On Tue, Jan 9, 2018 at 3:25 PM, Peter Hudec <phu...@cnc.sk> wrote: > It's not a bug as I'm digging. >
Very well :-) > > In logs I found > Which logs? > > 2018-01-09 08:23:22,421+0100 DEBUG otopi.context > context.dumpEnvironment:831 ENV NETWORK/firewalldEnable=bool:'False' > 2018-01-09 08:23:22,422+0100 DEBUG otopi.context > context.dumpEnvironment:831 ENV NETWORK/iptablesEnable=bool:'True' > > So how to disable iptables and enable firewalld ? > If host-deploy, then it's a per-host/per-cluster option you should be able to choose in the web admin ui. > > Peter > > On 09/01/2018 13:47, Yedidyah Bar David wrote: > > (Adding Ondra for the firewalld stuff. But I think it's probably > > easier to debug if you open a bug and attach logs there). > > > > On Tue, Jan 9, 2018 at 2:34 PM, Peter Hudec <phu...@cnc.sk > > <mailto:phu...@cnc.sk>> wrote: > > > > If I run host reinstall with custom firewall rules in > > /etc/ovirt-engine/ansible/ovirt-host-deploy-post-tasks.yml the task > will > > fails due the firewalld is not running. > > > > The reinstall task will disable firewalld and enable > iptables-services. > > I'm little bit confused ;( > > > > --- > > - name: Enable additional port on firewalld > > firewalld: > > port: "10050/tcp" > > permanent: yes > > immediate: yes > > state: enabled > > > > > > 2018-01-09 13:27:30,103 p=13550 u=ovirt | included: > > /etc/ovirt-engine/ansible/ovirt-host-deploy-post-tasks.yml for > > dipovirt01.cnc.sk <http://dipovirt01.cnc.sk> > > 2018-01-09 13:27:30,134 p=13550 u=ovirt | TASK [Enable additional > port > > on firewalld] ************************************* > > 2018-01-09 13:27:32,089 p=13550 u=ovirt | fatal: [dipovirt01.cnc.sk > > <http://dipovirt01.cnc.sk>]: > > FAILED! => {"changed": false, "module_stderr": "Shared connection to > > dipovirt01.cnc.sk <http://dipovirt01.cnc.sk> closed.\r\n", > > "module_stdout": "Traceback (most recent > > call last):\r\n File > > \"/tmp/ansible_2Ilnjq/ansible_module_firewalld.py\", line 936, in > > <module>\r\n main()\r\n File > > \"/tmp/ansible_2Ilnjq/ansible_module_firewalld.py\", line 788, in > > main\r\n module.fail(msg='firewall is not currently running, > unable > > to perform immediate actions without a running firewall > > daemon')\r\nAttributeError: 'AnsibleModule' object has no attribute > > 'fail'\r\n", "msg": "MODULE FAILURE", "rc": 0} > > 2018-01-09 13:27:32,095 p=13550 u=ovirt | PLAY RECAP > > ************************************************************ > ********* > > > > > > After reinstalation the status of firewalld is > > [PROD] r...@dipovirt01.cnc.sk <mailto:r...@dipovirt01.cnc.sk>: > > /var/log/vdsm # systemctl status firewalld > > ● firewalld.service - firewalld - dynamic firewall daemon > > Loaded: loaded (/usr/lib/systemd/system/firewalld.service; > disabled; > > vendor preset: enabled) > > Active: inactive (dead) > > Docs: man:firewalld(1) > > > > > > So how could I switch to firewalld? package iptables-service could > not > > be removed due the dependencies. > > > > Peter > > > > On 09/01/2018 09:35, Yedidyah Bar David wrote: > > > > > > 1) firewalld > > > after upgrade the hot server, the i needed to stop firewalld. > It seems, > > > that, the rules are not generated correctly. The engine was > not able to > > > connect to the host. How do I could fix it? > > > > > > > > > Please check/share relevant files from > /var/log/ovirt-engine/ansible/ > > > and /var/log/ovirt-engine/host-deploy/ . Or perhaps file a bug and > > > attach them there. > > > > > > -- > > *Peter Hudec* > > Infraštruktúrny architekt > > phu...@cnc.sk <mailto:phu...@cnc.sk> <mailto:phu...@cnc.sk > > <mailto:phu...@cnc.sk>> > > > > *CNC, a.s.* > > Borská 6, 841 04 Bratislava > > Recepcia: +421 2 35 000 100 <tel:%2B421%202%C2%A0%2035%20000%20100> > > > > Mobil:+421 905 997 203 <tel:%2B421%C2%A0905%20997%20203> > > *www.cnc.sk <http://www.cnc.sk>* <http:///www.cnc.sk > > <http://www.cnc.sk>> > > > > > > > > > > -- > > Didi > > > -- > *Peter Hudec* > Infraštruktúrny architekt > phu...@cnc.sk <mailto:phu...@cnc.sk> > > *CNC, a.s.* > Borská 6, 841 04 Bratislava > Recepcia: +421 2 35 000 100 > > Mobil:+421 905 997 203 > *www.cnc.sk* <http:///www.cnc.sk> > > -- Didi
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users