Bug 1660524 - [RFE] Configurable network test for Hosted Engine
Summary: [RFE] Configurable network test for Hosted Engine
Keywords:
Status: CLOSED DUPLICATE of bug 1659052
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-hosted-engine-setup
Version: 2.2.10
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ovirt-4.4.0
: ---
Assignee: Simone Tiraboschi
QA Contact: meital avital
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-12-18 14:37 UTC by Javier Coscia
Modified: 2019-11-15 12:43 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-11-15 12:43:23 UTC
oVirt Team: Integration
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 3761931 None None None 2018-12-18 19:10:07 UTC

Description Javier Coscia 2018-12-18 14:37:37 UTC
Description of problem:

There are situations which require the user to be able to configure a 
certain network validation test in a Hosted Engine deployment and/or 
a RHHI deployment instead to default to the only method today (ping 
default gw)

Security policies in organizations might refuse ICMP traffic on default 
gateway, this makes the validation during the deployment to fail and 
also will affect/low the score in the HA mechanism for the HE VM to be 
migrated to another HE Host in the cluster in case of a network failure

Version-Release number of selected component (if applicable):

Latest bits RHV 4.2.7

How reproducible:

100%

Steps to Reproduce:
1. Block ICMP traffic on default gateway
2. Deploy HostedEngine or RHHI


Actual results:

cockpit UI or `hosted-engine` CLI fails due to not being able to ping 
default gateway


Expected results:

Users who could not rely on ICMP traffic due to security constrains, 
should be able to configure different network test or to which IP the 
ping must be sent, an idea from Simone, instead of ping the def gw, one 
could configure DNS IPs for example or an array of well-know servers in 
the environment.


Additional info:

As a workaround, we could nat ICMP traffic or disable HA penalty due to
network issues, although, be aware that with both WAs, we are going to
ignore network issues. In that case, the HA logic to migrate the 
HostedEngine VM to another HE Host in the cluster might not work as 
expected


Nat ICMP traffic, this will be needed for initial deployment

# Create an iptables rule on the hypervisors that would redirect the icmp traffic back to localhost:
iptables -t nat -A OUTPUT -p icmp -d @gateway-ip@ -j DNAT --to-destination 127.0.0.1


Setting gateway penalty to 0, this won't help during initial deployment, 
but will be useful after it, to avoid wrong score calculation in the HA 
mechanism

# vi /etc/ovirt-hosted-engine-ha/agent.conf 
gateway-score-penalty=0

Comment 3 Sandro Bonazzola 2019-01-21 08:28:54 UTC
re-targeting to 4.3.1 since this BZ has not been proposed as blocker for 4.3.0.
If you think this bug should block 4.3.0 please re-target and set blocker flag.

Comment 5 Sandro Bonazzola 2019-02-18 07:55:02 UTC
Moving to 4.3.2 not being identified as blocker for 4.3.1.

Comment 7 Yaniv Kaul 2019-11-10 11:07:33 UTC
Didn't we implement DNS based check in https://bugzilla.redhat.com/show_bug.cgi?id=1659052 ?

Comment 8 Javier Coscia 2019-11-11 11:26:09 UTC
Thanks for the info Yaniv, I wasn't aware on that other one, let me check with customer and get back here. Leaving NI on me

Comment 9 Javier Coscia 2019-11-14 11:32:00 UTC
Didn't receive any response from customer, feel free to close this as dup of 1659052, will re-open with clarifications if needed.

Comment 10 Sandro Bonazzola 2019-11-15 12:43:23 UTC
(In reply to Javier Coscia from comment #9)
> Didn't receive any response from customer, feel free to close this as dup of
> 1659052, will re-open with clarifications if needed.

Thanks, closing.

*** This bug has been marked as a duplicate of bug 1659052 ***


Note You need to log in before you can comment on or make changes to this bug.