[Group.of.nepali.translators] [Bug 1546565] Re: Ownership/Permissions of vhost_user sockets for openvswitch-dpdk make them unusable by libvirt/qemu/kvm

2016-07-29 Thread Liam Young 
** Changed in: neutron-openvswitch (Juju Charms Collection)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1546565

Title:
  Ownership/Permissions of vhost_user sockets for openvswitch-dpdk make
  them unusable by libvirt/qemu/kvm

Status in dpdk package in Ubuntu:
  Fix Released
Status in openvswitch package in Ubuntu:
  Won't Fix
Status in dpdk source package in Xenial:
  Fix Released
Status in openvswitch source package in Xenial:
  Won't Fix
Status in neutron-openvswitch package in Juju Charms Collection:
  Fix Released

Bug description:
  As of today the vhost_user sockets created by openvswitch have root:root file 
ownership.
  In fact creation is actually done by code the DPDK lib, but the path is 
passed to it from openvswitch.

  The API called to DPDK has no notion of ownership/groups.
  It just "inherits" what the current running process has.
  But due to LP:1546556 the process ownership/group can't be changed the usual 
way openvsiwtch would when using dpdk.

  KVM as invoked by libvirt will run under libvirt-qemu:kvm and will
  thereby be unable to access these sockets.

  The current workaround is:
 1. wait after start of openvswitch (only then the sockets exist)
 2. chown all created vhost_iuser sockets that are to be used 
e.g. sudo chown libvirt-qemu /var/run/openvswitch/vhost-user-1 
 3. if one wants to separate vhost_user sockets from the "rest" of 
openvswitch /var/run files use e.g.:
DPDK_OPTS='[...] -vhost_sock_dir /var/run/openvswitch-vhost [...]
 X. this has to be redone every start/restart of oepnvswitch
 Y. if permissions are changed in a way that openvswitch can no more remove 
them on shutdown they won't re-initialize properly on the next start

  That is a severe shortcoming and not really applicable to a supported 
production environment.
  There are discussions ongoing about providing an option to specify 
owner/group/permissions of vhost_user sockets which would solve the issue.
  Unfortunately the patch series is blocked by a wider discussion about moving 
the dpdk configuration to the ovsdb (which makes sense, but stalls the 
acceptance of the patches providing the interface to modify permissions.

  Link to the last thread about moving dpdk config to ovsdb: 
http://comments.gmane.org/gmane.network.openvswitch.devel/59186
  Link to the last thread about making vhost_user socket user/group 
configurable - patch 4&5 of this: 
http://openvswitch.org/pipermail/dev/2015-December/063568.html
  But as mentioned it was decided to get the db config discussion done first.

  It is unsure if the patches once final will make it into openvswitch 2.5 - it 
would be great if they would.
  But even if not they shouldn't appear too much after and we might be able to 
cherry pick them?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dpdk/+bug/1546565/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1546565] Re: Ownership/Permissions of vhost_user sockets for openvswitch-dpdk make them unusable by libvirt/qemu/kvm

2016-07-06 Thread ChristianEhrhardt 
Hi Michael,
this seems to confuse people regularly, so instead of just answering questions 
as last time I went over the whole bug again to summarize. Thanks for being 
persistent pitti and mwhudson!

TL;DR
please unsubscribe sponsors and SRU Verification

Summary:

Upstream DPDK & Openvswitch (and libvirt):
This is a back and forth discussion who should fix it and who not. It is 
essentially looping around with no project accepting a fix yet and leaving the 
overall solution (OVS+DPDK on KVM Guests) unusable for end users.
That is why we carry the delta for now - DPDK to provide the option, 
Openvswitch to show an example how to exploit the option.

DPDK (fix to make option available):
- fixed in Yakkety 2.2.0-0ubuntu9
- fixed in Xenial 2.2.0-0ubuntu8
- Debian (I'm co-leading the Debian effort, the fix is in there already)

neutron-openvswitch Juju Charms Collection (exploit this from charms):
- already fixed in 4f6e2ca2 by James Page

Openvswitch (just add example to default config):
- the debdiff of #6 should have gone to Xenial
- since we now have yakkety I'll add another debdiff for yakkety
- Debian needs to get a recent Openvswitch first and the DPDK with the patch 
before we can push
- given that:
  - upstream hasn't decided on a solution yet
  - it is only the example that we wanted to be extended
  - it is covered in 
https://help.ubuntu.com/16.04/serverguide/DPDK.html#dpdk-openvswitch
  => I think we can drop this for now.

