[ovirt-users] ovirt 4.2 upgrade questions

Yedidyah Bar David didi at redhat.com
Tue Jan 9 12:47:42 UTC 2018 

(Adding Ondra for the firewalld stuff. But I think it's probably
easier to debug if you open a bug and attach logs there).

On Tue, Jan 9, 2018 at 2:34 PM, Peter Hudec <phudec at cnc.sk> wrote:

> If I run host reinstall with custom firewall rules in
> /etc/ovirt-engine/ansible/ovirt-host-deploy-post-tasks.yml the task will
> fails due the firewalld is not running.
>
> The reinstall task will disable firewalld and enable iptables-services.
> I'm little bit confused ;(
>
> ---
> - name: Enable additional port on firewalld
>   firewalld:
>     port: "10050/tcp"
>     permanent: yes
>     immediate: yes
>     state: enabled
>
>
> 2018-01-09 13:27:30,103 p=13550 u=ovirt |  included:
> /etc/ovirt-engine/ansible/ovirt-host-deploy-post-tasks.yml for
> dipovirt01.cnc.sk
> 2018-01-09 13:27:30,134 p=13550 u=ovirt |  TASK [Enable additional port
> on firewalld] *************************************
> 2018-01-09 13:27:32,089 p=13550 u=ovirt |  fatal: [dipovirt01.cnc.sk]:
> FAILED! => {"changed": false, "module_stderr": "Shared connection to
> dipovirt01.cnc.sk closed.\r\n", "module_stdout": "Traceback (most recent
> call last):\r\n  File
> \"/tmp/ansible_2Ilnjq/ansible_module_firewalld.py\", line 936, in
> <module>\r\n    main()\r\n  File
> \"/tmp/ansible_2Ilnjq/ansible_module_firewalld.py\", line 788, in
> main\r\n    module.fail(msg='firewall is not currently running, unable
> to perform immediate actions without a running firewall
> daemon')\r\nAttributeError: 'AnsibleModule' object has no attribute
> 'fail'\r\n", "msg": "MODULE FAILURE", "rc": 0}
> 2018-01-09 13:27:32,095 p=13550 u=ovirt |  PLAY RECAP
> *********************************************************************
>
>
> After reinstalation the status of firewalld is
> [PROD] root at dipovirt01.cnc.sk: /var/log/vdsm # systemctl status firewalld
> ● firewalld.service - firewalld - dynamic firewall daemon
>    Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled;
> vendor preset: enabled)
>    Active: inactive (dead)
>      Docs: man:firewalld(1)
>
>
> So how could I switch to firewalld? package iptables-service could not
> be removed due the dependencies.
>
>         Peter
>
> On 09/01/2018 09:35, Yedidyah Bar David wrote:
> >
> >     1) firewalld
> >     after upgrade the hot server, the i needed to stop firewalld. It
> seems,
> >     that, the rules are not generated correctly. The engine was not able
> to
> >     connect to the host. How do I could fix it?
> >
> >
> > Please check/share relevant files from /var/log/ovirt-engine/ansible/
> > and /var/log/ovirt-engine/host-deploy/ . Or perhaps file a bug and
> > attach them there.
>
>
> --
> *Peter Hudec*
> Infraštruktúrny architekt
> phudec at cnc.sk <mailto:phudec at cnc.sk>
>
> *CNC, a.s.*
> Borská 6, 841 04 Bratislava
> Recepcia: +421 2  35 000 100
>
> Mobil:+421 905 997 203
> *www.cnc.sk* <http:///www.cnc.sk>
>
>


-- 
Didi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20180109/9d2b0eff/attachment.html>

More information about the Users mailing list