Re: [ovirt-users] Hook to add firewall rules
On Tue, Nov 22, 2016 at 9:22 PM, Robert Story wrote: > On Tue, 22 Nov 2016 10:56:50 +0200 Yedidyah wrote: > YBD> On Mon, Nov 21, 2016 at 9:45 PM, Claude Durocher > YBD> wrote: > YBD> > Ok, i've configured my custom iptable rules with "engine-config --get > YBD> > IPTablesConfigSiteCustom" on the engine. Now, how do I apply this on > already > YBD> > deployed nodes? > YBD> > YBD> Move to maintenance, reinstall? > YBD> > YBD> I do not think there is another way. But I also do not think oVirt > YBD> will overwrite your conf by any other process, so you can also simply > YBD> do this manually. Didn't try this myself. > > I seem to recall the engine-config option being added because engine would > overwrite iptables config on every upgrade. I think you are right, for upgrades done from the engine - not 'yum update'. 'Move to maintenance and reinstall' and 'Upgrade from the engine' are actually almost the exact same thing, from the engine's POV. Thanks for the comment. Best, -- Didi ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Hook to add firewall rules
On Tue, 22 Nov 2016 10:56:50 +0200 Yedidyah wrote: YBD> On Mon, Nov 21, 2016 at 9:45 PM, Claude Durocher YBD> wrote: YBD> > Ok, i've configured my custom iptable rules with "engine-config --get YBD> > IPTablesConfigSiteCustom" on the engine. Now, how do I apply this on already YBD> > deployed nodes? YBD> YBD> Move to maintenance, reinstall? YBD> YBD> I do not think there is another way. But I also do not think oVirt YBD> will overwrite your conf by any other process, so you can also simply YBD> do this manually. Didn't try this myself. I seem to recall the engine-config option being added because engine would overwrite iptables config on every upgrade. Robert -- Senior Software Engineer @ Parsons pgpG5EOUzg3nX.pgp Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Hook to add firewall rules
On Mon, Nov 21, 2016 at 9:45 PM, Claude Durocher wrote: > Ok, i've configured my custom iptable rules with "engine-config --get > IPTablesConfigSiteCustom" on the engine. Now, how do I apply this on already > deployed nodes? Move to maintenance, reinstall? I do not think there is another way. But I also do not think oVirt will overwrite your conf by any other process, so you can also simply do this manually. Didn't try this myself. > > > > > Le Dimanche, Novembre 20, 2016 02:51 EST, Yedidyah Bar David > a écrit: > > > On Fri, Nov 18, 2016 at 1:42 AM, Claude Durocher > wrote: >> I've implemented sucessfully a hook to edit the configuration of some of >> my >> nics on my ovirt hosts. >> >> Is there a way to add firewall rules (iptables) with vdsm hooks? > > Please search for 'IPTablesConfigSiteCustom'. Best, > -- > Didi > > > > -- Didi ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Hook to add firewall rules
On Fri, Nov 18, 2016 at 1:42 AM, Claude Durocher wrote: > I've implemented sucessfully a hook to edit the configuration of some of my > nics on my ovirt hosts. > > Is there a way to add firewall rules (iptables) with vdsm hooks? Please search for 'IPTablesConfigSiteCustom'. Best, -- Didi ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Hook to add firewall rules
I've implemented sucessfully a hook to edit the configuration of some of my nics on my ovirt hosts. Is there a way to add firewall rules (iptables) with vdsm hooks? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
