[ovirt-users] host upgrade from ovirt manager and custom iptables rules

Jiří Sléžka jiri.slezka at slu.cz
Thu Jun 19 12:25:49 UTC 2014 

> ----- Original Message -----
>> From: "Jiří Sléžka" <jiri.slezka at slu.cz>
>> To: users at ovirt.org
>> Sent: Wednesday, June 18, 2014 8:12:09 PM
>> Subject: [ovirt-users] host upgrade from ovirt manager and custom iptables	rules
>>
>> Hello all,
>>
>> is there any way to make custom iptables rules persistent during host
>> upgrade? I have for example zabbix agents installed on all hosts and
>> thus iptables rule allowing connections from our zabbix server. Sadly I
>> have to manually restore iptables backup after host upgrade (initiated
>> from oVirt manager).
>>
>
> This should be achievable by defining the iptables rules you wish to use
> when [re]installing using the engine-config tool:

thanks a lot for reply

> 1. Check the existing iptables rules:
> sudo engine-config -g IPTablesConfig

this displays whole iptables template. Interesting thing is that there 
is a variable @CUSTOM_RULES at . Maybe custom rules could be defined this way?

>
> 2. Define the desired iptables:
> sudo engine-config -s IPTablesConfig="Your rules"

I entered...

engine-config -s IPTablesConfig="-A INPUT -p tcp -m state --state NEW -m 
tcp -s xx.xx.xx.xx --dport 10050 -j ACCEPT"

...and it looks like this overwrite entire IPTablesConfig template...

> 3. Verify the changes
> sudo engine-config -g IPTablesConfig

...because this displays only just my one line above.

I have copy of default template but I have no idea how to set this 
variable with multi line text. I tried inserting \n but it is not 
converted to newlines. Any ideas?

Btw. these variables are stored in database?


Thanks in advance,

Jiri



>
> 4. Restart the engine for changes to take effect
>
> 5. Reinstall the host and verify the iptables rule.
>
>> And another question I have always wanted to ask... It looks like host
>> upgrade is upgrading just vdsm components and no others virtualization stuff
>>
>> this was updatet after clicking to "host upgrade"
>>
>> Jun 18 18:21:38 Updated: iproute-2.6.32-32.el6_5.x86_64
>> Jun 18 18:21:59 Installed: vdsm-python-zombiereaper-4.14.7-3.el6ev.noarch
>> Jun 18 18:21:59 Updated: vdsm-python-4.14.7-3.el6ev.x86_64
>> Jun 18 18:21:59 Updated: vdsm-xmlrpc-4.14.7-3.el6ev.noarch
>> Jun 18 18:21:59 Updated: vdsm-cli-4.14.7-3.el6ev.noarch
>> Jun 18 18:22:26 Updated: vdsm-4.14.7-3.el6ev.x86_64
>> Jun 18 18:22:27 Updated:
>> 2:qemu-kvm-rhev-tools-0.12.1.2-2.415.el6_5.10.x86_64
>>
>> and after that I run yum update and updated this components (honestly
>> this one was rhev host but ovirt behave the same)
>>
>> Jun 18 18:26:59 Updated: selinux-policy-3.7.19-231.el6_5.3.noarch
>> Jun 18 18:27:03 Updated: tzdata-2014d-1.el6.noarch
>> Jun 18 18:27:10 Updated: glibc-2.12-1.132.el6_5.2.x86_64
>> Jun 18 18:27:22 Updated: glibc-common-2.12-1.132.el6_5.2.x86_64
>> Jun 18 18:27:22 Updated: audit-libs-2.2-4.el6_5.x86_64
>> Jun 18 18:27:22 Updated: libxml2-2.7.6-14.el6_5.1.x86_64
>> Jun 18 18:27:22 Updated: libcurl-7.19.7-37.el6_5.3.x86_64
>> Jun 18 18:27:23 Updated: 2:qemu-img-rhev-0.12.1.2-2.415.el6_5.10.x86_64
>> Jun 18 18:27:23 Updated: libtasn1-2.3-6.el6_5.x86_64
>> Jun 18 18:27:23 Updated: gnutls-2.8.5-14.el6_5.x86_64
>> Jun 18 18:27:25 Updated: openssl-1.0.1e-16.el6_5.14.x86_64
>> Jun 18 18:27:25 Updated: spice-server-0.12.4-6.el6_5.2.x86_64
>> Jun 18 18:27:25 Updated: gnutls-utils-2.8.5-14.el6_5.x86_64
>> Jun 18 18:27:25 Updated: pm-utils-1.2.5-10.el6_5.1.x86_64
>> Jun 18 18:27:28 Updated: libvirt-client-0.10.2-29.el6_5.9.x86_64
>> Jun 18 18:27:30 Updated: libvirt-0.10.2-29.el6_5.9.x86_64
>> Jun 18 18:27:30 Updated: libvirt-python-0.10.2-29.el6_5.9.x86_64
>> Jun 18 18:27:30 Updated: mom-0.4.0-1.el6ev.noarch
>> Jun 18 18:27:30 Updated: libvirt-lock-sanlock-0.10.2-29.el6_5.9.x86_64
>> Jun 18 18:27:32 Updated: 2:qemu-kvm-rhev-0.12.1.2-2.415.el6_5.10.x86_64
>> Jun 18 18:27:32 Updated: python-rhsm-1.9.7-1.el6_5.x86_64
>> Jun 18 18:27:32 Updated: curl-7.19.7-37.el6_5.3.x86_64
>> Jun 18 18:27:33 Updated: libxml2-python-2.7.6-14.el6_5.1.x86_64
>> Jun 18 18:27:33 Updated: audit-libs-python-2.2-4.el6_5.x86_64
>> Jun 18 18:27:33 Updated: audit-2.2-4.el6_5.x86_64
>> Jun 18 18:27:33 Updated: mdadm-3.2.6-7.el6_5.2.x86_64
>> Jun 18 18:27:33 Updated: python-cpopen-1.3-2.el6_5.x86_64
>> Jun 18 18:28:30 Updated: selinux-policy-targeted-3.7.19-231.el6_5.3.noarch
>> Jun 18 18:28:30 Updated: python-pthreading-0.1.3-1.el6ev.noarch
>>
>>
>> I believe qemu-img-rhev, spice-server, libvirt, mom,... are important
>> components too. Should not be upgraded as well?
>>
>>
>> Thanks for clarification,
>>
>> Jiri
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: jiri_slezka.vcf
Type: text/x-vcard
Size: 598 bytes
Desc: not available
URL: <http://lists.ovirt.org/pipermail/users/attachments/20140619/481d6f75/attachment-0001.vcf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3243 bytes
Desc: Elektronicky podpis S/MIME
URL: <http://lists.ovirt.org/pipermail/users/attachments/20140619/481d6f75/attachment-0001.p7s>

More information about the Users mailing list