[libvirt-users] firewalld, no dhcp and virsh
Paul Wouters
pwouters at redhat.com
Wed Jan 16 05:27:06 UTC 2013
On all of the networks I create, I really don't want
libvirt/KVM/virt-manager to do any kind of DHCP. I'm currently using xml
files to feed into libvirt via virsh, for example:
<network>
<name>192_0_1</name>
<bridge name='swan01' stp='on' delay='0' />
<mac address='12:00:00:16:16:BA'/>
<ip address='192.0.1.127' netmask='255.255.255.0'>
</ip>
</network>
Running this through virsh net-define gives no errors, and virt-manager
shows:
DHCP Start: disabled
DHCP End: disabled
But any attempt at starting the network causes:
Error starting network '192_0_1': failed to add iptables rule to allow
DHCP requests from 'swan01'
Traceback (most recent call last):
File "/usr/share/virt-manager/virtManager/asyncjob.py", line 96, in
cb_wrapper
callback(asyncjob, *args, **kwargs)
File "/usr/share/virt-manager/virtManager/asyncjob.py", line 117, in
tmpcb
callback(*args, **kwargs)
File "/usr/share/virt-manager/virtManager/network.py", line 82, in start
self.net.create()
File "/usr/lib64/python2.7/site-packages/libvirt.py", line 2049, in
create
if ret == -1: raise libvirtError ('virNetworkCreate() failed',
net=self)
libvirtError: failed to add iptables rule to allow DHCP requests from
'swan01'
I narrowed this down to the fact that firewalld was not running.
So I guess there are two bugs:
1) when not specifying dhcp ranges in the xml, it should _not_ try to
poke DHCP holes.
2) when firewalld is not running, it should perhaps log a warning, but
not abort the network start.
Paul
More information about the libvirt-users
mailing list