[ovs-dev] [PATCH 2/2] dpdk docs: Drop file share in libvirt config.

Stokes, Ian ian.stokes at intel.com
Thu Apr 19 08:40:25 UTC 2018


> On Thu, 2018-04-12 at 08:24 +0100, Lam, Tiago wrote:
> > On 11/04/2018 15:03, Stephen Finucane wrote:
> > > On Wed, 2018-04-11 at 09:54 -0400, Aaron Conole wrote:
> > > > Tiago Lam <tiago.lam at intel.com> writes:
> > > >
> > > > > When explaining on how to add vhost-user ports to a guest, using
> > > > > libvirt, the following piece of configuration is used:
> > > > >      <disk type='dir' device='disk'>
> > > > >        <driver name='qemu' type='fat'/>
> > > > >        <source dir='/usr/src/dpdk-stable-17.11.1'/>
> > > > >        <target dev='vdb' bus='virtio'/>
> > > > >        <readonly/>
> > > > >      </disk>
> > > > >
> > > > > This is used to facilitate sharing of a DPDK directory between
> > > > > the host and the guest. However, for this to work selinux also
> > > > > needs to be configured (or disabled).  Furthermore, if one is
> > > > > using Ubuntu, libvirtd would need to be added to complain only
> > > > > in AppArmor. Instead, in [1] it is advised to use wget to get
> > > > > the DPDK sources over the internet, which avoids this
> > > > > differentiation. Thus, we drop this piece of configuration here as
> well and keep the example configuration as simple as possible.
> > > > >
> > > > > This has been verified on both a Fedora 27 image and a Ubuntu
> > > > > 16.04 LTS image.
> > > > >
> > > > > [1]
> > > > > http://docs.openvswitch.org/en/latest/topics/dpdk/vhost-user/#dp
> > > > > dk-in-the-guest
> > > > >
> > > > > Signed-off-by: Tiago Lam <tiago.lam at intel.com>
> > > > > ---
> > > > >
> > > > > CC'ed Stephen,
> > > > >
> > > > > I took the liberty of removing your TODO from here, as I read it
> > > > > to be related to the (now removed) SELinux instruction below. If
> > > > > you think it should still be there let me know and I'll gladly
> send a v2.
> > > >
> > > > I think it should remain until the selinux issues have been
> addressed.
> > > >
> > > > Is there a list somewhere of the AVC denials?  Maybe it makes
> > > > sense to allow them.
> > >
> > > If I'm reading this correctly, Tiago is saying these exceptions only
> > > happen because we're sharing an arbitrary directory with the guest
> > > to avoid downloading the DPDK sources twice. Given that there's a
> > > valid workaround (just fetching sources twice), simply removing that
> > > section of the XML removes the need to disable SELinux. If so,
> > > dropping the warning does make sense in my mind.
> > >
> > > Stephen
> > >
> >
> > Thanks, Stephen. Yeah, that's what I was aiming at. In order to get
> > the file sharing working properly, one must fiddle around with either
> > SELinux or AppArmor, and that seems to be the sole reason why
> > `setenforce 0` is there. Losing the dependency on the file sharing
> > means we can lose any instructions that tell the user how to fiddle
> > with either of those systems.
> >
> > Just a note though, in that the user won't have to download the DPDK
> > sources twice, only once. Following the guide, the user first sets up
> > the vhost-user ports using libvirt, and once inside the VM he should
> > follow up on running `testpmd` inside the guest [1], where he will be
> > instructed to download the DPDK sources. This makes this piece of the
> > docs a bit more consistent, I think.
> >
> > [1]
> > http://docs.openvswitch.org/en/latest/topics/dpdk/vhost-user/#dpdk-in-
> > the-guest
> 
> That all sounds fair to me.
> 
> Acked-by: Stephen Finucane <stephen at that.guru>

Thanks all, pushed to DPDK_MERGE, I'll back port this to previous releases also.

Ian

> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev


More information about the dev mailing list