Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 344211

Summary: libvirtd init.d-script dependencies
Product: Gentoo Linux Reporter: Reuben Martin <reuben.m>
Component: Current packagesAssignee: Doug Goldstein (RETIRED) <cardoe>
Status: RESOLVED FIXED    
Severity: normal CC: c.affolter, dev-zero, virtualization
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Reuben Martin 2010-11-04 22:21:35 UTC 
libvirtd's init file needs to be modified to wait for iptables (or in my case, shorewall) to be loaded first. It adds iptable rules for it's virtual bridge interfaces, which get dropped and overwritten or mangled if iptables/shorewall is loaded afterwards.

Reproducible: Always
Comment 1 Doug Goldstein (RETIRED) gentoo-dev 2011-02-02 21:42:39 UTC 
Probably should change the depend() to be...

need net
before dhcp
after ntp-client ntpd iscsid iptables nfsmount portmap

Can anyone think of any others?
Comment 2 Diego Elio Pettenò (RETIRED) gentoo-dev 2011-02-02 22:26:54 UTC 
Looks good to me.

By the way, you don't need to modify the init script, you can use

rc_need="iptables"

in the conf.d file.
Comment 3 Doug Goldstein (RETIRED) gentoo-dev 2011-02-04 16:32:10 UTC 
(In reply to comment #1)
> Probably should change the depend() to be...
> 
> need net
> before dhcp
> after ntp-client ntpd iscsid iptables nfsmount portmap
> 
> Can anyone think of any others?
> 

Looks like we need rpc.statd in there as well otherwise NFS mounted storage volumes won't come up. Which brings up a point... do we want those to be "use" instead of "after"?

So the use line would be "iscsid rpc.statd".
Comment 4 Diego Elio Pettenò (RETIRED) gentoo-dev 2011-02-04 16:37:50 UTC 
Uhm iscsid? Why that btw?
Comment 5 Tiziano Müller (RETIRED) gentoo-dev 2011-03-24 08:46:21 UTC 
well, it still reads
  before sshd ntp-client ntpd nfs nfsmount rsyncd portmap dhcp

@Cardoe: why "before dhcp"?

Other candidates:
 * after consolekit
 * if you have "after iptables", you may also add ip6tables and ebtables
 * after ceph
 * after cman (not in tree yet, though)
 * after corosync
 * after gfs2-tools (not in tree yet, though)
 * before <yourmonitoringagenthere>
Comment 6 Doug Goldstein (RETIRED) gentoo-dev 2011-06-03 18:13:50 UTC 
(In reply to comment #4)
> Uhm iscsid? Why that btw?

Because libvirt uses iSCSI targets and if iscsid isn't started then it can't connect to those. Which means virtual machines who's drives are on iSCSI can't be autostarted and instead fail when the system boots.
Comment 7 Doug Goldstein (RETIRED) gentoo-dev 2011-06-03 18:15:05 UTC 
(In reply to comment #5)
> well, it still reads
>   before sshd ntp-client ntpd nfs nfsmount rsyncd portmap dhcp
> 
> @Cardoe: why "before dhcp"?
> 
> Other candidates:
>  * after consolekit
>  * if you have "after iptables", you may also add ip6tables and ebtables
>  * after ceph
>  * after cman (not in tree yet, though)
>  * after corosync
>  * after gfs2-tools (not in tree yet, though)
>  * before <yourmonitoringagenthere>

After consolekit isn't necessary since its only used for authentication when its connected to. So basically the user won't be able to login to it until consolekit comes up.
Comment 8 Doug Goldstein (RETIRED) gentoo-dev 2011-06-03 18:19:06 UTC 
Changes to the ordering of services have been made in the 0.9.2_rc2 ebuild