Bug 1480902
Summary: | image_handler:186:root:(make_imaged_request) Failed communicating with vdsm-imaged: A Connection error occurred. ovirt-imageio-proxy | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [oVirt] cockpit-ovirt | Reporter: | ldomb | ||||||
Component: | Gdeploy | Assignee: | Gobinda Das <godas> | ||||||
Status: | CLOSED NOTABUG | QA Contact: | RamaKasturi <knarra> | ||||||
Severity: | urgent | Docs Contact: | |||||||
Priority: | high | ||||||||
Version: | 0.10.7-0.0.23 | CC: | amureini, bugs, dchaplyg, derez, istein, jbenedic, knarra, ldomb, lsurette, rbalakri, rbarry, Rhev-m-bugs, rhs-bugs, sabose, smohan, srevivo, storage-qa-internal, trichard, ykaul | ||||||
Target Milestone: | ovirt-4.1.6 | Flags: | dchaplyg:
needinfo-
sabose: ovirt-4.1? sabose: planning_ack? rule-engine: devel_ack+ knarra: testing_ack+ |
||||||
Target Release: | 0.11.0 | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | cockpit-ovirt-0.10.8-2.0.ovirt41.el7ev | Doc Type: | If docs needed, set a value | ||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2017-10-12 13:16:15 UTC | Type: | Bug | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | Gluster | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | |||||||||
Bug Blocks: | 1486559 | ||||||||
Attachments: |
|
Description
ldomb
2017-08-12 19:01:45 UTC
Firewall port 54322 is not opened by default with the HCI installation therefor the upload will fail. Not sure what bugzilla I have to update here (In reply to ldomb from comment #1) > Firewall port 54322 is not opened by default with the HCI installation > therefor the upload will fail. Not sure what bugzilla I have to update here We've recently added this requirement to 'Virtualization Host Firewall Requirements' section of the 'Planning And Prerequisites Guide' of 4.1. Is it the only issue here? I.e. Is opening the port solves it? (In reply to Daniel Erez from comment #2) > (In reply to ldomb from comment #1) > > Firewall port 54322 is not opened by default with the HCI installation > > therefor the upload will fail. Not sure what bugzilla I have to update here > > We've recently added this requirement to 'Virtualization Host Firewall > Requirements' section of the 'Planning And Prerequisites Guide' of 4.1. @Tahlia - do we have a BZ for the 4.1 documentation update? > > Is it the only issue here? I.e. Is opening the port solves it? (In reply to Daniel Erez from comment #2) > (In reply to ldomb from comment #1) > > Firewall port 54322 is not opened by default with the HCI installation > > therefor the upload will fail. Not sure what bugzilla I have to update here > > We've recently added this requirement to 'Virtualization Host Firewall > Requirements' section of the 'Planning And Prerequisites Guide' of 4.1. > > Is it the only issue here? I.e. Is opening the port solves it? A few more questions: * Have you previously performed update on that host? * If yes, from which version? * Can you please attach the host-deploy log of the relevant host? * Also, please attach the output of 'iptables -L' * Have you previously performed update on that host? No * If yes, from which version? No * Can you please attach the host-deploy log of the relevant host? * Also, please attach the output of 'iptables -L' iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere INPUT_direct all -- anywhere anywhere INPUT_ZONES_SOURCE all -- anywhere anywhere INPUT_ZONES all -- anywhere anywhere DROP all -- anywhere anywhere ctstate INVALID REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere FORWARD_direct all -- anywhere anywhere FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere FORWARD_IN_ZONES all -- anywhere anywhere FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere FORWARD_OUT_ZONES all -- anywhere anywhere DROP all -- anywhere anywhere ctstate INVALID REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination OUTPUT_direct all -- anywhere anywhere Chain FORWARD_IN_ZONES (1 references) target prot opt source destination FWDI_public all -- anywhere anywhere [goto] Chain FORWARD_IN_ZONES_SOURCE (1 references) target prot opt source destination Chain FORWARD_OUT_ZONES (1 references) target prot opt source destination FWDO_public all -- anywhere anywhere [goto] Chain FORWARD_OUT_ZONES_SOURCE (1 references) target prot opt source destination Chain FORWARD_direct (1 references) target prot opt source destination Chain FWDI_public (1 references) target prot opt source destination FWDI_public_log all -- anywhere anywhere FWDI_public_deny all -- anywhere anywhere FWDI_public_allow all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere Chain FWDI_public_allow (1 references) target prot opt source destination Chain FWDI_public_deny (1 references) target prot opt source destination Chain FWDI_public_log (1 references) target prot opt source destination Chain FWDO_public (1 references) target