Re: [ovs-discuss] OVS+DPDK: socket permissions' problem
After building the deb-packages of DPDK 16.11.1 without fix-perm patch and adds necessary apparmor rules for vhost-user socket creation my problem is solved. Thanks to all. On 03/22/2017 09:21 PM, Aaron Conole wrote: Aynur Shakirov writes: libvirt-qemu user and kvm group exists in my system (autocreated after libvirt package in Ubuntu): root@dpdk-compute0:/opt/build# grep qemu /etc/passwd libvirt-qemu:x:64055:118:Libvirt Qemu,,,:/var/lib/libvirt:/bin/false root@dpdk-compute0:/opt/build# groups libvirt-qemu libvirt-qemu : kvm root@dpdk-compute0:/opt/build# cat /etc/group | grep kvm kvm:x:118: OVS 2.7.0 doesn't write messages about permissions, but without changes for socket perms: instead 0666. Because of this problem OStack Ocata cannot enable vhost socket to VM even with root:root. The recommended method for integrating with vhost-user sockets is for ovs to be in client mode. Lots of attempts were made (some even by yours truly) to get server mode to provide this functionality, but there ended up being too many corner cases to provide it in a secure manner. The issue you're most likely encountering with OvS 2.7 is related to custom patches added to Ubuntu's dpdk to provide the perms= flags. This also was rejected by the dpdk community, though not outright. As such, building ovs+dpdk from upstream means you won't get clogged up with messages about users and permissions. You will have to add custom behavior to set the permissions, however. Maybe we can resurrect these efforts, but with client mode available, I don't see a huge reason to do so. On 03/22/2017 03:37 AM, Darrell Ball wrote: From: on behalf of Aynur Shakirov Date: Tuesday, March 21, 2017 at 6:17 AM To: "ovs-discuss@openvswitch.org" Subject: [ovs-discuss] OVS+DPDK: socket permissions' problem Hello. Meta. OVS ver: 2.7.90, today master (stp tests skipped) Compiler: GCC 5.3.1, default flags DPDK: 16.11.1 (from Ubuntu Cloud Archive: Ocata) Env: Ubuntu 16.04.1 up-to-date. Kernel: 4.8.0-41-generic Problem. When I adds a vhost-interface into bridge OVS specifies incorrect rights for the socket: root@dpdk-compute0:/opt/build# ovs-vsctl add-port br-ex vhost-user-1 -- set Interface vhost-user-1 type=dpdkvhostuser 2017-03-21T12:09:33.436Z|00115|dpdk|INFO|VHOST_CONFIG: vhost-user server: socket created, fd: 46 2017-03-21T12:09:33.436Z|00116|dpdk|INFO|VHOST_CONFIG: bind to /var/run/openvswitch/vhost-user-1 2017-03-21T12:09:33.436Z|00117|dpdk|INFO|EAL: Socket /var/run/openvswitch/vhost-user-1 changed permissions to 2017-03-21T12:09:33.436Z|00118|dpdk|ERR|EAL: user �ƿ not found, aborting. 2017-03-21T12:09:33.436Z|00119|dpdk|ERR|EAL: vhost-user socket unable to get specified user/group: �ƿ This worked better for me. I am using similar ovs and dpdk versions, but older kernel and distro 3.16.0-77-generic #99~14.04.1-Ubuntu. . . 2017-03-21T23:09:21.662Z|00104|netdev_dpdk|INFO|Socket /usr/local/var/run/openvswitch/vhost-user-1 created for vhost-user port vhost-user-1 2017-03-21T23:09:21.662Z|00105|bridge|INFO|bridge br0: added interface vhost-user-1 on port 6 . . darrell@---server125:~/ovs/ovs_master$ ll /usr/local/var/run/openvswitch/vhost-user-1 srwxr-xr-x 1 root root 0 Mar 21 16:30 /usr/local/var/run/openvswitch/vhost-user-1= However, I have the libvirt-qemu user, you seem to be missing; well, at least based on the EAL logs. darrell@ ---server125:~/ovs/ovs_master$ cat /etc/passwd | grep libvirt libvirt-qemu:x:105:109:Libvirt Qemu,,,:/var/lib/libvirt:/bin/false darrell@ ---server125:~/ovs/ovs_master$ groups libvirt-qemu libvirt-qemu : kvm darrell@ ---server125:~/ovs/ovs_master$ cat /etc/group | grep kvm kvm:x:109: Debug Log is here. For past master (2 weeks ago and with -03/march=native compiler flags) OVS was trying to configure the socket owner as fdb/show. DPDK Settings: root@dpdk-compute0:/opt/build# ovs-vsctl --no-wait get Open_vSwitch . other_config {dpdk-alloc-mem="2048", dpdk-extra="--vhost-owner libvirt-qemu:kvm --vhost-perm 0666", dpdk-init="true", dpdk-lcore-mask="0x1", dpdk-socket-mem="1024,0"} OVS config: root@dpdk-compute0:/opt/build# ovs-vsctl show 972154fa-857e-45e8-b56b-77e5cb6eb685 Manager "ptcp:6640:127.0.0.1" is_connected: true Bridge br-int Controller "tcp:127.0.0.1:6633" is_connected: true fail_mode: secure Port int-br-ex Interface int-br-ex type: patch options: {peer=phy-br-ex} Port patch-tun Interface patch-tun type: patch o
