users(a)ovirt.org
> Sent: Wednesday, June 18, 2014 8:12:09 PM
> Subject: [ovirt-users] host upgrade from ovirt manager and custom ipta=
bles rules
>
> Hello all,
>
> is there any way to make custom iptables rules persistent during host
> upgrade? I have for example zabbix agents installed on all hosts and
> thus iptables rule allowing connections from our zabbix server. Sadly =
I
> have to manually restore iptables backup after host upgrade
(initiated=
> from oVirt manager).
>
This should be achievable by defining the iptables rules you wish to us=
e
when [re]installing using the engine-config tool:
thanks a lot for reply
1. Check the existing iptables rules:
sudo engine-config -g IPTablesConfig
this displays whole iptables template. Interesting thing is that there=20
is a variable @CUSTOM_RULES@. Maybe custom rules could be defined this wa=
y?
2. Define the desired iptables:
sudo engine-config -s IPTablesConfig=3D"Your rules"
I entered...
engine-config -s IPTablesConfig=3D"-A INPUT -p tcp -m state --state NEW -=
m=20
tcp -s xx.xx.xx.xx --dport 10050 -j ACCEPT"
=2E..and it looks like this overwrite entire IPTablesConfig template...
3. Verify the changes
sudo engine-config -g IPTablesConfig
=2E..because this displays only just my one line above.
I have copy of default template but I have no idea how to set this=20
variable with multi line text. I tried inserting \n but it is not=20
converted to newlines. Any ideas?
Btw. these variables are stored in database?
Thanks in advance,
Jiri
4. Restart the engine for changes to take effect
5. Reinstall the host and verify the iptables rule.
> And another question I have always wanted to ask... It looks like host=
> upgrade is upgrading just vdsm components and no others
virtualization=
stuff
>
> this was updatet after clicking to "host upgrade"
>
> Jun 18 18:21:38 Updated: iproute-2.6.32-32.el6_5.x86_64
> Jun 18 18:21:59 Installed: vdsm-python-zombiereaper-4.14.7-3.el6ev.noa=
rch
> Jun 18 18:21:59 Updated: vdsm-python-4.14.7-3.el6ev.x86_64
> Jun 18 18:21:59 Updated: vdsm-xmlrpc-4.14.7-3.el6ev.noarch
> Jun 18 18:21:59 Updated: vdsm-cli-4.14.7-3.el6ev.noarch
> Jun 18 18:22:26 Updated: vdsm-4.14.7-3.el6ev.x86_64
> Jun 18 18:22:27 Updated:
> 2:qemu-kvm-rhev-tools-0.12.1.2-2.415.el6_5.10.x86_64
>
> and after that I run yum update and updated this components (honestly
> this one was rhev host but ovirt behave the same)
>
> Jun 18 18:26:59 Updated: selinux-policy-3.7.19-231.el6_5.3.noarch
> Jun 18 18:27:03 Updated: tzdata-2014d-1.el6.noarch
> Jun 18 18:27:10 Updated: glibc-2.12-1.132.el6_5.2.x86_64
> Jun 18 18:27:22 Updated: glibc-common-2.12-1.132.el6_5.2.x86_64
> Jun 18 18:27:22 Updated: audit-libs-2.2-4.el6_5.x86_64
> Jun 18 18:27:22 Updated: libxml2-2.7.6-14.el6_5.1.x86_64
> Jun 18 18:27:22 Updated: libcurl-7.19.7-37.el6_5.3.x86_64
> Jun 18 18:27:23 Updated: 2:qemu-img-rhev-0.12.1.2-2.415.el6_5.10.x86_6=
4
> Jun 18 18:27:23 Updated: libtasn1-2.3-6.el6_5.x86_64
> Jun 18 18:27:23 Updated: gnutls-2.8.5-14.el6_5.x86_64
> Jun 18 18:27:25 Updated: openssl-1.0.1e-16.el6_5.14.x86_64
> Jun 18 18:27:25 Updated: spice-server-0.12.4-6.el6_5.2.x86_64
> Jun 18 18:27:25 Updated: gnutls-utils-2.8.5-14.el6_5.x86_64
> Jun 18 18:27:25 Updated: pm-utils-1.2.5-10.el6_5.1.x86_64
> Jun 18 18:27:28 Updated: libvirt-client-0.10.2-29.el6_5.9.x86_64
> Jun 18 18:27:30 Updated: libvirt-0.10.2-29.el6_5.9.x86_64
> Jun 18 18:27:30 Updated: libvirt-python-0.10.2-29.el6_5.9.x86_64
> Jun 18 18:27:30 Updated: mom-0.4.0-1.el6ev.noarch
> Jun 18 18:27:30 Updated: libvirt-lock-sanlock-0.10.2-29.el6_5.9.x86_64=
> Jun 18 18:27:32 Updated:
2:qemu-kvm-rhev-0.12.1.2-2.415.el6_5.10.x86_6=
4
> Jun 18 18:27:32 Updated: python-rhsm-1.9.7-1.el6_5.x86_64
> Jun 18 18:27:32 Updated: curl-7.19.7-37.el6_5.3.x86_64
> Jun 18 18:27:33 Updated: libxml2-python-2.7.6-14.el6_5.1.x86_64
> Jun 18 18:27:33 Updated: audit-libs-python-2.2-4.el6_5.x86_64
> Jun 18 18:27:33 Updated: audit-2.2-4.el6_5.x86_64
> Jun 18 18:27:33 Updated: mdadm-3.2.6-7.el6_5.2.x86_64
> Jun 18 18:27:33 Updated: python-cpopen-1.3-2.el6_5.x86_64
> Jun 18 18:28:30 Updated: selinux-policy-targeted-3.7.19-231.el6_5.3.no=
arch
> Jun 18 18:28:30 Updated: python-pthreading-0.1.3-1.el6ev.noarch
>
>
> I believe qemu-img-rhev, spice-server, libvirt, mom,... are important
> components too. Should not be upgraded as well?
>
>
> Thanks for clarification,
>
> Jiri
>
>
>
>
>
>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
--------------040406050709050909000604
Content-Type: text/x-vcard; charset=utf-8;
name="jiri_slezka.vcf"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="jiri_slezka.vcf"
YmVnaW46dmNhcmQNCmZuO3F1b3RlZC1wcmludGFibGU6SW5nLiBKaT1DNT05OT1DMz1BRCBT
bD1DMz1BOT1DNT1CRWthDQpuO3F1b3RlZC1wcmludGFibGU7cXVvdGVkLXByaW50YWJsZTpT
bD1DMz1BOT1DNT1CRWthO0ppPUM1PTk5PUMzPUFEDQpvcmc7cXVvdGVkLXByaW50YWJsZTtx
dW90ZWQtcHJpbnRhYmxlOlNsZXpzaz1DMz1BMSB1bml2ZXJ6aXRhIHYgT3Bhdj1DND05QjtD
ZW50cnVtIGluZm9ybWE9QzQ9OERuPUMzPUFEY2ggdGVjaG5vbG9naT1DMz1BRA0KYWRyO3F1
b3RlZC1wcmludGFibGU7cXVvdGVkLXByaW50YWJsZTpOYSBSeWJuPUMzPUFEPUM0PThEa3Ug
MTs7Q0lULCBTbGV6c2s9QzM9QTEgdW5pdmVyeml0YSB2IE9wYXY9QzQ9OUI7T3BhdmE7Ozc0
NjAxO0N6ZWNoIFJlcHVibGljDQplbWFpbDtpbnRlcm5ldDpqaXJpLnNsZXprYUBzbHUuY3oN
CnRpdGxlO3F1b3RlZC1wcmludGFibGU6U3ByPUMzPUExdmNlIHM9QzM9QUR0PUM0PTlCIGEg
YXBsaWthYz1DMz1BRA0KdGVsO3dvcms6KzQyMCA1NTMgNjg0IDY5Ng0KeC1tb3ppbGxhLWh0
bWw6RkFMU0UNCnVybDpodHRwOi8vd3d3LnNsdS5jeg0KdmVyc2lvbjoyLjENCmVuZDp2Y2Fy
ZA0KDQo=
--------------040406050709050909000604--
--------------ms000401060805040709010003
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: Elektronicky podpis S/MIME
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJZjCC
BJswggODoAMCAQICEFVyFjoambpWOjuqgDsl/VswDQYJKoZIhvcNAQEFBQAwOzELMAkGA1UE
BhMCTkwxDzANBgNVBAoTBlRFUkVOQTEbMBkGA1UEAxMSVEVSRU5BIFBlcnNvbmFsIENBMB4X
DTEyMTEyNzAwMDAwMFoXDTE0MTEyNzIzNTk1OVowZTELMAkGA1UEBhMCQ1oxJTAjBgNVBAoM
HFNsZXpza8OhIHVuaXZlcnppdGEgdiBPcGF2xJsxGDAWBgNVBAMMD0ppxZnDrSBTbMOpxb5r
YTEVMBMGCSqGSIb3DQEJAhYGc2xlemthMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtbqepY7nJ2kyAZxv/HS4tUEyXDh2ovWpQEI3triEqomfGE0aOqkHB0j/z2Oq0IeC+U91
TIpAoTPP+7fYR5rpcTfWPOW745RW4rJ6lj57Y+ZSqY0ID9vHe2nBxSnY2mWGIg///MWSbWrX
