On Thu, 07 Jul 2011 17:26:18 -0400 Albert Hopkins <mar...@letterboxes.org> wrote:
> > > On Thursday, July 7 at 20:46 (+0100), john said: > > Well, I see several errors, you may want to start with the first one > and work your way down. > > > iptables is running, bridging and tun have been loaded as modules > > iproute2 has now been installed but makes no odds. Not sure about > > brctl as I can't find this? > > > > Have started libvirtd and get the following > > when trying to start virt-manager > > > > 20:28:05.083: 5216: info : > > libvirt version: 0.9.1 20:28:05.083: 5216: error : > > virCommandWait:1281 : internal error Child process (/sbin/iptables > > --table mangle --insert POSTROUTING --out-interface virbr0 > > --protocol udp --destination-port 68 --jump CHECKSUM > > --checksum-fill) status unexpected: exit status 1 > > iptables is failing. Maybe you don't have the correct modules or have > them installed. > > > 20:28:05.084: 5216: warning : networkAddGeneralIptablesRules:1199 : > > Could not add rule to fixup DHCP response checksums on network > > 'default'. 20:28:05.084: 5216: warning : > > networkAddGeneralIptablesRules:1200 : May need to update iptables > > package & kernel to support CHECKSUM rule. 20:28:05.256: 5216: > > error : virCommandWait:1281 : internal error Child process > > (/sbin/ip addr add 192.168.122.1/24 broadcast 192.168.122.255 dev > > virbr0) status unexpected: exit status 1 20:28:05.256: 5216: error : > > networkAddAddrToBridge:1625 : internal error cannot set IP address > > on bridge 'virbr0' 20:28:05.449: 5216: error : virCommandWait:1281 : > > internal error Child process (/sbin/iptables --table mangle --delete > > POSTROUTING --out-interface virbr0 --protocol udp > > --destination-port 68 --jump CHECKSUM --checksum-fill) status > > unexpected: exit status 1 20:28:05.481: 5216: warning : > > networkStartNetworkDaemon:1800 : Failed to delete dummy tap device > > '(null)' on bridge 'virbr0' : Invalid argument 20:28:05.526: 5216: > > error : udevGetDMIData:1493 : Failed to get udev device for syspath > > '/sys/devices/virtual/dmi/id' or '/sys/class/dmi/id' 20:28:51.078: > > 5219: error : remoteDispatchAuthPolkit:5139 : Policy kit denied > > action org.libvirt.unix.manage from pid 6810, uid 1000: exit status > > 1 20:31:26.177: 5218: error : do_open:1085 : no connection driver > > available for No connection for URI qemu:///system > > > > Does mean something++++++ > > no connection driver > > available for No connection for URI qemu:///system > > > > The subsequent errors may be because of the first. So I'd start with > that. > > If you are not going to use virtual networks, then you could simply > disable the virt-net USE flag and save yourself some time. > > As for as iptables. You need the right sub-drivers (or whatever > they're called). Basically if you are using virtual networking you > need to be able to do NAT. I have the following: > > CONFIG_NF_CONNTRACK=m > CONFIG_NF_CONNTRACK_MARK=y > # CONFIG_NF_CONNTRACK_EVENTS is not set > # CONFIG_NF_CT_PROTO_DCCP is not set > # CONFIG_NF_CT_PROTO_SCTP is not set > # CONFIG_NF_CT_PROTO_UDPLITE is not set > # CONFIG_NF_CONNTRACK_AMANDA is not set > # CONFIG_NF_CONNTRACK_FTP is not set > # CONFIG_NF_CONNTRACK_H323 