Ubuntu
libvirt package

libvirt should detect the presence of tools at use-time rather than at start-time

Bug #684088 reported by Thierry Carrez
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
libvirt
Won't Fix
Medium
libvirt (Ubuntu)
Triaged
Low
Unassigned

Bug Description

If libvirt is installed and running, then you install ebtables, it can still fail to perform actions that require ebtables, with errors like:

libvirtd: 13:57:48.943: error : ebtablesCreateRuleInstance:1607 : internal error cannot create rule since ebtables tool is missing.

If possible, it should check for the presence of the external tool(s) when it is needed rather than at start-time.

Revision history for this message
Scott Moser (smoser) wrote :

I would assume this is also an issue with upstream libvirt. If so, could you please open the task against upstream libvirt or raise the issue there?

Either way, after you've figured that out, please report and set status of the Ubuntu task appropriately.

Changed in libvirt (Ubuntu):
status: New → Incomplete
Revision history for this message
Thierry Carrez (ttx) wrote :

Sure, will do.

For the record:
ebtables_cmd_path is set at start-up in ebiptablesDriverInit() and then checked for null-ity before use in src/nwfilter/nwfilter_ebiptables_driver.c. An indirection around ebtables_cmd_path would solve that. Alternatively, we could restart libvirt when iptables/ebtables are installed.

Revision history for this message
In , Soren (soren-redhat-bugs) wrote :

Description of problem:

NWFilter code does not discover if required tools are installed after starting the daemon (nor if they are removed).

Version-Release number of selected component (if applicable):

0.8.3 at least.

How reproducible:

Every time.

Steps to Reproduce:
1. Uninstall (if already installed) ebtables.
2. Start libvirtd
3. Try to start a guest that uses nwfilters.
4. Watch it fail.
5. Install ebtables and repeat steps 3 and 4.

Actual results:

It fails to notice that I've now installed ebtables (and gawk and iptables).

Expected results:

It should notice that these tools are now available.

Additional info:

The converse is also true: If they tools are present when libvirtd starts, but are removed later, things will fail.

Revision history for this message
Soren Hansen (soren) wrote :

https://bugzilla.redhat.com/show_bug.cgi?id=661262

Thierry Carrez (ttx)
Changed in libvirt (Ubuntu):
importance: Undecided → Low
status: Incomplete → Triaged
Revision history for this message
Chuck Short (zulcss) wrote :

I was able to reproduce this bug on precise:

1. Install openstack on precise.
2. Run an instance
3. You should see this in the /var/log/nova/nova-compute.log:

2011-12-06 15:19:24.398: 2355: error : ebtablesCreateRuleInstance:1898 : internal error cannot create rule since ebtables tool is missing.
2011-12-06 15:20:48.154: 2356: error : ebtablesCreateRuleInstance:1898 : internal error cannot create rule since ebtables tool is missing.

Revision history for this message
In , Cole (cole-redhat-bugs) wrote :

Patch sent upstream:

http://www.redhat.com/archives/libvir-list/2016-April/msg01538.html

Revision history for this message
In , Cole (cole-redhat-bugs) wrote :

I was wrong, that patch doesn't really change things here, I thought this report was about build time and not run time.

There still seems to be some issues here but I don't really see it as worth fixing: iptables/ebtables are so commonly available, and this will only hit cases where people are building by hand and not using distribution packages. So we could extend the code to handle it, but frankly I don't think it's worth the effort of implementing. That said if someone shows up on the list with a simple patch I'm sure it will be accepted

Bug Watch Updater (bug-watch-updater)
Changed in libvirt:
importance: Unknown → Medium
status: Unknown → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Related questions

Remote bug watches

Bug watches keep track of this bug in other bug trackers.