Pbsxoemn6rb5ZP/1W9oPbkdTI3omEsdX2JlLbjYG3tcwxMvvQUMz3XEXMPz/Vi4SsG+1N49X
C+Qw/KI9tYoUqVDZPTQhS4S/zu/ediv2ZH7MwIWo23lhkFU83fDtrpgwsrjIgfHNqIhak0Ly
EuiQlxQGrvBplO29S1odQlJBIOpNQU99DElbtNRb1O3LFAUw4dTjMe7ObwIDAQABo4IBbzCC
AWswHwYDVR0jBBgwFoAUY01DWhlIP8RGwQK6v+4O5YK3ZqYwHQYDVR0OBBYEFGLVBIcIvL2c
hB6HdEbdqflwgrTTMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQG
CCsGAQUFBwMEBggrBgEFBQcDAjAYBgNVHSAEETAPMA0GCysGAQQBsjEBAgIdMD8GA1UdHwQ4
MDYwNKAyoDCGLmh0dHA6Ly9jcmwudGNzLnRlcmVuYS5vcmcvVEVSRU5BUGVyc29uYWxDQS5j
cmwwcgYIKwYBBQUHAQEEZjBkMDoGCCsGAQUFBzAChi5odHRwOi8vY3J0LnRjcy50ZXJlbmEu
b3JnL1RFUkVOQVBlcnNvbmFsQ0EuY3J0MCYGCCsGAQUFBzABhhpodHRwOi8vb2NzcC50Y3Mu
dGVyZW5hLm9yZzAdBgNVHREEFjAUgRJqaXJpLnNsZXprYUBzbHUuY3owDQYJKoZIhvcNAQEF
BQADggEBAAXIoOnvYifhjAyW1oALfQSl8UemLGYSXiOsoosWx/2yG2/WlULU1lyqOkqztden
dQdt5JZ1Y91HFWRmGGyq+a5kZseYRcpRxEKhJtLngrA24arcvouC/1Wev0RO4d0CKQa/wuC5
yfXIqhn60XJh51mHtbZ4k0jY+U/eNhTWns2Q0NZbR+u3SMrQRa31Df0wmMJvnZkd7cqKF3ur
543ojxAlIVDEUanWPndyljm4ZlAUxmwfmYTd0fRbCl+pDNG+gJnXQO6uvt/yoKNxAaBBFwh0
zmj8k6dCrcpeOKXw+T2mqjSO+6SQBQugGeOSxZA8gZ7rUtf6oNnIZwfxyqoHTVQwggTDMIID
q6ADAgECAhBz/lf637jFCIF7Zrlr8C3vMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYDVQQGEwJV
UzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUg
VVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2
MDQGA1UEAxMtVVROLVVTRVJGaXJzdC1DbGllbnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWls
MB4XDTA5MDUxODAwMDAwMFoXDTI4MTIzMTIzNTk1OVowOzELMAkGA1UEBhMCTkwxDzANBgNV
BAoTBlRFUkVOQTEbMBkGA1UEAxMSVEVSRU5BIFBlcnNvbmFsIENBMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAyBXZ9TNqI6GQDc+7BUTDqx9KNYUaIYWgT/jwQOJKQ5v+W7Gw
v7RX3HWAQUtkGvbbT2+P0CVFNfnqy0r6+9rT7UWIEZQ25MyoDe/FPTftFnvjwpWeWDN/Ivv4
/+zmvtuuCmUlIofab4SLRuhAhig/v1YI4krpg6LpIvst+rYoH5HBw3H7U8ArTqQMoW6dVe3s
4SSHOgjiDRzkxE3Qyyf6hGTm0ZedViRbk7spLkPiQWo94kpl/JpfWoaHvIfHeYCWmVHGkA9k
kZl9EN2sLAMq4Xhk/s49TvQrUBFL0VjUmwPwf/U7U7BTQ/vFL8QEKRo6rNdV6dEOldE7MX94
T64pLQIDAQABo4IBTTCCAUkwHwYDVR0jBBgwFoAUiYJnfcSdJnAAS7RQSHzePa4Ebn0wHQYD
VR0OBBYEFGNNQ1oZSD/ERsECur/uDuWCt2amMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8E
CDAGAQH/AgEAMBgGA1UdIAQRMA8wDQYLKwYBBAGyMQECAh0wWAYDVR0fBFEwTzBNoEugSYZH
aHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VUTi1VU0VSRmlyc3QtQ2xpZW50QXV0aGVudGlj
YXRpb25hbmRFbWFpbC5jcmwwbwYIKwYBBQUHAQEEYzBhMDgGCCsGAQUFBzAChixodHRwOi8v
Y3J0LnVzZXJ0cnVzdC5jb20vVVROQUFBQ2xpZW50X0NBLmNydDAlBggrBgEFBQcwAYYZaHR0
cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQUFAAOCAQEABiupUy8T3Fw5FsyG
n15Me3L77I1Vil6aCv9TTHb0Bj1Qz1fwos+vmYyq/qAZdj6ZAzL6dYM4irtrmqUME7LUG3bm
lC5nmFnjkWwCkJqcyGBLVavKiFqNK+VplQMH0dQO/CQiLlmxY6Rf7dkjcuSczjpcbB9PqQDJ
Hf76f0Utti6E3Q8noFkYTtV2JUX0mSZ522+fI/dDuysPBKOBJiy3ezX5PXdfQCHmfx2lllq9
0MsWOmy7YYuK/QQ5RArLLOHLzi4QmBrb4JPtSWRkCCCft6NQ8KLdyrTGfAw9514V3CeG5Do7
UloXq6kGUyudCXNkHAHD/TDShwNv5BUDejlfaDGCAwcwggMDAgEBME8wOzELMAkGA1UEBhMC
TkwxDzANBgNVBAoTBlRFUkVOQTEbMBkGA1UEAxMSVEVSRU5BIFBlcnNvbmFsIENBAhBVchY6
Gpm6Vjo7qoA7Jf1bMAkGBSsOAwIaBQCgggGNMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEw
HAYJKoZIhvcNAQkFMQ8XDTE0MDYxOTEyMjU0OVowIwYJKoZIhvcNAQkEMRYEFObeG9lTV7Jp
hU98mEzM9r7qiXO5MF4GCSsGAQQBgjcQBDFRME8wOzELMAkGA1UEBhMCTkwxDzANBgNVBAoT
BlRFUkVOQTEbMBkGA1UEAxMSVEVSRU5BIFBlcnNvbmFsIENBAhBVchY6Gpm6Vjo7qoA7Jf1b
MGAGCyqGSIb3DQEJEAILMVGgTzA7MQswCQYDVQQGEwJOTDEPMA0GA1UEChMGVEVSRU5BMRsw
GQYDVQQDExJURVJFTkEgUGVyc29uYWwgQ0ECEFVyFjoambpWOjuqgDsl/VswbAYJKoZIhvcN
AQkPMV8wXTALBglghkgBZQMEASowCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3
DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG
9w0BAQEFAASCAQBoqr+WWA3clNPwTVQaqnObBxchnUF8bJMuh3goyG2XgXUnn+9kwlkKmOzk
tKzxmC9LSYDAmxaYLTZOgIFq4yKGpPLhio+mDom3vFMLEi7bmJn0zNM6iczK8xH61Ga/84D1
vOVghwAwcQq0J/9iJ1QPcZSx4F+KO+Am/3pILXqMZ6tz2WjES08PiLJzDSy8o28j+B3EUD4H
+iMXSWk4wQt6KJHw9xaZFXAH47LCbUQQl/nReqGNBc2G0o//IUy5u31aUKkSc1b4SSA4DHLc
uDzB0+ndr6OL8UUb22PXx8ZLA6AK9usQ3q/Pj9Yo4PeJM8x8XgbtwVGnWBVtIKBDpZeEAAAA
AAAA
--------------ms000401060805040709010003--
1:12 a.m.
----- Original Message -----
From: "Jiří Sléžka" <jiri.slezka(a)slu.cz>
To: "Moti Asayag" <masayag(a)redhat.com>
Cc: users(a)ovirt.org
Sent: Thursday, June 19, 2014 3:25:49 PM
Subject: Re: [ovirt-users] host upgrade from ovirt manager and custom iptables rules
> ----- Original Message -----
>> From: "Jiří Sléžka" <jiri.slezka(a)slu.cz>
>> To: users(a)ovirt.org
>> Sent: Wednesday, June 18, 2014 8:12:09 PM
>> Subject: [ovirt-users] host upgrade from ovirt manager and custom iptables
>> rules
>>
>> Hello all,
>>
>> is there any way to make custom iptables rules persistent during host
>> upgrade? I have for example zabbix agents installed on all hosts and
>> thus iptables rule allowing connections from our zabbix server. Sadly I
>> have to manually restore iptables backup after host upgrade (initiated
>> from oVirt manager).
>>
>
> This should be achievable by defining the iptables rules you wish to use
> when [re]installing using the engine-config tool:
thanks a lot for reply
> 1. Check the existing iptables rules:
> sudo engine-config -g IPTablesConfig
this displays whole iptables template. Interesting thing is that there
is a variable @CUSTOM_RULES@. Maybe custom rules could be defined this way?
Adding Alon to reply on @CUSTOM_RULES@
>
> 2. Define the desired iptables:
> sudo engine-config -s IPTablesConfig="Your rules"
I entered...
engine-config -s IPTablesConfig="-A INPUT -p tcp -m state --state NEW -m
tcp -s xx.xx.xx.xx --dport 10050 -j ACCEPT"
...and it looks like this overwrite entire IPTablesConfig template...
> 3. Verify the changes
> sudo engine-config -g IPTablesConfig
...because this displays only just my one line above.
I have copy of default template but I have no idea how to set this
variable with multi line text. I tried inserting \n but it is not
converted to newlines. Any ideas?
to me i worked by pasting the file content in the command line:
engine-config -s IPTablesConfig=" <paste multi-line content>"
Btw. these variables are stored in database?
Yes, in vdc_options table:
select * from vdc_options where option_name = 'IPTablesConfig';
Thanks in advance,
Jiri
>
> 4. Restart the engine for changes to take effect
>
> 5. Reinstall the host and verify the iptables rule.
