kvm: virError(Code=89, Domain=47, Message='Error desde el servicio: changeZoneOfInterface: COMMAND_FAILED: 'python-nftables' failed:

[lucasponce]

Fedora 32 box where we have installed docker [1]

Unable to start minikube with kvm2:

❗  These changes will take effect upon a minikube delete and then a minikube start
😄  minikube v1.12.1 en Fedora 32
✨  Using the kvm2 driver based on user configuration
💿  Downloading VM boot image ...
    > minikube-v1.12.0.iso.sha256: 65 B / 65 B [-------------] 100.00% ? p/s 0s
    > minikube-v1.12.0.iso: 173.57 MiB / 173.57 MiB [] 100.00% 43.17 MiB p/s 4s
👍  Starting control plane node minikube in cluster minikube
💾  Downloading Kubernetes v1.17.5 preload ...
    > preloaded-images-k8s-v4-v1.17.5-docker-overlay2-amd64.tar.lz4: 522.78 MiB
🔥  Creating kvm2 VM (CPUs=4, Memory=16384MB, Disk=20000MB) ...
🔥  Eliminando "minikube" en kvm2...
🤦  StartHost failed, but will try again: creating host: create: Error creating machine: Error in driver during machine creation: ensuring active networks: starting network default: virError(Code=89, Domain=47, Message='Error desde el servicio: changeZoneOfInterface: COMMAND_FAILED: 'python-nftables' failed: 
JSON blob:
{"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_libvirt_allow", "expr": [{"match": {"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op": "==", "right": 67}}, {"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["new", "untracked"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_libvirt_allow", "expr": [{"match": {"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op": "==", "right": 547}}, {"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["new", "untracked"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_libvirt_allow", "expr": [{"match": {"left": {"payload": {"protocol": "tcp", "field": "dport"}}, "op": "==", "right": 53}}, {"match": {"left": {"ct": {"key": "state"}}')
🔥  Creating kvm2 VM (CPUs=4, Memory=16384MB, Disk=20000MB) ...
😿  Failed to start kvm2 VM. "minikube start" may fix it: creating host: create: Error creating machine: Error in driver during machine creation: ensuring active networks: starting network default: virError(Code=89, Domain=47, Message='Error desde el servicio: changeZoneOfInterface: COMMAND_FAILED: 'python-nftables' failed: 
JSON blob:
{"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_libvirt_allow", "expr": [{"match": {"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op": "==", "right": 67}}, {"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["new", "untracked"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_libvirt_allow", "expr": [{"match": {"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op": "==", "right": 547}}, {"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["new", "untracked"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_libvirt_allow", "expr": [{"match": {"left": {"payload": {"protocol": "tcp", "field": "dport"}}, "op": "==", "right": 53}}, {"match": {"left": {"ct": {"key": "state"}}')

💣  error provisioning host: Failed to start host: creating host: create: Error creating machine: Error in driver during machine creation: ensuring active networks: starting network default: virError(Code=89, Domain=47, Message='Error desde el servicio: changeZoneOfInterface: COMMAND_FAILED: 'python-nftables' failed: 
JSON blob:
{"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_libvirt_allow", "expr": [{"match": {"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op": "==", "right": 67}}, {"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["new", "untracked"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_libvirt_allow", "expr": [{"match": {"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op": "==", "right": 547}}, {"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["new", "untracked"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_libvirt_allow", "expr": [{"match": {"left": {"payload": {"protocol": "tcp", "field": "dport"}}, "op": "==", "right": 53}}, {"match": {"left": {"ct": {"key": "state"}}')

😿  minikube is exiting due to an error. If the above message is not useful, open an issue:
👉  https://github.com/kubernetes/minikube/issues/new/choose
🔎  Verifying registry addon...

💣  enable failed: run callbacks: running callbacks: [get kube-client to validate registry addon: client config: context "minikube" does not exist: client config: context "minikube" does not exist]

😿  minikube is exiting due to an error. If the above message is not useful, open an issue:
👉  https://github.com/kubernetes/minikube/issues/new/choose
🔎  Verifying ingress addon...

💣  enable failed: run callbacks: running callbacks: [get kube-client to validate ingress addon: client config: context "minikube" does not exist: client config: context "minikube" does not exist]

😿  minikube is exiting due to an error. If the above message is not useful, open an issue:
👉  https://github.com/kubernetes/minikube/issues/new/choose

[1] https://fedoramagazine.org/docker-and-fedora-32/

[pbaitule]

@lucasponce From one of the comments under that article, taking a sledgehammer to firewalld fixed it for me.

[afbjorklund]

Yup, looks like a libvirt issue.

https://bugzilla.redhat.com/show_bug.cgi?id=1786876

[priyawadhwa]

Hey @lucasponce are you still seeing this issue?

If docker is installed, you could also try running minikube with the docker driver via:

minikube start --driver docker

[lucasponce]

@priyawadhwa I moved to other environment, the only workaround I had was to disable firwalld to make it work.
I couldn't workaround it in other way.

[tstromberg]

This issue appears to be a duplicate of #8772, do you mind if we move the conversation there?

Ths way we can centralize the content relating to the issue. If you feel that this issue is not in fact a duplicate, please re-open it using /reopen. If you have additional information to share, please add it to the new issue.

Thank you for reporting this!