Re: [ovs-discuss] OVS+DPDK: socket permissions' problem
libvirt-qemu user and kvm group exists in my system (autocreated after libvirt package in Ubuntu): root@dpdk-compute0:/opt/build# grep qemu /etc/passwd libvirt-qemu:x:64055:118:Libvirt Qemu,,,:/var/lib/libvirt:/bin/false root@dpdk-compute0:/opt/build# groups libvirt-qemu libvirt-qemu : kvm root@dpdk-compute0:/opt/build# cat /etc/group | grep kvm kvm:x:118: OVS 2.7.0 doesn't write messages about permissions, but without changes for socket perms: instead 0666. Because of this problem OStack Ocata cannot enable vhost socket to VM even with root:root. On 03/22/2017 03:37 AM, Darrell Ball wrote: *From: * on behalf of Aynur Shakirov *Date: *Tuesday, March 21, 2017 at 6:17 AM *To: *"ovs-discuss@openvswitch.org" *Subject: *[ovs-discuss] OVS+DPDK: socket permissions' problem Hello. Meta. OVS ver: 2.7.90, today master (stp tests skipped) Compiler: GCC 5.3.1, default flags DPDK: 16.11.1 (from Ubuntu Cloud Archive: Ocata) Env: Ubuntu 16.04.1 up-to-date. Kernel: 4.8.0-41-generic Problem. When I adds a vhost-interface into bridge OVS specifies incorrect rights for the socket: root@dpdk-compute0:/opt/build# ovs-vsctl add-port br-ex vhost-user-1 -- set Interface vhost-user-1 type=dpdkvhostuser 2017-03-21T12:09:33.436Z|00115|dpdk|INFO|VHOST_CONFIG: vhost-user server: socket created, fd: 46 2017-03-21T12:09:33.436Z|00116|dpdk|INFO|VHOST_CONFIG: bind to /var/run/openvswitch/vhost-user-1 2017-03-21T12:09:33.436Z|00117|dpdk|INFO|EAL: Socket /var/run/openvswitch/vhost-user-1 changed permissions to 2017-03-21T12:09:33.436Z|00118|dpdk|ERR|EAL: user �ƿ not found, aborting. 2017-03-21T12:09:33.436Z|00119|dpdk|ERR|EAL: vhost-user socket unable to get specified user/group: �ƿ This worked better for me. I am using similar ovs and dpdk versions, but older kernel and distro 3.16.0-77-generic #99~14.04.1-Ubuntu. . . 2017-03-21T23:09:21.662Z|00104|netdev_dpdk|INFO|Socket /usr/local/var/run/openvswitch/vhost-user-1 created for vhost-user port vhost-user-1 2017-03-21T23:09:21.662Z|00105|bridge|INFO|bridge br0: added interface vhost-user-1 on port 6 . . darrell@---server125:~/ovs/ovs_master$ ll /usr/local/var/run/openvswitch/vhost-user-1 srwxr-xr-x 1 root root 0 Mar 21 16:30 /usr/local/var/run/openvswitch/vhost-user-1= However, I have the libvirt-qemu user, you seem to be missing; well, at least based on the EAL logs. darrell@---server125:~/ovs/ovs_master$ cat /etc/passwd | grep libvirt libvirt-qemu:x:105:109:Libvirt Qemu,,,:/var/lib/libvirt:/bin/false darrell@---server125:~/ovs/ovs_master$ groups libvirt-qemu libvirt-qemu : kvm darrell@---server125:~/ovs/ovs_master$ cat /etc/group | grep kvm kvm:x:109: Debug Log is here <https://urldefense.proofpoint.com/v2/url?u=http-3A__paste.ubuntu.com_24221473_&d=DwMDaQ&c=uilaK90D4TOVoH58JNXRgQ&r=BVhFA09CGX7JQ5Ih-uZnsw&m=SPJT16Jx_w9tAAwX3-2hfAaImuQzYWPGDpCGLa8Egy0&s=ec4zzleu-wtZxi_VqRhKBfLPDylZi6-buVouPRb7x4M&e=>. For past master (2 weeks ago and with -03/march=native compiler flags) OVS was trying to configure the socket owner as fdb/show. DPDK Settings: root@dpdk-compute0:/opt/build# ovs-vsctl --no-wait get Open_vSwitch . other_config {dpdk-alloc-mem="2048", dpdk-extra="--vhost-owner libvirt-qemu:kvm --vhost-perm 0666", dpdk-init="true", dpdk-lcore-mask="0x1", dpdk-socket-mem="1024,0"} OVS config: root@dpdk-compute0:/opt/build# ovs-vsctl show 972154fa-857e-45e8-b56b-77e5cb6eb685 Manager "ptcp:6640:127.0.0.1" is_connected: true Bridge br-int Controller "tcp:127.0.0.1:6633" is_connected: true fail_mode: secure Port int-br-ex Interface int-br-ex type: patch options: {peer=phy-br-ex} Port patch-tun Interface patch-tun type: patch options: {peer=patch-int} Port br-int Interface br-int type: internal Bridge br-ex Controller "tcp:127.0.0.1:6633" is_connected: true fail_mode: secure *Port "vhost-user-1"** Interface "vhost-user-1" type: dpdkvhostuser* Port phy-br-ex Interface phy-br-ex type: patch options: {peer=int-br-ex} Port br-ex Interface br-ex type: internal Port "intel_1g_1" Interface "intel_1g_1" type: dpdk options: {dpdk-devargs=":06:00.1"} Bridge br-tun Controller "tcp:127.0.0.1:6633" is_connected: true fail_mode: secure Port patch-int Interface patch-int type: patch options: {peer=patch-tun} Port br
