[ovirt-users] 'python-nftables' failed. There is a big problem with Firewalld and openvswitch on Centos 8.3

Mon, 25 Jan 2021 23:23:17 -0800 

I have deployed a new cluster on versions:
3 Hosts: Centos 8.3 and last update
Ovirt: 4.4.4.7-1.el8

Cluster properties: switch - OVS; Firewall - Firewalld

During the initial deployment of the host in such a cluster, everything is 
successfully installed, all virtual networks and bridges are created, and the 
host is activated.

But after that, Firewalld does not work correctly, for example, when executing 
the command
firewall-cmd --reload
Issued by:
Error: COMMAND_FAILED: 'python-nftables' failed:
JSON blob:
{"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"table": 
{"family": "inet", "name": "firewalld_policy_drop"}}}, {"add": {"chain": 
{"family": "inet", "table": "firewalld_policy_drop", "name": "filter_input", 
"type": "filter", "hook": "input", "prio": 9, "policy": "drop"}}}, {"add": 
{"chain": {"family": "inet", "table": "firewalld_policy_drop", "name": 
"filter_forward", "type": "filter", "hook": "forward", "prio": 9, "policy": 
"drop"}}}, {"add": {"chain": {"family": "inet", "table": 
"firewalld_policy_drop", "name": "filter_output", "type": "filter", "hook": 
"output", "prio": 9, "policy": "drop"}}}, {"add": {"rule": {"family": "inet", 
"table": "firewalld_policy_drop", "chain": "filter_input", "expr": [{"match": 
{"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["established", 
"related"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", 
"table": "firewalld_policy_drop", "chain": "filter_forward", "expr": [{"match": 
{"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["established", 
"related"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", 
"table": "firewalld_policy_drop", "chain": "filter_output", "expr": [{"match": 
{"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["established", 
"related"]}}}, {"accept": null}]}}}]}

Now all ansible-playbook ovirt starts to execute uncorrectly

For example this error is thrown every time I try to reinstall the host:

VDSM SMnode02 command CollectVdsNetworkDataAfterInstallationVDS failed: 
Internal JSON-RPC error: {'reason': ’management’}

I understand that ovirt correctly executes scripts, and this problem is related 
to the applications Firewalld, openvswitch, NetworkManager.

Is there some workaround so that at least ovirt can re-install hosts?



_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/YG6SNDIKE4F5Y5HNM3NJLYMPLEWANIPD/

Reply via email to