[Pkg-libvirt-maintainers] Bug#935313: missing ebtables dependency

Thu Dec 10 11:32:30 GMT 2020

Hi,

@Gabriel, the BTS doesn't automatically forward replies to bugs to the
submitter, if you want feedback, you need to send it manually.

@Antoine, can you please give the feedback still?

Paul

On Fri, 23 Aug 2019 00:07:29 -0400 Gabriel Filion <gabster at lelutin.ca>
wrote:
> Hello,
> 
> On Wed, 21 Aug 2019 10:16:26 -0400 Antoine Beaupre <anarcat at debian.org>
> wrote:
> > Vagrant, using the libvirt backend, started failing me recently, with
> > something like this:
> > 
> > anarcat at curie:stretch64(master)$ vagrant up --provider libvirt
> > Bringing machine 'default' up with 'libvirt' provider...
> > ==> default: Checking if box 'debian/stretch64' version '9.9.0' is up to date...
> > Error while activating network: Call to virNetworkCreate failed: internal error: Failed to initialize a valid firewall backend.
> > [1]anarcat at curie:stretch64(master)$ 
> 
> > Restarting libvirtd, however, did provide some insightful input:
> > 
> > [...]
> > aoû 21 10:10:05 curie systemd[1]: Started Virtualization daemon.
> > aoû 21 10:10:05 curie libvirtd[31223]: direct firewall backend requested, but /usr/sbin/ebtables is not available: Aucun fichier ou dossier de ce type
> > aoû 21 10:10:05 curie libvirtd[31223]: internal error: Failed to initialize a valid firewall backend
> 
> fwiw I'm running vagrant + libvirt + vagrant-libvirt in debian sid and I
> don't have the ebtables package installed. networking is still functioning.
> 
> Since buster, nftables is now used by default. the iptables package is
> now installing nftables wrappers so that one is not mixing nftables with
> iptables kernel subsystems.
> 
> # update-alternatives --list ebtables
> /usr/sbin/ebtables-nft
> 
> $ dpkg -S /usr/sbin/ebtables-nft
> iptables: /usr/sbin/ebtables-nft
> 
> that would explain why the libvirt package does not depend on the
> ebtables package.
> 
> 
> is it possible that your "alternative" for ebtables was somehow blasted
> out? e.g. if you try removing the ebtables package and then running:
> 
> # update-alternatives --set ebtables /usr/sbin/ebtables-nft
> 
> does it make your libvirt setup function properly?
> 
> if so, then maybe you might want to check other "alternatives" provided
> by iptables so that they use the nftables wrappers. Here's what I have
> on my system:
> 
> $ ls -l /etc/alternatives/|grep -- -nft
> lrwxrwxrwx 1 root root  23 Dec 22  2018 arptables -> /usr/sbin/arptables-nft
> lrwxrwxrwx 1 root root  31 Dec 22  2018 arptables-restore ->
> /usr/sbin/arptables-nft-restore
> lrwxrwxrwx 1 root root  28 Dec 22  2018 arptables-save ->
> /usr/sbin/arptables-nft-save
> lrwxrwxrwx 1 root root  22 Dec 22  2018 ebtables -> /usr/sbin/ebtables-nft
> lrwxrwxrwx 1 root root  30 Dec 22  2018 ebtables-restore ->
> /usr/sbin/ebtables-nft-restore
> lrwxrwxrwx 1 root root  27 Dec 22  2018 ebtables-save ->
> /usr/sbin/ebtables-nft-save
> lrwxrwxrwx 1 root root  23 Dec 22  2018 ip6tables -> /usr/sbin/ip6tables-nft

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-libvirt-maintainers/attachments/20201210/5ccda50a/attachment.sig>