[Users] iptables settings/scripts ovirt 3.3

Andrew Lau andrew at andrewklau.com
Tue Oct 1 14:36:14 UTC 2013


Are you referring to /etc/sysconfig/iptables ? That's where the engine
setup configures iptables, when I provision my nodes I select "Don't
configure firewall" and let puppet manage my iptables rules for other
reasons.. not sure if that was what you're asking

On Tue, Oct 1, 2013 at 11:16 PM, Sven Kieske <S.Kieske at mittwald.de> wrote:

> Hi,
>
> we have an test environment with ovirt 3.3 installed on various
> hardware nodes.
>
> The management node is installed on an centos 6.4 x64 minimal.
>
> The issue we are running into is, that some ovirt component
> keeps resetting the iptables firewall configuration, denying
> access to ports 80 and 443, which results in the web interface
> being not accessible.
>
> We do know that the engine-setup initially configures the
> firewall, but through which scripts does iptables get configured?
>
> Are there some database entries for this?
>
> If you need any logfiles for this, please let me know.
>
> Currently we have disabled iptables, as it's just an test environment.
>
> We read about some "vdsm bootstrap script" (e.g. BZ 893680), may this be
> related?
>
> However we didn't find out where this scripts resides.
>
> Also vvyazmin at redhat.com posted in this BZ: "not a bug".
>
> I don't see why you shouldn't be able to ping the hypervisor in the
> management lan? this is useful for monitoring and network debugging.
>
> ICMP is no danger at all.
>
>
> Kind regards
>
> Sven Kieske
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20131002/802fcc97/attachment-0001.html>


More information about the Users mailing list