Il 20/05/2014 20:43, Bob Doolittle ha scritto: > > On 05/20/2014 10:41 AM, Sandro Bonazzola wrote: >> Il 20/05/2014 16:36, Bob Doolittle ha scritto: >>> On 05/20/2014 10:23 AM, Sandro Bonazzola wrote: >>>> Il 20/05/2014 16:06, Bob Doolittle ha scritto: >>>>> On 05/20/2014 09:42 AM, Sandro Bonazzola wrote: >>>>>> Il 20/05/2014 15:09, Jiri Moskovcak ha scritto: >>>>>>> On 05/20/2014 02:57 PM, Bob Doolittle wrote: >>>>>>>> Well that was interesting. >>>>>>>> When I ran hosted-engine --connect-storage, the Data Center went green, >>>>>>>> and I could see an unattached ISO domain and ovirt-image-repository >>>>>>>> (but >>>>>>>> no Data domain). >>>>>>>> But after restarting ovirt-ha-broker and ovirt-ha-agent, the storage >>>>>>>> disappeared again and the Data Center went red. >>>>>>>> >>>>>>>> In retrospect, there appears to be a problem with iptables/firewalld >>>>>>>> that could be related. >>>>>>>> I noticed two things: >>>>>>>> - firewalld is stopped and disabled on the host >>>>>> Correct, hosted engine support iptables only. >>>>>> You should have iptables configured and enabled. >>>>>>>> - I could not manually NFS mount (v3 or v4) from the host to the >>>>>>>> engine, >>>>>>>> unless I did "service iptables stop" >>>>>>>> >>>>>>>> So it doesn't appear to me that hosted-engine did the right things with >>>>>>>> firewalld/iptables. If these problems occurred during the --deploy, >>>>>>>> could that result in this situation? >>>>>> I don't think so >>>>>>>> I have temporarily disabled iptables until I get things working, but >>>>>>>> clearly that's insufficient to resolve the problem at this point. >>>>>>> - iptables/firewalld is configured during the setup, which is Sandro's >>>>>>> domain. Sandro, could you please take a look at this? >>>>>> iptables configuration is performed by the engine when adding the host. >>>>>> please attach iptables-save output from the host and host-deploy logs >>>>>> from the hosted-engine vm. >>>>> host-deploy logs are ^^ in this thread. >>>> I see ovirt-hosted-engine-setup logs, not >>>> /var/log/ovirt-engine/host-deploy logs. >>> Oh sorry - from the engine then. Attached. >>> >>> But my problem is with the firewall on the host. >>> >>> I cannot NFS mount a share on the host (e.g. my Data Domain) on the engine. >>> In this case the host is the NFS server, and the engine is the NFS client. >>> Only the host firewall should be relevant, correct? >>> >>> Maybe what you are saying is that hosted-engine does not attempt to >>> configure the iptables on the host to allow NFS shares? >> Yes, to be clear: >> ovirt-hosted-engine-setup just enable ports for spice / vnc connection from >> remote host to VM while performing OS install on the VM. >> Once the VM is installed ovirt-engine configure iptables on the host using >> ovirt-host-deploy package when the host is added to the engine. >> If you need other services on the host running the hosted engine you'll need >> to configure manually iptables. > > Thanks, > > Jirka - since Sandro says this NFS issue is irrelevant to Hosted operation, > do you have any other suggestions or can I provide any additional data to > help diagnose why my configuration is non-operational? > I will eventually want to fix this and add Data and Export domains from my > host, but for the moment it appears no NFS exports from the host are > required for oVirt operation.
I'm not saying NFS issue is irrelevant :-) I'm saying that if you're adding NFS service on the node running hosted engine you'll need to configure iptables for allowing to mount the shares. This means at least opening rpc-bind port 111 and NFS port 2049 and ports 662 875 892 32769 32803 assuming you've configured NFS with: RPCRQUOTADOPTS="-p 875" LOCKD_TCPPORT=32803 LOCKD_UDPPORT=32769 RPCMOUNTDOPTS="-p 892" STATDARG="-p 662 -o 2020" Alternative is to use NFS storage on a different host. > So where are my domains? :) > > Thanks, > Bob > >> >> >>>>> I have attached iptables-save output. >>>> I can't see anything blocking the mount from the hots toward the engine >>>> vm. >>>> Can you attach iptables-save also from the engine vm? >>>> (IIUC you've a nfs share there and you're trying to mount it from the host >>>> right?) >>> Visa-versa. My Data domain is on my host. So is my Export domain, but I >>> haven't tried to import it yet since the Datacenter is not operational. >>> >>> Thanks, >>> Bob >>> >> > -- Sandro Bonazzola Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users