If I run host reinstall with custom firewall rules in /etc/ovirt-engine/ansible/ovirt-host-deploy-post-tasks.yml the task will fails due the firewalld is not running.
The reinstall task will disable firewalld and enable iptables-services. I'm little bit confused ;( --- - name: Enable additional port on firewalld firewalld: port: "10050/tcp" permanent: yes immediate: yes state: enabled 2018-01-09 13:27:30,103 p=13550 u=ovirt | included: /etc/ovirt-engine/ansible/ovirt-host-deploy-post-tasks.yml for dipovirt01.cnc.sk 2018-01-09 13:27:30,134 p=13550 u=ovirt | TASK [Enable additional port on firewalld] ************************************* 2018-01-09 13:27:32,089 p=13550 u=ovirt | fatal: [dipovirt01.cnc.sk]: FAILED! => {"changed": false, "module_stderr": "Shared connection to dipovirt01.cnc.sk closed.\r\n", "module_stdout": "Traceback (most recent call last):\r\n File \"/tmp/ansible_2Ilnjq/ansible_module_firewalld.py\", line 936, in <module>\r\n main()\r\n File \"/tmp/ansible_2Ilnjq/ansible_module_firewalld.py\", line 788, in main\r\n module.fail(msg='firewall is not currently running, unable to perform immediate actions without a running firewall daemon')\r\nAttributeError: 'AnsibleModule' object has no attribute 'fail'\r\n", "msg": "MODULE FAILURE", "rc": 0} 2018-01-09 13:27:32,095 p=13550 u=ovirt | PLAY RECAP ********************************************************************* After reinstalation the status of firewalld is [PROD] r...@dipovirt01.cnc.sk: /var/log/vdsm # systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled) Active: inactive (dead) Docs: man:firewalld(1) So how could I switch to firewalld? package iptables-service could not be removed due the dependencies. Peter On 09/01/2018 09:35, Yedidyah Bar David wrote: > > 1) firewalld > after upgrade the hot server, the i needed to stop firewalld. It seems, > that, the rules are not generated correctly. The engine was not able to > connect to the host. How do I could fix it? > > > Please check/share relevant files from /var/log/ovirt-engine/ansible/ > and /var/log/ovirt-engine/host-deploy/ . Or perhaps file a bug and > attach them there. -- *Peter Hudec* Infraštruktúrny architekt phu...@cnc.sk <mailto:phu...@cnc.sk> *CNC, a.s.* Borská 6, 841 04 Bratislava Recepcia: +421 2 35 000 100 Mobil:+421 905 997 203 *www.cnc.sk* <http:///www.cnc.sk> _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users