Re: [libvirt] bug: network lock-out
On 10/05/2010 03:44 PM, Jiri Denemark wrote:
> 21:31:09.298: error : virRunWithHook:857 : internal error
> '/usr/sbin/iptables --table mangle --insert POSTROUTING --out-interface
> virbr0 --protocol udp --destination-port 68 --jump CHECKSUM
> --checksum-fill' exited with non-zero status 2 and signal 0: iptables
> v1.4.7: unknown option `--checksum-fill'
> Try `iptables -h' or 'iptables --help' for more information.
This is harmless and ignored by libvirt. If DHCP still works in your guests,
you don't need worry about this feature. The warning below tries to suggest
the error was ignored...
Correct. The reason for this is that the only way to determine whether
or not iptables supports the new CHECKSUM target is to try the command
and see if it fails. Since the CHECKSUM target is in upstream iptables,
it will eventually be in all distro-specific versions, so the
less-than-elegant warning was deemed sufficient.
This particular rule is required to support guests that use the
vhost-net module (ie kernel-based rather than userspace-based) for
virtio network interfaces. Whether or not that will be needed depends on
guest config, which can't be known at the time that the virtual networks
are started, so we must always try to add it, then fail "semi-silently"
(we continue, but first complain a little).
> 21:31:09.299: warning : networkAddIptablesRules:873 : Could not
add rule
> to fixup DHCP response checksums on network 'default'.
> 21:31:09.299: warning : networkAddIptablesRules:874 : May need to update
> iptables package& kernel to support CHECKSUM rule.
> 21:31:09.301: error : virRunWithHook:857 : internal error
> '/usr/sbin/dnsmasq --strict-order --bind-interfaces
> --pid-file=/var/run/libvirt/network/default.pid --conf-file=
> --listen-address 10.117.9.1 --except-interface lo' exited with non-zero
> status 1 and signal 0: libvir: error : cannot execute binary
> /usr/sbin/dnsmasq: No such file or directory
This is the really important error for you; /usr/sbin/dnsmasq could not be
found.
That location comes from config.h, so it's determined at configure time.
Apparently it found /usr/sbin/dnsmasq at configure time. Did you build
on a different machine from where you're running (and maybe this new
machine doesn't have dnsmasq installed? It should be in the
prerequisites for your libvirt package to ensure that it's always
installed when libvirt is installed).