[ovirt-users] How to notify cluster nodes after "engine-config --set IPTablesConfigSiteCustom..." ?
Yedidyah Bar David
didi at redhat.com
Thu Nov 24 11:14:45 UTC 2016
On Thu, Nov 24, 2016 at 1:10 PM, <aleksey.maksimov at it-kb.ru> wrote:
> Thank you Didi.
>
> The proposed method works.
> I described my experience here:
> https://blog.it-kb.ru/2016/11/24/extension-of-iptables-add-custom-rules-on-the-ovirt-4-0-hosts/
Thanks for this post, and the report! (although I can't read Russian).
Best,
>
> 23.11.2016, 16:12, "Yedidyah Bar David" <didi at redhat.com>:
>> On Wed, Nov 23, 2016 at 1:54 PM, <aleksey.maksimov at it-kb.ru> wrote:
>>> "As I wrote there, you can also do this manually"
>>>
>>> How?
>>
>> I am not sure I understand the question.
>>
>> The same way you configure iptables on non-oVirt-hosts machines.
>>
>> If you mean "How to imitate the way the engine does this during
>> host deploy", then I don't know - you can check engine sources
>> for that. I am guessing that you can get the values of IPTablesConfig
>> and IPTablesConfigSiteCustom with engine-config, replace inside the
>> latter "@CUSTOM_RULES@" with the contents of the former, then copy
>> the result to the host and load it with iptables-restore (and/or
>> copy to /etc/sysconfig/iptables and restart iptables service).
>>
>>> 23.11.2016, 14:23, "Yedidyah Bar David" <didi at redhat.com>:
>>>> On Wed, Nov 23, 2016 at 12:51 PM, <aleksey.maksimov at it-kb.ru> wrote:
>>>>> Hi Didi!
>>>>>
>>>>> https://www.mail-archive.com/users@ovirt.org/msg37193.html
>>>>>
>>>>> "Move to maintenance and reinstall" to add the iptables rules ?
>>>>>
>>>>> Are you serious?
>>>>>
>>>>> There is no other way (without reinstalling the hosts) ?
>>>>
>>>> AFAIK, using ovirt-host-deploy, no.
>>>>
>>>> I am not aware of an engine API or vdsm verb to do this, but these are
>>>> not my main area of expertise.
>>>>
>>>> As I wrote there, you can also do this manually.
>>>>
>>>> The oVirt engine is not a replacement for configuration management
>>>> systems. If you have complex needs, might as well uncheck this
>>>> checkbox and use other means.
>>>>
>>>> Best,
>>>>
>>>>> 23.11.2016, 13:07, "Yedidyah Bar David" <didi at redhat.com>:
>>>>>> On Wed, Nov 23, 2016 at 12:02 PM, <aleksey.maksimov at it-kb.ru> wrote:
>>>>>>> Hmm. I just rebooted the host, but the iptables rules have not been updated :(
>>>>>>>
>>>>>>> On Engine server my custom iptables rules are visible:
>>>>>>>
>>>>>>> # engine-config --get IPTablesConfigSiteCustom
>>>>>>>
>>>>>>> IPTablesConfigSiteCustom:
>>>>>>> -A INPUT -p tcp --dport 2301 -j ACCEPT -m comment --comment 'HPE System Management Homepage'
>>>>>>> -A INPUT -p tcp --dport 2381 -j ACCEPT -m comment --comment 'HPE System Management Homepage (Secure port)'
>>>>>>> version: general
>>>>>>>
>>>>>>> How to update the configuration on the hosts ?
>>>>>>>
>>>>>>> 23.11.2016, 11:30, "aleksey.maksimov at it-kb.ru" <aleksey.maksimov at it-kb.ru>:
>>>>>>>> Hello oVirt guru`s !
>>>>>>>>
>>>>>>>> oVirt Engine Version: 4.0.5.5-1.el7.centos
>>>>>>>>
>>>>>>>> I updated the configuration of the firewall on the Engine server with "engine-config --set IPTablesConfigSiteCustom...".
>>>>>>>> How to notify cluster nodes (all virtualization hosts) about the changes without reboot?
>>>>>>
>>>>>> Please check the other thread here "[ovirt-users] Hook to add firewall
>>>>>> rules". Thanks.
>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Users mailing list
>>>>>>> Users at ovirt.org
>>>>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>>>>
>>>>>> --
>>>>>> Didi
>>>>
>>>> --
>>>> Didi
>>
>> --
>> Didi
--
Didi
More information about the Users
mailing list