[ovs-discuss] OVS+DPDK: socket permissions' problem
Aynur Shakirov
ajnur.shakirov at tionix.ru
Mon Mar 27 06:44:47 UTC 2017
After building the deb-packages of DPDK 16.11.1 without fix-perm patch
and adds necessary apparmor rules for vhost-user socket creation my
problem is solved.
Thanks to all.
On 03/22/2017 09:21 PM, Aaron Conole wrote:
> Aynur Shakirov <ajnur.shakirov at tionix.ru> writes:
>
>> libvirt-qemu user and kvm group exists in my system (autocreated after libvirt package in Ubuntu):
>>
>> root at dpdk-compute0:/opt/build# grep qemu /etc/passwd
>> libvirt-qemu:x:64055:118:Libvirt Qemu,,,:/var/lib/libvirt:/bin/false
>>
>> root at dpdk-compute0:/opt/build# groups libvirt-qemu
>> libvirt-qemu : kvm
>>
>> root at dpdk-compute0:/opt/build# cat /etc/group | grep kvm
>> kvm:x:118:
>>
>> OVS 2.7.0 doesn't write messages about permissions, but without changes for socket perms: 0000
>> instead 0666. Because of this problem OStack Ocata cannot enable vhost socket to VM even with
>> root:root.
> The recommended method for integrating with vhost-user sockets is for
> ovs to be in client mode. Lots of attempts were made (some even by
> yours truly) to get server mode to provide this functionality, but there
> ended up being too many corner cases to provide it in a secure manner.
>
> The issue you're most likely encountering with OvS 2.7 is related to
> custom patches added to Ubuntu's dpdk to provide the perms= flags. This
> also was rejected by the dpdk community, though not outright. As such,
> building ovs+dpdk from upstream means you won't get clogged up with
> messages about users and permissions. You will have to add custom
> behavior to set the permissions, however.
>
> Maybe we can resurrect these efforts, but with client mode available, I
> don't see a huge reason to do so.
>
>> On 03/22/2017 03:37 AM, Darrell Ball wrote:
>>
>>
>>
>>
>>
>> From: <ovs-discuss-bounces at openvswitch.org> on behalf of Aynur Shakirov
>> <ajnur.shakirov at tionix.ru>
>> Date: Tuesday, March 21, 2017 at 6:17 AM
>> To: "ovs-discuss at openvswitch.org" <ovs-discuss at openvswitch.org>
>> Subject: [ovs-discuss] OVS+DPDK: socket permissions' problem
>>
>>
>>
>> Hello.
>>
>> Meta.
>> OVS ver: 2.7.90, today master (stp tests skipped)
>> Compiler: GCC 5.3.1, default flags
>> DPDK: 16.11.1 (from Ubuntu Cloud Archive: Ocata)
>> Env: Ubuntu 16.04.1 up-to-date.
>> Kernel: 4.8.0-41-generic
>>
>> Problem.
>> When I adds a vhost-interface into bridge OVS specifies incorrect rights for the socket:
>>
>> root at dpdk-compute0:/opt/build# ovs-vsctl add-port br-ex vhost-user-1 -- set
>> Interface vhost-user-1 type=dpdkvhostuser
>>
>> 2017-03-21T12:09:33.436Z|00115|dpdk|INFO|VHOST_CONFIG: vhost-user server: socket
>> created, fd: 46
>> 2017-03-21T12:09:33.436Z|00116|dpdk|INFO|VHOST_CONFIG: bind to
>> /var/run/openvswitch/vhost-user-1
>> 2017-03-21T12:09:33.436Z|00117|dpdk|INFO|EAL: Socket
>> /var/run/openvswitch/vhost-user-1 changed permissions to ����
>> 2017-03-21T12:09:33.436Z|00118|dpdk|ERR|EAL: user �ƿ not found, aborting.
>> 2017-03-21T12:09:33.436Z|00119|dpdk|ERR|EAL: vhost-user socket unable to get
>> specified user/group: �ƿ
>>
>>
>>
>>
>>
>>
>>
>> This worked better for me. I am using similar ovs and dpdk versions, but older
>> kernel
>>
>> and distro 3.16.0-77-generic #99~14.04.1-Ubuntu.
>>
>>
>>
>> .
>>
>> .
>>
>> 2017-03-21T23:09:21.662Z|00104|netdev_dpdk|INFO|Socket
>> /usr/local/var/run/openvswitch/vhost-user-1 created for vhost-user port vhost-user-1
>>
>> 2017-03-21T23:09:21.662Z|00105|bridge|INFO|bridge br0: added interface vhost-user-1 on port 6
>>
>> .
