On Thu, Oct 13, 2016 at 2:45 PM, Simone Tiraboschi <stira...@redhat.com> wrote:
> > > On Thu, Oct 13, 2016 at 11:23 AM, Piotr Kliczewski <pklic...@redhat.com> > wrote: > >> Gianluca, >> >> The port needs to be open on machines where vdsm is installed. >> >> @Simone can you take a look why after running host deploy at 2016-10-03 >> 23:28:47,891 >> we are not able to talk to vdsm anymore? >> > > OK, I'm on it. > Gianluca, can you please share somehow the output of ss -at on all your hosts, your /var/log/ovirt-hosted-engine-ha/agent.log and /var/log/ovirt-hosted-engine-ha/broker.log (maybe I simply lost them within this long thread). > > >> >> Thanks, >> Piotr >> > >> On Thu, Oct 13, 2016 at 11:15 AM, Gianluca Cecchi < >> gianluca.cec...@gmail.com> wrote: >> >>> >>> >>> On Thu, Oct 13, 2016 at 11:13 AM, Gianluca Cecchi < >>> gianluca.cec...@gmail.com> wrote: >>> >>>> Il 13/Ott/2016 11:00, "Piotr Kliczewski" <pklic...@redhat.com> ha >>>> scritto: >>>> > >>>> > Gianluca, >>>> > >>>> > Checking the log it seems that we do not configure firewall: >>>> > >>>> > NETWORK/firewalldEnable=bool:'False' >>>> > NETWORK/iptablesEnable=bool:'False' >>>> > >>>> > Please make sure that you reconfigure your firewall to open 54321 >>>> port or let host deploy to do it for you. >>>> > >>>> > Thanks, >>>> > Piotr >>>> >>>> Hi, >>>> at this moment Ihave: >>>> On hypervisor iptables service configured and active. >>>> On engine firewalld service configured and active. >>>> Do I have to open port 54321 on host? >>>> >>> Actually it is already... >>> >>> root@ovirt01 ~]# iptables -L -n >>> Chain INPUT (policy ACCEPT) >>> target prot opt source destination >>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 >>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 >>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67 >>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 >>> ACCEPT all -- 192.168.1.212 0.0.0.0/0 >>> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state >>> RELATED,ESTABLISHED >>> ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 >>> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 >>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp >>> dpt:54321 >>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp >>> dpt:111 >>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp >>> dpt:111 >>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 >>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp >>> dpt:161 >>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp >>> dpt:16514 >>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport >>> dports 2223 >>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport >>> dports 5900:6923 >>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport >>> dports 49152:49216 >>> REJECT all -- 0.0.0.0/0 0.0.0.0/0 >>> reject-with icmp-host-prohibited >>> >>> Chain FORWARD (policy ACCEPT) >>> target prot opt source destination >>> ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 ctstate >>> RELATED,ESTABLISHED >>> ACCEPT all -- 192.168.122.0/24 0.0.0.0/0 >>> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 >>> REJECT all -- 0.0.0.0/0 0.0.0.0/0 >>> reject-with icmp-port-unreachable >>> REJECT all -- 0.0.0.0/0 0.0.0.0/0 >>> reject-with icmp-port-unreachable >>> REJECT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV >>> match ! --physdev-is-bridged reject-with icmp-host-prohibited >>> >>> Chain OUTPUT (policy ACCEPT) >>> target prot opt source destination >>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68 >>> [root@ovirt01 ~]# >>> >>> >> >
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