** Changed in: openvswitch (Ubuntu)
   Status: Incomplete => Won't Fix

** Changed in: openvswitch (Ubuntu Xenial)
   Status: Triaged => Won't Fix

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1546565

Title:
  Ownership/Permissions of vhost_user sockets for openvswitch-dpdk make
  them unusable by libvirt/qemu/kvm

Status in dpdk package in Ubuntu:
  Fix Released
Status in openvswitch package in Ubuntu:
  Won't Fix
Status in dpdk source package in Xenial:
  Fix Released
Status in openvswitch source package in Xenial:
  Won't Fix
Status in neutron-openvswitch package in Juju Charms Collection:
  Fix Committed

Bug description:
  As of today the vhost_user sockets created by openvswitch have root:root file 
ownership.
  In fact creation is actually done by code the DPDK lib, but the path is 
passed to it from openvswitch.

  The API called to DPDK has no notion of ownership/groups.
  It just "inherits" what the current running process has.
  But due to LP:1546556 the process ownership/group can't be changed the usual 
way openvsiwtch would when using dpdk.

  KVM as invoked by libvirt will run under libvirt-qemu:kvm and will
  thereby be unable to access these sockets.

  The current workaround is:
 1. wait after start of openvswitch (only then the sockets exist)
 2. chown all created vhost_iuser sockets that are to be used 
e.g. sudo chown libvirt-qemu /var/run/openvswitch/vhost-user-1 
 3. if one wants to separate vhost_user sockets from the "rest" of 
openvswitch /var/run files use e.g.:
DPDK_OPTS='[...] -vhost_sock_dir /var/run/openvswitch-vhost [...]
 X. this has to be redone every start/restart of oepnvswitch
 Y. if permissions are changed in a way that openvswitch can no more remove 
them on shutdown they won't re-initialize properly on the next start

  That is a severe shortcoming and not really applicable to a supported 
production environment.
  There are discussions ongoing about providing an option to specify 
owner/group/permissions of vhost_user sockets which would solve the issue.
  Unfortunately the patch series is blocked by a wider discussion about moving 
the dpdk configuration to the ovsdb (which makes sense, but stalls the 
acceptance of the patches providing the interface to modify permissions.

  Link to the last thread about moving dpdk config to ovsdb: 
http://comments.gmane.org/gmane.network.openvswitch.devel/59186
  Link to the last thread about making vhost_user socket user/group 
configurable - patch 4&5 of this: 
http://openvswitch.org/pipermail/dev/2015-December/063568.html
  But as mentioned it was decided to get the db config discussion done first.

  It is unsure if the patches once final will make it into openvswitch 2.5 - it 
would be great if they would.
  But even if not they shouldn't appear too much after and we might be able to 
cherry pick them?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dpdk/+bug/1546565/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1546565] Re: Ownership/Permissions of vhost_user sockets for openvswitch-dpdk make them unusable by libvirt/qemu/kvm

2016-05-10 Thread James Page 
** Also affects: neutron-openvswitch (Juju Charms Collection)
   Importance: Undecided
   Status: New

** Changed in: neutron-openvswitch (Juju Charms Collection)
Milestone: None => 16.07

** Changed in: neutron-openvswitch (Juju Charms Collection)
   Status: New => In Progress

** Changed in: neutron-openvswitch (Juju Charms Collection)
   Importance: Undecided => High

** Changed in: neutron-openvswitch (Juju Charms Collection)
 Assignee: (unassigned) => James Page (james-page)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1546565

Title:
  Ownership/Permissions of vhost_user sockets for openvswitch-dpdk make
  them unusable by libvirt/qemu/kvm

Status in dpdk package in Ubuntu:
  Fix Released
Status in openvswitch package in Ubuntu:
  New
Status in dpdk source package in Xenial:
  Fix Released
Status in openvswitch source package in Xenial:
  New
Status in neutron-openvswitch package in Juju Charms Collection:
  In Progress

Bug description:
  As of today the vhost_user sockets created by openvswitch have root:root file 
ownership.
  In fact creation is actually done by code the DPDK lib, but the path is 
passed to it from openvswitch.

