[ovirt-users] vdsm ssl errors
Simone Tiraboschi
stirabos at redhat.com
Thu Oct 13 13:26:50 UTC 2016
On Thu, Oct 13, 2016 at 3:19 PM, Gianluca Cecchi <gianluca.cecchi at gmail.com>
wrote:
>
>
> On Thu, Oct 13, 2016 at 2:59 PM, Simone Tiraboschi <stirabos at redhat.com>
> wrote:
>
>>
>>
>> On Thu, Oct 13, 2016 at 2:45 PM, Simone Tiraboschi <stirabos at redhat.com>
>> wrote:
>>
>>>
>>>
>>> On Thu, Oct 13, 2016 at 11:23 AM, Piotr Kliczewski <pkliczew at redhat.com>
>>> wrote:
>>>
>>>> Gianluca,
>>>>
>>>> The port needs to be open on machines where vdsm is installed.
>>>>
>>>> @Simone can you take a look why after running host deploy at 2016-10-03
>>>> 23:28:47,891
>>>> we are not able to talk to vdsm anymore?
>>>>
>>>
>>> OK, I'm on it.
>>>
>>
>> Gianluca, can you please share somehow the output of
>> ss -at
>> on all your hosts, your /var/log/ovirt-hosted-engine-ha/agent.log and
>> /var/log/ovirt-hosted-engine-ha/broker.log
>> (maybe I simply lost them within this long thread).
>>
>>
Thanks, the only errors that I see on agent and broker logs are:
Thread-6::INFO::2016-10-13
12:29:40,783::engine_health::124::engine_health.CpuLoadNoEngine::(action)
VM is up on this host with healthy engine
Thread-1::ERROR::2016-10-13
12:29:42,859::notifications::39::ovirt_hosted_engine_ha.broker.notifications.Notifications::(send_email)
[Errno 101] Network is unreachable
Traceback (most recent call last):
File
"/usr/lib/python2.7/site-packages/ovirt_hosted_engine_ha/broker/notifications.py",
line 26, in send_email
timeout=float(cfg["smtp-timeout"]))
File "/usr/lib64/python2.7/smtplib.py", line 255, in __init__
(code, msg) = self.connect(host, port)
File "/usr/lib64/python2.7/smtplib.py", line 315, in connect
self.sock = self._get_socket(host, port, self.timeout)
File "/usr/lib64/python2.7/smtplib.py", line 290, in _get_socket
return socket.create_connection((host, port), timeout)
File "/usr/lib64/python2.7/socket.py", line 571, in create_connection
raise err
error: [Errno 101] Network is unreachable
when it tries to send an email (it cannot reach the smtp server) but vdsm
communication seams fine.
>
>>>
>>>>
>>>> Thanks,
>>>> Piotr
>>>>
>>>
>>>> On Thu, Oct 13, 2016 at 11:15 AM, Gianluca Cecchi <
>>>> gianluca.cecchi at gmail.com> wrote:
>>>>
>>>>>
>>>>>
>>>>> On Thu, Oct 13, 2016 at 11:13 AM, Gianluca Cecchi <
>>>>> gianluca.cecchi at gmail.com> wrote:
>>>>>
>>>>>> Il 13/Ott/2016 11:00, "Piotr Kliczewski" <pkliczew at redhat.com> ha
>>>>>> scritto:
>>>>>> >
>>>>>> > Gianluca,
>>>>>> >
>>>>>> > Checking the log it seems that we do not configure firewall:
>>>>>> >
>>>>>> > NETWORK/firewalldEnable=bool:'False'
>>>>>> > NETWORK/iptablesEnable=bool:'False'
>>>>>> >
>>>>>> > Please make sure that you reconfigure your firewall to open 54321
>>>>>> port or let host deploy to do it for you.
>>>>>> >
>>>>>> > Thanks,
>>>>>> > Piotr
>>>>>>
>>>>>> Hi,
>>>>>> at this moment Ihave:
>>>>>> On hypervisor iptables service configured and active.
>>>>>> On engine firewalld service configured and active.
>>>>>> Do I have to open port 54321 on host?
>>>>>>
>>>>> Actually it is already...
>>>>>
>>>>> root at ovirt01 ~]# iptables -L -n
>>>>> Chain INPUT (policy ACCEPT)
>>>>> target prot opt source destination
>>>>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
>>>>> dpt:53
>>>>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>>>>> dpt:53
>>>>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
>>>>> dpt:67
>>>>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>>>>> dpt:67
>>>>> ACCEPT all -- 192.168.1.212 0.0.0.0/0
>>>>> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
>>>>> RELATED,ESTABLISHED
>>>>> ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
>>>>> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
>>>>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>>>>> dpt:54321
>>>>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>>>>> dpt:111
>>>>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
>>>>> dpt:111
>>>>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>>>>> dpt:22
>>>>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
>>>>> dpt:161
>>>>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>>>>> dpt:16514
>>>>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
>>>>> multiport dports 2223
>>>>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
>>>>> multiport dports 5900:6923
>>>>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
>>>>> multiport dports 49152:49216
>>>>> REJECT all -- 0.0.0.0/0 0.0.0.0/0
>>>>> reject-with icmp-host-prohibited
>>>>>
>>>>> Chain FORWARD (policy ACCEPT)
>>>>> target prot opt source destination
>>>>> ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 ctstate
>>>>> RELATED,ESTABLISHED
>>>>> ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
>>>>> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
>>>>> REJECT all -- 0.0.0.0/0 0.0.0.0/0
>>>>> reject-with icmp-port-unreachable
>>>>> REJECT all -- 0.0.0.0/0 0.0.0.0/0
>>>>> reject-with icmp-port-unreachable
>>>>> REJECT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV
>>>>> match ! --physdev-is-bridged reject-with icmp-host-prohibited
>>>>>
>>>>> Chain OUTPUT (policy ACCEPT)
>>>>> target prot opt source destination
>>>>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
>>>>> dpt:68
>>>>> [root at ovirt01 ~]#
>>>>>
>>>>>
>>>>
>>>
>>
>
> ss log for host:
> https://drive.google.com/file/d/0BwoPbcrMv8mvczVOeG1iUWZxS1U/
> view?usp=sharing
>
> ss log for engine
> https://drive.google.com/file/d/0BwoPbcrMv8mvWGx0QWstWG1TSWc/
> view?usp=sharing
>
> agent.log
> https://drive.google.com/file/d/0BwoPbcrMv8mvMFBrQ2lneFVwaGc/
> view?usp=sharing
>
> broker.log
> https://drive.google.com/file/d/0BwoPbcrMv8mva2Jsc3BkNkpNZFE/
> view?usp=sharing
>
> hih clarify
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20161013/2b5bdc89/attachment-0001.html>
More information about the Users
mailing list