[Users] Otopi pre-seeded answers and firewall settings

Giuseppe Ragusa giuseppe.ragusa at hotmail.com
Mon Mar 24 18:40:18 EDT 2014


Hi Didi,

Date: Mon, 24 Mar 2014 03:36:32 -0400
From: didi at redhat.com
To: giuseppe.ragusa at hotmail.com
CC: users at ovirt.org
Subject: Re: [Users] Otopi pre-seeded answers and firewall settings

From: "Giuseppe Ragusa" <giuseppe.ragusa at hotmail.com>
To: "Users at ovirt.org" <users at ovirt.org>
Sent: Sunday, March 23, 2014 10:44:02 PM
Subject: [Users] Otopi pre-seeded answers and firewall settings

Hi all,
I'm trying to automate as much as possible of ovirt-hosted-engine-setup and engine-setup by means of otopi answer files passed in using "--config-append=filename.conf".

I succeded in forcing engine-setup to leave my iptables settings alone with:

OVESETUP_CONFIG/firewallManager=str:iptables
OVESETUP_CONFIG/updateFirewall=bool:False
> Right.


but ovirt-hosted-engine-setup still modified my iptables settings even with the following options:

OVEHOSTED_NETWORK/firewallManager=str:iptables
> Actually I do not think we provide in hosted-engine deploy means to disable this as we do> in engine-setup. If you carefully read the code you see that you can make it do nothing by> setting this to a non-existent manager, e.g.:>
> OVEHOSTED_NETWORK/firewallManager=str:nonexistent

I will try this asap (reinstalling from scratch using latest 3.4 snapshot packages + latest GlusterFS 3.5 nightly) and will report back.


OVEHOSTED_NETWORK/iptablesEnable=bool:False
> Where did you get this from? Can't find it in the code.

Nor do I anymore... it must have been my fault, sorry for the confusion



Maybe I used the wrong option (deduced by looking inside source code).

Does anybody have any hint/suggestion?
> The above should prevent 'hosted-engine --deploy' from configuring iptables on the host,> and to prevent 'engine-setup' from configuring iptables on the VM. Later, the engine> runs 'ovirt-host-deploy' which connects to the host and configures there stuff - some by> itself, some using vdsm, and some sent through them directly from the engine. This is> a process I know less...

The timestamp on the saved/modified iptables files suggests something happening right at the end of setup (when Self-Hosted-Engine adds/registers host).

> You can look at and/or post more relevant logs - /var/log/ovirt-engine/host-deploy/* ,> /var/log/ovirt-engine/*.log from the engine VM and /var/log/vdsm/* from the host,> and also check iptables configuration at various stages - during hosted-engine deploy> but before connecting to the engine, after, etc.> -- 
> Didi

/var/log/vdsm/* on host contain no references to iptables
I will check on Engine logs as soon as I can start it up again (GlusterFS-based NFS keeps crashing, maybe for OOM/leakage).

Many thanks for your help,
Giuseppe

 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20140324/c5db6bf8/attachment-0001.html>


More information about the Users mailing list