Bug 1150328
| Summary: | Missing firewall rules prevent connection to virtual-machine consoles via webadmin | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Douglas Schilling Landgraf <dougsland> |
| Component: | ovirt-node | Assignee: | Douglas Schilling Landgraf <dougsland> |
| Status: | CLOSED ERRATA | QA Contact: | Virtualization Bugs <virt-bugs> |
| Severity: | urgent | Docs Contact: | |
| Priority: | urgent | ||
| Version: | 3.5.0 | CC: | alonbl, cshao, dfediuck, ecohen, fdeutsch, gklein, hadong, huiwa, iheim, leiwang, lsurette, sherold, yaniwang, ycui |
| Target Milestone: | --- | ||
| Target Release: | 3.5.0 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | node | ||
| Fixed In Version: | rhev-hypervisor6-6.6-20141218.0.iso rhev-hypervisor7-7.0-20141218.0.iso | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-02-11 21:02:39 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | Node | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1147536, 1164308, 1164311 | ||
|
Description
Douglas Schilling Landgraf
2014-10-08 00:11:35 UTC
Alon, isn't host-deploy or vdsm taking care to open the ports, or is it left to Node to open the relevant ports? (In reply to Fabian Deutsch from comment #1) > Alon, isn't host-deploy or vdsm taking care to open the ports, or is it left > to Node to open the relevant ports? yes, host-deploy sets /etc/sysconfig/iptables and persist it, if user did not uncheck the "configure firewall". firewalld is not used in hypervisor for now. (In reply to Alon Bar-Lev from comment #2) > (In reply to Fabian Deutsch from comment #1) > > Alon, isn't host-deploy or vdsm taking care to open the ports, or is it left > > to Node to open the relevant ports? > > yes, host-deploy sets /etc/sysconfig/iptables and persist it, if user did > not uncheck the "configure firewall". > > firewalld is not used in hypervisor for now. But - is host-edploy or vdsm now also resüponsible to open the ports on Node - or do you expect Node to do this? (In reply to Fabian Deutsch from comment #3) > (In reply to Alon Bar-Lev from comment #2) > > (In reply to Fabian Deutsch from comment #1) > > > Alon, isn't host-deploy or vdsm taking care to open the ports, or is it left > > > to Node to open the relevant ports? > > > > yes, host-deploy sets /etc/sysconfig/iptables and persist it, if user did > > not uncheck the "configure firewall". > > > > firewalld is not used in hypervisor for now. > > But - is host-edploy or vdsm now also resüponsible to open the ports on Node > - or do you expect Node to do this? as I wrote, host-deploy is overriding iptables and starts iptables on machine. please confirm iptables contains invalid content post deploy and/or iptables is down and/or firewalld is up. please update bug subject to root cause. bug 1128033 is verified, we can reproduce this bug now, and qa_ack+ Test version: rhev-hypervisor7-7.0-20150119.0.1.iso ovirt-node-3.2.1-5.el7.noarch Red Hat Enterprise Virtualization Manager Version: 3.5.0-0.30.el6ev Test steps: 1. Create a virtual machine in rhevh with spice protocol 2. Try to open the virtual-machine display via Admin Portal. Test result: display to users the virtual machine console success so this bug has been fixed, changed the status into "VERIFIED". Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHEA-2015-0160.html |