>
>> And another question I have always wanted to ask... It looks like host
>> upgrade is upgrading just vdsm components and no others virtualization
>> stuff
>>
>> this was updatet after clicking to "host upgrade"
>>
>> Jun 18 18:21:38 Updated: iproute-2.6.32-32.el6_5.x86_64
>> Jun 18 18:21:59 Installed: vdsm-python-zombiereaper-4.14.7-3.el6ev.noarch
>> Jun 18 18:21:59 Updated: vdsm-python-4.14.7-3.el6ev.x86_64
>> Jun 18 18:21:59 Updated: vdsm-xmlrpc-4.14.7-3.el6ev.noarch
>> Jun 18 18:21:59 Updated: vdsm-cli-4.14.7-3.el6ev.noarch
>> Jun 18 18:22:26 Updated: vdsm-4.14.7-3.el6ev.x86_64
>> Jun 18 18:22:27 Updated:
>> 2:qemu-kvm-rhev-tools-0.12.1.2-2.415.el6_5.10.x86_64
>>
>> and after that I run yum update and updated this components (honestly
>> this one was rhev host but ovirt behave the same)
>>
>> Jun 18 18:26:59 Updated: selinux-policy-3.7.19-231.el6_5.3.noarch
>> Jun 18 18:27:03 Updated: tzdata-2014d-1.el6.noarch
>> Jun 18 18:27:10 Updated: glibc-2.12-1.132.el6_5.2.x86_64
>> Jun 18 18:27:22 Updated: glibc-common-2.12-1.132.el6_5.2.x86_64
>> Jun 18 18:27:22 Updated: audit-libs-2.2-4.el6_5.x86_64
>> Jun 18 18:27:22 Updated: libxml2-2.7.6-14.el6_5.1.x86_64
>> Jun 18 18:27:22 Updated: libcurl-7.19.7-37.el6_5.3.x86_64
>> Jun 18 18:27:23 Updated: 2:qemu-img-rhev-0.12.1.2-2.415.el6_5.10.x86_64
>> Jun 18 18:27:23 Updated: libtasn1-2.3-6.el6_5.x86_64
>> Jun 18 18:27:23 Updated: gnutls-2.8.5-14.el6_5.x86_64
>> Jun 18 18:27:25 Updated: openssl-1.0.1e-16.el6_5.14.x86_64
>> Jun 18 18:27:25 Updated: spice-server-0.12.4-6.el6_5.2.x86_64
>> Jun 18 18:27:25 Updated: gnutls-utils-2.8.5-14.el6_5.x86_64
>> Jun 18 18:27:25 Updated: pm-utils-1.2.5-10.el6_5.1.x86_64
>> Jun 18 18:27:28 Updated: libvirt-client-0.10.2-29.el6_5.9.x86_64
>> Jun 18 18:27:30 Updated: libvirt-0.10.2-29.el6_5.9.x86_64
>> Jun 18 18:27:30 Updated: libvirt-python-0.10.2-29.el6_5.9.x86_64
>> Jun 18 18:27:30 Updated: mom-0.4.0-1.el6ev.noarch
>> Jun 18 18:27:30 Updated: libvirt-lock-sanlock-0.10.2-29.el6_5.9.x86_64
>> Jun 18 18:27:32 Updated: 2:qemu-kvm-rhev-0.12.1.2-2.415.el6_5.10.x86_64
>> Jun 18 18:27:32 Updated: python-rhsm-1.9.7-1.el6_5.x86_64
>> Jun 18 18:27:32 Updated: curl-7.19.7-37.el6_5.3.x86_64
>> Jun 18 18:27:33 Updated: libxml2-python-2.7.6-14.el6_5.1.x86_64
>> Jun 18 18:27:33 Updated: audit-libs-python-2.2-4.el6_5.x86_64
>> Jun 18 18:27:33 Updated: audit-2.2-4.el6_5.x86_64
>> Jun 18 18:27:33 Updated: mdadm-3.2.6-7.el6_5.2.x86_64
>> Jun 18 18:27:33 Updated: python-cpopen-1.3-2.el6_5.x86_64
>> Jun 18 18:28:30 Updated: selinux-policy-targeted-3.7.19-231.el6_5.3.noarch
>> Jun 18 18:28:30 Updated: python-pthreading-0.1.3-1.el6ev.noarch
>>
>>
>> I believe qemu-img-rhev, spice-server, libvirt, mom,... are important
>> components too. Should not be upgraded as well?
>>
>>
>> Thanks for clarification,
>>
>> Jiri
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users(a)ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
1:19 a.m.
----- Original Message -----
From: "Moti Asayag" <masayag(a)redhat.com>
To: "Jiří Sléžka" <jiri.slezka(a)slu.cz>, "Alon Bar-Lev"
<abarlev(a)redhat.com>
Cc: users(a)ovirt.org
Sent: Friday, June 20, 2014 1:12:58 AM
Subject: Re: [ovirt-users] host upgrade from ovirt manager and custom iptables rules
----- Original Message -----
> From: "Jiří Sléžka" <jiri.slezka(a)slu.cz>
> To: "Moti Asayag" <masayag(a)redhat.com>
> Cc: users(a)ovirt.org
> Sent: Thursday, June 19, 2014 3:25:49 PM
> Subject: Re: [ovirt-users] host upgrade from ovirt manager and custom
> iptables rules
>
> > ----- Original Message -----
> >> From: "Jiří Sléžka" <jiri.slezka(a)slu.cz>
> >> To: users(a)ovirt.org
> >> Sent: Wednesday, June 18, 2014 8:12:09 PM
> >> Subject: [ovirt-users] host upgrade from ovirt manager and custom
> >> iptables
> >> rules
> >>
> >> Hello all,
> >>
> >> is there any way to make custom iptables rules persistent during host
> >> upgrade? I have for example zabbix agents installed on all hosts and
> >> thus iptables rule allowing connections from our zabbix server. Sadly I
> >> have to manually restore iptables backup after host upgrade (initiated
> >> from oVirt manager).
> >>
> >
> > This should be achievable by defining the iptables rules you wish to use
> > when [re]installing using the engine-config tool:
>
> thanks a lot for reply
>
> > 1. Check the existing iptables rules:
> > sudo engine-config -g IPTablesConfig
>
> this displays whole iptables template. Interesting thing is that there
> is a variable @CUSTOM_RULES@. Maybe custom rules could be defined this way?
>
Adding Alon to reply on @CUSTOM_RULES@
These are to be replaced with gluster specific or virt specific or both, see
IPTablesConfigForVirt, IPTablesConfigForGluster.
I must note that there is no real support for manual modification of the iptables rules,
as once you change it, you do not enjoy future product updates, such as upcoming kdump
fence listener daemon.
However, moti, we can add another vdc config for user defined rules, it should be
sufficient in most cases.
> >
> > 2. Define the desired iptables:
> > sudo engine-config -s IPTablesConfig="Your rules"
>
> I entered...
>
> engine-config -s IPTablesConfig="-A INPUT -p tcp -m state --state NEW -m
> tcp -s xx.xx.xx.xx --dport 10050 -j ACCEPT"
>
> ...and it looks like this overwrite entire IPTablesConfig template...
>
> > 3. Verify the changes
> > sudo engine-config -g IPTablesConfig
>
> ...because this displays only just my one line above.
>
> I have copy of default template but I have no idea how to set this
> variable with multi line text. I tried inserting \n but it is not
> converted to newlines. Any ideas?
to me i worked by pasting the file content in the command line:
engine-config -s IPTablesConfig=" <paste multi-line content>"
>
> Btw. these variables are stored in database?
Yes, in vdc_options table:
select * from vdc_options where option_name = 'IPTablesConfig';
>
>
> Thanks in advance,
>
> Jiri
>
>
>
> >
> > 4. Restart the engine for changes to take effect
> >
> > 5. Reinstall the host and verify the iptables rule.
> >
> >> And another question I have always wanted to ask... It looks like host
> >> upgrade is upgrading just vdsm components and no others virtualization
> >> stuff
> >>
> >> this was updatet after clicking to "host upgrade"
> >>
> >> Jun 18 18:21:38 Updated: iproute-2.6.32-32.el6_5.x86_64
> >> Jun 18 18:21:59 Installed:
> >> vdsm-python-zombiereaper-4.14.7-3.el6ev.noarch
> >> Jun 18 18:21:59 Updated: vdsm-python-4.14.7-3.el6ev.x86_64
> >> Jun 18 18:21:59 Updated: vdsm-xmlrpc-4.14.7-3.el6ev.noarch
> >> Jun 18 18:21:59 Updated: vdsm-cli-4.14.7-3.el6ev.noarch
> >> Jun 18 18:22:26 Updated: vdsm-4.14.7-3.el6ev.x86_64
> >> Jun 18 18:22:27 Updated:
> >> 2:qemu-kvm-rhev-tools-0.12.1.2-2.415.el6_5.10.x86_64
> >>
> >> and after that I run yum update and updated this components (honestly
> >> this one was rhev host but ovirt behave the same)
> >>
> >> Jun 18 18:26:59 Updated: selinux-policy-3.7.19-231.el6_5.3.noarch
> >> Jun 18 18:27:03 Updated: tzdata-2014d-1.el6.noarch
> >> Jun 18 18:27:10 Updated: glibc-2.12-1.132.el6_5.2.x86_64
> >> Jun 18 18:27:22 Updated: glibc-common-2.12-1.132.el6_5.2.x86_64
> >> Jun 18 18:27:22 Updated: audit-libs-2.2-4.el6_5.x86_64
> >> Jun 18 18:27:22 Updated: libxml2-2.7.6-14.el6_5.1.x86_64
> >> Jun 18 18:27:22 Updated: libcurl-7.19.7-37.el6_5.3.x86_64
> >> Jun 18 18:27:23 Updated: 2:qemu-img-rhev-0.12.1.2-2.415.el6_5.10.x86_64
> >> Jun 18 18:27:23 Updated: libtasn1-2.3-6.el6_5.x86_64
> >> Jun 18 18:27:23 Updated: gnutls-2.8.5-14.el6_5.x86_64
> >> Jun 18 18:27:25 Updated: openssl-1.0.1e-16.el6_5.14.x86_64
> >> Jun 18 18:27:25 Updated: spice-server-0.12.4-6.el6_5.2.x86_64
> >> Jun 18 18:27:25 Updated: gnutls-utils-2.8.5-14.el6_5.x86_64
> >> Jun 18 18:27:25 Updated: pm-utils-1.2.5-10.el6_5.1.x86_64
> >> Jun 18 18:27:28 Updated: libvirt-client-0.10.2-29.el6_5.9.x86_64
> >> Jun 18 18:27:30 Updated: libvirt-0.10.2-29.el6_5.9.x86_64
> >> Jun 18 18:27:30 Updated: libvirt-python-0.10.2-29.el6_5.9.x86_64
> >> Jun 18 18:27:30 Updated: mom-0.4.0-1.el6ev.noarch
> >> Jun 18 18:27:30 Updated: libvirt-lock-sanlock-0.10.2-29.el6_5.9.x86_64
> >> Jun 18 18:27:32 Updated: 2:qemu-kvm-rhev-0.12.1.2-2.415.el6_5.10.x86_64
> >> Jun 18 18:27:32 Updated: python-rhsm-1.9.7-1.el6_5.x86_64
> >> Jun 18 18:27:32 Updated: curl-7.19.7-37.el6_5.3.x86_64
> >> Jun 18 18:27:33 Updated: libxml2-python-2.7.6-14.el6_5.1.x86_64
> >> Jun 18 18:27:33 Updated: audit-libs-python-2.2-4.el6_5.x86_64
> >> Jun 18 18:27:33 Updated: audit-2.2-4.el6_5.x86_64
> >> Jun 18 18:27:33 Updated: mdadm-3.2.6-7.el6_5.2.x86_64
> >> Jun 18 18:27:33 Updated: python-cpopen-1.3-2.el6_5.x86_64
> >> Jun 18 18:28:30 Updated:
> >> selinux-policy-targeted-3.7.19-231.el6_5.3.noarch
> >> Jun 18 18:28:30 Updated: python-pthreading-0.1.3-1.el6ev.noarch
> >>
> >>
> >> I believe qemu-img-rhev, spice-server, libvirt, mom,... are important
> >> components too. Should not be upgraded as well?
