[Engine-devel] New oVirt-engine RPMs available - Release Candidates

Dan Kenigsberg danken at redhat.com
Mon Jan 30 11:58:07 UTC 2012 

<snip>

> 
> 4) VDS Bootstrap
> 
> If you check the  box for iptables then it breaks the system with an invalid rule
> 
> Looking at the error from my system
> "Jan 29 21:38:50 host1 iptables.init[1637]: iptables: Applying firewall rules: iptables-restore v1.4.12: physdev: option "--physdev-is-bridged" cannot be inverted."
> 
> The problem is that we are using
> "-A FORWARD -m physdev ! --physdev-is-bridged -j REJECT --reject-with icmp-host-prohibited"
> 
> -vs-
> 
> "-I FORWARD -m physdev --physdev-is-bridged -j ACCEPT"
> 
> 
> On the point of iptables, why do we open libvirt tls port and the snmp port.

This as these iptables rules are kept within Engine, I'll keep that
question for them.

> 
> After I fixed iptables I still had a problem, the host was showing as non-operational with the error message "NETWORK_UNREACHABLE" (there's a literal missing there)
> 
> Looking at the host it appears that the management bridge wasn't created.
> 
> The bootstrap log is attached. It shows the operation failing but still marked the bootstrap as successful.
> (also in the log we have rhn/satellite references that need to be removed)
> 
> I've not looked at the reason for the failure yet, but an empty line at the end of my ifcfg-em1 file looks suspicious.

You are correct (too bad I've noticed your suspicion only after reading
the log)

> Sun, 29 Jan 2012 21:30:05 DEBUG    makeBridge found the following bridge paramaters: ['ONBOOT=yes', 'BOOTPROTO=none', 'IPADDR=172.16.31.230', 'DNS1=172.16.31.4', 'NM_CONTROLLED=no', 'NETMASK=255.255.255.0', 'DNS2=172.16.31.1', 'GATEWAY=172.16.31.1', '']
> Sun, 29 Jan 2012 21:30:05 DEBUG    ['/usr/share/vdsm/addNetwork', 'ovirtmgmt', '', '', 'em1', 'ONBOOT=yes', 'BOOTPROTO=none', 'IPADDR=172.16.31.230', 'DNS1=172.16.31.4', 'NM_CONTROLLED=no', 'NETMASK=255.255.255.0', 'DNS2=172.16.31.1', 'GATEWAY=172.16.31.1', '', 'blockingdhcp=true', 'skipLibvirt=True']
> Sun, 29 Jan 2012 21:30:05 DEBUG    
> Sun, 29 Jan 2012 21:30:05 DEBUG    Traceback (most recent call last):
>   File "/usr/lib64/python2.7/runpy.py", line 162, in _run_module_as_main
>     "__main__", fname, loader, pkg_name)
>   File "/usr/lib64/python2.7/runpy.py", line 72, in _run_code
>     exec code in run_globals
>   File "/usr/share/vdsm/configNetwork.py", line 924, in <module>
>     main()
>   File "/usr/share/vdsm/configNetwork.py", line 890, in main
>     kwargs = _parseKwargs(sys.argv[3:])
>   File "/usr/share/vdsm/configNetwork.py", line 876, in _parseKwargs
>     return dict(arg.split('=', 1) for arg in args)
> ValueError: dictionary update sequence element #11 has length 1; 2 is required

addNetwork script breaks down in tears if it sees the empty arg '',
which is passed to it by makeBridge. makeBridge should become more
robust - but until then, please del lines with no key=value form from
ifcfg.

Dan.

More information about the Engine-devel mailing list