Minor issue upgrading to 4.2
I upgraded a CentOS 7 oVirt 4.1.7 (initially installed as 3.5 if it matters) test oVirt cluster to 4.2.0, and ran into one minor issue. The update installed firewalld on the host, which was set to start on boot. This replaced the iptables rules with a blank firewalld setup that only allowed SSH, which kept the host from working. Stopping and disabling firewalld, then reloading iptables, got the host back working. In a quick search, I didn't see anything noting that firewalld was now required, and it didn't seem to be configured correctly if oVirt was trying to use it. -- Chris Adams <cma@cmadams.net>
Sounds like https://bugzilla.redhat.com/show_bug.cgi?id=1511013 - can you confirm? Y. On Sat, Dec 23, 2017 at 1:56 AM, Chris Adams <cma@cmadams.net> wrote:
I upgraded a CentOS 7 oVirt 4.1.7 (initially installed as 3.5 if it matters) test oVirt cluster to 4.2.0, and ran into one minor issue. The update installed firewalld on the host, which was set to start on boot. This replaced the iptables rules with a blank firewalld setup that only allowed SSH, which kept the host from working.
Stopping and disabling firewalld, then reloading iptables, got the host back working.
In a quick search, I didn't see anything noting that firewalld was now required, and it didn't seem to be configured correctly if oVirt was trying to use it.
-- Chris Adams <cma@cmadams.net> _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
My cluster shows iptables as the firewall type in the web UI, and firewall_type is 0 in the database. Once upon a time, Yaniv Kaul <ykaul@redhat.com> said:
Sounds like https://bugzilla.redhat.com/show_bug.cgi?id=1511013 - can you confirm? Y.
On Sat, Dec 23, 2017 at 1:56 AM, Chris Adams <cma@cmadams.net> wrote:
I upgraded a CentOS 7 oVirt 4.1.7 (initially installed as 3.5 if it matters) test oVirt cluster to 4.2.0, and ran into one minor issue. The update installed firewalld on the host, which was set to start on boot. This replaced the iptables rules with a blank firewalld setup that only allowed SSH, which kept the host from working.
Stopping and disabling firewalld, then reloading iptables, got the host back working.
In a quick search, I didn't see anything noting that firewalld was now required, and it didn't seem to be configured correctly if oVirt was trying to use it.
-- Chris Adams <cma@cmadams.net> _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- Chris Adams <cma@cmadams.net>
Hi, It seems me too in the same situation, my cluster shows firewall type as iptables, and my firewalld status is on hosts: systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled) Active: inactive (dead) Docs: man:firewalld(1) The problem i hit that one of my VM gets paused second time due storage error. 3 host hyperconverged cluster with glusterfs, oVirt 4.2 Best regards, Misak Khachatryan On Sun, Dec 24, 2017 at 3:26 PM, Yaniv Kaul <ykaul@redhat.com> wrote:
Sounds like https://bugzilla.redhat.com/show_bug.cgi?id=1511013 - can you confirm? Y.
On Sat, Dec 23, 2017 at 1:56 AM, Chris Adams <cma@cmadams.net> wrote:
I upgraded a CentOS 7 oVirt 4.1.7 (initially installed as 3.5 if it matters) test oVirt cluster to 4.2.0, and ran into one minor issue. The update installed firewalld on the host, which was set to start on boot. This replaced the iptables rules with a blank firewalld setup that only allowed SSH, which kept the host from working.
Stopping and disabling firewalld, then reloading iptables, got the host back working.
In a quick search, I didn't see anything noting that firewalld was now required, and it didn't seem to be configured correctly if oVirt was trying to use it.
-- Chris Adams <cma@cmadams.net> _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Once upon a time, Misak Khachatryan <kmisak@gmail.com> said:
It seems me too in the same situation, my cluster shows firewall type as iptables, and my firewalld status is on hosts:
Do you know if you had firewalld installed before upgrading? You should be able to tell by checking your /var/log/yum.log. I suspect that the issue is that oVirt pulls in firewalld, and the firewalld RPM sets itself to run by default, plus it happens to be started after iptables (and so blows away iptables rules). See if this fixes it for you: # systemctl stop firewalld.service # systemctl disable firewalld.service # systemctl restart iptables.service -- Chris Adams <cma@cmadams.net>
Hi, I'm not completely sure, but i think i have firewalld before. Anyway, I changed type to firewalld in cluster and reinstalled all my hosts from engine, as i don't have Host Console either. Best regards, Misak Khachatryan On Mon, Dec 25, 2017 at 6:16 PM, Chris Adams <cma@cmadams.net> wrote:
Once upon a time, Misak Khachatryan <kmisak@gmail.com> said:
It seems me too in the same situation, my cluster shows firewall type as iptables, and my firewalld status is on hosts:
Do you know if you had firewalld installed before upgrading? You should be able to tell by checking your /var/log/yum.log.
I suspect that the issue is that oVirt pulls in firewalld, and the firewalld RPM sets itself to run by default, plus it happens to be started after iptables (and so blows away iptables rules).
See if this fixes it for you:
# systemctl stop firewalld.service # systemctl disable firewalld.service # systemctl restart iptables.service
-- Chris Adams <cma@cmadams.net> _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
participants (3)
-
Chris Adams -
Misak Khachatryan -
Yaniv Kaul