[ovirt-users] vdsm ssl errors

Piotr Kliczewski pkliczew at redhat.com
Thu Oct 13 09:23:02 UTC 2016 

Gianluca,

The port needs to be open on machines where vdsm is installed.

@Simone can you take a look why after running host deploy at 2016-10-03
23:28:47,891
we are not able to talk to vdsm anymore?

Thanks,
Piotr

On Thu, Oct 13, 2016 at 11:15 AM, Gianluca Cecchi <gianluca.cecchi at gmail.com
> wrote:

>
>
> On Thu, Oct 13, 2016 at 11:13 AM, Gianluca Cecchi <
> gianluca.cecchi at gmail.com> wrote:
>
>> Il 13/Ott/2016 11:00, "Piotr Kliczewski" <pkliczew at redhat.com> ha
>> scritto:
>> >
>> > Gianluca,
>> >
>> > Checking the log it seems that we do not configure firewall:
>> >
>> > NETWORK/firewalldEnable=bool:'False'
>> > NETWORK/iptablesEnable=bool:'False'
>> >
>> > Please make sure that you reconfigure your firewall to open 54321 port
>> or let host deploy to do it for you.
>> >
>> > Thanks,
>> > Piotr
>>
>> Hi,
>> at this moment Ihave:
>> On hypervisor iptables service configured and active.
>> On engine firewalld service configured and active.
>> Do I have to open port 54321 on host?
>>
> Actually it is already...
>
> root at ovirt01 ~]# iptables -L -n
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:53
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:53
> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:67
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:67
> ACCEPT     all  --  192.168.1.212        0.0.0.0/0
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state
> RELATED,ESTABLISHED
> ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp
> dpt:54321
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:111
> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:111
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22
> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:161
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp
> dpt:16514
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            multiport
> dports 2223
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            multiport
> dports 5900:6923
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            multiport
> dports 49152:49216
> REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with
> icmp-host-prohibited
>
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
> ACCEPT     all  --  0.0.0.0/0            192.168.122.0/24     ctstate
> RELATED,ESTABLISHED
> ACCEPT     all  --  192.168.122.0/24     0.0.0.0/0
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
> REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with
> icmp-port-unreachable
> REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with
> icmp-port-unreachable
> REJECT     all  --  0.0.0.0/0            0.0.0.0/0            PHYSDEV
> match ! --physdev-is-bridged reject-with icmp-host-prohibited
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:68
> [root at ovirt01 ~]#
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20161013/6c8ddd7a/attachment-0001.html>

More information about the Users mailing list