[Users] Otopi pre-seeded answers and firewall settings
Yedidyah Bar David
didi at redhat.com
Mon Mar 24 07:36:32 UTC 2014
> From: "Giuseppe Ragusa" <giuseppe.ragusa at hotmail.com>
> To: "Users at ovirt.org" <users at ovirt.org>
> Sent: Sunday, March 23, 2014 10:44:02 PM
> Subject: [Users] Otopi pre-seeded answers and firewall settings
> Hi all,
> I'm trying to automate as much as possible of ovirt-hosted-engine-setup and
> engine-setup by means of otopi answer files passed in using
> "--config-append=filename.conf".
> I succeded in forcing engine-setup to leave my iptables settings alone with:
> OVESETUP_CONFIG/firewallManager=str:iptables
> OVESETUP_CONFIG/updateFirewall=bool:False
Right.
> but ovirt-hosted-engine-setup still modified my iptables settings even with
> the following options:
> OVEHOSTED_NETWORK/firewallManager=str:iptables
Actually I do not think we provide in hosted-engine deploy means to disable this as we do
in engine-setup. If you carefully read the code you see that you can make it do nothing by
setting this to a non-existent manager, e.g.:
OVEHOSTED_NETWORK/firewallManager=str:nonexistent
> OVEHOSTED_NETWORK/iptablesEnable=bool:False
Where did you get this from? Can't find it in the code.
> Maybe I used the wrong option (deduced by looking inside source code).
> Does anybody have any hint/suggestion?
The above should prevent 'hosted-engine --deploy' from configuring iptables on the host,
and to prevent 'engine-setup' from configuring iptables on the VM. Later, the engine
runs 'ovirt-host-deploy' which connects to the host and configures there stuff - some by
itself, some using vdsm, and some sent through them directly from the engine. This is
a process I know less...
You can look at and/or post more relevant logs - /var/log/ovirt-engine/host-deploy/* ,
/var/log/ovirt-engine/*.log from the engine VM and /var/log/vdsm/* from the host,
and also check iptables configuration at various stages - during hosted-engine deploy
but before connecting to the engine, after, etc.
--
Didi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20140324/4932555a/attachment-0001.html>
More information about the Users
mailing list