Re: [ovirt-users] Hosted engine problem - Engine VM will not start

Tue, 20 May 2014 07:08:42 -0700 

On 05/20/2014 09:42 AM, Sandro Bonazzola wrote:
> Il 20/05/2014 15:09, Jiri Moskovcak ha scritto:
>> On 05/20/2014 02:57 PM, Bob Doolittle wrote:
>>> Well that was interesting.
>>> When I ran hosted-engine --connect-storage, the Data Center went green,
>>> and I could see an unattached ISO domain and ovirt-image-repository (but
>>> no Data domain).
>>> But after restarting ovirt-ha-broker and ovirt-ha-agent, the storage
>>> disappeared again and the Data Center went red.
>>>
>>> In retrospect, there appears to be a problem with iptables/firewalld
>>> that could be related.
>>> I noticed two things:
>>> - firewalld is stopped and disabled on the host
> Correct, hosted engine support iptables only.
> You should have iptables configured and enabled.
>
>>> - I could not manually NFS mount (v3 or v4) from the host to the engine,
>>> unless I did "service iptables stop"
>>>
>>> So it doesn't appear to me that hosted-engine did the right things with
>>> firewalld/iptables. If these problems occurred during the --deploy,
>>> could that result in this situation?
> I don't think so
>
>>> I have temporarily disabled iptables until I get things working, but
>>> clearly that's insufficient to resolve the problem at this point.
>>>
>> - iptables/firewalld is configured during the setup, which is Sandro's 
>> domain. Sandro, could you please take a look at this?
>
> iptables configuration is performed by the engine when adding the host.
> please attach iptables-save output from the host  and host-deploy logs from 
> the hosted-engine vm.
>

host-deploy logs are ^^ in this thread.

I have attached iptables-save output.

Thanks,
   Bob



# Generated by iptables-save v1.4.18 on Tue May 20 10:05:24 2014
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [406:2990735]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 54321 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p udp -m udp --dport 161 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 16514 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 5900:6923 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 49152:49216 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -m physdev ! --physdev-is-bridged -j REJECT --reject-with 
icmp-host-prohibited
COMMIT
# Completed on Tue May 20 10:05:24 2014

_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Reply via email to