prot opt source destination FWDO_public_log all -- anywhere anywhere FWDO_public_deny all -- anywhere anywhere FWDO_public_allow all -- anywhere anywhere Chain FWDO_public_allow (1 references) target prot opt source destination Chain FWDO_public_deny (1 references) target prot opt source destination Chain FWDO_public_log (1 references) target prot opt source destination Chain INPUT_ZONES (1 references) target prot opt source destination IN_public all -- anywhere anywhere [goto] Chain INPUT_ZONES_SOURCE (1 references) target prot opt source destination Chain INPUT_direct (1 references) target prot opt source destination Chain IN_public (1 references) target prot opt source destination IN_public_log all -- anywhere anywhere IN_public_deny all -- anywhere anywhere IN_public_allow all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere Chain IN_public_allow (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:54321 ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpts:rfb:6923 ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpts:49152:49216 ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:sunrpc ctstate NEW ACCEPT udp -- anywhere anywhere udp dpt:sunrpc ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:16509 ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:websm ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:24007 ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:24008 ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:24009 ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:38465 ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:38466 ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:38467 ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:38468 ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:38469 ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpts:49152:49664 ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:nfs ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:mountd ctstate NEW ACCEPT udp -- anywhere anywhere udp dpt:mountd ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:5666 ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:16514 ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:54322 ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:rfb ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpts:rfb:6923 ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:54321 ctstate NEW ACCEPT udp -- anywhere anywhere udp dpt:54322 ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:nfs ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:sunrpc ctstate NEW Chain IN_public_deny (1 references) target prot opt source destination Chain IN_public_log (1 references) target prot opt source destination Chain OUTPUT_direct (1 references) target prot opt source destination (In reply to ldomb from comment #6) > * Have you previously performed update on that host? > No > * If yes, from which version? > No > * Can you please attach the host-deploy log of the relevant host? > * Also, please attach the output of 'iptables -L' > iptables -L > Chain INPUT (policy ACCEPT) > target prot opt source destination > ACCEPT all -- anywhere anywhere ctstate > RELATED,ESTABLISHED > ACCEPT all -- anywhere anywhere > INPUT_direct all -- anywhere anywhere > INPUT_ZONES_SOURCE all -- anywhere anywhere > INPUT_ZONES all -- anywhere anywhere > DROP all -- anywhere anywhere ctstate INVALID > REJECT all -- anywhere anywhere reject-with > icmp-host-prohibited > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > ACCEPT all -- anywhere anywhere ctstate > RELATED,ESTABLISHED > ACCEPT all -- anywhere anywhere > FORWARD_direct all -- anywhere anywhere > FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere > FORWARD_IN_ZONES all -- anywhere anywhere > FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere > FORWARD_OUT_ZONES all -- anywhere anywhere > DROP all -- anywhere anywhere ctstate INVALID > REJECT all -- anywhere anywhere reject-with > icmp-host-prohibited > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > OUTPUT_direct all -- anywhere anywhere > > Chain FORWARD_IN_ZONES (1 references) > target prot opt source destination > FWDI_public all -- anywhere anywhere [goto] > > Chain FORWARD_IN_ZONES_SOURCE (1 references) > target prot opt source destination > > Chain FORWARD_OUT_ZONES (1 references) > target prot opt source destination > FWDO_public all -- anywhere anywhere [goto] > > Chain FORWARD_OUT_ZONES_SOURCE (1 references) > target prot opt source destination > > Chain FORWARD_direct (1 references) > target prot opt source destination > > Chain FWDI_public (1 references) > target prot opt source destination > FWDI_public_log all -- anywhere anywhere > FWDI_public_deny all -- anywhere anywhere > FWDI_public_allow all -- anywhere anywhere > ACCEPT icmp -- anywhere anywhere > > Chain FWDI_public_allow (1 