  The API called to DPDK has no notion of ownership/groups.
  It just "inherits" what the current running process has.
  But due to LP:1546556 the process ownership/group can't be changed the usual 
way openvsiwtch would when using dpdk.

  KVM as invoked by libvirt will run under libvirt-qemu:kvm and will
  thereby be unable to access these sockets.

  The current workaround is:
 1. wait after start of openvswitch (only then the sockets exist)
 2. chown all created vhost_iuser sockets that are to be used 
e.g. sudo chown libvirt-qemu /var/run/openvswitch/vhost-user-1 
 3. if one wants to separate vhost_user sockets from the "rest" of 
openvswitch /var/run files use e.g.:
DPDK_OPTS='[...] -vhost_sock_dir /var/run/openvswitch-vhost [...]
 X. this has to be redone every start/restart of oepnvswitch
 Y. if permissions are changed in a way that openvswitch can no more remove 
them on shutdown they won't re-initialize properly on the next start

  That is a severe shortcoming and not really applicable to a supported 
production environment.
  There are discussions ongoing about providing an option to specify 
owner/group/permissions of vhost_user sockets which would solve the issue.
  Unfortunately the patch series is blocked by a wider discussion about moving 
the dpdk configuration to the ovsdb (which makes sense, but stalls the 
acceptance of the patches providing the interface to modify permissions.

  Link to the last thread about moving dpdk config to ovsdb: 
http://comments.gmane.org/gmane.network.openvswitch.devel/59186
  Link to the last thread about making vhost_user socket user/group 
configurable - patch 4&5 of this: 
http://openvswitch.org/pipermail/dev/2015-December/063568.html
  But as mentioned it was decided to get the db config discussion done first.

  It is unsure if the patches once final will make it into openvswitch 2.5 - it 
would be great if they would.
  But even if not they shouldn't appear too much after and we might be able to 
cherry pick them?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dpdk/+bug/1546565/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1546565] Re: Ownership/Permissions of vhost_user sockets for openvswitch-dpdk make them unusable by libvirt/qemu/kvm

2016-05-04 Thread Chris J Arges 
** Also affects: openvswitch (Ubuntu)
   Importance: Undecided
   Status: New

** No longer affects: openvswitch-dpdk (Ubuntu)

** No longer affects: openvswitch-dpdk (Ubuntu Xenial)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1546565

Title:
  Ownership/Permissions of vhost_user sockets for openvswitch-dpdk make
  them unusable by libvirt/qemu/kvm

Status in dpdk package in Ubuntu:
  Fix Released
Status in openvswitch package in Ubuntu:
  New
Status in dpdk source package in Xenial:
  Fix Released
Status in openvswitch source package in Xenial:
  New

Bug description:
  As of today the vhost_user sockets created by openvswitch have root:root file 
ownership.
  In fact creation is actually done by code the DPDK lib, but the path is 
passed to it from openvswitch.

  The API called to DPDK has no notion of ownership/groups.
  It just "inherits" what the current running process has.
  But due to LP:1546556 the process ownership/group can't be changed the usual 
way openvsiwtch would when using dpdk.

  KVM as invoked by libvirt will run under libvirt-qemu:kvm and will
  thereby be unable to access these sockets.

