Ovirt devel - Aug 2008 - [PATCH]: Open up port 49152 on the managed node

Make sure to open up the 49152 port on the managed nodes.  This is to support
    live migration through libvirt.  The basic situation is that libvirtd is
    currently single-threaded, and the migrate command we are using is
    synchronous, so it is never the case that we can have more than 1 live
    migration happening at a time.  In the future, it might be possible that
    libvirtd will become multi-threaded, at which time we will have to address
    this differently.  However, also in the future, for secure live migration,
we
    are going to want to proxy the migration stuff via the libvirt channel. 
Either
    way we are going to need to change in the future; this is good enough for
now.
    
    Signed-off-by: Chris Lalancette <clalance at redhat.com>

diff --git a/ovirt-host-creator/common-post.ks
b/ovirt-host-creator/common-post.ks
index 4daf264..37e2f43 100644
--- a/ovirt-host-creator/common-post.ks
+++ b/ovirt-host-creator/common-post.ks
@@ -29,6 +29,7 @@ cat > /etc/sysconfig/iptables << \EOF
 -A INPUT -i lo -j ACCEPT
 -A INPUT -p tcp --dport 16509 -j ACCEPT
 -A INPUT -p tcp --dport 22 -j ACCEPT
+-A INPUT -p tcp --dport 49152 -j ACCEPT
 -A INPUT -j REJECT --reject-with icmp-host-prohibited
 -A FORWARD -j REJECT --reject-with icmp-host-prohibited
 COMMIT

On Mon, Aug 11, 2008 at 03:15:54PM +0200, Chris Lalancette
wrote:
>     Make sure to open up the 49152 port on the managed nodes.  This is to
support
>     live migration through libvirt.  The basic situation is that libvirtd
is
>     currently single-threaded, and the migrate command we are using is
>     synchronous, so it is never the case that we can have more than 1 live
>     migration happening at a time.  In the future, it might be possible
that
>     libvirtd will become multi-threaded, at which time we will have to
address
>     this differently.  However, also in the future, for secure live
migration, we
>     are going to want to proxy the migration stuff via the libvirt channel.
Either
>     way we are going to need to change in the future; this is good enough
for now.
>     
>     Signed-off-by: Chris Lalancette <clalance at redhat.com>
> 
> diff --git a/ovirt-host-creator/common-post.ks
b/ovirt-host-creator/common-post.ks
> index 4daf264..37e2f43 100644
> --- a/ovirt-host-creator/common-post.ks
> +++ b/ovirt-host-creator/common-post.ks
> @@ -29,6 +29,7 @@ cat > /etc/sysconfig/iptables << \EOF
>  -A INPUT -i lo -j ACCEPT
>  -A INPUT -p tcp --dport 16509 -j ACCEPT
>  -A INPUT -p tcp --dport 22 -j ACCEPT
> +-A INPUT -p tcp --dport 49152 -j ACCEPT
>  -A INPUT -j REJECT --reject-with icmp-host-prohibited
>  -A FORWARD -j REJECT --reject-with icmp-host-prohibited
>  COMMIT
> 
> _______________________________________________
> Ovirt-devel mailing list
> Ovirt-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/ovirt-devel
Although this change is trivial and probably does not require an ACK, I say ACK.

Chris Lalancette wrote:
>     Make sure to open up the 49152 port on the managed nodes.  This is to
support
>     live migration through libvirt.  The basic situation is that libvirtd
is
>     currently single-threaded, and the migrate command we are using is
>     synchronous, so it is never the case that we can have more than 1 live
>     migration happening at a time.  In the future, it might be possible
that
>     libvirtd will become multi-threaded, at which time we will have to
address
>     this differently.  However, also in the future, for secure live
migration, we
>     are going to want to proxy the migration stuff via the libvirt channel.
Either
>     way we are going to need to change in the future; this is good enough
for now.
>     
>     Signed-off-by: Chris Lalancette <clalance at redhat.com>
Committed.

Chris Lalancette