> >>
> >>
> >> Thanks for clarification,
> >>
> >> Jiri
> >>
> >>
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> Users mailing list
> >> Users(a)ovirt.org
> >> http://lists.ovirt.org/mailman/listinfo/users
> >>
>
>
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
8:34 a.m.
----- Original Message -----
From: "Alon Bar-Lev" <alonbl(a)redhat.com>
To: "Moti Asayag" <masayag(a)redhat.com>
Cc: "Jiří Sléžka" <jiri.slezka(a)slu.cz>, users(a)ovirt.org
Sent: Friday, June 20, 2014 1:19:25 AM
Subject: Re: [ovirt-users] host upgrade from ovirt manager and custom iptables rules
----- Original Message -----
> From: "Moti Asayag" <masayag(a)redhat.com>
> To: "Jiří Sléžka" <jiri.slezka(a)slu.cz>, "Alon Bar-Lev"
<abarlev(a)redhat.com>
> Cc: users(a)ovirt.org
> Sent: Friday, June 20, 2014 1:12:58 AM
> Subject: Re: [ovirt-users] host upgrade from ovirt manager and custom
> iptables rules
>
>
>
> ----- Original Message -----
> > From: "Jiří Sléžka" <jiri.slezka(a)slu.cz>
> > To: "Moti Asayag" <masayag(a)redhat.com>
> > Cc: users(a)ovirt.org
> > Sent: Thursday, June 19, 2014 3:25:49 PM
> > Subject: Re: [ovirt-users] host upgrade from ovirt manager and custom
> > iptables rules
> >
> > > ----- Original Message -----
> > >> From: "Jiří Sléžka" <jiri.slezka(a)slu.cz>
> > >> To: users(a)ovirt.org
> > >> Sent: Wednesday, June 18, 2014 8:12:09 PM
> > >> Subject: [ovirt-users] host upgrade from ovirt manager and custom
> > >> iptables
> > >> rules
> > >>
> > >> Hello all,
> > >>
> > >> is there any way to make custom iptables rules persistent during host
> > >> upgrade? I have for example zabbix agents installed on all hosts and
> > >> thus iptables rule allowing connections from our zabbix server. Sadly
> > >> I
> > >> have to manually restore iptables backup after host upgrade
(initiated
> > >> from oVirt manager).
> > >>
> > >
> > > This should be achievable by defining the iptables rules you wish to
> > > use
> > > when [re]installing using the engine-config tool:
> >
> > thanks a lot for reply
> >
> > > 1. Check the existing iptables rules:
> > > sudo engine-config -g IPTablesConfig
> >
> > this displays whole iptables template. Interesting thing is that there
> > is a variable @CUSTOM_RULES@. Maybe custom rules could be defined this
> > way?
> >
>
> Adding Alon to reply on @CUSTOM_RULES@
These are to be replaced with gluster specific or virt specific or both, see
IPTablesConfigForVirt, IPTablesConfigForGluster.
I must note that there is no real support for manual modification of the
iptables rules, as once you change it, you do not enjoy future product
updates, such as upcoming kdump fence listener daemon.
However, moti, we can add another vdc config for user defined rules, it
should be sufficient in most cases.
Sounds reasonable.
Jiri, would you like to open RFE for it ?
>
> > >
> > > 2. Define the desired iptables:
> > > sudo engine-config -s IPTablesConfig="Your rules"
> >
> > I entered...
> >
> > engine-config -s IPTablesConfig="-A INPUT -p tcp -m state --state NEW -m
> > tcp -s xx.xx.xx.xx --dport 10050 -j ACCEPT"
> >
> > ...and it looks like this overwrite entire IPTablesConfig template...
> >
> > > 3. Verify the changes
> > > sudo engine-config -g IPTablesConfig
> >
> > ...because this displays only just my one line above.
> >
> > I have copy of default template but I have no idea how to set this
> > variable with multi line text. I tried inserting \n but it is not
> > converted to newlines. Any ideas?
>
> to me i worked by pasting the file content in the command line:
> engine-config -s IPTablesConfig=" <paste multi-line content>"
>
> >
> > Btw. these variables are stored in database?
>
> Yes, in vdc_options table:
>
> select * from vdc_options where option_name = 'IPTablesConfig';
>
> >
> >
> > Thanks in advance,
> >
> > Jiri
> >
> >
> >
> > >
> > > 4. Restart the engine for changes to take effect
> > >
> > > 5. Reinstall the host and verify the iptables rule.
> > >
> > >> And another question I have always wanted to ask... It looks like
host
> > >> upgrade is upgrading just vdsm components and no others
virtualization
> > >> stuff
> > >>
> > >> this was updatet after clicking to "host upgrade"
> > >>
> > >> Jun 18 18:21:38 Updated: iproute-2.6.32-32.el6_5.x86_64
> > >> Jun 18 18:21:59 Installed:
> > >> vdsm-python-zombiereaper-4.14.7-3.el6ev.noarch
> > >> Jun 18 18:21:59 Updated: vdsm-python-4.14.7-3.el6ev.x86_64
> > >> Jun 18 18:21:59 Updated: vdsm-xmlrpc-4.14.7-3.el6ev.noarch
> > >> Jun 18 18:21:59 Updated: vdsm-cli-4.14.7-3.el6ev.noarch
> > >> Jun 18 18:22:26 Updated: vdsm-4.14.7-3.el6ev.x86_64
> > >> Jun 18 18:22:27 Updated:
> > >> 2:qemu-kvm-rhev-tools-0.12.1.2-2.415.el6_5.10.x86_64
> > >>
> > >> and after that I run yum update and updated this components (honestly
> > >> this one was rhev host but ovirt behave the same)
> > >>
> > >> Jun 18 18:26:59 Updated: selinux-policy-3.7.19-231.el6_5.3.noarch
> > >> Jun 18 18:27:03 Updated: tzdata-2014d-1.el6.noarch
> > >> Jun 18 18:27:10 Updated: glibc-2.12-1.132.el6_5.2.x86_64
> > >> Jun 18 18:27:22 Updated: glibc-common-2.12-1.132.el6_5.2.x86_64
> > >> Jun 18 18:27:22 Updated: audit-libs-2.2-4.el6_5.x86_64
> > >> Jun 18 18:27:22 Updated: libxml2-2.7.6-14.el6_5.1.x86_64
> > >> Jun 18 18:27:22 Updated: libcurl-7.19.7-37.el6_5.3.x86_64
> > >> Jun 18 18:27:23 Updated:
> > >> 2:qemu-img-rhev-0.12.1.2-2.415.el6_5.10.x86_64
> > >> Jun 18 18:27:23 Updated: libtasn1-2.3-6.el6_5.x86_64
> > >> Jun 18 18:27:23 Updated: gnutls-2.8.5-14.el6_5.x86_64
> > >> Jun 18 18:27:25 Updated: openssl-1.0.1e-16.el6_5.14.x86_64
> > >> Jun 18 18:27:25 Updated: spice-server-0.12.4-6.el6_5.2.x86_64
> > >> Jun 18 18:27:25 Updated: gnutls-utils-2.8.5-14.el6_5.x86_64
> > >> Jun 18 18:27:25 Updated: pm-utils-1.2.5-10.el6_5.1.x86_64
> > >> Jun 18 18:27:28 Updated: libvirt-client-0.10.2-29.el6_5.9.x86_64
> > >> Jun 18 18:27:30 Updated: libvirt-0.10.2-29.el6_5.9.x86_64
> > >> Jun 18 18:27:30 Updated: libvirt-python-0.10.2-29.el6_5.9.x86_64
> > >> Jun 18 18:27:30 Updated: mom-0.4.0-1.el6ev.noarch
> > >> Jun 18 18:27:30 Updated:
libvirt-lock-sanlock-0.10.2-29.el6_5.9.x86_64
> > >> Jun 18 18:27:32 Updated:
> > >> 2:qemu-kvm-rhev-0.12.1.2-2.415.el6_5.10.x86_64
> > >> Jun 18 18:27:32 Updated: python-rhsm-1.9.7-1.el6_5.x86_64
> > >> Jun 18 18:27:32 Updated: curl-7.19.7-37.el6_5.3.x86_64
> > >> Jun 18 18:27:33 Updated: libxml2-python-2.7.6-14.el6_5.1.x86_64
> > >> Jun 18 18:27:33 Updated: audit-libs-python-2.2-4.el6_5.x86_64
> > >> Jun 18 18:27:33 Updated: audit-2.2-4.el6_5.x86_64
> > >> Jun 18 18:27:33 Updated: mdadm-3.2.6-7.el6_5.2.x86_64
> > >> Jun 18 18:27:33 Updated: python-cpopen-1.3-2.el6_5.x86_64
> > >> Jun 18 18:28:30 Updated:
> > >> selinux-policy-targeted-3.7.19-231.el6_5.3.noarch
> > >> Jun 18 18:28:30 Updated: python-pthreading-0.1.3-1.el6ev.noarch
> > >>
> > >>
> > >> I believe qemu-img-rhev, spice-server, libvirt, mom,... are important
> > >> components too. Should not be upgraded as well?
> > >>
> > >>
> > >> Thanks for clarification,
> > >>
> > >> Jiri
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >> _______________________________________________
> > >> Users mailing list
> > >> Users(a)ovirt.org
> > >> http://lists.ovirt.org/mailman/listinfo/users
> > >>
> >
> >
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
11:37 a.m.
This is a cryptographically signed message in MIME format.
--------------ms080602070905010903070203
Content-Type: multipart/mixed;
boundary="------------090604040009000802020806"
This is a multi-part message in MIME format.
