> From: "Giuseppe Ragusa" <[email protected]> > To: "Yedidyah Bar David" <[email protected]> > Cc: "[email protected]" <[email protected]> > Sent: Tuesday, March 25, 2014 1:53:20 AM > Subject: RE: [Users] Otopi pre-seeded answers and firewall settings
> Hi Didi, > I found the references to NETWORK/iptablesEnable in my engine logs > (/var/log/ovirt-engine/host-deploy/ovirt-*.log), but it didn't seem to work > after all. > Full logs attached. > I resurrected my Engine by rebooting the (still only) host, then restarting > ovirt-ha-agent (at startup the agent failed while trying to launch vdsm, but > I found vdsm running and so tried manually...). OK, so it's host-deploy that's doing that. But it's not host-deploy itself - it's the engine that is talking to it, asking it to configure iptables. I don't know how to make the agent don't do that. I searched a bit the sources (which I don't know) and didn't find a simple way. You can, however, try to override this by: # mkdir -p /etc/ovirt-host-deploy.conf.d # echo '[environment:enforce]' > /etc/ovirt-host-deploy.conf.d/99-prevent-iptables.conf # echo 'NETWORK/iptablesEnable=bool:False' >> /etc/ovirt-host-deploy.conf.d/99-prevent-iptables.conf Never tried that, and not sure it's recommended - if it does work, it means that host-deploy will not update iptables, but the engine will think it did. So it's better to find a way to make the engine not do that. Or, better yet, that you'll explain why you need this and somehow make the engine do what you want... -- Didi
_______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
