[ovirt-users] How to notify cluster nodes after "engine-config --set IPTablesConfigSiteCustom..." ?
aleksey.maksimov at it-kb.ru
aleksey.maksimov at it-kb.ru
Thu Nov 24 11:10:37 UTC 2016
Thank you Didi.
The proposed method works.
I described my experience here:
https://blog.it-kb.ru/2016/11/24/extension-of-iptables-add-custom-rules-on-the-ovirt-4-0-hosts/
23.11.2016, 16:12, "Yedidyah Bar David" <didi at redhat.com>:
> On Wed, Nov 23, 2016 at 1:54 PM, <aleksey.maksimov at it-kb.ru> wrote:
>> "As I wrote there, you can also do this manually"
>>
>> How?
>
> I am not sure I understand the question.
>
> The same way you configure iptables on non-oVirt-hosts machines.
>
> If you mean "How to imitate the way the engine does this during
> host deploy", then I don't know - you can check engine sources
> for that. I am guessing that you can get the values of IPTablesConfig
> and IPTablesConfigSiteCustom with engine-config, replace inside the
> latter "@CUSTOM_RULES@" with the contents of the former, then copy
> the result to the host and load it with iptables-restore (and/or
> copy to /etc/sysconfig/iptables and restart iptables service).
>
>> 23.11.2016, 14:23, "Yedidyah Bar David" <didi at redhat.com>:
>>> On Wed, Nov 23, 2016 at 12:51 PM, <aleksey.maksimov at it-kb.ru> wrote:
>>>> Hi Didi!
>>>>
>>>> https://www.mail-archive.com/users@ovirt.org/msg37193.html
>>>>
>>>> "Move to maintenance and reinstall" to add the iptables rules ?
>>>>
>>>> Are you serious?
>>>>
>>>> There is no other way (without reinstalling the hosts) ?
>>>
>>> AFAIK, using ovirt-host-deploy, no.
>>>
>>> I am not aware of an engine API or vdsm verb to do this, but these are
>>> not my main area of expertise.
>>>
>>> As I wrote there, you can also do this manually.
>>>
>>> The oVirt engine is not a replacement for configuration management
>>> systems. If you have complex needs, might as well uncheck this
>>> checkbox and use other means.
>>>
>>> Best,
>>>
>>>> 23.11.2016, 13:07, "Yedidyah Bar David" <didi at redhat.com>:
>>>>> On Wed, Nov 23, 2016 at 12:02 PM, <aleksey.maksimov at it-kb.ru> wrote:
>>>>>> Hmm. I just rebooted the host, but the iptables rules have not been updated :(
>>>>>>
>>>>>> On Engine server my custom iptables rules are visible:
>>>>>>
>>>>>> # engine-config --get IPTablesConfigSiteCustom
>>>>>>
>>>>>> IPTablesConfigSiteCustom:
>>>>>> -A INPUT -p tcp --dport 2301 -j ACCEPT -m comment --comment 'HPE System Management Homepage'
>>>>>> -A INPUT -p tcp --dport 2381 -j ACCEPT -m comment --comment 'HPE System Management Homepage (Secure port)'
>>>>>> version: general
>>>>>>
>>>>>> How to update the configuration on the hosts ?
>>>>>>
>>>>>> 23.11.2016, 11:30, "aleksey.maksimov at it-kb.ru" <aleksey.maksimov at it-kb.ru>:
>>>>>>> Hello oVirt guru`s !
>>>>>>>
>>>>>>> oVirt Engine Version: 4.0.5.5-1.el7.centos
>>>>>>>
>>>>>>> I updated the configuration of the firewall on the Engine server with "engine-config --set IPTablesConfigSiteCustom...".
>>>>>>> How to notify cluster nodes (all virtualization hosts) about the changes without reboot?
>>>>>
>>>>> Please check the other thread here "[ovirt-users] Hook to add firewall
>>>>> rules". Thanks.
>>>>>
>>>>>> _______________________________________________
>>>>>> Users mailing list
>>>>>> Users at ovirt.org
>>>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>>>
>>>>> --
>>>>> Didi
>>>
>>> --
>>> Didi
>
> --
> Didi
More information about the Users
mailing list