[ovirt-users] Hosted engine problem - Engine VM will not start

Sandro Bonazzola sbonazzo at redhat.com
Wed May 21 06:43:55 UTC 2014

Il 20/05/2014 20:43, Bob Doolittle ha scritto:
> On 05/20/2014 10:41 AM, Sandro Bonazzola wrote:
>> Il 20/05/2014 16:36, Bob Doolittle ha scritto:
>>> On 05/20/2014 10:23 AM, Sandro Bonazzola wrote:
>>>> Il 20/05/2014 16:06, Bob Doolittle ha scritto:
>>>>> On 05/20/2014 09:42 AM, Sandro Bonazzola wrote:
>>>>>> Il 20/05/2014 15:09, Jiri Moskovcak ha scritto:
>>>>>>> On 05/20/2014 02:57 PM, Bob Doolittle wrote:
>>>>>>>> Well that was interesting.
>>>>>>>> When I ran hosted-engine --connect-storage, the Data Center went green,
>>>>>>>> and I could see an unattached ISO domain and ovirt-image-repository (but
>>>>>>>> no Data domain).
>>>>>>>> But after restarting ovirt-ha-broker and ovirt-ha-agent, the storage
>>>>>>>> disappeared again and the Data Center went red.
>>>>>>>> In retrospect, there appears to be a problem with iptables/firewalld
>>>>>>>> that could be related.
>>>>>>>> I noticed two things:
>>>>>>>> - firewalld is stopped and disabled on the host
>>>>>> Correct, hosted engine support iptables only.
>>>>>> You should have iptables configured and enabled.
>>>>>>>> - I could not manually NFS mount (v3 or v4) from the host to the engine,
>>>>>>>> unless I did "service iptables stop"
>>>>>>>> So it doesn't appear to me that hosted-engine did the right things with
>>>>>>>> firewalld/iptables. If these problems occurred during the --deploy,
>>>>>>>> could that result in this situation?
>>>>>> I don't think so
>>>>>>>> I have temporarily disabled iptables until I get things working, but
>>>>>>>> clearly that's insufficient to resolve the problem at this point.
>>>>>>> - iptables/firewalld is configured during the setup, which is Sandro's domain. Sandro, could you please take a look at this?
>>>>>> iptables configuration is performed by the engine when adding the host.
>>>>>> please attach iptables-save output from the host  and host-deploy logs from the hosted-engine vm.
>>>>> host-deploy logs are ^^ in this thread.
>>>> I see ovirt-hosted-engine-setup logs, not /var/log/ovirt-engine/host-deploy logs.
>>> Oh sorry - from the engine then. Attached.
>>> But my problem is with the firewall on the host.
>>> I cannot NFS mount a share on the host (e.g. my Data Domain) on the engine.
>>> In this case the host is the NFS server, and the engine is the NFS client.
>>> Only the host firewall should be relevant, correct?
>>> Maybe what you are saying is that hosted-engine does not attempt to configure the iptables on the host to allow NFS shares?
>> Yes, to be clear:
>> ovirt-hosted-engine-setup just enable ports for spice / vnc connection from remote host to VM while performing OS install on the VM.
>> Once the VM is installed ovirt-engine configure iptables on the host using ovirt-host-deploy package when the host is added to the engine.
>> If you need other services on the host running the hosted engine you'll need to configure manually iptables.
> Thanks,
> Jirka - since Sandro says this NFS issue is irrelevant to Hosted operation, do you have any other suggestions or can I provide any additional data to
> help diagnose why my configuration is non-operational?
> I will eventually want to fix this and add Data and Export domains from my host, but for the moment it appears no NFS exports from the host are
> required for oVirt operation.

I'm not saying NFS issue is irrelevant :-)
I'm saying that if you're adding NFS service on the node running hosted engine you'll need to configure iptables for allowing to mount the shares.
This means at least opening rpc-bind port 111 and NFS port 2049 and ports 662 875 892 32769 32803 assuming you've configured NFS with:

STATDARG="-p 662 -o 2020"

Alternative is to use NFS storage on a different host.

> So where are my domains? :)
> Thanks,
>     Bob
>>>>> I have attached iptables-save output.
>>>> I can't see anything blocking the mount from the hots toward  the engine vm.
>>>> Can you attach iptables-save also from the engine vm?
>>>> (IIUC you've a nfs share there and you're trying to mount it from the host right?)
>>> Visa-versa. My Data domain is on my host. So is my Export domain, but I haven't tried to import it yet since the Datacenter is not operational.
>>> Thanks,
>>>     Bob

Sandro Bonazzola
Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com

More information about the Users mailing list