[libvirt] bug: network lock-out

Zdenek Styblik stybla at turnovfree.net
Wed Oct 6 05:27:26 UTC 2010 

On 10/05/2010 10:52 PM, Laine Stump wrote:
>  On 10/05/2010 03:44 PM, Jiri Denemark wrote:
>>> 21:31:09.298: error : virRunWithHook:857 : internal error
>>> '/usr/sbin/iptables --table mangle --insert POSTROUTING --out-interface
>>> virbr0 --protocol udp --destination-port 68 --jump CHECKSUM
>>> --checksum-fill' exited with non-zero status 2 and signal 0: iptables
>>> v1.4.7: unknown option `--checksum-fill'
>>> Try `iptables -h' or 'iptables --help' for more information.
>> This is harmless and ignored by libvirt. If DHCP still works in your
>> guests,
>> you don't need worry about this feature. The warning below tries to
>> suggest
>> the error was ignored...
> 
> Correct. The reason for this is that the only way to determine whether
> or not iptables supports the new CHECKSUM target is to try the command
> and see if it fails. Since the CHECKSUM target is in upstream iptables,
> it will eventually be in all distro-specific versions, so the
> less-than-elegant warning was deemed sufficient.
> 

If it's only warning then it's 'ok'. :)

> [...]
> 
>>> 21:31:09.299: warning : networkAddIptablesRules:873 : Could not add rule
>>> to fixup DHCP response checksums on network 'default'.
>>> 21:31:09.299: warning : networkAddIptablesRules:874 : May need to update
>>> iptables package&  kernel to support CHECKSUM rule.
>>> 21:31:09.301: error : virRunWithHook:857 : internal error
>>> '/usr/sbin/dnsmasq --strict-order --bind-interfaces
>>> --pid-file=/var/run/libvirt/network/default.pid --conf-file=
>>> --listen-address 10.117.9.1 --except-interface lo' exited with non-zero
>>> status 1 and signal 0: libvir: error : cannot execute binary
>>> /usr/sbin/dnsmasq: No such file or directory
>> This is the really important error for you; /usr/sbin/dnsmasq could
>> not be
>> found.
> 
> That location comes from config.h, so it's determined at configure time.
> Apparently it found /usr/sbin/dnsmasq at configure time. Did you build
> on a different machine from where you're running (and maybe this new
> machine doesn't have dnsmasq installed? It should be in the
> prerequisites for your libvirt package to ensure that it's always
> installed when libvirt is installed).
> 

It's more complicated than that, but yeah - it has been compiled at
different machine; dnsmasq used to be present and so on.
Pkg prerequisites do not exist everywhere. Anyway, yes libvirt has been
compiled with dnsmasq present.
If it's not already, I would mention dnsmasq (and all other) optional
dependency in some README. That would be great :)

Thank you all,
Zdenek

-- 
Zdenek Styblik
Net/Linux admin
OS TurnovFree.net
email: stybla at turnovfree.net
jabber: stybla at jabber.turnovfree.net

More information about the libvir-list mailing list