2:56 a.m.
I upgraded a CentOS 7 oVirt 4.1.7 (initially installed as 3.5 if it
matters) test oVirt cluster to 4.2.0, and ran into one minor issue. The
update installed firewalld on the host, which was set to start on boot.
This replaced the iptables rules with a blank firewalld setup that only
allowed SSH, which kept the host from working.
Stopping and disabling firewalld, then reloading iptables, got the host
back working.
In a quick search, I didn't see anything noting that firewalld was now
required, and it didn't seem to be configured correctly if oVirt was
trying to use it.
--
Chris Adams <cma(a)cmadams.net>
2:26 p.m.
Sounds like https://bugzilla.redhat.com/show_bug.cgi?id=1511013 - can you
confirm?
Y.
On Sat, Dec 23, 2017 at 1:56 AM, Chris Adams <cma(a)cmadams.net> wrote:
I upgraded a CentOS 7 oVirt 4.1.7 (initially installed as 3.5 if it
matters) test oVirt cluster to 4.2.0, and ran into one minor issue. The
update installed firewalld on the host, which was set to start on boot.
This replaced the iptables rules with a blank firewalld setup that only
allowed SSH, which kept the host from working.
Stopping and disabling firewalld, then reloading iptables, got the host
back working.
In a quick search, I didn't see anything noting that firewalld was now
required, and it didn't seem to be configured correctly if oVirt was
trying to use it.
--
Chris Adams <cma(a)cmadams.net>
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
7:57 p.m.
My cluster shows iptables as the firewall type in the web UI, and
firewall_type is 0 in the database.
Once upon a time, Yaniv Kaul <ykaul(a)redhat.com> said:
Sounds like https://bugzilla.redhat.com/show_bug.cgi?id=1511013 - can
you
confirm?
Y.
On Sat, Dec 23, 2017 at 1:56 AM, Chris Adams <cma(a)cmadams.net> wrote:
> I upgraded a CentOS 7 oVirt 4.1.7 (initially installed as 3.5 if it
> matters) test oVirt cluster to 4.2.0, and ran into one minor issue. The
> update installed firewalld on the host, which was set to start on boot.
> This replaced the iptables rules with a blank firewalld setup that only
> allowed SSH, which kept the host from working.
>
> Stopping and disabling firewalld, then reloading iptables, got the host
> back working.
>
> In a quick search, I didn't see anything noting that firewalld was now
> required, and it didn't seem to be configured correctly if oVirt was
> trying to use it.
>
> --
> Chris Adams <cma(a)cmadams.net>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
--
Chris Adams <cma(a)cmadams.net>
9:25 a.m.
Hi,
It seems me too in the same situation, my cluster shows firewall type
as iptables, and my firewalld status is on hosts:
systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled;
vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
The problem i hit that one of my VM gets paused second time due storage error.
3 host hyperconverged cluster with glusterfs, oVirt 4.2
Best regards,
Misak Khachatryan
On Sun, Dec 24, 2017 at 3:26 PM, Yaniv Kaul <ykaul(a)redhat.com> wrote:
Sounds like https://bugzilla.redhat.com/show_bug.cgi?id=1511013 - can
you
confirm?
Y.
On Sat, Dec 23, 2017 at 1:56 AM, Chris Adams <cma(a)cmadams.net> wrote:
>
> I upgraded a CentOS 7 oVirt 4.1.7 (initially installed as 3.5 if it
> matters) test oVirt cluster to 4.2.0, and ran into one minor issue. The
> update installed firewalld on the host, which was set to start on boot.
> This replaced the iptables rules with a blank firewalld setup that only
> allowed SSH, which kept the host from working.
>
> Stopping and disabling firewalld, then reloading iptables, got the host
> back working.
>
> In a quick search, I didn't see anything noting that firewalld was now
> required, and it didn't seem to be configured correctly if oVirt was
> trying to use it.
>
> --
> Chris Adams <cma(a)cmadams.net>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
5:16 p.m.
Once upon a time, Misak Khachatryan <kmisak(a)gmail.com> said:
It seems me too in the same situation, my cluster shows firewall
type
as iptables, and my firewalld status is on hosts:
Do you know if you had firewalld installed before upgrading? You should
be able to tell by checking your /var/log/yum.log.
I suspect that the issue is that oVirt pulls in firewalld, and the
firewalld RPM sets itself to run by default, plus it happens to be
started after iptables (and so blows away iptables rules).
See if this fixes it for you:
# systemctl stop firewalld.service
# systemctl disable firewalld.service
# systemctl restart iptables.service
--
Chris Adams <cma(a)cmadams.net>
9:31 a.m.
Hi,
I'm not completely sure, but i think i have firewalld before. Anyway,
I changed type to firewalld in cluster and reinstalled all my hosts
from engine, as i don't have Host Console either.
Best regards,
Misak Khachatryan
On Mon, Dec 25, 2017 at 6:16 PM, Chris Adams <cma(a)cmadams.net> wrote:
Once upon a time, Misak Khachatryan <kmisak(a)gmail.com> said:
> It seems me too in the same situation, my cluster shows firewall type
> as iptables, and my firewalld status is on hosts:
Do you know if you had firewalld installed before upgrading? You should
be able to tell by checking your /var/log/yum.log.
I suspect that the issue is that oVirt pulls in firewalld, and the
firewalld RPM sets itself to run by default, plus it happens to be
started after iptables (and so blows away iptables rules).
See if this fixes it for you:
# systemctl stop firewalld.service
# systemctl disable firewalld.service
# systemctl restart iptables.service
--
Chris Adams <cma(a)cmadams.net>
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
2523
days inactive
2527
days old
5 comments
3 participants
participants (3)
-
Chris Adams -
Misak Khachatryan -
Yaniv Kaul