references) > target prot opt source destination > > Chain FWDI_public_deny (1 references) > target prot opt source destination > > Chain FWDI_public_log (1 references) > target prot opt source destination > > Chain FWDO_public (1 references) > target prot opt source destination > FWDO_public_log all -- anywhere anywhere > FWDO_public_deny all -- anywhere anywhere > FWDO_public_allow all -- anywhere anywhere > > Chain FWDO_public_allow (1 references) > target prot opt source destination > > Chain FWDO_public_deny (1 references) > target prot opt source destination > > Chain FWDO_public_log (1 references) > target prot opt source destination > > Chain INPUT_ZONES (1 references) > target prot opt source destination > IN_public all -- anywhere anywhere [goto] > > Chain INPUT_ZONES_SOURCE (1 references) > target prot opt source destination > > Chain INPUT_direct (1 references) > target prot opt source destination > > Chain IN_public (1 references) > target prot opt source destination > IN_public_log all -- anywhere anywhere > IN_public_deny all -- anywhere anywhere > IN_public_allow all -- anywhere anywhere > ACCEPT icmp -- anywhere anywhere > > Chain IN_public_allow (1 references) > target prot opt source destination > ACCEPT tcp -- anywhere anywhere tcp dpt:54321 > ctstate NEW > ACCEPT tcp -- anywhere anywhere tcp > dpts:rfb:6923 ctstate NEW > ACCEPT tcp -- anywhere anywhere tcp > dpts:49152:49216 ctstate NEW > ACCEPT tcp -- anywhere anywhere tcp dpt:sunrpc > ctstate NEW > ACCEPT udp -- anywhere anywhere udp dpt:sunrpc > ctstate NEW > ACCEPT tcp -- anywhere anywhere tcp dpt:16509 > ctstate NEW > ACCEPT tcp -- anywhere anywhere tcp dpt:websm > ctstate NEW > ACCEPT tcp -- anywhere anywhere tcp dpt:24007 > ctstate NEW > ACCEPT tcp -- anywhere anywhere tcp dpt:24008 > ctstate NEW > ACCEPT tcp -- anywhere anywhere tcp dpt:24009 > ctstate NEW > ACCEPT tcp -- anywhere anywhere tcp dpt:38465 > ctstate NEW > ACCEPT tcp -- anywhere anywhere tcp dpt:38466 > ctstate NEW > ACCEPT tcp -- anywhere anywhere tcp dpt:38467 > ctstate NEW > ACCEPT tcp -- anywhere anywhere tcp dpt:38468 > ctstate NEW > ACCEPT tcp -- anywhere anywhere tcp dpt:38469 > ctstate NEW > ACCEPT tcp -- anywhere anywhere tcp > dpts:49152:49664 ctstate NEW > ACCEPT tcp -- anywhere anywhere tcp dpt:nfs > ctstate NEW > ACCEPT tcp -- anywhere anywhere tcp dpt:ssh > ctstate NEW > ACCEPT tcp -- anywhere anywhere tcp dpt:mountd > ctstate NEW > ACCEPT udp -- anywhere anywhere udp dpt:mountd > ctstate NEW > ACCEPT tcp -- anywhere anywhere tcp dpt:5666 > ctstate NEW > ACCEPT tcp -- anywhere anywhere tcp dpt:16514 > ctstate NEW > ACCEPT tcp -- anywhere anywhere tcp dpt:54322 > ctstate NEW So this was added after deploying the host? Do you have another host you can check whether the rule exist? Can you please attach host-deploy log, as the rule should be added as part of the deployment. > ACCEPT tcp -- anywhere anywhere tcp dpt:rfb > ctstate NEW > ACCEPT tcp -- anywhere anywhere tcp > dpts:rfb:6923 ctstate NEW > ACCEPT tcp -- anywhere anywhere tcp dpt:54321 > ctstate NEW > ACCEPT udp -- anywhere anywhere udp dpt:54322 > ctstate NEW > ACCEPT tcp -- anywhere anywhere tcp dpt:nfs > ctstate NEW > ACCEPT tcp -- anywhere anywhere tcp dpt:sunrpc > ctstate NEW > > Chain IN_public_deny (1 references) > target prot opt source destination > > Chain IN_public_log (1 references) > target prot opt source destination > > Chain OUTPUT_direct (1 references) > target prot opt source destination Created attachment 1312703 [details]
host-deploy log
According to the host-deploy log[1], iptables wasn't enabled during the deploy. So it seems like an issue of the HCI installer host deployment automation. @Denis - is it a known issue? [1] 2017-08-11 13:19:29 DEBUG otopi.context context.dumpEnvironment:770 ENV NETWORK/iptablesEnable=bool:'False' 2017-08-11 13:19:29 DEBUG otopi.context context.dumpEnvironment:770 ENV NETWORK/iptablesRules=NoneType:'None' (In reply to Daniel Erez from comment #4) > (In reply to Daniel Erez from comment #2) > > (In reply to ldomb from comment #1) > > > Firewall port 54322 is not opened by default with the HCI installation > > > therefor the upload will fail. Not sure what bugzilla I have to update here > > > > We've recently added this requirement to 'Virtualization Host Firewall > > Requirements' section of the 'Planning And Prerequisites Guide' of 4.1. > > @Tahlia - do we have a BZ for the 4.1 documentation update? There's an individual BZ for the port: BZ#1467153 It's on release_pending, waiting for the completion of BZ#1450254, which is very close to done. The planned publication date is August 23. > > > > > Is it the only issue here? I.e. Is opening the port solves it? @Daniel - No, it is not yet a known issue. Could you please provide more details? (In reply to Denis Chaplygin from comment #11) > @Daniel - No, it is not yet a known