is not set > # CONFIG_NF_CONNTRACK_IRC is not set > # CONFIG_NF_CONNTRACK_NETBIOS_NS is not set > # CONFIG_NF_CONNTRACK_PPTP is not set > # CONFIG_NF_CONNTRACK_SANE is not set > # CONFIG_NF_CONNTRACK_SIP is not set > # CONFIG_NF_CONNTRACK_TFTP is not set > # CONFIG_NF_CT_NETLINK is not set > CONFIG_NF_DEFRAG_IPV4=m > CONFIG_NF_CONNTRACK_IPV4=m > CONFIG_NF_CONNTRACK_PROC_COMPAT=y > # CONFIG_IP_NF_QUEUE is not set > CONFIG_IP_NF_IPTABLES=m > CONFIG_IP_NF_MATCH_ADDRTYPE=m > # CONFIG_IP_NF_MATCH_AH is not set > # CONFIG_IP_NF_MATCH_ECN is not set > # CONFIG_IP_NF_MATCH_TTL is not set > CONFIG_IP_NF_FILTER=m > CONFIG_IP_NF_TARGET_REJECT=mNAT/masquerading. > # CONFIG_IP_NF_TARGET_LOG is not set > # CONFIG_IP_NF_TARGET_ULOG is not set > CONFIG_NF_NAT=m > CONFIG_NF_NAT_NEEDED=y > CONFIG_IP_NF_TARGET_MASQUERADE=m > # CONFIG_IP_NF_TARGET_NETMAP is not set > # CONFIG_IP_NF_TARGET_REDIRECT is not set > # CONFIG_NF_NAT_SNMP_BASIC is not set > # CONFIG_NF_NAT_FTP is not set > # CONFIG_NF_NAT_IRC is not set > # CONFIG_NF_NAT_TFTP is not set > # CONFIG_NF_NAT_AMANDA is not set > # CONFIG_NF_NAT_PPTP is not set > # CONFIG_NF_NAT_H323 is not set > # CONFIG_NF_NAT_SIP is not set > CONFIG_IP_NF_MANGLE=m > # CONFIG_IP_NF_TARGET_CLUSTERIP is not set > # CONFIG_IP_NF_TARGET_ECN is not set > # CONFIG_IP_NF_TARGET_TTL is not set > # CONFIG_IP_NF_RAW is not set > # CONFIG_IP_NF_ARPTABLES is not set > # CONFIG_BRIDGE_NF_EBTABLES is not set > > I have the following modules loaded (may not all be used by libvirt > though): > > $ lsmod|egrep 'ipt|nf' > ipt_MASQUERADE 1523 3 > iptable_nat 3053 1 > nf_nat 11757 2 ipt_MASQUERADE,iptable_nat > nf_conntrack_ipv4 8846 4 iptable_nat,nf_nat > nf_defrag_ipv4 1131 1 nf_conntrack_ipv4 > nf_conntrack 40786 5 > ipt_MASQUERADE,iptable_nat,nf_nat,nf_conntrack_ipv4,xt_state > ipt_REJECT 1998 2 > iptable_mangle 1392 1 > iptable_filter 1312 1 > ip_tables 13195 3 > iptable_nat,iptable_mangle,iptable_filter > x_tables 13624 9 > ipt_MASQUERADE,iptable_nat,xt_state,ipt_REJECT,xt_CHECKSUM,iptable_mangle,xt_tcpudp,iptable_filter,ip_tables > > > You also need to be able do to ethernet bridging. The virtual device > vibr0 is a bridge. You also need bridge-utils, but it's probably > already installed. > > A good reference is this: http://wiki.libvirt.org/page/Networking > > > > Thanks Albert, Have cleared up error messages using config as suggested. I still get the issue when starting /etc/init.d/libvirtd > * Starting libvirtd ... > /usr/sbin/libvirtd: error: Unable to initialize network sockets. > Check /var/log/messages or run without --daemon for more info. > * start-stop-daemon: failed to start > `/usr/sbin/libvirtd' [ !! ] > * ERROR: libvirtd failed to start BUT when i start /usr/sbin/libvirtd from command line virt-manager now works. It lets me create vms (yippee) I was unaware that libvirtd was a separate package (thought it was part of virt-manager. After reading your hints it dawned on me that is was seaparate so have enabled more use flags. I should check more carefully the output of emerge -vp. Anyway I am up and running with a big thanks to yourself and will have a closer look at the service another day. Thank You -- -------------- John D Maunder j...@jdm.myzen.co.uk
