Aynur Shakirov <[email protected]> writes: > libvirt-qemu user and kvm group exists in my system (autocreated after > libvirt package in Ubuntu): > > root@dpdk-compute0:/opt/build# grep qemu /etc/passwd > libvirt-qemu:x:64055:118:Libvirt Qemu,,,:/var/lib/libvirt:/bin/false > > root@dpdk-compute0:/opt/build# groups libvirt-qemu > libvirt-qemu : kvm > > root@dpdk-compute0:/opt/build# cat /etc/group | grep kvm > kvm:x:118: > > OVS 2.7.0 doesn't write messages about permissions, but without changes for > socket perms: 0000 > instead 0666. Because of this problem OStack Ocata cannot enable vhost socket > to VM even with > root:root.
The recommended method for integrating with vhost-user sockets is for ovs to be in client mode. Lots of attempts were made (some even by yours truly) to get server mode to provide this functionality, but there ended up being too many corner cases to provide it in a secure manner. The issue you're most likely encountering with OvS 2.7 is related to custom patches added to Ubuntu's dpdk to provide the perms= flags. This also was rejected by the dpdk community, though not outright. As such, building ovs+dpdk from upstream means you won't get clogged up with messages about users and permissions. You will have to add custom behavior to set the permissions, however. Maybe we can resurrect these efforts, but with client mode available, I don't see a huge reason to do so. > On 03/22/2017 03:37 AM, Darrell Ball wrote: > > > > > > From: <[email protected]> on behalf of Aynur Shakirov > <[email protected]> > Date: Tuesday, March 21, 2017 at 6:17 AM > To: "[email protected]" <[email protected]> > Subject: [ovs-discuss] OVS+DPDK: socket permissions' problem > > > > Hello. > > Meta. > OVS ver: 2.7.90, today master (stp tests skipped) > Compiler: GCC 5.3.1, default flags > DPDK: 16.11.1 (from Ubuntu Cloud Archive: Ocata) > Env: Ubuntu 16.04.1 up-to-date. > Kernel: 4.8.0-41-generic > > Problem. > When I adds a vhost-interface into bridge OVS specifies incorrect rights for > the socket: > > root@dpdk-compute0:/opt/build# ovs-vsctl add-port br-ex vhost-user-1 -- set > Interface vhost-user-1 type=dpdkvhostuser > > 2017-03-21T12:09:33.436Z|00115|dpdk|INFO|VHOST_CONFIG: vhost-user server: > socket > created, fd: 46 > 2017-03-21T12:09:33.436Z|00116|dpdk|INFO|VHOST_CONFIG: bind to > /var/run/openvswitch/vhost-user-1 > 2017-03-21T12:09:33.436Z|00117|dpdk|INFO|EAL: Socket > /var/run/openvswitch/vhost-user-1 changed permissions to ���� > 2017-03-21T12:09:33.436Z|00118|dpdk|ERR|EAL: user �ƿ not found, aborting. > 2017-03-21T12:09:33.436Z|00119|dpdk|ERR|EAL: vhost-user socket unable to get > specified user/group: �ƿ > > > > > > > > This worked better for me. I am using similar ovs and dpdk versions, but > older > kernel > > and distro 3.16.0-77-generic #99~14.04.1-Ubuntu. > > > > . > > . > > 2017-03-21T23:09:21.662Z|00104|netdev_dpdk|INFO|Socket > /usr/local/var/run/openvswitch/vhost-user-1 created for vhost-user port > vhost-user-1 > > 2017-03-21T23:09:21.662Z|00105|bridge|INFO|bridge br0: added interface > vhost-user-1 on port 6 > > . > > . > > > > > > darrell@xxxx-xxxx-xxxx-server125:~/ovs/ovs_master$ ll > /usr/local/var/run/openvswitch/vhost-user-1 > > srwxr-xr-x 1 root root 0 Mar 21 16:30 > /usr/local/var/run/openvswitch/vhost-user-1= > > > > > > However, I have the libvirt-qemu user, you seem to be missing; well, at least > > based on the EAL logs. > > > > darrell@ xxxx-xxxx-xxxx-server125:~/ovs/ovs_master$ cat /etc/passwd | grep > libvirt > > libvirt-qemu:x:105:109:Libvirt Qemu,,,:/var/lib/libvirt:/bin/false > > > > darrell@ xxxx-xxxx-xxxx-server125:~/ovs/ovs_master$ groups libvirt-qemu > > libvirt-qemu : kvm > > > > darrell@ xxxx-xxxx-xxxx-server125:~/ovs/ovs_master$ cat /etc/group | grep kvm > > kvm:x:109: > > > > > > Debug Log is here. > > For past master (2 weeks ago and with -03/march=native compiler flags) OVS > was trying to > configure the socket owner as fdb/show. > > DPDK Settings: > > root@dpdk-compute0:/opt/build# ovs-vsctl --no-wait get Open_vSwitch . > other_config > {dpdk-alloc-mem="2048", dpdk-extra="--vhost-owner libvirt-qemu:kvm > --vhost-perm > 0666", dpdk-init="true", dpdk-lcore-mask="0x1", dpdk-socket-mem="1024,0"} > > OVS config: > > root@dpdk-compute0:/opt/build# ovs-vsctl show > 972154fa-857e-45e8-b56b-77e5cb6eb685 > Manager "ptcp:6640:127.0.0.1" > is_connected: true > Bridge br-int > Controller "tcp:127.0.0.1:6633" > is_connected: true > fail_mode: secure > Port int-br-ex > Interface int-br-ex > type: patch > options: {peer=phy-br-ex} > Port patch-tun > Interface patch-tun > type: patch > options: {peer=patch-int} > Port br-int > Interface br-int > type: internal > Bridge br-ex > Controller "tcp:127.0.0.1:6633" > is_connected: true > fail_mode: secure > Port "vhost-user-1" > Interface "vhost-user-1" > type: dpdkvhostuser > Port phy-br-ex > Interface phy-br-ex > type: patch > options: {peer=int-br-ex} > Port br-ex > Interface br-ex > type: internal > Port "intel_1g_1" > Interface "intel_1g_1" > type: dpdk > options: {dpdk-devargs="0000:06:00.1"} > Bridge br-tun > Controller "tcp:127.0.0.1:6633" > is_connected: true > fail_mode: secure > Port patch-int > Interface patch-int > type: patch > options: {peer=patch-tun} > Port br-tun > Interface br-tun > type: internal > ovs_version: "2.7.90" > root@dpdk-compute0:/opt/build# > > Command for port add: > > root@dpdk-compute0:/opt/build# ovs-vsctl add-port br-ex vhost-user-1 -- set > Interface vhost-user-1 type=dpdkvhostuser > > Actual socket rights after vhost create: > > root@dpdk-compute0:/opt/build# ll /var/run/openvswitch/vhost-user-1 > s--------- 1 root root 0 Mar 21 07:14 /var/run/openvswitch/vhost-user-1= > > Why this happening? And one more question: can enable a debug logs for EAL > over OVS? > > Thanks for help. > > -- > > Sincerely, > > Aynur Shakirov, 27. > > TIONIX RUS. > > Planet Earth, Solar System, Milky Way. _______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