--------------090604040009000802020806
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable
Dne 20.6.2014 7:34, Moti Asayag napsal(a):
----- Original Message -----
> From: "Alon Bar-Lev" <alonbl(a)redhat.com>
> To: "Moti Asayag" <masayag(a)redhat.com>
> Cc: "Ji=C5=99=C3=AD Sl=C3=A9=C5=BEka" <jiri.slezka(a)slu.cz>,
users@ovir=
t.org
> Sent: Friday, June 20, 2014 1:19:25 AM
> Subject: Re: [ovirt-users] host upgrade from ovirt manager and custom =
iptables rules
>
>
>
> ----- Original Message -----
>> From: "Moti Asayag" <masayag(a)redhat.com>
>> To: "Ji=C5=99=C3=AD Sl=C3=A9=C5=BEka" <jiri.slezka(a)slu.cz>,
"Alon Bar=
-Lev" <abarlev(a)redhat.com>
>> Cc: users(a)ovirt.org
>> Sent: Friday, June 20, 2014 1:12:58 AM
>> Subject: Re: [ovirt-users] host upgrade from ovirt manager and custom=
>> iptables rules
>>
>>
>>
>> ----- Original Message -----
>>> From: "Ji=C5=99=C3=AD Sl=C3=A9=C5=BEka" <jiri.slezka(a)slu.cz>
>>> To: "Moti Asayag" <masayag(a)redhat.com>
>>> Cc: users(a)ovirt.org
>>> Sent: Thursday, June 19, 2014 3:25:49 PM
>>> Subject: Re: [ovirt-users] host upgrade from ovirt manager and custo=
m
>>> iptables rules
>>>
>>>> ----- Original Message -----
>>>>> From: "Ji=C5=99=C3=AD Sl=C3=A9=C5=BEka"
<jiri.slezka(a)slu.cz>
>>>>> To: users(a)ovirt.org
>>>>> Sent: Wednesday, June 18, 2014 8:12:09 PM
>>>>> Subject: [ovirt-users] host upgrade from ovirt manager and custom
>>>>> iptables
>>>>> rules
>>>>>
>>>>> Hello all,
>>>>>
>>>>> is there any way to make custom iptables rules persistent during h=
ost
>>>>> upgrade? I have for example zabbix agents
installed on all hosts a=
nd
>>>>> thus iptables rule allowing connections from our
zabbix server. Sa=
dly
>>>>> I
>>>>> have to manually restore iptables backup after host upgrade (initi=
ated
>>>>> from oVirt manager).
>>>>>
>>>>
>>>> This should be achievable by defining the iptables rules you wish t=
o
>>>> use
>>>> when [re]installing using the engine-config tool:
>>>
>>> thanks a lot for reply
>>>
>>>> 1. Check the existing iptables rules:
>>>> sudo engine-config -g IPTablesConfig
>>>
>>> this displays whole iptables template. Interesting thing is that the=
re
>>> is a variable @CUSTOM_RULES@. Maybe custom rules could be
defined th=
is
>>> way?
>>>
>>
>> Adding Alon to reply on @CUSTOM_RULES@
>
> These are to be replaced with gluster specific or virt specific or bot=
h, see
> IPTablesConfigForVirt, IPTablesConfigForGluster.
>
> I must note that there is no real support for manual modification of t=
he
> iptables rules, as once you change it, you do not enjoy future
product=
> updates, such as upcoming kdump fence listener daemon.
>
> However, moti, we can add another vdc config for user defined rules, i=
t
> should be sufficient in most cases.
Sounds reasonable.
Jiri, would you like to open RFE for it ?
Of course, Bug 1111513 - [RFE] custom iptables rules
Thanks!
Jiri
>
>>
>>>>
>>>> 2. Define the desired iptables:
>>>> sudo engine-config -s IPTablesConfig=3D"Your rules"
>>>
>>> I entered...
>>>
>>> engine-config -s IPTablesConfig=3D"-A INPUT -p tcp -m state --state =
NEW -m
>>> tcp -s xx.xx.xx.xx --dport 10050 -j ACCEPT"
>>>
>>> ...and it looks like this overwrite entire IPTablesConfig template..=
=2E
>>>
>>>> 3. Verify the changes
>>>> sudo engine-config -g IPTablesConfig
>>>
>>> ...because this displays only just my one line above.
>>>
>>> I have copy of default template but I have no idea how to set this
>>> variable with multi line text. I tried inserting \n but it is not
>>> converted to newlines. Any ideas?
>>
>> to me i worked by pasting the file content in the command line:
>> engine-config -s IPTablesConfig=3D" <paste multi-line content>"
>>
>>>
>>> Btw. these variables are stored in database?
>>
>> Yes, in vdc_options table:
>>
>> select * from vdc_options where option_name =3D 'IPTablesConfig';
>>
>>>
>>>
>>> Thanks in advance,
>>>
>>> Jiri
>>>
>>>
>>>
>>>>
>>>> 4. Restart the engine for changes to take effect
>>>>
>>>> 5. Reinstall the host and verify the iptables rule.
>>>>
>>>>> And another question I have always wanted to ask... It looks like =
host
>>>>> upgrade is upgrading just vdsm components and no
others virtualiza=
tion
>>>>> stuff
>>>>>
>>>>> this was updatet after clicking to "host upgrade"
>>>>>
>>>>> Jun 18 18:21:38 Updated: iproute-2.6.32-32.el6_5.x86_64
>>>>> Jun 18 18:21:59 Installed:
>>>>> vdsm-python-zombiereaper-4.14.7-3.el6ev.noarch
>>>>> Jun 18 18:21:59 Updated: vdsm-python-4.14.7-3.el6ev.x86_64
>>>>> Jun 18 18:21:59 Updated: vdsm-xmlrpc-4.14.7-3.el6ev.noarch
>>>>> Jun 18 18:21:59 Updated: vdsm-cli-4.14.7-3.el6ev.noarch
>>>>> Jun 18 18:22:26 Updated: vdsm-4.14.7-3.el6ev.x86_64
>>>>> Jun 18 18:22:27 Updated:
>>>>> 2:qemu-kvm-rhev-tools-0.12.1.2-2.415.el6_5.10.x86_64
>>>>>
>>>>> and after that I run yum update and updated this components (hones=
tly
>>>>> this one was rhev host but ovirt behave the
same)
>>>>>
>>>>> Jun 18 18:26:59 Updated: selinux-policy-3.7.19-231.el6_5.3.noarch
>>>>> Jun 18 18:27:03 Updated: tzdata-2014d-1.el6.noarch
>>>>> Jun 18 18:27:10 Updated: glibc-2.12-1.132.el6_5.2.x86_64
>>>>> Jun 18 18:27:22 Updated: glibc-common-2.12-1.132.el6_5.2.x86_64
>>>>> Jun 18 18:27:22 Updated: audit-libs-2.2-4.el6_5.x86_64
>>>>> Jun 18 18:27:22 Updated: libxml2-2.7.6-14.el6_5.1.x86_64
>>>>> Jun 18 18:27:22 Updated: libcurl-7.19.7-37.el6_5.3.x86_64
>>>>> Jun 18 18:27:23 Updated:
>>>>> 2:qemu-img-rhev-0.12.1.2-2.415.el6_5.10.x86_64
>>>>> Jun 18 18:27:23 Updated: libtasn1-2.3-6.el6_5.x86_64
>>>>> Jun 18 18:27:23 Updated: gnutls-2.8.5-14.el6_5.x86_64
>>>>> Jun 18 18:27:25 Updated: openssl-1.0.1e-16.el6_5.14.x86_64
>>>>> Jun 18 18:27:25 Updated: spice-server-0.12.4-6.el6_5.2.x86_64
>>>>> Jun 18 18:27:25 Updated: gnutls-utils-2.8.5-14.el6_5.x86_64
>>>>> Jun 18 18:27:25 Updated: pm-utils-1.2.5-10.el6_5.1.x86_64
>>>>> Jun 18 18:27:28 Updated: libvirt-client-0.10.2-29.el6_5.9.x86_64
>>>>> Jun 18 18:27:30 Updated: libvirt-0.10.2-29.el6_5.9.x86_64
>>>>> Jun 18 18:27:30 Updated: libvirt-python-0.10.2-29.el6_5.9.x86_64
>>>>> Jun 18 18:27:30 Updated: mom-0.4.0-1.el6ev.noarch
>>>>> Jun 18 18:27:30 Updated: libvirt-lock-sanlock-0.10.2-29.el6_5.9.x8=
6_64
>>>>> Jun 18 18:27:32 Updated:
>>>>> 2:qemu-kvm-rhev-0.12.1.2-2.415.el6_5.10.x86_64
>>>>> Jun 18 18:27:32 Updated: python-rhsm-1.9.7-1.el6_5.x86_64
>>>>> Jun 18 18:27:32 Updated: curl-7.19.7-37.el6_5.3.x86_64
>>>>> Jun 18 18:27:33 Updated: libxml2-python-2.7.6-14.el6_5.1.x86_64
>>>>> Jun 18 18:27:33 Updated: audit-libs-python-2.2-4.el6_5.x86_64
>>>>> Jun 18 18:27:33 Updated: audit-2.2-4.el6_5.x86_64
>>>>> Jun 18 18:27:33 Updated: mdadm-3.2.6-7.el6_5.2.x86_64
>>>>> Jun 18 18:27:33 Updated: python-cpopen-1.3-2.el6_5.x86_64
>>>>> Jun 18 18:28:30 Updated:
>>>>> selinux-policy-targeted-3.7.19-231.el6_5.3.noarch
>>>>> Jun 18 18:28:30 Updated: python-pthreading-0.1.3-1.el6ev.noarch
>>>>>
>>>>>
>>>>> I believe qemu-img-rhev, spice-server, libvirt, mom,... are import=
ant
>>>>> components too. Should not be upgraded as well?
