| Summary: | libvirtd reload and hooks problem routed-net | ||
|---|---|---|---|
| Product: | [Community] Virtualization Tools | Reporter: | Chris Weltzien <c.weltzien> |
| Component: | libvirt | Assignee: | Libvirt Maintainers <libvirt-maint> |
| Status: | CLOSED DEFERRED | QA Contact: | |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | unspecified | CC: | crobinso, rbalakri, t.rohde |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-04-10 17:20:11 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Hi,
we have a workaround for that. We´ve add sleep ${RANDOM:0:1}.${RANDOM:-1:1} between the IP Tables rules. The Problem is, that IP tables cannot execute twice or more times simultaneously.
Cheers Tim
Sounds like Comment #1 describes a workaround... I'm not sure if there's a libvirt bug here, please reopen if I've misunderstood |
Description of problem: if we do a reload of libvirt, some iptables rules, which are created through /etc/libvirt/hooks/qemu are not working anymore. every time a other (one or two,thee) vms are affected. Version-Release number of selected component (if applicable): libvirt version: 1.2.0 To fix the problem, we have to run the qemu skript for the vm again, which have the problem. our qemu file: #!/bin/bash do_net() { local status=$2 local ip=$3 local in=$4 local out=$5 if [[ ! $status || ! $ip || ! $in || ! $out ]]; then echo "Not all parameters were passed!" exit 1 fi if [ "$status" = "stopped" -o "$status" = "reconnect" ]; then ip route del $ip via 191.255.255.1 dev $out ip neigh del proxy $ip dev $in iptables -D FORWARD -i $in -o $out -s 0.0.0.0/0 -d $ip/32 -j ACCEPT iptables -D FORWARD -i $out -o $in -s $ip/32 -d 0.0.0.0/0 -j ACCEPT fi if [ "$status" = "start" -o "$status" = "reconnect" ]; then ip route add $ip via 191.255.255.1 dev $out ip neigh add proxy $ip dev $in iptables -I FORWARD 4 -i $in -o $out -s 0.0.0.0/0 -d $ip/32 -j ACCEPT iptables -I FORWARD 4 -i $out -o $in -s $ip/32 -d 0.0.0.0/0 -j ACCEPT fi } CONF=//etc/libvirt/hooks/vms/* for file in $CONF do guest_ipaddr="" guest_name="" type="" destination="0.0.0.0/0" while read line; do eval $line done < $file guest_ipaddrnet=$guest_ipaddr"/32" for dest in ${destination} do if [ "${1}" = "${guest_name}" ]; then echo "SRC-IP="$guest_ipaddr " " $guest_ipaddrnet " VM="$guest_name " Dest="$dest if [ "${2}" = "stopped" ]; then ip route del $guest_ipaddr via 191.255.255.1 dev virbr1 ip neigh del proxy $guest_ipaddr dev bond0 iptables -D FORWARD -i bond0 -o virbr1 -s $dest -d $guest_ipaddrnet -j ACCEPT iptables -D FORWARD -i virbr1 -o bond0 -s $guest_ipaddrnet -d $dest -j ACCEPT fi if [ "${2}" = "start" ]; then ip route add $guest_ipaddr via 191.255.255.1 dev virbr1 ip neigh add proxy $guest_ipaddr dev bond0 iptables -I FORWARD 4 -i bond0 -o virbr1 -s $dest -d $guest_ipaddrnet -j ACCEPT iptables -I FORWARD 4 -i virbr1 -o bond0 -s $guest_ipaddrnet -d $dest -j ACCEPT fi if [ "${2}" = "reconnect" ]; then ip route del $guest_ipaddr via 191.255.255.1 dev virbr1 ip neigh del proxy $guest_ipaddr dev bond0 iptables -D FORWARD -i bond0 -o virbr1 -s $dest -d $guest_ipaddrnet -j ACCEPT iptables -D FORWARD -i virbr1 -o bond0 -s $guest_ipaddrnet -d $dest -j ACCEPT sleep 1 ip route add $guest_ipaddr via 191.255.255.1 dev virbr1 ip neigh add proxy $guest_ipaddr dev bond0 iptables -I FORWARD 4 -i bond0 -o virbr1 -s $dest -d $guest_ipaddrnet -j ACCEPT iptables -I FORWARD 4 -i virbr1 -o bond0 -s $guest_ipaddrnet -d $dest -j ACCEPT fi fi done done