[Users] Host installation failed ovirt 3.2

Alon Bar-Lev alonbl at redhat.com
Fri Oct 18 18:26:55 UTC 2013



----- Original Message -----
> From: "Sven Kieske" <S.Kieske at mittwald.de>
> To: users at ovirt.org
> Sent: Friday, October 18, 2013 5:43:39 PM
> Subject: Re: [Users] Host installation failed ovirt 3.2
> 
> This problem occured again, this time, deploying an centOS netinstall.
> 
> Steps to reproduce:
> 
> 1. install CentOS 6.4. x64 netinstall, use the target "minimal
> installation".
> 2. add repos for epel and ovirt.
> 3. install vdsm on host through webadmin
> 
> actual result:
> 
> In Webadmin:
> 
> "Failed to install Host server4 Failed to execute stage 'Closing up':
> Command '/sbin/service' failed to execute."

2013-10-18 16:29:11 DEBUG otopi.plugins.otopi.services.rhel plugin.execute:412 execute-output: ('/sbin/service', 'iptables', 'start') stdout:
iptables: Applying firewall rules: [FAILED]

2013-10-18 16:29:11 DEBUG otopi.plugins.otopi.services.rhel plugin.execute:417 execute-output: ('/sbin/service', 'iptables', 'start') stderr:
iptables-restore: line 61 failed

> I attached the complete host-deploy log. it fails at reloading iptables
> however, the default ovirt-iptables config is present in
> /etc/sysconfig/iptables and is loaded (this was checked by
>  "service iptables status" command)
> also manual restarting the service works fine:
> 
> service iptables restart
> iptables: Flushing firewall rules:                         [  OK  ]
> iptables: Setting chains to policy ACCEPT: mangle filter na[  OK  ]
> iptables: Unloading modules:                               [  OK  ]
> iptables: Applying firewall rules:                         [  OK  ]
> 
> next step was "reinstall" host through webadmin, which worked fine,
> the host rebooted.
> 
> any hints?

I have no access to centos... and unsure what is happening... need your help.

It looks like there is some problem in first apply of firewall rules...

Can you please checkout this sequence which is similar to what happening at host-deploy:

1. have default /etc/sysconfig/iptables (you can find it as backuped up /etc/sysconfig/iptables.*)
2. restart iptables
3. move /etc/sysconfig/iptables /etc/sysconfig/iptables.old
4. move /etc/sysconfig/<ovirt> /etc/sysconfig/iptables
5. restart iptables

I hope we see same failure, so it will be easier to debug.

I've never seen this issue... with same file content restart 1 does not work, restart 2 does... this is strange.

Thanks,
Alon

> 
> 
> On 18.10.2013 10:44, Sven Kieske wrote:
> > Hi,
> > 
> > this config was already in /etc/sysconfig/iptables (you forget some
> > empty lines, but the rest is identical), here is the outcome:
> > 
> >  service iptables stop
> > iptables: Flushing firewall rules:                         [  OK  ]
> > iptables: Setting chains to policy ACCEPT: nat filter mangl[  OK  ]
> > iptables: Unloading modules:                               [  OK  ]
> > [root at vroot4 ~]# service iptables start
> > iptables: Applying firewall rules:                         [  OK  ]
> > [root at vroot4 ~]# service iptables status
> > Table: filter
> > Chain INPUT (policy ACCEPT)
> > num  target     prot opt source               destination
> > 1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state
> > RELATED,ESTABLISHED
> > 2    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
> > 3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
> > dpt:54321
> > 4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
> > dpt:22
> > 5    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp
> > dpt:161
> > 6    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
> > dpt:16514
> > 7    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0
> > multiport dports 5634:6166
> > 8    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0
> > multiport dports 49152:49216
> > 9    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
> > dpt:24007
> > 10   ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp
> > dpt:111
> > 11   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
> > dpt:38465
> > 12   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
> > dpt:38466
> > 13   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
> > dpt:38467
> > 14   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
> > dpt:39543
> > 15   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
> > dpt:55863
> > 16   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
> > dpt:38468
> > 17   ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp
> > dpt:963
> > 18   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
> > dpt:965
> > 19   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
> > dpt:4379
> > 20   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
> > dpt:139
> > 21   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
> > dpt:445
> > 22   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
> > dpts:24009:24108
> > 23   REJECT     all  --  0.0.0.0/0            0.0.0.0/0
> > reject-with icmp-host-prohibited
> > 
> > Chain FORWARD (policy ACCEPT)
> > num  target     prot opt source               destination
> > 1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0
> > PHYSDEV match ! --physdev-is-bridged reject-with icmp-host-prohibited
> > 
> > Chain OUTPUT (policy ACCEPT)
> > num  target     prot opt source               destination
> > 
> > 
> > So there is no error, reloading it by hand.
> > 
> > I tried to then add the host again via webadmin, and it succeeds.
> > 
> > So I really don't know what the problem was :(
> > 
> > 
> > On 17.10.2013 17:52, Alon Bar-Lev wrote:
> >>
> >>
> >> ----- Original Message -----
> >>>
> >>> On 17.10.2013 16:15, Alon Bar-Lev wrote:
> >>>> Please send the entire host-deploy log so I can see what iptables rules
> >>>> are
> >>>> there.
> >>>>
> >>>
> > _______________________________________________
> > Users mailing list
> > Users at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> > 
> > 
> > 
> 
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 



More information about the Users mailing list