>>>>>
>>>>>
>>>>> Thanks for clarification,
>>>>>
>>>>> Jiri
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Users mailing list
>>>>> Users(a)ovirt.org
>>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>>>
>>>
>>>
>> _______________________________________________
>> Users mailing list
>> Users(a)ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>
--------------090604040009000802020806
Content-Type: text/x-vcard; charset=utf-8;
name="jiri_slezka.vcf"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="jiri_slezka.vcf"
YmVnaW46dmNhcmQNCmZuO3F1b3RlZC1wcmludGFibGU6SW5nLiBKaT1DNT05OT1DMz1BRCBT
bD1DMz1BOT1DNT1CRWthDQpuO3F1b3RlZC1wcmludGFibGU7cXVvdGVkLXByaW50YWJsZTpT
bD1DMz1BOT1DNT1CRWthO0ppPUM1PTk5PUMzPUFEDQpvcmc7cXVvdGVkLXByaW50YWJsZTtx
dW90ZWQtcHJpbnRhYmxlOlNsZXpzaz1DMz1BMSB1bml2ZXJ6aXRhIHYgT3Bhdj1DND05QjtD
ZW50cnVtIGluZm9ybWE9QzQ9OERuPUMzPUFEY2ggdGVjaG5vbG9naT1DMz1BRA0KYWRyO3F1
b3RlZC1wcmludGFibGU7cXVvdGVkLXByaW50YWJsZTpOYSBSeWJuPUMzPUFEPUM0PThEa3Ug
MTs7Q0lULCBTbGV6c2s9QzM9QTEgdW5pdmVyeml0YSB2IE9wYXY9QzQ9OUI7T3BhdmE7Ozc0
NjAxO0N6ZWNoIFJlcHVibGljDQplbWFpbDtpbnRlcm5ldDpqaXJpLnNsZXprYUBzbHUuY3oN
CnRpdGxlO3F1b3RlZC1wcmludGFibGU6U3ByPUMzPUExdmNlIHM9QzM9QUR0PUM0PTlCIGEg
YXBsaWthYz1DMz1BRA0KdGVsO3dvcms6KzQyMCA1NTMgNjg0IDY5Ng0KeC1tb3ppbGxhLWh0
bWw6RkFMU0UNCnVybDpodHRwOi8vd3d3LnNsdS5jeg0KdmVyc2lvbjoyLjENCmVuZDp2Y2Fy
ZA0KDQo=
--------------090604040009000802020806--
--------------ms080602070905010903070203
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: Elektronicky podpis S/MIME
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJZjCC
BJswggODoAMCAQICEFVyFjoambpWOjuqgDsl/VswDQYJKoZIhvcNAQEFBQAwOzELMAkGA1UE
BhMCTkwxDzANBgNVBAoTBlRFUkVOQTEbMBkGA1UEAxMSVEVSRU5BIFBlcnNvbmFsIENBMB4X
DTEyMTEyNzAwMDAwMFoXDTE0MTEyNzIzNTk1OVowZTELMAkGA1UEBhMCQ1oxJTAjBgNVBAoM
HFNsZXpza8OhIHVuaXZlcnppdGEgdiBPcGF2xJsxGDAWBgNVBAMMD0ppxZnDrSBTbMOpxb5r
YTEVMBMGCSqGSIb3DQEJAhYGc2xlemthMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtbqepY7nJ2kyAZxv/HS4tUEyXDh2ovWpQEI3triEqomfGE0aOqkHB0j/z2Oq0IeC+U91
TIpAoTPP+7fYR5rpcTfWPOW745RW4rJ6lj57Y+ZSqY0ID9vHe2nBxSnY2mWGIg///MWSbWrX
Pbsxoemn6rb5ZP/1W9oPbkdTI3omEsdX2JlLbjYG3tcwxMvvQUMz3XEXMPz/Vi4SsG+1N49X
C+Qw/KI9tYoUqVDZPTQhS4S/zu/ediv2ZH7MwIWo23lhkFU83fDtrpgwsrjIgfHNqIhak0Ly
EuiQlxQGrvBplO29S1odQlJBIOpNQU99DElbtNRb1O3LFAUw4dTjMe7ObwIDAQABo4IBbzCC
AWswHwYDVR0jBBgwFoAUY01DWhlIP8RGwQK6v+4O5YK3ZqYwHQYDVR0OBBYEFGLVBIcIvL2c
hB6HdEbdqflwgrTTMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQG
CCsGAQUFBwMEBggrBgEFBQcDAjAYBgNVHSAEETAPMA0GCysGAQQBsjEBAgIdMD8GA1UdHwQ4
MDYwNKAyoDCGLmh0dHA6Ly9jcmwudGNzLnRlcmVuYS5vcmcvVEVSRU5BUGVyc29uYWxDQS5j
cmwwcgYIKwYBBQUHAQEEZjBkMDoGCCsGAQUFBzAChi5odHRwOi8vY3J0LnRjcy50ZXJlbmEu
b3JnL1RFUkVOQVBlcnNvbmFsQ0EuY3J0MCYGCCsGAQUFBzABhhpodHRwOi8vb2NzcC50Y3Mu
dGVyZW5hLm9yZzAdBgNVHREEFjAUgRJqaXJpLnNsZXprYUBzbHUuY3owDQYJKoZIhvcNAQEF
BQADggEBAAXIoOnvYifhjAyW1oALfQSl8UemLGYSXiOsoosWx/2yG2/WlULU1lyqOkqztden
dQdt5JZ1Y91HFWRmGGyq+a5kZseYRcpRxEKhJtLngrA24arcvouC/1Wev0RO4d0CKQa/wuC5
yfXIqhn60XJh51mHtbZ4k0jY+U/eNhTWns2Q0NZbR+u3SMrQRa31Df0wmMJvnZkd7cqKF3ur
543ojxAlIVDEUanWPndyljm4ZlAUxmwfmYTd0fRbCl+pDNG+gJnXQO6uvt/yoKNxAaBBFwh0
zmj8k6dCrcpeOKXw+T2mqjSO+6SQBQugGeOSxZA8gZ7rUtf6oNnIZwfxyqoHTVQwggTDMIID
q6ADAgECAhBz/lf637jFCIF7Zrlr8C3vMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYDVQQGEwJV
UzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUg
VVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2
MDQGA1UEAxMtVVROLVVTRVJGaXJzdC1DbGllbnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWls
MB4XDTA5MDUxODAwMDAwMFoXDTI4MTIzMTIzNTk1OVowOzELMAkGA1UEBhMCTkwxDzANBgNV
BAoTBlRFUkVOQTEbMBkGA1UEAxMSVEVSRU5BIFBlcnNvbmFsIENBMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAyBXZ9TNqI6GQDc+7BUTDqx9KNYUaIYWgT/jwQOJKQ5v+W7Gw
v7RX3HWAQUtkGvbbT2+P0CVFNfnqy0r6+9rT7UWIEZQ25MyoDe/FPTftFnvjwpWeWDN/Ivv4
/+zmvtuuCmUlIofab4SLRuhAhig/v1YI4krpg6LpIvst+rYoH5HBw3H7U8ArTqQMoW6dVe3s
4SSHOgjiDRzkxE3Qyyf6hGTm0ZedViRbk7spLkPiQWo94kpl/JpfWoaHvIfHeYCWmVHGkA9k
kZl9EN2sLAMq4Xhk/s49TvQrUBFL0VjUmwPwf/U7U7BTQ/vFL8QEKRo6rNdV6dEOldE7MX94
T64pLQIDAQABo4IBTTCCAUkwHwYDVR0jBBgwFoAUiYJnfcSdJnAAS7RQSHzePa4Ebn0wHQYD
VR0OBBYEFGNNQ1oZSD/ERsECur/uDuWCt2amMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8E
CDAGAQH/AgEAMBgGA1UdIAQRMA8wDQYLKwYBBAGyMQECAh0wWAYDVR0fBFEwTzBNoEugSYZH
aHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VUTi1VU0VSRmlyc3QtQ2xpZW50QXV0aGVudGlj
YXRpb25hbmRFbWFpbC5jcmwwbwYIKwYBBQUHAQEEYzBhMDgGCCsGAQUFBzAChixodHRwOi8v
Y3J0LnVzZXJ0cnVzdC5jb20vVVROQUFBQ2xpZW50X0NBLmNydDAlBggrBgEFBQcwAYYZaHR0
cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQUFAAOCAQEABiupUy8T3Fw5FsyG
n15Me3L77I1Vil6aCv9TTHb0Bj1Qz1fwos+vmYyq/qAZdj6ZAzL6dYM4irtrmqUME7LUG3bm
lC5nmFnjkWwCkJqcyGBLVavKiFqNK+VplQMH0dQO/CQiLlmxY6Rf7dkjcuSczjpcbB9PqQDJ
Hf76f0Utti6E3Q8noFkYTtV2JUX0mSZ522+fI/dDuysPBKOBJiy3ezX5PXdfQCHmfx2lllq9
0MsWOmy7YYuK/QQ5RArLLOHLzi4QmBrb4JPtSWRkCCCft6NQ8KLdyrTGfAw9514V3CeG5Do7
UloXq6kGUyudCXNkHAHD/TDShwNv5BUDejlfaDGCAwcwggMDAgEBME8wOzELMAkGA1UEBhMC
TkwxDzANBgNVBAoTBlRFUkVOQTEbMBkGA1UEAxMSVEVSRU5BIFBlcnNvbmFsIENBAhBVchY6
Gpm6Vjo7qoA7Jf1bMAkGBSsOAwIaBQCgggGNMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEw
HAYJKoZIhvcNAQkFMQ8XDTE0MDYyMDA4MzczOVowIwYJKoZIhvcNAQkEMRYEFHaFaOUiDtzG
wCCELOIOhEMwPzW+MF4GCSsGAQQBgjcQBDFRME8wOzELMAkGA1UEBhMCTkwxDzANBgNVBAoT
BlRFUkVOQTEbMBkGA1UEAxMSVEVSRU5BIFBlcnNvbmFsIENBAhBVchY6Gpm6Vjo7qoA7Jf1b
MGAGCyqGSIb3DQEJEAILMVGgTzA7MQswCQYDVQQGEwJOTDEPMA0GA1UEChMGVEVSRU5BMRsw
GQYDVQQDExJURVJFTkEgUGVyc29uYWwgQ0ECEFVyFjoambpWOjuqgDsl/VswbAYJKoZIhvcN
AQkPMV8wXTALBglghkgBZQMEASowCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3
DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG
9w0BAQEFAASCAQAjhaFoJ9nlN8V0+zRhP0bGcD77atvLtyVc8LQvF8uRBG4QISY1MscpChxS
IZr3qMi+d1UxLRI4s5npX8MsKesRGHOVNXpAinvhSXt+rMRD+W6wbdNAsziwrIxk7KChXF0w
/98DiJ/UhXrmLiL/3t+m9ICgJSwnCRc4/gBJLVByj6NzTSwhW8X3PCg3ujIPiWO+bTLrg77t
TBx9ObeWXuuEdcIRL2Xdmq0NLTKCeWBANC0g+Q2jMGuowGOxBRPbrCBHLoxGHN1lEgQ+pPzX
UGdysx82vGv2OzDIPnlhPF+wf68N+5Nep9b1Tc02gRlhQlbvdfqda08NIaPgDPhWUcKSAAAA
AAAA
--------------ms080602070905010903070203--
4:07 p.m.
This is a cryptographically signed message in MIME format.
--------------ms080509090309000609000409
Content-Type: multipart/mixed;
boundary="------------030901000407030108020606"
This is a multi-part message in MIME format.
