[libvirt] [PATCH] util: recheck the validating backend when the firewalld start/stop
Luyao Huang
lhuang at redhat.com
Mon Feb 2 11:46:06 UTC 2015
On 02/02/2015 07:38 PM, Daniel P. Berrange wrote:
> On Mon, Feb 02, 2015 at 11:40:44AM +0800, Luyao Huang wrote:
>> https://bugzilla.redhat.com/show_bug.cgi?id=1188088
>>
>> When the firewalld is running and then start the libvirtd, libvirt
>> will set the current backend as VIR_FIREWALL_BACKEND_FIREWALLD.
>> But when firewalld is stop, we still try to use firewalld even it
>> is stopped, this will make the vm which has nwfilter cannot start
>> because systemd cannot find a running firewalld service.
>>
>> We already have a Dbus callback functions before, add a recheck for
>> the validating backend in firewalld_dbus_filter_bridge and
>> nwfilterFirewalldDBusFilter callback functions to help us dynamic
>> change the validating backend.
> NACK, this is not desirable IMHO. Just because firewalld is stopped
> does not imply that it should not be used by libvirt. It may simply
> be in the process of being restarted, either by the admin or due to
> an RPM upgrade. Switching a host between firewalld & non-firewalld
> managmenet is not something that is typically done - the decision
> to use firewalld is something taken at time of initial provisioning.
> So I don't think libvirt should optimize for that scenario. We should
> optimize for a host always using one or the other exclusively and not
> try to dynamically switch.
Got it, i hadn't thought about this when i wrote this patch.
And thanks a lot for your clearly explanation.
>
> Regards,
> Daniel
Luyao
More information about the libvir-list
mailing list