-
Bug
-
Resolution: Unresolved
-
Undefined
-
rhel-9.6
-
libvirt-10.8.0-2.el9
-
Yes
-
Critical
-
rhel-sst-virtualization-networking
-
ssg_virtualization
-
11
-
3
-
Dev ack
-
False
-
-
None
-
Red Hat Enterprise Linux
-
None
-
Pass
-
RegressionOnly
-
-
10.9.0
-
None
What were you trying to do that didn't work?
Use networking on my VM after I updated my host's firewall settings.
What is the impact of this issue to you?
It breaks critical tests. For production: customers can't update their firewall settings without breaking VM connectivity (if using NAT and dynamic IP addresses) for new VMs.
Please provide the package NVR for which the bug is seen:
libvirt-10.8.0-1.el9/el10
How reproducible is this bug?:
100%
Steps to reproduce
- Have a VM connected to libvirt's default NAT network via
<interface type="network"> <mac address="52:54:00:25:23:21"/> <source network="default"/> <model type="virtio"/> <address .../> </interface>
- Reload the firewall rules
# firewall-cmd --reload
- Start a VM, log into it and confirm it has an IP address
ip a
Expected results
The VM has an IP address, it can successfully ping the host.
Actual results
The VM doesn't get an IP address.
Additional notes
- Starting the VM after restarting the default network fixes the problem,
virsh net-destroy default; virsh net-start default
- Running VMs are not affected, they still have connectivity
- Attaching virtnetworkd logs
- In the system log I could see
...firewalld[98017]: ERROR: UNKNOWN_INTERFACE: 'virbr0' is not in any zone
- This happened on s390x, I'll request help to try and reproduce on x86_64.
- Hit by gating test
virtual_disks.multidisks.hotplug.single_disk_test.disk_scsi_block_size.block_size_512
- Tried to get IP in guest with
dhclient
to no avail.
- This didn't happen in libvirt-10.5.0-7.el9_5 nor libvirt-10.5.0-5.el10
- is blocked by
-
RHEL-50574 Rebase libvirt in RHEL-9.6.0
- Integration
- links to
-
RHBA-2024:140248 libvirt update