Bug 1304445
| Summary: | hosted-engine --deploy host installation fails when using firewalld | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | [oVirt] ovirt-hosted-engine-setup | Reporter: | Charlie Inglese <cinglese> | ||||||||||||
| Component: | Network | Assignee: | Fabian Deutsch <fdeutsch> | ||||||||||||
| Status: | CLOSED DUPLICATE | QA Contact: | Pavel Stehlik <pstehlik> | ||||||||||||
| Severity: | urgent | Docs Contact: | |||||||||||||
| Priority: | unspecified | ||||||||||||||
| Version: | 1.3.2.3 | CC: | bugs, cinglese, rnachimu, stirabos | ||||||||||||
| Target Milestone: | --- | Keywords: | Reopened | ||||||||||||
| Target Release: | --- | Flags: | rule-engine:
planning_ack?
rule-engine: devel_ack? rule-engine: testing_ack? |
||||||||||||
| Hardware: | x86_64 | ||||||||||||||
| OS: | Linux | ||||||||||||||
| Whiteboard: | |||||||||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||||||||
| Doc Text: | Story Points: | --- | |||||||||||||
| Clone Of: | |||||||||||||||
| : | 1304514 (view as bug list) | Environment: | |||||||||||||
| Last Closed: | 2016-02-03 19:07:18 UTC | Type: | Bug | ||||||||||||
| Regression: | --- | Mount Type: | --- | ||||||||||||
| Documentation: | --- | CRM: | |||||||||||||
| Verified Versions: | Category: | --- | |||||||||||||
| oVirt Team: | Network | RHEL 7.3 requirements from Atomic Host: | |||||||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||||||
| Embargoed: | |||||||||||||||
| Bug Depends On: | |||||||||||||||
| Bug Blocks: | 1277010 | ||||||||||||||
| Attachments: |
|
||||||||||||||
Created attachment 1120840 [details]
/var/log/vdsm/vdsm.log
Created attachment 1120842 [details]
ovirt-hosted-engine-setup log
Created attachment 1120843 [details]
firewall-cmd --list-all
Created attachment 1120844 [details]
iptables -nvL
FirewallD is currently not supported on hosts. Simply use OVEHOSTED_NETWORK/firewallManager=str:iptables (In reply to Simone Tiraboschi from comment #5) > FirewallD is currently not supported on hosts. > Simply use OVEHOSTED_NETWORK/firewallManager=str:iptables Do u mean its not supported on the vdsm hosts or hosted_engine VM? If that's the case then why are we having this option in the hosted-engine script? (In reply to Ramesh N from comment #6) > (In reply to Simone Tiraboschi from comment #5) > > FirewallD is currently not supported on hosts. > > Simply use OVEHOSTED_NETWORK/firewallManager=str:iptables > > Do u mean its not supported on the vdsm hosts or hosted_engine VM? If that's > the case then why are we having this option in the hosted-engine script? I concur as well. firewalld is listed as an oVirt installation option and is the default RHEL 7 firewall application (https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Using_Firewalls.html). Additionally, the oVirt quick start guide references firewalld as its example (http://www.ovirt.org/Quick_Start_Guide). I am reopening this bug, as firewalld is a supported option and should either be fully supported or removed as a valid configuration option. (In reply to Charlie Inglese from comment #7) > I am reopening this bug, as firewalld is a supported option and should > either be fully supported or removed as a valid configuration option. OVEHOSTED_NETWORK/firewallManager=str:firewalld is not a valid configuration option: hosted-engine-setup is currently not going to propose you to use firewalld if used interactively, you are just tweaking the answerfile. You can also write OVEHOSTED_NETWORK/firewallManager=str:IPFILTER, or whatever you prefer, in that answerfile but as you can image this is not enough to have it working. *** This bug has been marked as a duplicate of bug 995362 *** |
Created attachment 1120839 [details] /var/log/vdsm/mom.log Description of problem: During initial installation of oVirt Hosted Engine using the appliance and answer file, if firewalld is selected as the OVEHOSTED_NETWORK/firewallManager (e.g. OVEHOSTED_NETWORK/firewallManager=str:firewalld), addition of the initial oVirt host fails. Version-Release number of selected component (if applicable): glusterfs-3.7.6-1.el7.x86_64 glusterfs-api-3.7.6-1.el7.x86_64 glusterfs-cli-3.7.6-1.el7.x86_64 glusterfs-client-xlators-3.7.6-1.el7.x86_64 glusterfs-fuse-3.7.6-1.el7.x86_64 glusterfs-geo-replication-3.7.6-1.el7.x86_64 glusterfs-libs-3.7.6-1.el7.x86_64 glusterfs-server-3.7.6-1.el7.x86_64 libgovirt-0.3.3-1.el7.x86_64 ovirt-engine-appliance-3.6-20160126.1.el7.centos.noarch ovirt-engine-sdk-python-3.6.2.1-1.el7.centos.noarch ovirt-host-deploy-1.4.1-1.el7.centos.noarch ovirt-hosted-engine-ha-1.3.3.7-1.el7.centos.noarch ovirt-hosted-engine-setup-1.3.2.3-1.el7.centos.noarch ovirt-setup-lib-1.0.1-1.el7.centos.noarch ovirt-vmconsole-1.0.0-1.el7.centos.noarch ovirt-vmconsole-host-1.0.0-1.el7.centos.noarch vdsm-4.17.18-0.el7.centos.noarch vdsm-cli-4.17.18-0.el7.centos.noarch vdsm-gluster-4.17.18-0.el7.centos.noarch vdsm-hook-vmfex-dev-4.17.18-0.el7.centos.noarch vdsm-infra-4.17.18-0.el7.centos.noarch vdsm-jsonrpc-4.17.18-0.el7.centos.noarch vdsm-python-4.17.18-0.el7.centos.noarch vdsm-xmlrpc-4.17.18-0.el7.centos.noarch vdsm-yajsonrpc-4.17.18-0.el7.centos.noarch How reproducible: Everytime Steps to Reproduce: 1. Install oVirt appliance 2. Using answer file, install oVirt on initial node (e.g. hosted-engine --deploy --config-append=<answerfile>) 3. Within answerfile ensure OVEHOSTED_NETWORK/firewallManager=str:firewalld Actual results: 1. Host OvirtHost2 installation failed. Host not reachable. Expected results: 1. oVirt host is added to pool successfully. Additional info: SELinux permissive mode