344211 – libvirtd init.d-script dependencies

Bug 344211 - libvirtd init.d-script dependencies

Summary: libvirtd init.d-script dependencies

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Doug Goldstein (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2010-11-04 22:21 UTC by Reuben Martin
Modified:	2011-06-03 18:19 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Reuben Martin 2010-11-04 22:21:35 UTC

libvirtd's init file needs to be modified to wait for iptables (or in my case, shorewall) to be loaded first. It adds iptable rules for it's virtual bridge interfaces, which get dropped and overwritten or mangled if iptables/shorewall is loaded afterwards.

Reproducible: Always

Comment 1 Doug Goldstein (RETIRED) gentoo-dev

2011-02-02 21:42:39 UTC

Probably should change the depend() to be...

need net
before dhcp
after ntp-client ntpd iscsid iptables nfsmount portmap

Can anyone think of any others?

Comment 2 Diego Elio Pettenò (RETIRED) gentoo-dev

2011-02-02 22:26:54 UTC

Looks good to me.

By the way, you don't need to modify the init script, you can use

rc_need="iptables"

in the conf.d file.

Comment 3 Doug Goldstein (RETIRED) gentoo-dev

2011-02-04 16:32:10 UTC

(In reply to comment #1)
> Probably should change the depend() to be...
> 
> need net
> before dhcp
> after ntp-client ntpd iscsid iptables nfsmount portmap
> 
> Can anyone think of any others?
> 

Looks like we need rpc.statd in there as well otherwise NFS mounted storage volumes won't come up. Which brings up a point... do we want those to be "use" instead of "after"?

So the use line would be "iscsid rpc.statd".

Comment 4 Diego Elio Pettenò (RETIRED) gentoo-dev

2011-02-04 16:37:50 UTC

Uhm iscsid? Why that btw?

Comment 5 Tiziano Müller (RETIRED) gentoo-dev

2011-03-24 08:46:21 UTC

well, it still reads
  before sshd ntp-client ntpd nfs nfsmount rsyncd portmap dhcp

@Cardoe: why "before dhcp"?

Other candidates:
 * after consolekit
 * if you have "after iptables", you may also add ip6tables and ebtables
 * after ceph
 * after cman (not in tree yet, though)
 * after corosync
 * after gfs2-tools (not in tree yet, though)
 * before <yourmonitoringagenthere>

Comment 6 Doug Goldstein (RETIRED) gentoo-dev

2011-06-03 18:13:50 UTC

(In reply to comment #4)
> Uhm iscsid? Why that btw?

Because libvirt uses iSCSI targets and if iscsid isn't started then it can't connect to those. Which means virtual machines who's drives are on iSCSI can't be autostarted and instead fail when the system boots.

Comment 7 Doug Goldstein (RETIRED) gentoo-dev

2011-06-03 18:15:05 UTC

(In reply to comment #5)
> well, it still reads
>   before sshd ntp-client ntpd nfs nfsmount rsyncd portmap dhcp
> 
> @Cardoe: why "before dhcp"?
> 
> Other candidates:
>  * after consolekit
>  * if you have "after iptables", you may also add ip6tables and ebtables
>  * after ceph
>  * after cman (not in tree yet, though)
>  * after corosync
>  * after gfs2-tools (not in tree yet, though)
>  * before <yourmonitoringagenthere>

After consolekit isn't necessary since its only used for authentication when its connected to. So basically the user won't be able to login to it until consolekit comes up.

Comment 8 Doug Goldstein (RETIRED) gentoo-dev

2011-06-03 18:19:06 UTC

Changes to the ordering of services have been made in the 0.9.2_rc2 ebuild