Bug 1223876 - 'virsh net-start default' reports only "out of memory" if ip6tables is missing
Summary: 'virsh net-start default' reports only "out of memory" if ip6tables is missing
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Virtualization Tools
Classification: Community
Component: libvirt
Version: unspecified
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Laine Stump
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-05-21 15:20 UTC by Agostino Sarubbo
Modified: 2015-05-26 14:41 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-05-26 14:41:39 UTC
Embargoed:


Attachments (Terms of Use)

Description Agostino Sarubbo 2015-05-21 15:20:11 UTC
virsh net-start default produces this output:
error: Failed to start network default
error: out of memory

Since I have 32GB of ram and this isn't the problem, turning on the debug I see:

2015-05-21 15:05:29.012+0000: 1262: error : virFirewallValidateBackend:193 : direct firewall backend requested, but /sbin/ip6tables is not available: No such file or directory

I actually don't have ip6tables because this system is configured for ipv4 only. Compiling iptables with ipv6 support produces the ip6tables binary and solves the problem.



Version-Release number of selected component (if applicable):
1.2.14 / 1.2.15


Maybe it should be optional because not all users need ipv6.

Comment 1 Daniel Berrangé 2015-05-21 15:35:47 UTC
FYI when writing this code it was decided that we would mandate the existence of ip6tables, since that is the common case, and even if people have IPv6 switched off in the running kernel, there's no serious downside to having the ip6tables binary available unconditionally. Assuming this simplified the error handling in the libvirt code.

Agreed, we nneed a much improved error message though.

Comment 2 Laine Stump 2015-05-21 17:51:38 UTC
I just posted this upstream:

https://www.redhat.com/archives/libvir-list/2015-May/msg00747.html

It follows Dan's suggestion of logging the error:

   Failed to initialize a valid firewall backend

instead of

   out of memory

Comment 3 Laine Stump 2015-05-26 14:41:39 UTC
Pushed upstream, will be in 1.2.16:

commit a9c53462fbaee15b9aa151cbd35fe906bdda1810
Author: Laine Stump <laine>
Date:   Thu May 21 13:36:18 2015 -0400

    util: better error message after failure to initialize firewall backend


Note You need to log in before you can comment on or make changes to this bug.