Re: [libvirt-users] Error starting domain: internal error: Unable to add port vnet0 to OVS bridge br0

Tuesday, 26 March 2019

I added libvirt-users(a)redhat.com back to the Cc for this response. 
Please don't remove the list address when responding to postings on a 
mailing list. A message to the list is *much* more likely to reach 
someone who knows the answer than is a private message to a single person.

On 3/26/19 10:03 AM, Harsh Gondaliya wrote:
...
 Mar 26 19:25:01 dpdk-OptiPlex-5040 libvirtd.service: 20423: error : 
 virCommandWait:2553 : internal error: Child process (ovs-vsctl 
 --timeout=5 -- --if-exists del-port vnet0 -- add-port br0 vnet0 -- set 
 Interface vnet0 'external-ids:attached-mac="52:54:00:90:c6:c3"' -- set

 Interface vnet0 
 'external-ids:iface-id="a9700eff-03a7-4c47-a112-429fc20677a2"' -- set 
 Interface vnet0 
 'external-ids:vm-id="41b4eef0-b820-41da-9034-9de22e1379e0"' -- set 
 Interface vnet0 external-ids:iface-status=active) unexpected exit status 
 126:
 *
 *
 *libvirt:  error : cannot execute binary ovs-vsctl: Permission denied*

 Mar 26 19:25:01 dpdk-OptiPlex-5040 kernel: [ 1932.243181] audit: 
 type=1400 audit(1553608501.701:59): apparmor="DENIED"
operation="exec" 
 profile="/usr/sbin/libvirtd" name="/usr/local/bin/ovs-vsctl"
pid=20679 
 comm="libvirtd" requested_mask="x" denied_mask="x" fsuid=0
ouid=0 
AppArmor is prohibiting it for some reason. I don't run debian or 
ubuntu, so I don't have any idea how AppArmor works. Possibly someone 
else on the list knows (or maybe you could search for help on AppArmor 
somewhere).

...

 Mar 26 19:25:01 dpdk-OptiPlex-5040 libvirtd.service: 20423: debug : 
 virCommandRun:2280 : Result status 0, stdout: '' stderr: 'libvirt:  
 error : cannot execute binary ovs-vsctl: Permission denied#012'
 Mar 26 19:25:01 dpdk-OptiPlex-5040 libvirtd.service: 20423: error : 
 virNetDevOpenvswitchAddPort:155 : internal error: Unable to add port 
 vnet0 to OVS bridge br0
 Mar 26 19:25:01 dpdk-OptiPlex-5040 NetworkManager[1096]: <info>  
 [1553608501.7126] devices removed (path: /sys/devices/virtual/net/vnet0, 
 iface: vnet0)

 libvrt does not have permissions to execute ovs-vsctl. How can I get 
 this issue sorted out?

 On Wed, Mar 20, 2019 at 12:10 AM Laine Stump <laine(a)redhat.com 
 <mailto:laine@redhat.com>> wrote:

     On 3/15/19 3:21 AM, Harsh Gondaliya wrote:
      > I have installed OVS from sources using the installation steps
     mentioned
      > on this link:
     http://docs.openvswitch.org/en/latest/intro/install/general/
      >
      > I had installed libvrt, KVM, QEMU and all the necessary packages
     using
      > apt-get. My KVM-QEMU hypervisor has been running well.
      >
      > To add a VM with the port attached to OVS bridge I changed the XML
      > domain file as per the instructions on this page:
      > http://docs.openvswitch.org/en/latest/howto/libvirt/
      >
      > But the when I start the VM using the Virtual Machine Manager I get
      > the following error:
      > *Error starting domain: internal error: Unable to add port vnet0
     to OVS
      > bridge br0*

     libvirt is creating a tap device, then running ovs-vsctl to attempt to
     attach it to the configured switch. To see what command is run, and
     what
     error is output, add this to your /etc/libvirt/libvirt.d:

         log_filters="1:util.command 1:util.netdevopenvswitch"
         log_outputs="1:syslog:libvirtd.service"

     and restart the libvirt service, then attempt to start your guest while
     watching the system logs. You will see an ovs-vsctl command run by
     virCommandRunAsync. That command and its output should give you a clue
     to what is missing from the locally-built openvswitch vs the official
     package installed with apt-get.

      > Traceback (most recent call last):
      >    File "/usr/share/virt-manager/virtManager/asyncjob.py", line
     90, in
      > cb_wrapper
      >      callback(asyncjob, *args, **kwargs)
      >    File "/usr/share/virt-manager/virtManager/asyncjob.py", line
     126, in
      > tmpcb
      >      callback(*args, **kwargs)
      >    File "/usr/share/virt-manager/virtManager/libvirtobject.py",
     line 83,
      > in newfn
      >      ret = fn(self, *args, **kwargs)
      >    File "/usr/share/virt-manager/virtManager/domain.py", line
     1402, in
      > startup
      >      self._backend.create()
      >    File "/usr/lib/python2.7/dist-packages/libvirt.py", line 1035,
     in create
      >      if ret == -1: raise libvirtError ('virDomainCreate()
     failed', dom=self)
      > libvirtError: internal error: Unable to add port vnet0 to OVS
     bridge br0
      >
      > My output for ovs-vsctl show:
      > 3c28f516-dd5c-43cf-bea1-7c068668d1f6
      >      Bridge "br0"
      >          Port "enp0s31f6"
      >              Interface "enp0s31f6"
      >          Port "br0"
      >              Interface "br0"
      >                  type: internal
      >      ovs_version: "2.11.90"
      >
      > *However, when OVS is installed using apt-get rather than installing
      > from source or tarball, all these steps work very well.*
      > *
      > *
      > Please guide me why this error is occurring. I am using Ubuntu
     16.04 LTS
      > as my host machine. Many users are facing this issue and they have
      > reported it on OVS and other mailing lists. But, none is able to
     give a
      > satisfactory solution.
      >
      > Regards,
      > Harsh
      >
      >
      > _______________________________________________
      > libvirt-users mailing list
      > libvirt-users(a)redhat.com <mailto:libvirt-users@redhat.com>
      > https://www.redhat.com/mailman/listinfo/libvirt-users
      >

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

Re: [libvirt-users] Error starting domain: internal error: Unable to add port vnet0 to OVS bridge br0