--------------030901000407030108020606
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable
Dne 20.6.2014 0:19, Alon Bar-Lev napsal(a):
----- Original Message -----
> From: "Moti Asayag" <masayag(a)redhat.com> To: "Ji=C5=99=C3=AD
Sl=C3=A9=C5=
=BEka"
> <jiri.slezka(a)slu.cz>, "Alon Bar-Lev"
<abarlev(a)redhat.com> Cc:
> users(a)ovirt.org Sent: Friday, June 20, 2014 1:12:58 AM Subject: Re:
> [ovirt-users] host upgrade from ovirt manager and custom iptables
> rules
>
>
>
> ----- Original Message -----
>> From: "Ji=C5=99=C3=AD Sl=C3=A9=C5=BEka" <jiri.slezka(a)slu.cz> To:
"Mot=
i Asayag"
>> <masayag(a)redhat.com> Cc: users(a)ovirt.org Sent:
Thursday, June 19,
>> 2014 3:25:49 PM Subject: Re: [ovirt-users] host upgrade from
>> ovirt manager and custom iptables rules
>>
>>> ----- Original Message -----
>>>> From: "Ji=C5=99=C3=AD Sl=C3=A9=C5=BEka"
<jiri.slezka(a)slu.cz> To: us=
ers(a)ovirt.org
>>>> Sent: Wednesday, June 18, 2014 8:12:09 PM Subject:
>>>> [ovirt-users] host upgrade from ovirt manager and custom
>>>> iptables rules
>>>>
>>>> Hello all,
>>>>
>>>> is there any way to make custom iptables rules persistent
>>>> during host upgrade? I have for example zabbix agents
>>>> installed on all hosts and thus iptables rule allowing
>>>> connections from our zabbix server. Sadly I have to manually
>>>> restore iptables backup after host upgrade (initiated from
>>>> oVirt manager).
>>>>
>>>
>>> This should be achievable by defining the iptables rules you
>>> wish to use when [re]installing using the engine-config tool:
>>
>> thanks a lot for reply
>>
>>> 1. Check the existing iptables rules: sudo engine-config -g
>>> IPTablesConfig
>>
>> this displays whole iptables template. Interesting thing is that
>> there is a variable @CUSTOM_RULES@. Maybe custom rules could be
>> defined this way?
>>
>
> Adding Alon to reply on @CUSTOM_RULES@
These are to be replaced with gluster specific or virt specific or
both, see IPTablesConfigForVirt, IPTablesConfigForGluster.
I didn't find this variables in engine-config -a (oVirt 3.4.2-1.el6) but =
never mind
I must note that there is no real support for manual modification of
the iptables rules, as once you change it, you do not enjoy future
product updates, such as upcoming kdump fence listener daemon.
However, moti, we can add another vdc config for user defined rules,
it should be sufficient in most cases.
>
>>>
>>> 2. Define the desired iptables: sudo engine-config -s
>>> IPTablesConfig=3D"Your rules"
>>
>> I entered...
>>
>> engine-config -s IPTablesConfig=3D"-A INPUT -p tcp -m state --state
>> NEW -m tcp -s xx.xx.xx.xx --dport 10050 -j ACCEPT"
>>
>> ...and it looks like this overwrite entire IPTablesConfig
>> template...
>>
>>> 3. Verify the changes sudo engine-config -g IPTablesConfig
>>
>> ...because this displays only just my one line above.
>>
>> I have copy of default template but I have no idea how to set
>> this variable with multi line text. I tried inserting \n but it
>> is not converted to newlines. Any ideas?
>
> to me i worked by pasting the file content in the command line:
> engine-config -s IPTablesConfig=3D" <paste multi-line content>"
this didn't work for me but this workaround did :-)
IPRULES=3D$( cat /root/archive/iptables_default.txt )
engine-config -s IPTablesConfig=3D"$IPRULES"
also ovirt-engine has to be restarted to changes take effect
btw. before I created iptables_default.txt with added custom line=20
(before @CUSTOM_RULES@)
=2E..
# zabbix
-A INPUT -p tcp -m state --state NEW -m tcp -s 193.84.206.99 --dport=20
10050 -j ACCEPT
@CUSTOM_RULES@
=2E..
now host's iptables are populated with this modified template upon=20
upgrade. Agree, this is just ugly workaround. I am looking forward to=20
version 3.6 as mentioned in this RFE=20
https://bugzilla.redhat.com/show_bug.cgi?id=3D1111513
Thanks once more!
Jiri
>
>>
>> Btw. these variables are stored in database?
>
> Yes, in vdc_options table:
>
> select * from vdc_options where option_name =3D 'IPTablesConfig';
>
>>
>>
>> Thanks in advance,
>>
>> Jiri
>>
>>
>>
>>>
>>> 4. Restart the engine for changes to take effect
>>>
>>> 5. Reinstall the host and verify the iptables rule.
>>>
>>>> And another question I have always wanted to ask... It looks
>>>> like host upgrade is upgrading just vdsm components and no
>>>> others virtualization stuff
>>>>
>>>> this was updatet after clicking to "host upgrade"
>>>>
>>>> Jun 18 18:21:38 Updated: iproute-2.6.32-32.el6_5.x86_64 Jun
>>>> 18 18:21:59 Installed:
>>>> vdsm-python-zombiereaper-4.14.7-3.el6ev.noarch Jun 18
>>>> 18:21:59 Updated: vdsm-python-4.14.7-3.el6ev.x86_64 Jun 18
>>>> 18:21:59 Updated: vdsm-xmlrpc-4.14.7-3.el6ev.noarch Jun 18
>>>> 18:21:59 Updated: vdsm-cli-4.14.7-3.el6ev.noarch Jun 18
>>>> 18:22:26 Updated: vdsm-4.14.7-3.el6ev.x86_64 Jun 18 18:22:27
>>>> Updated:
>>>> 2:qemu-kvm-rhev-tools-0.12.1.2-2.415.el6_5.10.x86_64
>>>>
>>>> and after that I run yum update and updated this components
>>>> (honestly this one was rhev host but ovirt behave the same)
>>>>
>>>> Jun 18 18:26:59 Updated:
>>>> selinux-policy-3.7.19-231.el6_5.3.noarch Jun 18 18:27:03
>>>> Updated: tzdata-2014d-1.el6.noarch Jun 18 18:27:10 Updated:
>>>> glibc-2.12-1.132.el6_5.2.x86_64 Jun 18 18:27:22 Updated:
>>>> glibc-common-2.12-1.132.el6_5.2.x86_64 Jun 18 18:27:22
>>>> Updated: audit-libs-2.2-4.el6_5.x86_64 Jun 18 18:27:22
>>>> Updated: libxml2-2.7.6-14.el6_5.1.x86_64 Jun 18 18:27:22
>>>> Updated: libcurl-7.19.7-37.el6_5.3.x86_64 Jun 18 18:27:23
>>>> Updated: 2:qemu-img-rhev-0.12.1.2-2.415.el6_5.10.x86_64 Jun
>>>> 18 18:27:23 Updated: libtasn1-2.3-6.el6_5.x86_64 Jun 18
>>>> 18:27:23 Updated: gnutls-2.8.5-14.el6_5.x86_64 Jun 18
>>>> 18:27:25 Updated: openssl-1.0.1e-16.el6_5.14.x86_64 Jun 18
>>>> 18:27:25 Updated: spice-server-0.12.4-6.el6_5.2.x86_64 Jun 18
>>>> 18:27:25 Updated: gnutls-utils-2.8.5-14.el6_5.x86_64 Jun 18
>>>> 18:27:25 Updated: pm-utils-1.2.5-10.el6_5.1.x86_64 Jun 18
>>>> 18:27:28 Updated: libvirt-client-0.10.2-29.el6_5.9.x86_64 Jun
>>>> 18 18:27:30 Updated: libvirt-0.10.2-29.el6_5.9.x86_64 Jun 18
>>>> 18:27:30 Updated: libvirt-python-0.10.2-29.el6_5.9.x86_64 Jun
>>>> 18 18:27:30 Updated: mom-0.4.0-1.el6ev.noarch Jun 18 18:27:30
>>>> Updated: libvirt-lock-sanlock-0.10.2-29.el6_5.9.x86_64 Jun 18
>>>> 18:27:32 Updated:
>>>> 2:qemu-kvm-rhev-0.12.1.2-2.415.el6_5.10.x86_64 Jun 18
>>>> 18:27:32 Updated: python-rhsm-1.9.7-1.el6_5.x86_64 Jun 18
>>>> 18:27:32 Updated: curl-7.19.7-37.el6_5.3.x86_64 Jun 18
>>>> 18:27:33 Updated: libxml2-python-2.7.6-14.el6_5.1.x86_64 Jun
>>>> 18 18:27:33 Updated: audit-libs-python-2.2-4.el6_5.x86_64 Jun
>>>> 18 18:27:33 Updated: audit-2.2-4.el6_5.x86_64 Jun 18 18:27:33
>>>> Updated: mdadm-3.2.6-7.el6_5.2.x86_64 Jun 18 18:27:33
>>>> Updated: python-cpopen-1.3-2.el6_5.x86_64 Jun 18 18:28:30
>>>> Updated: selinux-policy-targeted-3.7.19-231.el6_5.3.noarch
>>>> Jun 18 18:28:30 Updated:
>>>> python-pthreading-0.1.3-1.el6ev.noarch
>>>>
>>>>
>>>> I believe qemu-img-rhev, spice-server, libvirt, mom,... are
>>>> important components too. Should not be upgraded as well?