  The current workaround is:
 1. wait after start of openvswitch (only then the sockets exist)
 2. chown all created vhost_iuser sockets that are to be used 
e.g. sudo chown libvirt-qemu /var/run/openvswitch/vhost-user-1 
 3. if one wants to separate vhost_user sockets from the "rest" of 
openvswitch /var/run files use e.g.:
DPDK_OPTS='[...] -vhost_sock_dir /var/run/openvswitch-vhost [...]
 X. this has to be redone every start/restart of oepnvswitch
 Y. if permissions are changed in a way that openvswitch can no more remove 
them on shutdown they won't re-initialize properly on the next start

  That is a severe shortcoming and not really applicable to a supported 
production environment.
  There are discussions ongoing about providing an option to specify 
owner/group/permissions of vhost_user sockets which would solve the issue.
  Unfortunately the patch series is blocked by a wider discussion about moving 
the dpdk configuration to the ovsdb (which makes sense, but stalls the 
acceptance of the patches providing the interface to modify permissions.

  Link to the last thread about moving dpdk config to ovsdb: 
http://comments.gmane.org/gmane.network.openvswitch.devel/59186
  Link to the last thread about making vhost_user socket user/group 
configurable - patch 4&5 of this: 
http://openvswitch.org/pipermail/dev/2015-December/063568.html
  But as mentioned it was decided to get the db config discussion done first.

  It is unsure if the patches once final will make it into openvswitch 2.5 - it 
would be great if they would.
  But even if not they shouldn't appear too much after and we might be able to 
cherry pick them?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dpdk/+bug/1546565/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1546565] Re: Ownership/Permissions of vhost_user sockets for openvswitch-dpdk make them unusable by libvirt/qemu/kvm

2016-05-04 Thread Launchpad Bug Tracker 
This bug was fixed in the package dpdk - 2.2.0-0ubuntu8

---
dpdk (2.2.0-0ubuntu8) xenial; urgency=medium

  * d/p/ubuntu-backport-[36-37] fix virtio issues (LP: #1570195):
- don't let DPDK initialize virtio devices still in use by the kernel
- this avoids conflicts between kernel and dpdk usage of those devices
- an admin now has to unbind/bind devices as on physical hardware
- this is in the dpdk 16.04 release and delta can then be dropped
- d/dpdk-doc.README.Debian update for changes in virtio-pci handling
- d/dpdk.interfaces update for changes in virtio-pci handling
  * d/p/ubuntu-backport-38... fix for memory leak (LP: #1570466):
- call vhost_destroy_device on removing vhost user ports to fix memory leak
- this likely is in the dpdk 16.07 release and delta can then be dropped
  * d/p/ubuntu-fix-vhost-user-socket-permission.patch fox (LP: #1546565):
- when vhost_user sockets are created they are owner:group of the process
- the DPDK api to create those has no way to specify owner:group
- to fix that without breaking the API and potential workaround code in
  consumers of the library like openvswitch 2.6 for example. This patch
  adds an EAL commandline option to specify user:group created vhost_user
  sockets should have.

 -- Christian Ehrhardt   Mon, 25 Apr
2016 11:42:40 +0200

** Changed in: dpdk (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1546565

Title:
  Ownership/Permissions of vhost_user sockets for openvswitch-dpdk make
  them unusable by libvirt/qemu/kvm

Status in dpdk package in Ubuntu:
  Fix Released
Status in openvswitch-dpdk package in Ubuntu:
  Invalid
Status in dpdk source package in Xenial:
  Fix Released
Status in openvswitch-dpdk source package in Xenial:
  New

Bug description:
  As of today the vhost_user sockets created by openvswitch have root:root file 
ownership.
  In fact creation is actually done by code the DPDK lib, but the path is 
passed to it from openvswitch.

  The API called to DPDK has no notion of ownership/groups.
  It just "inherits" what the current running process has.
  But due to LP:1546556 the process ownership/group can't be changed the usual 
way openvsiwtch would when using dpdk.

  KVM as invoked by libvirt will run under libvirt-qemu:kvm and will
  thereby be unable to access these sockets.

