Il 20/05/2014 16:36, Bob Doolittle ha scritto: > > On 05/20/2014 10:23 AM, Sandro Bonazzola wrote: >> Il 20/05/2014 16:06, Bob Doolittle ha scritto: >>> On 05/20/2014 09:42 AM, Sandro Bonazzola wrote: >>>> Il 20/05/2014 15:09, Jiri Moskovcak ha scritto: >>>>> On 05/20/2014 02:57 PM, Bob Doolittle wrote: >>>>>> Well that was interesting. >>>>>> When I ran hosted-engine --connect-storage, the Data Center went green, >>>>>> and I could see an unattached ISO domain and ovirt-image-repository (but >>>>>> no Data domain). >>>>>> But after restarting ovirt-ha-broker and ovirt-ha-agent, the storage >>>>>> disappeared again and the Data Center went red. >>>>>> >>>>>> In retrospect, there appears to be a problem with iptables/firewalld >>>>>> that could be related. >>>>>> I noticed two things: >>>>>> - firewalld is stopped and disabled on the host >>>> Correct, hosted engine support iptables only. >>>> You should have iptables configured and enabled. >>>>>> - I could not manually NFS mount (v3 or v4) from the host to the engine, >>>>>> unless I did "service iptables stop" >>>>>> >>>>>> So it doesn't appear to me that hosted-engine did the right things with >>>>>> firewalld/iptables. If these problems occurred during the --deploy, >>>>>> could that result in this situation? >>>> I don't think so >>>>>> I have temporarily disabled iptables until I get things working, but >>>>>> clearly that's insufficient to resolve the problem at this point. >>>>> - iptables/firewalld is configured during the setup, which is Sandro's >>>>> domain. Sandro, could you please take a look at this? >>>> iptables configuration is performed by the engine when adding the host. >>>> please attach iptables-save output from the host and host-deploy logs >>>> from the hosted-engine vm. >>> host-deploy logs are ^^ in this thread. >> I see ovirt-hosted-engine-setup logs, not /var/log/ovirt-engine/host-deploy >> logs. > > Oh sorry - from the engine then. Attached. > > But my problem is with the firewall on the host. > > I cannot NFS mount a share on the host (e.g. my Data Domain) on the engine. > In this case the host is the NFS server, and the engine is the NFS client. > Only the host firewall should be relevant, correct? > > Maybe what you are saying is that hosted-engine does not attempt to configure > the iptables on the host to allow NFS shares?
Yes, to be clear: ovirt-hosted-engine-setup just enable ports for spice / vnc connection from remote host to VM while performing OS install on the VM. Once the VM is installed ovirt-engine configure iptables on the host using ovirt-host-deploy package when the host is added to the engine. If you need other services on the host running the hosted engine you'll need to configure manually iptables. > >>> I have attached iptables-save output. >> I can't see anything blocking the mount from the hots toward the engine vm. >> Can you attach iptables-save also from the engine vm? >> (IIUC you've a nfs share there and you're trying to mount it from the host >> right?) > > Visa-versa. My Data domain is on my host. So is my Export domain, but I > haven't tried to import it yet since the Datacenter is not operational. > > Thanks, > Bob > -- Sandro Bonazzola Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users