[Ovirt-devel] [PATCH]: Open up port 49152 on the managed node
Chris Lalancette
clalance at redhat.com
Mon Aug 11 13:15:54 UTC 2008
Make sure to open up the 49152 port on the managed nodes. This is to support
live migration through libvirt. The basic situation is that libvirtd is
currently single-threaded, and the migrate command we are using is
synchronous, so it is never the case that we can have more than 1 live
migration happening at a time. In the future, it might be possible that
libvirtd will become multi-threaded, at which time we will have to address
this differently. However, also in the future, for secure live migration, we
are going to want to proxy the migration stuff via the libvirt channel. Either
way we are going to need to change in the future; this is good enough for now.
Signed-off-by: Chris Lalancette <clalance at redhat.com>
diff --git a/ovirt-host-creator/common-post.ks b/ovirt-host-creator/common-post.ks
index 4daf264..37e2f43 100644
--- a/ovirt-host-creator/common-post.ks
+++ b/ovirt-host-creator/common-post.ks
@@ -29,6 +29,7 @@ cat > /etc/sysconfig/iptables << \EOF
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp --dport 16509 -j ACCEPT
-A INPUT -p tcp --dport 22 -j ACCEPT
+-A INPUT -p tcp --dport 49152 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
More information about the ovirt-devel
mailing list