issue. Could you please provide more > details? Sure. imageio-daemon service on host requires an iptables rule to open port 54322 (which is opened by default on regular host deploy by engine). However, according to the host-deploy logs[1] of HCI env, I see that no rules are passed. The question is what's the difference in host deployment between HCI and regular envs. [1] 2017-08-11 13:19:29 DEBUG otopi.context context.dumpEnvironment:770 ENV NETWORK/iptablesEnable=bool:'False' 2017-08-11 13:19:29 DEBUG otopi.context context.dumpEnvironment:770 ENV NETWORK/iptablesRules=NoneType:'None' I also realized on a default HCI install the ovirt-imageio-daemon is not enabled as well. ovirt-imageio-daemon.service disabled (In reply to ldomb from comment #13) > I also realized on a default HCI install the ovirt-imageio-daemon is not > enabled as well. > > ovirt-imageio-daemon.service disabled That's actually expected as host-deploy/vdsm starts the service. (In reply to Daniel Erez from comment #12) > (In reply to Denis Chaplygin from comment #11) > > @Daniel - No, it is not yet a known issue. Could you please provide more > > details? > > Sure. imageio-daemon service on host requires an iptables rule to open port > 54322 (which is opened by default on regular host deploy by engine). > However, according to the host-deploy logs[1] of HCI env, I see that no > rules are passed. The question is what's the difference in host deployment > between HCI and regular envs. > > > [1] > 2017-08-11 13:19:29 DEBUG otopi.context context.dumpEnvironment:770 ENV > NETWORK/iptablesEnable=bool:'False' > 2017-08-11 13:19:29 DEBUG otopi.context context.dumpEnvironment:770 ENV > NETWORK/iptablesRules=NoneType:'None' Moving the bug, as it seems the issue is relevant only for Grafton deploy process (the iptables rules are opened correctly on regular deployment). changing the product and component to ovirt-cockpit & gdeploy as the fix needs to be in ovirt-cockpit -> gdeploy. gdeploy opens the ports what ever is present in the conf file, so conf file has to be updated with the correct ports so that gdeploy can open it. Gobinda, both patches attached here are merged. Should this BZ be moved to MODIFIED, or are we pending anything else? Verified and works fine with build cockpit-ovirt-dashboard-0.10.8-2.0.ovirt41.el7ev.noarch. I see that the port required to upload disk is being opened as part of cockpit-gdeploy. gdeployConfig.conf file: ======================================================= ports=111/tcp,2049/tcp,54321/tcp,5900/tcp,5900-6923/tcp,5666/tcp,16514/tcp,54322/tcp - port 54322 is added iptables -L output from the host: ================================================ [root@rhsqa-grafton1 ~]# iptables -L | grep 54322 ACCEPT tcp -- anywhere anywhere tcp dpt:54322 ctstate NEW Below are the steps followed to verify the bug: =================================================== 1) Install ovirt-imageio-proxy on the engine side if not already installed. 2) check for the value in DB by executing the commands below. # su - postgres Please ignore comment 19 Verified and works fine with build cockpit-ovirt-dashboard-0.10.8-2.0.ovirt41.el7ev.noarch. I see that the port required to upload disk is being opened as part of cockpit-gdeploy. gdeployConfig.conf file: ======================================================= ports=111/tcp,2049/tcp,54321/tcp,5900/tcp,5900-6923/tcp,5666/tcp,16514/tcp,54322/tcp - port 54322 is added iptables -L output from the host: ================================================ [root@rhsqa-grafton1 ~]# iptables -L | grep 54322 ACCEPT tcp -- anywhere anywhere tcp dpt:54322 ctstate NEW Below are the steps followed to verify the bug: =================================================== Engine side: ================================= 1) Install ovirt-imageio-proxy on the engine side if not already installed. 2) check for the value in DB by executing the commands below. # su - postgres # psql -d engine # select * from vdc_options where option_name='ImageProxyAddress'; option_id | option_name | option_value | version -----------+-------------------+-----------------+--------- 1113 | ImageProxyAddress | hostedenginesm1.lab.eng.blr.redhat.com:54323 | general Option_value should be FQDN of your rhevm instance. 3) If the option_value is shown as localhost then set it using the following command "UPDATE vdc_options SET option_value='<FQDN_OF_YOUR_RHEVM_instance>:54323' WHERE option_name = 'ImageProxyAddress'; Host side: ======================= 4) restart ovirt-engine service by running the command 'service ovirt-engine restart' 5)On the host side make sure "ovirt-imageio-daemon" is installed and service ovirt-imageio-daemon is started by running the command 'systemctl status ovirt-imageio-daemon" Browser side: ================================================ 6) Download the certificate by browsing the url below in firefox "https://<FQDN_OF_RHEVM_INSTANCE/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA" 7)click on all the check boxes which appears in the popup dialog and say "ok" 8)Download rhel7.4 qcow2 image from access.redhat.com 9) click on disks tab in UI and click 'Upload' 10) Input size and disk name 11) Verified that disk is uploaded successfully to glusterfs storage domain. Attaching screenshot for the same. You can refer to the bug https://bugzilla.redhat.com/show_bug.cgi?id=1348993 on the procedure of how to upload disk image. Created attachment 1324825 [details]
