Bug 1007417 - RHEV 6.5 (20130910.2.el6) - add vdsm port on iptables
RHEV 6.5 (20130910.2.el6) - add vdsm port on iptables
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ovirt-node (Show other bugs)
6.5
All Linux
urgent Severity urgent
: rc
: ---
Assigned To: Fabian Deutsch
Virtualization Bugs
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-09-12 08:53 EDT by Douglas Schilling Landgraf
Modified: 2014-01-21 14:49 EST (History)
16 users (show)

See Also:
Fixed In Version: ovirt-node-3.0.1-2.el6
Doc Type: Bug Fix
Doc Text:
When the hypervisor got approved on the manager it changed its state to Non Responsive. This was caused by the port being opened but the change not being saved saved. This lead to a situation where the iptables service got restarted and overwrote/closed the previously opened ports. Now the configuration is saved (and persisted) after a port is opened.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-01-21 14:49:53 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
oVirt gerrit 19204 None None None Never

  None (edit)
Description Douglas Schilling Landgraf 2013-09-12 08:53:43 EDT
Description of problem:

After rhev-h get approved on rhev-m it changes the state to Non Responsive.

Version-Release number of selected component (if applicable):
Red Hat Enterprise Virtualization Hypervisor release 6.5 (20130910.2.el6)

How reproducible:
- Setup RHEVM - 3.3.0.21-master.el6dev
- Install RHEV-H 6.5 (20130910.2.el6)
- Register Node
- Approve 

Actual results:
Host will be in Non Responsive state

Expected results:
After approve, host should be UP.

Additional info:

# cat  /etc/ovirt-plugins.d/vdsm-plugin.firewall 
#ports and protocols that vdsm needs opened
54321,tcp

Adding into /etc/sysconfig/iptables && restarting iptables resolves the report.
# vdsm
-A INPUT -p tcp --dport 54321 -j ACCEPT
Comment 1 Mike Burns 2013-09-12 09:01:04 EDT
We need to make sure we're handling/parsing all *.firewall entries from /etc/ovirt-plugins.d.  

Some caveats -- 
* we should make sure that the port is not already handled in the firewall before trying to do anything with it.
* May make sense to change the firewall setting then persist it.
* Also may need to restart firewall after the system is up (depending on when it starts normally relative to when the bind mounts occur.)
Comment 2 Fabian Deutsch 2013-09-12 10:28:23 EDT
I believe this has been addressed in:

(Parse all firewall plugin rules)
http://gerrit.ovirt.org/#/c/17843/

and

(... and make it el6 compatible)
http://gerrit.ovirt.org/#/c/17852/
Comment 3 Fabian Deutsch 2013-09-13 03:32:59 EDT
rhev-hypervisor6-6.5-20130912.0.iso (based on 3.0.1) still has this problem. This is due to an incorrect usage of check_call.
Fix is on it's way.
Comment 7 Cheryn Tan 2013-11-07 19:29:21 EST
This bug is currently attached to errata RHBA-2013:15277. If this change is not to be documented in the text for this errata please either remove it from the errata, set the requires_doc_text flag to minus (-), or leave a "Doc Text" value of "--no tech note required" if you do not have permission to alter the flag.

Otherwise to aid in the development of relevant and accurate release documentation, please fill out the "Doc Text" field above with these four (4) pieces of information:

* Cause: What actions or circumstances cause this bug to present.
* Consequence: What happens when the bug presents.
* Fix: What was done to fix the bug.
* Result: What now happens when the actions or circumstances above occur. (NB: this is not the same as 'the bug doesn't present anymore')

Once filled out, please set the "Doc Type" field to the appropriate value for the type of change made and submit your edits to the bug.

For further details on the Cause, Consequence, Fix, Result format please refer to:

https://bugzilla.redhat.com/page.cgi?id=fields.html#cf_release_notes 

Thanks in advance.
Comment 10 errata-xmlrpc 2014-01-21 14:49:53 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-0033.html

Note You need to log in before you can comment on or make changes to this bug.