Re: [gentoo-user] Virt-manager

[Albert Hopkins <marduk@letterboxes.org>]

On Thursday, July 7 at 20:46 (+0100), john said:

Well, I see several errors, you may want to start with the first one and
work your way down.

> iptables is running, bridging and tun have been loaded as modules
> iproute2 has now been installed but makes no odds. Not sure about brctl
> as I can't find this?
> 
> Have started libvirtd and get the following
> when trying to start virt-manager
> 
> 20:28:05.083: 5216: info :
> libvirt version: 0.9.1 20:28:05.083: 5216: error : virCommandWait:1281 :
> internal error Child process (/sbin/iptables --table mangle --insert
> POSTROUTING --out-interface virbr0 --protocol udp --destination-port 68
> --jump CHECKSUM --checksum-fill) status unexpected: exit status 1

iptables is failing.  Maybe you don't have the correct modules or have
them installed.

> 20:28:05.084: 5216: warning : networkAddGeneralIptablesRules:1199 :
> Could not add rule to fixup DHCP response checksums on network
> 'default'. 20:28:05.084: 5216: warning :
> networkAddGeneralIptablesRules:1200 : May need to update iptables
> package & kernel to support CHECKSUM rule. 20:28:05.256: 5216: error :
> virCommandWait:1281 : internal error Child process (/sbin/ip addr add
> 192.168.122.1/24 broadcast 192.168.122.255 dev virbr0) status
> unexpected: exit status 1 20:28:05.256: 5216: error :
> networkAddAddrToBridge:1625 : internal error cannot set IP address on
> bridge 'virbr0' 20:28:05.449: 5216: error : virCommandWait:1281 :
> internal error Child process (/sbin/iptables --table mangle --delete
> POSTROUTING --out-interface virbr0 --protocol udp --destination-port 68
> --jump CHECKSUM --checksum-fill) status unexpected: exit status 1
> 20:28:05.481: 5216: warning : networkStartNetworkDaemon:1800 : Failed
> to delete dummy tap device '(null)' on bridge 'virbr0' : Invalid
> argument 20:28:05.526: 5216: error : udevGetDMIData:1493 : Failed to
> get udev device for syspath '/sys/devices/virtual/dmi/id' or
> '/sys/class/dmi/id' 20:28:51.078: 5219: error :
> remoteDispatchAuthPolkit:5139 : Policy kit denied action
> org.libvirt.unix.manage from pid 6810, uid 1000: exit status 1
> 20:31:26.177: 5218: error : do_open:1085 : no connection driver
> available for No connection for URI qemu:///system
> 
> Does mean something++++++
> no connection driver
> available for No connection for URI qemu:///system
> 

The subsequent errors may be because of the first.  So I'd start with
that.

If you are not going to use virtual networks, then you could simply
disable the virt-net USE flag and save yourself some time.

As for as iptables.  You need the right sub-drivers (or whatever they're
called).  Basically if you are using virtual networking you need to be
able to do NAT.  I have the following:

CONFIG_NF_CONNTRACK=m
CONFIG_NF_CONNTRACK_MARK=y
# CONFIG_NF_CONNTRACK_EVENTS is not set
# CONFIG_NF_CT_PROTO_DCCP is not set
# CONFIG_NF_CT_PROTO_SCTP is not set
# CONFIG_NF_CT_PROTO_UDPLITE is not set
# CONFIG_NF_CONNTRACK_AMANDA is not set
# CONFIG_NF_CONNTRACK_FTP is not set
# CONFIG_NF_CONNTRACK_H323 is not set
# CONFIG_NF_CONNTRACK_IRC is not set
# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set
# CONFIG_NF_CONNTRACK_PPTP is not set
# CONFIG_NF_CONNTRACK_SANE is not set
# CONFIG_NF_CONNTRACK_SIP is not set
# CONFIG_NF_CONNTRACK_TFTP is not set
# CONFIG_NF_CT_NETLINK is not set
CONFIG_NF_DEFRAG_IPV4=m
CONFIG_NF_CONNTRACK_IPV4=m
CONFIG_NF_CONNTRACK_PROC_COMPAT=y
# CONFIG_IP_NF_QUEUE is not set
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_ADDRTYPE=m
# CONFIG_IP_NF_MATCH_AH is not set
# CONFIG_IP_NF_MATCH_ECN is not set
# CONFIG_IP_NF_MATCH_TTL is not set
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=mNAT/masquerading.
# CONFIG_IP_NF_TARGET_LOG is not set
# CONFIG_IP_NF_TARGET_ULOG is not set
CONFIG_NF_NAT=m
CONFIG_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
# CONFIG_IP_NF_TARGET_NETMAP is not set
# CONFIG_IP_NF_TARGET_REDIRECT is not set
# CONFIG_NF_NAT_SNMP_BASIC is not set
# CONFIG_NF_NAT_FTP is not set
# CONFIG_NF_NAT_IRC is not set
# CONFIG_NF_NAT_TFTP is not set
# CONFIG_NF_NAT_AMANDA is not set
# CONFIG_NF_NAT_PPTP is not set
# CONFIG_NF_NAT_H323 is not set
# CONFIG_NF_NAT_SIP is not set
CONFIG_IP_NF_MANGLE=m
# CONFIG_IP_NF_TARGET_CLUSTERIP is not set
# CONFIG_IP_NF_TARGET_ECN is not set
# CONFIG_IP_NF_TARGET_TTL is not set
# CONFIG_IP_NF_RAW is not set
# CONFIG_IP_NF_ARPTABLES is not set
# CONFIG_BRIDGE_NF_EBTABLES is not set

I have the following modules loaded (may not all be used by libvirt
though):

$ lsmod|egrep 'ipt|nf'
ipt_MASQUERADE          1523  3 
iptable_nat             3053  1 
nf_nat                 11757  2 ipt_MASQUERADE,iptable_nat
nf_conntrack_ipv4       8846  4 iptable_nat,nf_nat
nf_defrag_ipv4          1131  1 nf_conntrack_ipv4
nf_conntrack           40786  5
ipt_MASQUERADE,iptable_nat,nf_nat,nf_conntrack_ipv4,xt_state
ipt_REJECT              1998  2 
iptable_mangle          1392  1 
iptable_filter          1312  1 
ip_tables              13195  3
iptable_nat,iptable_mangle,iptable_filter
x_tables               13624  9
ipt_MASQUERADE,iptable_nat,xt_state,ipt_REJECT,xt_CHECKSUM,iptable_mangle,xt_tcpudp,iptable_filter,ip_tables


You also need to be able do to ethernet bridging.  The virtual device
vibr0 is a bridge.  You also need bridge-utils, but it's probably
already installed.

A good reference is this: http://wiki.libvirt.org/page/Networking