Hi, I've just set up a new oVirt installation with two nodes. Both of the nodes have had 'firewalld' disabled. When I went to test VM migration, it failed, apparently due to this (from the vdsm log on the source node): error : virNetClientProgramDispatchError:174 : Error while building firewall: Some rules could not be created for interface vnet0: Failure to execute command '$EBT -t nat -N libvirt-J-vnet0' : 'DBusException org.freedesktop.DBus.Error.ServiceUnknown: The name org.fedoraproject.FirewallD1 was not provided by any .service filesCouldn't connect to FirewallD, it's probably not running.'. Is running firewalld a requirement for oVirt? Is it possible to avoid having oVirt attempt to manage my firewall rules? Thanks! -- Jonathan Daugherty Software Engineer Galois, Inc.
I've just set up a new oVirt installation with two nodes. Both of the nodes have had 'firewalld' disabled. When I went to test VM migration, it failed, apparently due to this (from the vdsm log on the source node):
error : virNetClientProgramDispatchError:174 : Error while building firewall: Some rules could not be created for interface vnet0: Failure to execute command '$EBT -t nat -N libvirt-J-vnet0' : 'DBusException org.freedesktop.DBus.Error.ServiceUnknown: The name org.fedoraproject.FirewallD1 was not provided by any .service filesCouldn't connect to FirewallD, it's probably not running.'.
Okay, I'll answer it myself, for the google searchers of the future: This was caused by 1) not restarting libvirtd *after* disabling firewalld and 2) not realizing (understandably) that the error was from the migration *destination* host, not the source host, despite the fact that it was found in the source host's log and makes no mention of the other host. Libvirtd on the destination host was still attempting to use firewalld; restarting it resolved the problem. -- Jonathan Daugherty Software Engineer Galois, Inc.
participants (1)
-
Jonathan Daugherty