  The current workaround is:
 1. wait after start of openvswitch (only then the sockets exist)
 2. chown all created vhost_iuser sockets that are to be used 
e.g. sudo chown libvirt-qemu /var/run/openvswitch/vhost-user-1 
 3. if one wants to separate vhost_user sockets from the "rest" of 
openvswitch /var/run files use e.g.:
DPDK_OPTS='[...] -vhost_sock_dir /var/run/openvswitch-vhost [...]
 X. this has to be redone every start/restart of oepnvswitch
 Y. if permissions are changed in a way that openvswitch can no more remove 
them on shutdown they won't re-initialize properly on the next start

  That is a severe shortcoming and not really applicable to a supported 
production environment.
  There are discussions ongoing about providing an option to specify 
owner/group/permissions of vhost_user sockets which would solve the issue.
  Unfortunately the patch series is blocked by a wider discussion about moving 
the dpdk configuration to the ovsdb (which makes sense, but stalls the 
acceptance of the patches providing the interface to modify permissions.

  Link to the last thread about moving dpdk config to ovsdb: 
http://comments.gmane.org/gmane.network.openvswitch.devel/59186
  Link to the last thread about making vhost_user socket user/group 
configurable - patch 4&5 of this: 
http://openvswitch.org/pipermail/dev/2015-December/063568.html
  But as mentioned it was decided to get the db config discussion done first.

  It is unsure if the patches once final will make it into openvswitch 2.5 - it 
would be great if they would.
  But even if not they shouldn't appear too much after and we might be able to 
cherry pick them?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dpdk/+bug/1546565/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1546565] Re: Ownership/Permissions of vhost_user sockets for openvswitch-dpdk make them unusable by libvirt/qemu/kvm

2016-04-29 Thread Launchpad Bug Tracker 
This bug was fixed in the package dpdk - 2.2.0-0ubuntu9

---
dpdk (2.2.0-0ubuntu9) yakkety; urgency=medium

  * d/p/ubuntu-backport-[36-37] fix virtio issues (LP: #1570195):
- don't let DPDK initialize virtio devices still in use by the kernel
- this avoids conflicts between kernel and dpdk usage of those devices
- an admin now has to unbind/bind devices as on physical hardware
- this is in the dpdk 16.04 release and delta can then be dropped
- d/dpdk-doc.README.Debian update for changes in virtio-pci handling
- d/dpdk.interfaces update for changes in virtio-pci handling
  * d/p/ubuntu-backport-38... fix for memory leak (LP: #1570466):
- call vhost_destroy_device on removing vhost user ports to fix memory leak
- this likely is in the dpdk 16.07 release and delta can then be dropped
  * d/p/ubuntu-fix-vhost-user-socket-permission.patch fox (LP: #1546565):
- when vhost_user sockets are created they are owner:group of the process
- the DPDK api to create those has no way to specify owner:group
- to fix that without breaking the API and potential workaround code in
  consumers of the library like openvswitch 2.6 for example. This patch
  adds an EAL commandline option to specify user:group created vhost_user
  sockets should have.

 -- Christian Ehrhardt   Wed, 27 Apr
2016 07:52:48 -0500

** Changed in: dpdk (Ubuntu)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1546565

Title:
  Ownership/Permissions of vhost_user sockets for openvswitch-dpdk make
  them unusable by libvirt/qemu/kvm

Status in dpdk package in Ubuntu:
  Fix Released
Status in openvswitch-dpdk package in Ubuntu:
  Triaged
Status in dpdk source package in Xenial:
  Fix Committed
Status in openvswitch-dpdk source package in Xenial:
  New

Bug description:
  As of today the vhost_user sockets created by openvswitch have root:root file 
ownership.
  In fact creation is actually done by code the DPDK lib, but the path is 
passed to it from openvswitch.

  The API called to DPDK has no notion of ownership/groups.
  It just "inherits" what the current running process has.
  But due to LP:1546556 the process ownership/group can't be changed the usual 
way openvsiwtch would when using dpdk.

  KVM as invoked by libvirt will run under libvirt-qemu:kvm and will
  thereby be unable to access these sockets.