screenshot of the uploaded disk image
Where are we with this? I just installed a new installation and still run into the exact same issue Target release should be placed once a package build is known to fix a issue. Since this bug is not modified, the target version has been reset. Please use target milestone to plan a fix for a oVirt release. I did use cockpit-ovirt-dashboard-0.10.8-2.2.ovirt41.el7ev.noarch and its still broken not being able to upload images. iptables from the engine Chain FWDO_public_deny (1 references) target prot opt source destination Chain FWDO_public_log (1 references) target prot opt source destination Chain INPUT_ZONES (1 references) target prot opt source destination IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] Chain INPUT_ZONES_SOURCE (1 references) target prot opt source destination Chain INPUT_direct (1 references) target prot opt source destination Chain IN_public (2 references) target prot opt source destination IN_public_log all -- 0.0.0.0/0 0.0.0.0/0 IN_public_deny all -- 0.0.0.0/0 0.0.0.0/0 IN_public_allow all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 Chain IN_public_allow (1 references) target prot opt source destination ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5432 ctstate NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ctstate NEW ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:7410 ctstate NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:54323 ctstate NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6100 ctstate NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ctstate NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222 ctstate NEW Chain IN_public_deny (1 references) target prot opt source destination Chain IN_public_log (1 references) target prot opt source destination Chain OUTPUT_direct (1 references) target prot opt source destination Iptables from the host: Chain FWDO_public_allow (1 references) target prot opt source destination Chain FWDO_public_deny (1 references) target prot opt source destination Chain FWDO_public_log (1 references) target prot opt source destination Chain INPUT_ZONES (1 references) target prot opt source destination IN_public all -- anywhere anywhere [goto] IN_public all -- anywhere anywhere [goto] IN_public all -- anywhere anywhere [goto] Chain INPUT_ZONES_SOURCE (1 references) target prot opt source destination Chain INPUT_direct (1 references) target prot opt source destination Chain IN_public (3 references) target prot opt source destination IN_public_log all -- anywhere anywhere IN_public_deny all -- anywhere anywhere IN_public_allow all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere Chain IN_public_allow (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:websm ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:54321 ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpts:rfb:6923 ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpts:49152:49216 ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:16509 ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:24007 ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:24008 ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:24009 ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:38465 ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:38466 ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:38467 ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:38468 ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:38469 ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpts:49152:49664 ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:sunrpc ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:nfs ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:54321 ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:rfb ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpts:rfb:6923 ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:5666 ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:16514 ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:54322 ctstate NEW Target release should be placed once a package build is known to fix a issue. Since this bug is not modified, the target version has been reset. Please use target milestone to plan a fix for a oVirt release. works didn;t accept the cert |