[ovirt-users] Hosted engine problem - Engine VM will not start

Sandro Bonazzola sbonazzo at redhat.com
Tue May 20 14:41:53 UTC 2014 

Il 20/05/2014 16:36, Bob Doolittle ha scritto:
> 
> On 05/20/2014 10:23 AM, Sandro Bonazzola wrote:
>> Il 20/05/2014 16:06, Bob Doolittle ha scritto:
>>> On 05/20/2014 09:42 AM, Sandro Bonazzola wrote:
>>>> Il 20/05/2014 15:09, Jiri Moskovcak ha scritto:
>>>>> On 05/20/2014 02:57 PM, Bob Doolittle wrote:
>>>>>> Well that was interesting.
>>>>>> When I ran hosted-engine --connect-storage, the Data Center went green,
>>>>>> and I could see an unattached ISO domain and ovirt-image-repository (but
>>>>>> no Data domain).
>>>>>> But after restarting ovirt-ha-broker and ovirt-ha-agent, the storage
>>>>>> disappeared again and the Data Center went red.
>>>>>>
>>>>>> In retrospect, there appears to be a problem with iptables/firewalld
>>>>>> that could be related.
>>>>>> I noticed two things:
>>>>>> - firewalld is stopped and disabled on the host
>>>> Correct, hosted engine support iptables only.
>>>> You should have iptables configured and enabled.
>>>>>> - I could not manually NFS mount (v3 or v4) from the host to the engine,
>>>>>> unless I did "service iptables stop"
>>>>>>
>>>>>> So it doesn't appear to me that hosted-engine did the right things with
>>>>>> firewalld/iptables. If these problems occurred during the --deploy,
>>>>>> could that result in this situation?
>>>> I don't think so
>>>>>> I have temporarily disabled iptables until I get things working, but
>>>>>> clearly that's insufficient to resolve the problem at this point.
>>>>> - iptables/firewalld is configured during the setup, which is Sandro's domain. Sandro, could you please take a look at this?
>>>> iptables configuration is performed by the engine when adding the host.
>>>> please attach iptables-save output from the host  and host-deploy logs from the hosted-engine vm.
>>> host-deploy logs are ^^ in this thread.
>> I see ovirt-hosted-engine-setup logs, not /var/log/ovirt-engine/host-deploy logs.
> 
> Oh sorry - from the engine then. Attached.
> 
> But my problem is with the firewall on the host.
> 
> I cannot NFS mount a share on the host (e.g. my Data Domain) on the engine.
> In this case the host is the NFS server, and the engine is the NFS client.
> Only the host firewall should be relevant, correct?
> 
> Maybe what you are saying is that hosted-engine does not attempt to configure the iptables on the host to allow NFS shares?

Yes, to be clear:
ovirt-hosted-engine-setup just enable ports for spice / vnc connection from remote host to VM while performing OS install on the VM.
Once the VM is installed ovirt-engine configure iptables on the host using ovirt-host-deploy package when the host is added to the engine.
If you need other services on the host running the hosted engine you'll need to configure manually iptables.


> 
>>> I have attached iptables-save output.
>> I can't see anything blocking the mount from the hots toward  the engine vm.
>> Can you attach iptables-save also from the engine vm?
>> (IIUC you've a nfs share there and you're trying to mount it from the host right?)
> 
> Visa-versa. My Data domain is on my host. So is my Export domain, but I haven't tried to import it yet since the Datacenter is not operational.
> 
> Thanks,
>    Bob
> 


-- 
Sandro Bonazzola
Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com

More information about the Users mailing list