  The current workaround is:
 1. wait after start of openvswitch (only then the sockets exist)
 2. chown all created vhost_iuser sockets that are to be used 
e.g. sudo chown libvirt-qemu /var/run/openvswitch/vhost-user-1 
 3. if one wants to separate vhost_user sockets from the "rest" of 
openvswitch /var/run files use e.g.:
DPDK_OPTS='[...] -vhost_sock_dir /var/run/openvswitch-vhost [...]
 X. this has to be redone every start/restart of oepnvswitch
 Y. if permissions are changed in a way that openvswitch can no more remove 
them on shutdown they won't re-initialize properly on the next start

  That is a severe shortcoming and not really applicable to a supported 
production environment.
  There are discussions ongoing about providing an option to specify 
owner/group/permissions of vhost_user sockets which would solve the issue.
  Unfortunately the patch series is blocked by a wider discussion about moving 
the dpdk configuration to the ovsdb (which makes sense, but stalls the 
acceptance of the patches providing the interface to modify permissions.

  Link to the last thread about moving dpdk config to ovsdb: 
http://comments.gmane.org/gmane.network.openvswitch.devel/59186
  Link to the last thread about making vhost_user socket user/group 
configurable - patch 4&5 of this: 
http://openvswitch.org/pipermail/dev/2015-December/063568.html
  But as mentioned it was decided to get the db config discussion done first.

  It is unsure if the patches once final will make it into openvswitch 2.5 - it 
would be great if they would.
  But even if not they shouldn't appear too much after and we might be able to 
cherry pick them?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dpdk/+bug/1546565/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1546565] Re: Ownership/Permissions of vhost_user sockets for openvswitch-dpdk make them unusable by libvirt/qemu/kvm

2016-04-26 Thread Martin Pitt 
Christian, please upload the packge to yakkety too, otherwise this
cannot progress to xenial-updates.

** Also affects: dpdk (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: openvswitch-dpdk (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: dpdk (Ubuntu Xenial)
   Status: New => Fix Committed

** Tags added: verification-needed

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1546565

Title:
  Ownership/Permissions of vhost_user sockets for openvswitch-dpdk make
  them unusable by libvirt/qemu/kvm

Status in dpdk package in Ubuntu:
  Triaged
Status in openvswitch-dpdk package in Ubuntu:
  Triaged
Status in dpdk source package in Xenial:
  Fix Committed
Status in openvswitch-dpdk source package in Xenial:
  New

Bug description:
  As of today the vhost_user sockets created by openvswitch have root:root file 
ownership.
  In fact creation is actually done by code the DPDK lib, but the path is 
passed to it from openvswitch.

  The API called to DPDK has no notion of ownership/groups.
  It just "inherits" what the current running process has.
  But due to LP:1546556 the process ownership/group can't be changed the usual 
way openvsiwtch would when using dpdk.

  KVM as invoked by libvirt will run under libvirt-qemu:kvm and will
  thereby be unable to access these sockets.

  The current workaround is:
 1. wait after start of openvswitch (only then the sockets exist)
 2. chown all created vhost_iuser sockets that are to be used 
e.g. sudo chown libvirt-qemu /var/run/openvswitch/vhost-user-1 
 3. if one wants to separate vhost_user sockets from the "rest" of 
openvswitch /var/run files use e.g.:
DPDK_OPTS='[...] -vhost_sock_dir /var/run/openvswitch-vhost [...]
 X. this has to be redone every start/restart of oepnvswitch
 Y. if permissions are changed in a way that openvswitch can no more remove 
them on shutdown they won't re-initialize properly on the next start

  That is a severe shortcoming and not really applicable to a supported 
production environment.
  There are discussions ongoing about providing an option to specify 
owner/group/permissions of vhost_user sockets which would solve the issue.
  Unfortunately the patch series is blocked by a wider discussion about moving 
the dpdk configuration to the ovsdb (which makes sense, but stalls the 
acceptance of the patches providing the interface to modify permissions.

  Link to the last thread about moving dpdk config to ovsdb: 
http://comments.gmane.org/gmane.network.openvswitch.devel/59186
  Link to the last thread about making vhost_user socket user/group 
configurable - patch 4&5 of this: 
http://openvswitch.org/pipermail/dev/2015-December/063568.html
  But as mentioned it was decided to get the db config discussion done first.

  It is unsure if the patches once final will make it into openvswitch 2.5 - it 
would be great if they would.
  But even if not they shouldn't appear too much after and we might be able to 
cherry pick them?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dpdk/+bug/1546565/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp