On 9/8/23 14:03, Eelco Chaudron via discuss wrote: > > > On 8 Sep 2023, at 13:55, Laurent Coloby via discuss wrote: > >> Hello Michal and Ilya >> >> Thank you for your answser >> >> You are right >> With trace I can see is it due to permission. >> >> All the commands are send with : sudo >> >> What do you mean by " because you're starting OVS manually from a root user, >> IIUC" >> >> Sorry I'm a beginner in Linux >> >> For starting, I enter >> >> sudo ovs-ctl start >> >> To launch VM, : >> sudo virsh start VM
virsh is just a frontend for libvirtd. Actual VM is started by libvirtd, which is likely running under libvirt/qemu user and group. It will not have access to sockets created by ovs-vswitchd unless ovs-vswitchd is running under the same user or group. It would likely be easier if you install OVS as a deb/rpm package depending on your operating system. It will be managed as a systemd service with a correct user/group configuration. You may install packages from your distribution or build them from sources using guides: https://docs.openvswitch.org/en/stable/intro/install/debian/ https://docs.openvswitch.org/en/stable/intro/install/fedora/ >> >> I have create ovs bridge with sudo , also > > > Here is a link to what I normally do under Fedora/RHEL. However, looking at > your configuration, you name the bridge in libvirt, ovsbr. But your ovs show > command does not have that bridge created. +1 That will become an issue once you fix the permissions. > >> >> Regards >> >> >> >> >> Internal >> -----Message d'origine----- >> De : Ilya Maximets <i.maxim...@ovn.org> >> Envoyé : jeudi 7 septembre 2023 16:49 >> À : Michal Prívozník <mpriv...@redhat.com>; Laurent Coloby >> <laurent.col...@se.com>; b...@openvswitch.org >> Cc : i.maxim...@ovn.org >> Objet : Re: [ovs-discuss] open vswitch and libvirt >> >> [External email: Use caution with links and attachments] >> >> ________________________________ >> >> >> >> On 9/7/23 16:38, Michal Prívozník via discuss wrote: >>> On 9/6/23 15:26, Laurent Coloby via discuss wrote: >>>> Hello support >>>> >>>> I'm blocked on a basic issue >>>> >>>> I use libvirt / KVM with unbutu >>>> >>>> >>>> I just want to launch a virtual Machine with a connection to OVS >>>> >>>> With command virsh edit VM , I modify to be conform to your >>>> recommendation >>>> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdoc >>>> s.openvswitch.org%2Fen%2Fstable%2Fhowto%2Flibvirt%2F&data=05%7C01%7Cl >>>> aurent.coloby%40se.com%7Ca0388c4bc678452caacf08dbafb18316%7C6e51e1adc >>>> 54b4b39b5980ffe9ae68fef%7C0%7C0%7C638296949974962097%7CUnknown%7CTWFp >>>> bGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6M >>>> n0%3D%7C2000%7C%7C%7C&sdata=GA3u82MxAGL7AViinZgd4WMbna2f6QK6U%2FVvvAk >>>> 2wPo%3D&reserved=0 >>>> >>>> [cid:image001.png@01D9E0D3.27E6D1E0] >>>> >>>> >>>> And when I start the VM , I have always same issue >>>> >>>> [cid:image002.png@01D9E0D6.2AE7D580] >>> >>> I'm not sure what this list policy is, but if this were libvir-list >>> I'd ask you to NOT take a screenshots of a text only to place them >>> into a text later. >> >> +1 >> Sometimes pictures are also fully stripped from the mail list and so people >> will not even see what you wanted to show. >> >>> >>>> >>>> On Internet , I have seen several people with same issue, but not >>>> fond any explanation >>>> >>>> Please could you help me on this problem ? >>>> Thank you in advance >>>> >>> >>> If you enable libvirt debug logs [1] then you should be able to see >>> what command is libvirt actually executing to add the TAP device into >>> the bridge. The code that drives what arguments are passed to >>> 'ovs-vsctl --may-exist add-port ...' depend on a lot of config knobs >>> [2]. But in this case it should be fairly trivial command. >>> >>> Anyway, if you turn on libvirt debug logs you should be able to see >>> what command was executed (and perhaps even if it reported any error - >>> if it did libvirt should have passed on that error message, so maybe >>> there's an improvement potential on libvirt side too). >> >> +1 as well. Please, look at libvirt logs to see what is going on. >> >> But if I were guessing, I'd say that you may have an issue with permissions, >> because you're starting OVS manually from a root user, IIUC. Libvirt daemon >> likely doesn't have permissions to access sockets created by ovs-vswitchd in >> this case. >> >>> >>> 1: >>> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flibv >>> irt.org%2Fkbase%2Fdebuglogs.html&data=05%7C01%7Claurent.coloby%40se.co >>> m%7Ca0388c4bc678452caacf08dbafb18316%7C6e51e1adc54b4b39b5980ffe9ae68fe >>> f%7C0%7C0%7C638296949974962097%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjA >>> wMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sd >>> ata=EIh5OutptVH5558mpNFiOP2qJpBmzfDXHjo9GxqfTx8%3D&reserved=0 >>> 2: >>> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitl >>> ab.com%2Flibvirt%2Flibvirt%2F-%2Fblob%2Fmaster%2Fsrc%2Futil%2Fvirnetde >>> vopenvswitch.c%3Fref_type%3Dheads%23L130&data=05%7C01%7Claurent.coloby >>> %40se.com%7Ca0388c4bc678452caacf08dbafb18316%7C6e51e1adc54b4b39b5980ff >>> e9ae68fef%7C0%7C0%7C638296949974962097%7CUnknown%7CTWFpbGZsb3d8eyJWIjo >>> iMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C% >>> 7C%7C&sdata=izbxWac5SC5p7KTQR6lpGA14M1BJtS0mpo6nXfHXhuI%3D&reserved=0 >>> >>> Michal >> >> _______________________________________________ >> discuss mailing list >> disc...@openvswitch.org >> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss > > _______________________________________________ > discuss mailing list > disc...@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss _______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss