[Pkg-libvirt-maintainers] Bug#935313: missing ebtables dependency

Fri Aug 23 05:07:29 BST 2019

Hello,

On Wed, 21 Aug 2019 10:16:26 -0400 Antoine Beaupre <anarcat at debian.org>
wrote:
> Vagrant, using the libvirt backend, started failing me recently, with
> something like this:
> 
> anarcat at curie:stretch64(master)$ vagrant up --provider libvirt
> Bringing machine 'default' up with 'libvirt' provider...
> ==> default: Checking if box 'debian/stretch64' version '9.9.0' is up to date...
> Error while activating network: Call to virNetworkCreate failed: internal error: Failed to initialize a valid firewall backend.
> [1]anarcat at curie:stretch64(master)$ 

> Restarting libvirtd, however, did provide some insightful input:
> 
> [...]
> aoû 21 10:10:05 curie systemd[1]: Started Virtualization daemon.
> aoû 21 10:10:05 curie libvirtd[31223]: direct firewall backend requested, but /usr/sbin/ebtables is not available: Aucun fichier ou dossier de ce type
> aoû 21 10:10:05 curie libvirtd[31223]: internal error: Failed to initialize a valid firewall backend

fwiw I'm running vagrant + libvirt + vagrant-libvirt in debian sid and I
don't have the ebtables package installed. networking is still functioning.

Since buster, nftables is now used by default. the iptables package is
now installing nftables wrappers so that one is not mixing nftables with
iptables kernel subsystems.

# update-alternatives --list ebtables
/usr/sbin/ebtables-nft

$ dpkg -S /usr/sbin/ebtables-nft
iptables: /usr/sbin/ebtables-nft

that would explain why the libvirt package does not depend on the
ebtables package.

is it possible that your "alternative" for ebtables was somehow blasted
out? e.g. if you try removing the ebtables package and then running:

# update-alternatives --set ebtables /usr/sbin/ebtables-nft

does it make your libvirt setup function properly?

if so, then maybe you might want to check other "alternatives" provided
by iptables so that they use the nftables wrappers. Here's what I have
on my system:

$ ls -l /etc/alternatives/|grep -- -nft
lrwxrwxrwx 1 root root  23 Dec 22  2018 arptables -> /usr/sbin/arptables-nft
lrwxrwxrwx 1 root root  31 Dec 22  2018 arptables-restore ->
/usr/sbin/arptables-nft-restore
lrwxrwxrwx 1 root root  28 Dec 22  2018 arptables-save ->
/usr/sbin/arptables-nft-save
lrwxrwxrwx 1 root root  22 Dec 22  2018 ebtables -> /usr/sbin/ebtables-nft
lrwxrwxrwx 1 root root  30 Dec 22  2018 ebtables-restore ->
/usr/sbin/ebtables-nft-restore
lrwxrwxrwx 1 root root  27 Dec 22  2018 ebtables-save ->
/usr/sbin/ebtables-nft-save
lrwxrwxrwx 1 root root  23 Dec 22  2018 ip6tables -> /usr/sbin/ip6tables-nft
lrwxrwxrwx 1 root root  31 Dec 22  2018 ip6tables-restore ->
/usr/sbin/ip6tables-nft-restore
lrwxrwxrwx 1 root root  28 Dec 22  2018 ip6tables-save ->
/usr/sbin/ip6tables-nft-save
lrwxrwxrwx 1 root root  22 Dec 22  2018 iptables -> /usr/sbin/iptables-nft
lrwxrwxrwx 1 root root  30 Dec 22  2018 iptables-restore ->
/usr/sbin/iptables-nft-restore
lrwxrwxrwx 1 root root  27 Dec 22  2018 iptables-save ->
/usr/sbin/iptables-nft-save

Cheers!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-libvirt-maintainers/attachments/20190823/5dc7f822/attachment.sig>