[ovs-discuss] OVS+DPDK: socket permissions' problem
Hello. Meta. OVS ver: 2.7.90, today master (stp tests skipped) Compiler: GCC 5.3.1, default flags DPDK: 16.11.1 (from Ubuntu Cloud Archive: Ocata) Env: Ubuntu 16.04.1 up-to-date. Kernel: 4.8.0-41-generic Problem. When I adds a vhost-interface into bridge OVS specifies incorrect rights for the socket: root@dpdk-compute0:/opt/build# ovs-vsctl add-port br-ex vhost-user-1 -- set Interface vhost-user-1 type=dpdkvhostuser 2017-03-21T12:09:33.436Z|00115|dpdk|INFO|VHOST_CONFIG: vhost-user server: socket created, fd: 46 2017-03-21T12:09:33.436Z|00116|dpdk|INFO|VHOST_CONFIG: bind to /var/run/openvswitch/vhost-user-1 2017-03-21T12:09:33.436Z|00117|dpdk|INFO|EAL: Socket /var/run/openvswitch/vhost-user-1 changed permissions to 2017-03-21T12:09:33.436Z|00118|dpdk|ERR|EAL: user �ƿ not found, aborting. 2017-03-21T12:09:33.436Z|00119|dpdk|ERR|EAL: vhost-user socket unable to get specified user/group: �ƿ Debug Log is here <http://paste.ubuntu.com/24221473/>. For past master (2 weeks ago and with -03/march=native compiler flags) OVS was trying to configure the socket owner as fdb/show. DPDK Settings: root@dpdk-compute0:/opt/build# ovs-vsctl --no-wait get Open_vSwitch . other_config {dpdk-alloc-mem="2048", dpdk-extra="--vhost-owner libvirt-qemu:kvm --vhost-perm 0666", dpdk-init="true", dpdk-lcore-mask="0x1", dpdk-socket-mem="1024,0"} OVS config: root@dpdk-compute0:/opt/build# ovs-vsctl show 972154fa-857e-45e8-b56b-77e5cb6eb685 Manager "ptcp:6640:127.0.0.1" is_connected: true Bridge br-int Controller "tcp:127.0.0.1:6633" is_connected: true fail_mode: secure Port int-br-ex Interface int-br-ex type: patch options: {peer=phy-br-ex} Port patch-tun Interface patch-tun type: patch options: {peer=patch-int} Port br-int Interface br-int type: internal Bridge br-ex Controller "tcp:127.0.0.1:6633" is_connected: true fail_mode: secure *Port "vhost-user-1"** **Interface "vhost-user-1"** **type: dpdkvhostuser* Port phy-br-ex Interface phy-br-ex type: patch options: {peer=int-br-ex} Port br-ex Interface br-ex type: internal Port "intel_1g_1" Interface "intel_1g_1" type: dpdk options: {dpdk-devargs=":06:00.1"} Bridge br-tun Controller "tcp:127.0.0.1:6633" is_connected: true fail_mode: secure Port patch-int Interface patch-int type: patch options: {peer=patch-tun} Port br-tun Interface br-tun type: internal ovs_version: "2.7.90" root@dpdk-compute0:/opt/build# Command for port add: root@dpdk-compute0:/opt/build# ovs-vsctl add-port br-ex vhost-user-1 -- set Interface vhost-user-1 type=dpdkvhostuser Actual socket rights after vhost create: root@dpdk-compute0:/opt/build# ll /var/run/openvswitch/vhost-user-1 s- 1 root root 0 Mar 21 07:14 /var/run/openvswitch/vhost-user-1= Why this happening? And one more question: can enable a debug logs for EAL over OVS? Thanks for help. -- Sincerely, Aynur Shakirov, 27. TIONIX RUS. Planet Earth, Solar System, Milky Way. ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
[ovs-discuss] [openvswitch 2.7.90] testsuite: 2180 failed
For latest master the OVS build of deb package unsuccessfully ends because test "flush the fdb and mdb when topology changed" is fail. Test added to git in commit 427e9751f30067357262f58fdf5af55df4b6debf Env: Ubuntu 16.04.1 with latest updates, compiler is gcc 5.3.1, dpdk enabled. Log: http://paste.ubuntu.com/24215426/ Thanks. -- Sincerely, Aynur Shakirov, 26. TIONIX RUS. Planet Earth, Solar System, Milky Way. ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss