[ovirt-users] vdsm ssl errors

Gianluca Cecchi gianluca.cecchi at gmail.com
Thu Oct 13 13:19:04 UTC 2016


On Thu, Oct 13, 2016 at 2:59 PM, Simone Tiraboschi <stirabos at redhat.com>
wrote:

>
>
> On Thu, Oct 13, 2016 at 2:45 PM, Simone Tiraboschi <stirabos at redhat.com>
> wrote:
>
>>
>>
>> On Thu, Oct 13, 2016 at 11:23 AM, Piotr Kliczewski <pkliczew at redhat.com>
>> wrote:
>>
>>> Gianluca,
>>>
>>> The port needs to be open on machines where vdsm is installed.
>>>
>>> @Simone can you take a look why after running host deploy at 2016-10-03
>>> 23:28:47,891
>>> we are not able to talk to vdsm anymore?
>>>
>>
>> OK, I'm on it.
>>
>
> Gianluca, can you please share somehow the output of
>   ss -at
> on all your hosts, your /var/log/ovirt-hosted-engine-ha/agent.log and
> /var/log/ovirt-hosted-engine-ha/broker.log
> (maybe I simply lost them within this long thread).
>
>
>>
>>
>>>
>>> Thanks,
>>> Piotr
>>>
>>
>>> On Thu, Oct 13, 2016 at 11:15 AM, Gianluca Cecchi <
>>> gianluca.cecchi at gmail.com> wrote:
>>>
>>>>
>>>>
>>>> On Thu, Oct 13, 2016 at 11:13 AM, Gianluca Cecchi <
>>>> gianluca.cecchi at gmail.com> wrote:
>>>>
>>>>> Il 13/Ott/2016 11:00, "Piotr Kliczewski" <pkliczew at redhat.com> ha
>>>>> scritto:
>>>>> >
>>>>> > Gianluca,
>>>>> >
>>>>> > Checking the log it seems that we do not configure firewall:
>>>>> >
>>>>> > NETWORK/firewalldEnable=bool:'False'
>>>>> > NETWORK/iptablesEnable=bool:'False'
>>>>> >
>>>>> > Please make sure that you reconfigure your firewall to open 54321
>>>>> port or let host deploy to do it for you.
>>>>> >
>>>>> > Thanks,
>>>>> > Piotr
>>>>>
>>>>> Hi,
>>>>> at this moment Ihave:
>>>>> On hypervisor iptables service configured and active.
>>>>> On engine firewalld service configured and active.
>>>>> Do I have to open port 54321 on host?
>>>>>
>>>> Actually it is already...
>>>>
>>>> root at ovirt01 ~]# iptables -L -n
>>>> Chain INPUT (policy ACCEPT)
>>>> target     prot opt source               destination
>>>> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp
>>>> dpt:53
>>>> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp
>>>> dpt:53
>>>> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp
>>>> dpt:67
>>>> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp
>>>> dpt:67
>>>> ACCEPT     all  --  192.168.1.212        0.0.0.0/0
>>>> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state
>>>> RELATED,ESTABLISHED
>>>> ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
>>>> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
>>>> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp
>>>> dpt:54321
>>>> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp
>>>> dpt:111
>>>> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp
>>>> dpt:111
>>>> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp
>>>> dpt:22
>>>> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp
>>>> dpt:161
>>>> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp
>>>> dpt:16514
>>>> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0
>>>> multiport dports 2223
>>>> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0
>>>> multiport dports 5900:6923
>>>> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0
>>>> multiport dports 49152:49216
>>>> REJECT     all  --  0.0.0.0/0            0.0.0.0/0
>>>> reject-with icmp-host-prohibited
>>>>
>>>> Chain FORWARD (policy ACCEPT)
>>>> target     prot opt source               destination
>>>> ACCEPT     all  --  0.0.0.0/0            192.168.122.0/24     ctstate
>>>> RELATED,ESTABLISHED
>>>> ACCEPT     all  --  192.168.122.0/24     0.0.0.0/0
>>>> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
>>>> REJECT     all  --  0.0.0.0/0            0.0.0.0/0
>>>> reject-with icmp-port-unreachable
>>>> REJECT     all  --  0.0.0.0/0            0.0.0.0/0
>>>> reject-with icmp-port-unreachable
>>>> REJECT     all  --  0.0.0.0/0            0.0.0.0/0            PHYSDEV
>>>> match ! --physdev-is-bridged reject-with icmp-host-prohibited
>>>>
>>>> Chain OUTPUT (policy ACCEPT)
>>>> target     prot opt source               destination
>>>> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp
>>>> dpt:68
>>>> [root at ovirt01 ~]#
>>>>
>>>>
>>>
>>
>

ss log for host:

https://drive.google.com/file/d/0BwoPbcrMv8mvczVOeG1iUWZxS1U/view?usp=sharing

ss log for engine
https://drive.google.com/file/d/0BwoPbcrMv8mvWGx0QWstWG1TSWc/view?usp=sharing

agent.log
https://drive.google.com/file/d/0BwoPbcrMv8mvMFBrQ2lneFVwaGc/view?usp=sharing

broker.log
https://drive.google.com/file/d/0BwoPbcrMv8mva2Jsc3BkNkpNZFE/view?usp=sharing

hih clarify
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20161013/8dabaf3f/attachment-0001.html>


More information about the Users mailing list