On Thu, Oct 13, 2016 at 2:59 PM, Simone Tiraboschi <[email protected]> wrote:
> > > On Thu, Oct 13, 2016 at 2:45 PM, Simone Tiraboschi <[email protected]> > wrote: > >> >> >> On Thu, Oct 13, 2016 at 11:23 AM, Piotr Kliczewski <[email protected]> >> wrote: >> >>> Gianluca, >>> >>> The port needs to be open on machines where vdsm is installed. >>> >>> @Simone can you take a look why after running host deploy at 2016-10-03 >>> 23:28:47,891 >>> we are not able to talk to vdsm anymore? >>> >> >> OK, I'm on it. >> > > Gianluca, can you please share somehow the output of > ss -at > on all your hosts, your /var/log/ovirt-hosted-engine-ha/agent.log and > /var/log/ovirt-hosted-engine-ha/broker.log > (maybe I simply lost them within this long thread). > > >> >> >>> >>> Thanks, >>> Piotr >>> >> >>> On Thu, Oct 13, 2016 at 11:15 AM, Gianluca Cecchi < >>> [email protected]> wrote: >>> >>>> >>>> >>>> On Thu, Oct 13, 2016 at 11:13 AM, Gianluca Cecchi < >>>> [email protected]> wrote: >>>> >>>>> Il 13/Ott/2016 11:00, "Piotr Kliczewski" <[email protected]> ha >>>>> scritto: >>>>> > >>>>> > Gianluca, >>>>> > >>>>> > Checking the log it seems that we do not configure firewall: >>>>> > >>>>> > NETWORK/firewalldEnable=bool:'False' >>>>> > NETWORK/iptablesEnable=bool:'False' >>>>> > >>>>> > Please make sure that you reconfigure your firewall to open 54321 >>>>> port or let host deploy to do it for you. >>>>> > >>>>> > Thanks, >>>>> > Piotr >>>>> >>>>> Hi, >>>>> at this moment Ihave: >>>>> On hypervisor iptables service configured and active. >>>>> On engine firewalld service configured and active. >>>>> Do I have to open port 54321 on host? >>>>> >>>> Actually it is already... >>>> >>>> root@ovirt01 ~]# iptables -L -n >>>> Chain INPUT (policy ACCEPT) >>>> target prot opt source destination >>>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp >>>> dpt:53 >>>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp >>>> dpt:53 >>>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp >>>> dpt:67 >>>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp >>>> dpt:67 >>>> ACCEPT all -- 192.168.1.212 0.0.0.0/0 >>>> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state >>>> RELATED,ESTABLISHED >>>> ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 >>>> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 >>>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp >>>> dpt:54321 >>>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp >>>> dpt:111 >>>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp >>>> dpt:111 >>>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp >>>> dpt:22 >>>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp >>>> dpt:161 >>>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp >>>> dpt:16514 >>>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 >>>> multiport dports 2223 >>>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 >>>> multiport dports 5900:6923 >>>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 >>>> multiport dports 49152:49216 >>>> REJECT all -- 0.0.0.0/0 0.0.0.0/0 >>>> reject-with icmp-host-prohibited >>>> >>>> Chain FORWARD (policy ACCEPT) >>>> target prot opt source destination >>>> ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 ctstate >>>> RELATED,ESTABLISHED >>>> ACCEPT all -- 192.168.122.0/24 0.0.0.0/0 >>>> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 >>>> REJECT all -- 0.0.0.0/0 0.0.0.0/0 >>>> reject-with icmp-port-unreachable >>>> REJECT all -- 0.0.0.0/0 0.0.0.0/0 >>>> reject-with icmp-port-unreachable >>>> REJECT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV >>>> match ! --physdev-is-bridged reject-with icmp-host-prohibited >>>> >>>> Chain OUTPUT (policy ACCEPT) >>>> target prot opt source destination >>>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp >>>> dpt:68 >>>> [root@ovirt01 ~]# >>>> >>>> >>> >> > ss log for host: https://drive.google.com/file/d/0BwoPbcrMv8mvczVOeG1iUWZxS1U/view?usp=sharing ss log for engine https://drive.google.com/file/d/0BwoPbcrMv8mvWGx0QWstWG1TSWc/view?usp=sharing agent.log https://drive.google.com/file/d/0BwoPbcrMv8mvMFBrQ2lneFVwaGc/view?usp=sharing broker.log https://drive.google.com/file/d/0BwoPbcrMv8mva2Jsc3BkNkpNZFE/view?usp=sharing hih clarify
_______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
