Re: [PATCH v4 12/30] network: support setting firewallBackend from network.conf
On Thu, May 02, 2024 at 01:05:37PM -0400, Laine Stump wrote:
On 5/2/24 8:20 AM, Daniel P. Berrangé wrote:
> On Tue, Apr 30, 2024 at 01:44:01PM -0400, Laine Stump wrote:
> > It still can have only one useful value ("iptables"), but once a 2nd
> > value is supported, it will be selectable by setting
> > "firewall_backend=nftables" in /etc/libvirt/network.conf.
> >
> > If firewall_backend isn't set in network.conf, then libvirt will check
> > to see if the iptables binary is present on the system and set
> > firewallBackend to iptables - if no iptables binary is found, that is
> > considered a fatal error (since no networks can be started anyway), so
> > an error is logged and startup of the network driver fails.
> >
> > NB: network.conf is itself created from network.conf.in at build time,
> > and the advertised default setting of firewall_backend (in a commented
> > out line) is set from the meson_options.txt setting
> > "firewall_backend". This way the conf file will have correct
> > information no matter what default backend is chosen at build time.
> >
> > Signed-off-by: Laine Stump <laine(a)redhat.com>
> > Reviewed-by: Daniel P. Berrangé <berrange(a)redhat.com>
>
> I didn't give a R-B for this patch,
Oops! Sorry for the misrepresentation! I put in the R-B's back in V3 with a
script that added it to all the patches on the branch (since there were more
approved than not approved, that was quickest), and then manually removed it
from all of them that you hadn't approved by doing a "git rebase -i
master"
and going through the list marking all the unapproved patches with "r"; I
messed this one up somehow, hopefully not by getting off-by-one somewhere in
the sequence and leaving the wrong patches with R-B :-/. I guess I need to
go back and check all of them again.
Don't worry about it - the rest looks fnie.
> and this still
> has the problem I pointed out in v3, where if the
> network.conf does not exist on disk at all, the
> backend detction logic doesn't run.
Ah, yes, I completely forgot to put that one in my list of things to fix
this time!
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|