>>
>> .
>>
>>
>>
>>
>>
>> darrell at xxxx-xxxx-xxxx-server125:~/ovs/ovs_master$ ll
>> /usr/local/var/run/openvswitch/vhost-user-1
>>
>> srwxr-xr-x 1 root root 0 Mar 21 16:30 /usr/local/var/run/openvswitch/vhost-user-1=
>>
>>
>>
>>
>>
>> However, I have the libvirt-qemu user, you seem to be missing; well, at least
>>
>> based on the EAL logs.
>>
>>
>>
>> darrell@ xxxx-xxxx-xxxx-server125:~/ovs/ovs_master$ cat /etc/passwd | grep libvirt
>>
>> libvirt-qemu:x:105:109:Libvirt Qemu,,,:/var/lib/libvirt:/bin/false
>>
>>
>>
>> darrell@ xxxx-xxxx-xxxx-server125:~/ovs/ovs_master$ groups libvirt-qemu
>>
>> libvirt-qemu : kvm
>>
>>
>>
>> darrell@ xxxx-xxxx-xxxx-server125:~/ovs/ovs_master$ cat /etc/group | grep kvm
>>
>> kvm:x:109:
>>
>>
>>
>>
>>
>> Debug Log is here.
>>
>> For past master (2 weeks ago and with -03/march=native compiler flags) OVS was trying to
>> configure the socket owner as fdb/show.
>>
>> DPDK Settings:
>>
>> root at dpdk-compute0:/opt/build# ovs-vsctl --no-wait get Open_vSwitch . other_config
>> {dpdk-alloc-mem="2048", dpdk-extra="--vhost-owner libvirt-qemu:kvm --vhost-perm
>> 0666", dpdk-init="true", dpdk-lcore-mask="0x1", dpdk-socket-mem="1024,0"}
>>
>> OVS config:
>>
>> root at dpdk-compute0:/opt/build# ovs-vsctl show
>> 972154fa-857e-45e8-b56b-77e5cb6eb685
>> Manager "ptcp:6640:127.0.0.1"
>> is_connected: true
>> Bridge br-int
>> Controller "tcp:127.0.0.1:6633"
>> is_connected: true
>> fail_mode: secure
>> Port int-br-ex
>> Interface int-br-ex
>> type: patch
>> options: {peer=phy-br-ex}
>> Port patch-tun
>> Interface patch-tun
>> type: patch
>> options: {peer=patch-int}
>> Port br-int
>> Interface br-int
>> type: internal
>> Bridge br-ex
>> Controller "tcp:127.0.0.1:6633"
>> is_connected: true
>> fail_mode: secure
>> Port "vhost-user-1"
>> Interface "vhost-user-1"
>> type: dpdkvhostuser
>> Port phy-br-ex
>> Interface phy-br-ex
>> type: patch
>> options: {peer=int-br-ex}
>> Port br-ex
>> Interface br-ex
>> type: internal
>> Port "intel_1g_1"
>> Interface "intel_1g_1"
>> type: dpdk
>> options: {dpdk-devargs="0000:06:00.1"}
>> Bridge br-tun
>> Controller "tcp:127.0.0.1:6633"
>> is_connected: true
>> fail_mode: secure
>> Port patch-int
>> Interface patch-int
>> type: patch
>> options: {peer=patch-tun}
>> Port br-tun
>> Interface br-tun
>> type: internal
>> ovs_version: "2.7.90"
>> root at dpdk-compute0:/opt/build#
>>
>> Command for port add:
>>
>> root at dpdk-compute0:/opt/build# ovs-vsctl add-port br-ex vhost-user-1 -- set
>> Interface vhost-user-1 type=dpdkvhostuser
>>
>> Actual socket rights after vhost create:
>>
>> root at dpdk-compute0:/opt/build# ll /var/run/openvswitch/vhost-user-1
>> s--------- 1 root root 0 Mar 21 07:14 /var/run/openvswitch/vhost-user-1=
>>
>> Why this happening? And one more question: can enable a debug logs for EAL over OVS?
>>
>> Thanks for help.
>>
>> --
>>
>> Sincerely,
>>
>> Aynur Shakirov, 27.
>>
>> TIONIX RUS.
>>
>> Planet Earth, Solar System, Milky Way.
--
Sincerely,
Aynur Shakirov, 26.
TIONIX RUS.
Planet Earth, Solar System, Milky Way.
More information about the discuss
mailing list