Hi.
I'd like to use Openvswitch while running libvirt as an unprivileged user
(qemu:///session).
As expected, system session works just fine with OVS.
When I try to start the domain from user session, with the relevant network part of the
domain xml edited to use openvswitch, like this
---
<interface type='bridge'>
<mac address='52:54:00:4a:ef:bb'/>
<source bridge='ovs-br'/>
<virtualport type='openvswitch'>
<parameters interfaceid='33ec3d9d-a92a-468e-aa48-6c31f7882d6f'/>
</virtualport>
<target dev='veth0-ovs'/>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x00'
slot='0x07' function='0x0'/>
</interface>
---
I get this error:
---
start freebsd-10.3
error: Failed to start domain freebsd-10.3
error: internal error: /usr/lib/qemu/qemu-bridge-helper --use-vnet --br=ovs-br --fd=19:
failed to communicate with bridge helper: Transport endpoint is not connected
stderr=failed to add interface `tap0' to bridge `ovs-br': Operation not supported
---
Now, if I understand correctly, this is Qemu, not libvirt error?
Libvirt prepares the network, passes it to qemu-bridge-helper, which has no idea what to
do with it, since it's not the regular bridge, and barfs?
The reason I ask is because I saw calls to ovs-vsctl in the logs when I did the same thing
using qemu:///system.
My question (finally):
if I reconfigure OVS to not run as root:root, but as ovs:ovs, and add the user to that
group,
will libvirt/virsh automagically figure out that the user has permissions to run
ovs-whatever and
write permission to /var/run/openvswitch/db.sock, so there is no need for
qemu-bridge-helper, and
just set up the network, just like when system sesion is used, or is using
qemu-bridge-helper the only option available for non-root users ?
If it is, due to some Linux constraints, I'll curse a bit and migrate the domains :)
And, before I forget, I am using libvirt and qemu built from git master, and
openvswitch-2.5.0
Pedja