> From: "Giuseppe Ragusa" <[email protected]> > To: "[email protected]" <[email protected]> > Sent: Sunday, March 23, 2014 10:44:02 PM > Subject: [Users] Otopi pre-seeded answers and firewall settings
> Hi all, > I'm trying to automate as much as possible of ovirt-hosted-engine-setup and > engine-setup by means of otopi answer files passed in using > "--config-append=filename.conf". > I succeded in forcing engine-setup to leave my iptables settings alone with: > OVESETUP_CONFIG/firewallManager=str:iptables > OVESETUP_CONFIG/updateFirewall=bool:False Right. > but ovirt-hosted-engine-setup still modified my iptables settings even with > the following options: > OVEHOSTED_NETWORK/firewallManager=str:iptables Actually I do not think we provide in hosted-engine deploy means to disable this as we do in engine-setup. If you carefully read the code you see that you can make it do nothing by setting this to a non-existent manager, e.g.: OVEHOSTED_NETWORK/firewallManager=str:nonexistent > OVEHOSTED_NETWORK/iptablesEnable=bool:False Where did you get this from? Can't find it in the code. > Maybe I used the wrong option (deduced by looking inside source code). > Does anybody have any hint/suggestion? The above should prevent 'hosted-engine --deploy' from configuring iptables on the host, and to prevent 'engine-setup' from configuring iptables on the VM. Later, the engine runs 'ovirt-host-deploy' which connects to the host and configures there stuff - some by itself, some using vdsm, and some sent through them directly from the engine. This is a process I know less... You can look at and/or post more relevant logs - /var/log/ovirt-engine/host-deploy/* , /var/log/ovirt-engine/*.log from the engine VM and /var/log/vdsm/* from the host, and also check iptables configuration at various stages - during hosted-engine deploy but before connecting to the engine, after, etc. -- Didi
_______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