>>>>
>>>>
>>>> Thanks for clarification,
>>>>
>>>> Jiri
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________ Users mailing
>>>> list Users(a)ovirt.org
>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>>
>>
>>
> _______________________________________________ Users mailing list
> Users(a)ovirt.org http://lists.ovirt.org/mailman/listinfo/users
>
--------------030901000407030108020606
Content-Type: text/x-vcard; charset=utf-8;
name="jiri_slezka.vcf"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="jiri_slezka.vcf"
YmVnaW46dmNhcmQNCmZuO3F1b3RlZC1wcmludGFibGU6SW5nLiBKaT1DNT05OT1DMz1BRCBT
bD1DMz1BOT1DNT1CRWthDQpuO3F1b3RlZC1wcmludGFibGU7cXVvdGVkLXByaW50YWJsZTpT
bD1DMz1BOT1DNT1CRWthO0ppPUM1PTk5PUMzPUFEDQpvcmc7cXVvdGVkLXByaW50YWJsZTtx
dW90ZWQtcHJpbnRhYmxlOlNsZXpzaz1DMz1BMSB1bml2ZXJ6aXRhIHYgT3Bhdj1DND05QjtD
ZW50cnVtIGluZm9ybWE9QzQ9OERuPUMzPUFEY2ggdGVjaG5vbG9naT1DMz1BRA0KYWRyO3F1
b3RlZC1wcmludGFibGU7cXVvdGVkLXByaW50YWJsZTpOYSBSeWJuPUMzPUFEPUM0PThEa3Ug
MTs7Q0lULCBTbGV6c2s9QzM9QTEgdW5pdmVyeml0YSB2IE9wYXY9QzQ9OUI7T3BhdmE7Ozc0
NjAxO0N6ZWNoIFJlcHVibGljDQplbWFpbDtpbnRlcm5ldDpqaXJpLnNsZXprYUBzbHUuY3oN
CnRpdGxlO3F1b3RlZC1wcmludGFibGU6U3ByPUMzPUExdmNlIHM9QzM9QUR0PUM0PTlCIGEg
YXBsaWthYz1DMz1BRA0KdGVsO3dvcms6KzQyMCA1NTMgNjg0IDY5Ng0KeC1tb3ppbGxhLWh0
bWw6RkFMU0UNCnVybDpodHRwOi8vd3d3LnNsdS5jeg0KdmVyc2lvbjoyLjENCmVuZDp2Y2Fy
ZA0KDQo=
--------------030901000407030108020606--
--------------ms080509090309000609000409
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: Elektronicky podpis S/MIME
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJZjCC
BJswggODoAMCAQICEFVyFjoambpWOjuqgDsl/VswDQYJKoZIhvcNAQEFBQAwOzELMAkGA1UE
BhMCTkwxDzANBgNVBAoTBlRFUkVOQTEbMBkGA1UEAxMSVEVSRU5BIFBlcnNvbmFsIENBMB4X
DTEyMTEyNzAwMDAwMFoXDTE0MTEyNzIzNTk1OVowZTELMAkGA1UEBhMCQ1oxJTAjBgNVBAoM
HFNsZXpza8OhIHVuaXZlcnppdGEgdiBPcGF2xJsxGDAWBgNVBAMMD0ppxZnDrSBTbMOpxb5r
YTEVMBMGCSqGSIb3DQEJAhYGc2xlemthMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtbqepY7nJ2kyAZxv/HS4tUEyXDh2ovWpQEI3triEqomfGE0aOqkHB0j/z2Oq0IeC+U91
TIpAoTPP+7fYR5rpcTfWPOW745RW4rJ6lj57Y+ZSqY0ID9vHe2nBxSnY2mWGIg///MWSbWrX
Pbsxoemn6rb5ZP/1W9oPbkdTI3omEsdX2JlLbjYG3tcwxMvvQUMz3XEXMPz/Vi4SsG+1N49X
C+Qw/KI9tYoUqVDZPTQhS4S/zu/ediv2ZH7MwIWo23lhkFU83fDtrpgwsrjIgfHNqIhak0Ly
EuiQlxQGrvBplO29S1odQlJBIOpNQU99DElbtNRb1O3LFAUw4dTjMe7ObwIDAQABo4IBbzCC
AWswHwYDVR0jBBgwFoAUY01DWhlIP8RGwQK6v+4O5YK3ZqYwHQYDVR0OBBYEFGLVBIcIvL2c
hB6HdEbdqflwgrTTMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQG
CCsGAQUFBwMEBggrBgEFBQcDAjAYBgNVHSAEETAPMA0GCysGAQQBsjEBAgIdMD8GA1UdHwQ4
MDYwNKAyoDCGLmh0dHA6Ly9jcmwudGNzLnRlcmVuYS5vcmcvVEVSRU5BUGVyc29uYWxDQS5j
cmwwcgYIKwYBBQUHAQEEZjBkMDoGCCsGAQUFBzAChi5odHRwOi8vY3J0LnRjcy50ZXJlbmEu
b3JnL1RFUkVOQVBlcnNvbmFsQ0EuY3J0MCYGCCsGAQUFBzABhhpodHRwOi8vb2NzcC50Y3Mu
dGVyZW5hLm9yZzAdBgNVHREEFjAUgRJqaXJpLnNsZXprYUBzbHUuY3owDQYJKoZIhvcNAQEF
BQADggEBAAXIoOnvYifhjAyW1oALfQSl8UemLGYSXiOsoosWx/2yG2/WlULU1lyqOkqztden
dQdt5JZ1Y91HFWRmGGyq+a5kZseYRcpRxEKhJtLngrA24arcvouC/1Wev0RO4d0CKQa/wuC5
yfXIqhn60XJh51mHtbZ4k0jY+U/eNhTWns2Q0NZbR+u3SMrQRa31Df0wmMJvnZkd7cqKF3ur
543ojxAlIVDEUanWPndyljm4ZlAUxmwfmYTd0fRbCl+pDNG+gJnXQO6uvt/yoKNxAaBBFwh0
zmj8k6dCrcpeOKXw+T2mqjSO+6SQBQugGeOSxZA8gZ7rUtf6oNnIZwfxyqoHTVQwggTDMIID
q6ADAgECAhBz/lf637jFCIF7Zrlr8C3vMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYDVQQGEwJV
UzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUg
VVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2
MDQGA1UEAxMtVVROLVVTRVJGaXJzdC1DbGllbnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWls
MB4XDTA5MDUxODAwMDAwMFoXDTI4MTIzMTIzNTk1OVowOzELMAkGA1UEBhMCTkwxDzANBgNV
BAoTBlRFUkVOQTEbMBkGA1UEAxMSVEVSRU5BIFBlcnNvbmFsIENBMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAyBXZ9TNqI6GQDc+7BUTDqx9KNYUaIYWgT/jwQOJKQ5v+W7Gw
v7RX3HWAQUtkGvbbT2+P0CVFNfnqy0r6+9rT7UWIEZQ25MyoDe/FPTftFnvjwpWeWDN/Ivv4
/+zmvtuuCmUlIofab4SLRuhAhig/v1YI4krpg6LpIvst+rYoH5HBw3H7U8ArTqQMoW6dVe3s
4SSHOgjiDRzkxE3Qyyf6hGTm0ZedViRbk7spLkPiQWo94kpl/JpfWoaHvIfHeYCWmVHGkA9k
kZl9EN2sLAMq4Xhk/s49TvQrUBFL0VjUmwPwf/U7U7BTQ/vFL8QEKRo6rNdV6dEOldE7MX94
T64pLQIDAQABo4IBTTCCAUkwHwYDVR0jBBgwFoAUiYJnfcSdJnAAS7RQSHzePa4Ebn0wHQYD
VR0OBBYEFGNNQ1oZSD/ERsECur/uDuWCt2amMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8E
CDAGAQH/AgEAMBgGA1UdIAQRMA8wDQYLKwYBBAGyMQECAh0wWAYDVR0fBFEwTzBNoEugSYZH
aHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VUTi1VU0VSRmlyc3QtQ2xpZW50QXV0aGVudGlj
YXRpb25hbmRFbWFpbC5jcmwwbwYIKwYBBQUHAQEEYzBhMDgGCCsGAQUFBzAChixodHRwOi8v
Y3J0LnVzZXJ0cnVzdC5jb20vVVROQUFBQ2xpZW50X0NBLmNydDAlBggrBgEFBQcwAYYZaHR0
cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQUFAAOCAQEABiupUy8T3Fw5FsyG
n15Me3L77I1Vil6aCv9TTHb0Bj1Qz1fwos+vmYyq/qAZdj6ZAzL6dYM4irtrmqUME7LUG3bm
lC5nmFnjkWwCkJqcyGBLVavKiFqNK+VplQMH0dQO/CQiLlmxY6Rf7dkjcuSczjpcbB9PqQDJ
Hf76f0Utti6E3Q8noFkYTtV2JUX0mSZ522+fI/dDuysPBKOBJiy3ezX5PXdfQCHmfx2lllq9
0MsWOmy7YYuK/QQ5RArLLOHLzi4QmBrb4JPtSWRkCCCft6NQ8KLdyrTGfAw9514V3CeG5Do7
UloXq6kGUyudCXNkHAHD/TDShwNv5BUDejlfaDGCAwcwggMDAgEBME8wOzELMAkGA1UEBhMC
TkwxDzANBgNVBAoTBlRFUkVOQTEbMBkGA1UEAxMSVEVSRU5BIFBlcnNvbmFsIENBAhBVchY6
Gpm6Vjo7qoA7Jf1bMAkGBSsOAwIaBQCgggGNMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEw
HAYJKoZIhvcNAQkFMQ8XDTE0MDYyMDEzMDcxNVowIwYJKoZIhvcNAQkEMRYEFAalVcG1QdX9
Ba2Zu6+hqXR/Bn8zMF4GCSsGAQQBgjcQBDFRME8wOzELMAkGA1UEBhMCTkwxDzANBgNVBAoT
BlRFUkVOQTEbMBkGA1UEAxMSVEVSRU5BIFBlcnNvbmFsIENBAhBVchY6Gpm6Vjo7qoA7Jf1b
MGAGCyqGSIb3DQEJEAILMVGgTzA7MQswCQYDVQQGEwJOTDEPMA0GA1UEChMGVEVSRU5BMRsw
GQYDVQQDExJURVJFTkEgUGVyc29uYWwgQ0ECEFVyFjoambpWOjuqgDsl/VswbAYJKoZIhvcN
AQkPMV8wXTALBglghkgBZQMEASowCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3
DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG
9w0BAQEFAASCAQA9/PkDHZzqZtNkdu1JeVE4QaYLQcRpXSG33lNfcEzaXckYC85JjYyFY+Rf
T2aBRp/4Z+2YSwplC+mu5Rccg73XKVmHiwV1lx8KLhlbXwpqU9YVgaktFcDWRTI3or+NajRc
GiUIInKwMuHA9CyoiWikMTlfZeXMQItxeobeD8W3tj/H80XumXHRozihbtziFnpuhhywYYcF
Rjwdidg/gcVfCdoTAMqNHn1xV10rFxlV4APVhgquliXccuLAbqj/nqUJ3++4+3kIIQVaD9C2
+4OnqwjkBra14OH1n+1CbCF9uQnep2BKeEYv/N0orYianeJ9bkzW+z0GSqmJQSjedC2kAAAA
AAAA
--------------ms080509090309000609000409--
3808
days inactive
3810
days old
7 comments
3 participants
participants (3)
-
Alon Bar-Lev -
Jiří Sléžka -
Moti Asayag