Bug 1216866

Summary: libvirt default network doesn't start automatically
Product: [openSUSE] openSUSE Tumbleweed Reporter: Emiliano Langella <emiliano.langella>
Component: NetworkAssignee: Danilo Spinella <danilo.spinella>
Status: NEW --- QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: emiliano.langella, xiaoguang.wang
Version: Current   
Target Milestone: ---   
Hardware: x86-64   
OS: openSUSE Tumbleweed   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Emiliano Langella 2023-11-03 15:39:42 UTC 
On my lab running TW 20231101, my default libvirt network was not autostarted at boot:

$ virsh net-list --all
 Name      State    Autostart   Persistent
--------------------------------------------
 default   inactive   yes         yes

I found out the culprit that was iptables-backend-nft-1.8.10-2.1.x86_64, due to the following error:

Nov 03 10:06:05 rodan virtnetworkd[1393]: internal error: Failed to apply firewall rules /sbin/iptables -w --table nat --insert POSTROUTING --jump LIBVIRT_PRT: iptables v1.8.10 (nf_tables):  CHAIN_ADD failed (No such file or directory): chain POSTROUTING

After removing that package, my default libvirt network is now autostarted at boot:

$ virsh net-list --all
 Name      State    Autostart   Persistent
--------------------------------------------
 default   active   yes         yes
Comment 1 xiaoguang wang 2023-11-15 02:10:42 UTC 
I have the same issue. TW version is
NAME="openSUSE Tumbleweed"
# VERSION="20231110"
Comment 2 Danilo Spinella 2023-11-16 10:31:44 UTC 
Hello Emiliano and xiaoguang, thank you for the report. Did this issue happen when iptables-backend-nft package was installed? Or did it break during the update to iptables 1.8.10?
Comment 3 Emiliano Langella 2023-11-16 13:50:35 UTC 
(In reply to Danilo Spinella from comment #2)
> Hello Emiliano and xiaoguang, thank you for the report. Did this issue
> happen when iptables-backend-nft package was installed? Or did it break
> during the update to iptables 1.8.10?

This issue happened when iptables-backend-nft package was installed.
Comment 4 Danilo Spinella 2023-11-16 15:41:41 UTC 
(In reply to Emiliano Langella from comment #3)
> (In reply to Danilo Spinella from comment #2)
> > Hello Emiliano and xiaoguang, thank you for the report. Did this issue
> > happen when iptables-backend-nft package was installed? Or did it break
> > during the update to iptables 1.8.10?
> 
> This issue happened when iptables-backend-nft package was installed.

Do you have any other iptables specific configuration? Or something that might be interfering with nftables backend?
Comment 5 Emiliano Langella 2023-11-16 15:48:44 UTC 
(In reply to Danilo Spinella from comment #4)
> Do you have any other iptables specific configuration? Or something that
> might be interfering with nftables backend?

I never configured iptables, firewall is disabled.
Comment 6 Danilo Spinella 2023-11-20 13:46:13 UTC 
(In reply to Emiliano Langella from comment #5)
> (In reply to Danilo Spinella from comment #4)
> > Do you have any other iptables specific configuration? Or something that
> > might be interfering with nftables backend?
> 
> I never configured iptables, firewall is disabled.

Then it might be a libvirt bug. Can you please open a bug upstream?

https://gitlab.com/libvirt/libvirt/-/issues
Comment 7 Emiliano Langella 2023-11-21 14:47:48 UTC 
(In reply to Danilo Spinella from comment #6)
> (In reply to Emiliano Langella from comment #5)
> > (In reply to Danilo Spinella from comment #4)
> > > Do you have any other iptables specific configuration? Or something that
> > > might be interfering with nftables backend?
> > 
> > I never configured iptables, firewall is disabled.
> 
> Then it might be a libvirt bug. Can you please open a bug upstream?
> 
> https://gitlab.com/libvirt/libvirt/-/issues

https://gitlab.com/libvirt/libvirt/-/issues/564