[Users] Otopi pre-seeded answers and firewall settings

Yedidyah Bar David didi at redhat.com
Mon Mar 24 07:36:32 UTC 2014


> From: "Giuseppe Ragusa" <giuseppe.ragusa at hotmail.com>
> To: "Users at ovirt.org" <users at ovirt.org>
> Sent: Sunday, March 23, 2014 10:44:02 PM
> Subject: [Users] Otopi pre-seeded answers and firewall settings

> Hi all,
> I'm trying to automate as much as possible of ovirt-hosted-engine-setup and
> engine-setup by means of otopi answer files passed in using
> "--config-append=filename.conf".

> I succeded in forcing engine-setup to leave my iptables settings alone with:

> OVESETUP_CONFIG/firewallManager=str:iptables
> OVESETUP_CONFIG/updateFirewall=bool:False

Right. 

> but ovirt-hosted-engine-setup still modified my iptables settings even with
> the following options:

> OVEHOSTED_NETWORK/firewallManager=str:iptables

Actually I do not think we provide in hosted-engine deploy means to disable this as we do 
in engine-setup. If you carefully read the code you see that you can make it do nothing by 
setting this to a non-existent manager, e.g.: 

OVEHOSTED_NETWORK/firewallManager=str:nonexistent 

> OVEHOSTED_NETWORK/iptablesEnable=bool:False

Where did you get this from? Can't find it in the code. 

> Maybe I used the wrong option (deduced by looking inside source code).

> Does anybody have any hint/suggestion?

The above should prevent 'hosted-engine --deploy' from configuring iptables on the host, 
and to prevent 'engine-setup' from configuring iptables on the VM. Later, the engine 
runs 'ovirt-host-deploy' which connects to the host and configures there stuff - some by 
itself, some using vdsm, and some sent through them directly from the engine. This is 
a process I know less... 

You can look at and/or post more relevant logs - /var/log/ovirt-engine/host-deploy/* , 
/var/log/ovirt-engine/*.log from the engine VM and /var/log/vdsm/* from the host, 
and also check iptables configuration at various stages - during hosted-engine deploy 
but before connecting to the engine, after, etc. 
-- 
Didi 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20140324/4932555a/attachment-0001.html>


More information about the Users mailing list