Docker vs libvirt vs firewalld conflict: get rid of firewalld
Setting up an really working libvirt environment isn't and easy task. Even worse if it's going to run inside a docker container.
Things you should know:
Things you should know:
- Choose the right base system:
anything w/ systemd - it will cause big headache sooner or later (well, it's written/maintained by a guy who doesn't know the elementary unix commands and publicly declares people with different oppionions 'racists' ...) - KVM access:
the container needs to be started w/ '--privileged' flag in order to get access to /dev/kvm device.
without that, qemu always needs to do CPU emulation, which - of course - is sloohohow. - Firewall utils:
DONT use firewalld (get rid of it, if you did the mistake to install it!) - it will kill docker's firewall rules, and the containers will be cut off the net !
In case you get strange libvirt errors like "Failed to initialize a valid firewall backend", your container probably lacks some packages: iptables, ip6tables, ebtables, dnsmasq
if libvirt can't detect them, it will fall back to firewalld and fail. - Other required packages:
- file (initrd setup tries to call it, probably for some rhel workarounds)
- libvirt-clients
- libvirt-daemon
- libvirt-daemon-system
- virtinst (in case you wanna use the virt-install command)
- nmap (symlink ncat to nc -- classic netcat won't work)
- qemu
Comments
Post a Comment