[libvirt-users] create ovs port without root
Hello! How can i operate with openvswitch without root rights? For example - i can add my user to kvm group and create vm from libvirt with my own user, but now i'm failed with creating port. errors in logs: Mar 06 14:04:46 selfip.ru ovs-vsctl[19065]: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port Mar 06 14:04:46 selfip.ru ovs-vsctl[19065]: ovs|00002|vsctl|ERR|'del-port' command requires at least 1 arguments Mar 06 14:04:46 selfip.ru libvirtd[6418]: internal error: Child process (ovs-vsctl --timeout=5 -- --if-exists del-port) unexpected exit status 1: ovs-vsctl: 'del-port' command requires at least 1 arguments Mar 06 14:04:46 selfip.ru libvirtd[6418]: Unable to delete port (null) from OVS: Operation not permitted -- Vasiliy Tolstov, e-mail: v.tolstov@selfip.ru jabber: vase@selfip.ru
The error that you're showing doesn't appear to be related to permissions; the "ovs-vsctl del-port" command requires that you specify the port that you want to delete. --Justin On Mar 6, 2014, at 2:05 AM, Vasiliy Tolstov <v.tolstov@selfip.ru> wrote:
Hello! How can i operate with openvswitch without root rights? For example - i can add my user to kvm group and create vm from libvirt with my own user, but now i'm failed with creating port.
errors in logs: Mar 06 14:04:46 selfip.ru ovs-vsctl[19065]: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port Mar 06 14:04:46 selfip.ru ovs-vsctl[19065]: ovs|00002|vsctl|ERR|'del-port' command requires at least 1 arguments Mar 06 14:04:46 selfip.ru libvirtd[6418]: internal error: Child process (ovs-vsctl --timeout=5 -- --if-exists del-port) unexpected exit status 1: ovs-vsctl: 'del-port' command requires at least 1 arguments Mar 06 14:04:46 selfip.ru libvirtd[6418]: Unable to delete port (null) from OVS: Operation not permitted
-- Vasiliy Tolstov, e-mail: v.tolstov@selfip.ru jabber: vase@selfip.ru _______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
2014-03-06 22:27 GMT+04:00 Justin Pettit <jpettit@nicira.com>:
The error that you're showing doesn't appear to be related to permissions; the "ovs-vsctl del-port" command requires that you specify the port that you want to delete.
Yes, but how i understand libvirt with user rights can't connect to ovs-vswitchd socket.... -- Vasiliy Tolstov, e-mail: v.tolstov@selfip.ru jabber: vase@selfip.ru
Start openvswitch service Le 6 mars 2014 19:27, "Justin Pettit" <jpettit@nicira.com> a écrit :
The error that you're showing doesn't appear to be related to permissions; the "ovs-vsctl del-port" command requires that you specify the port that you want to delete.
--Justin
On Mar 6, 2014, at 2:05 AM, Vasiliy Tolstov <v.tolstov@selfip.ru> wrote:
Hello! How can i operate with openvswitch without root rights? For example - i can add my user to kvm group and create vm from libvirt with my own user, but now i'm failed with creating port.
errors in logs: Mar 06 14:04:46 selfip.ru ovs-vsctl[19065]: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port Mar 06 14:04:46 selfip.ru ovs-vsctl[19065]: ovs|00002|vsctl|ERR|'del-port' command requires at least 1 arguments Mar 06 14:04:46 selfip.ru libvirtd[6418]: internal error: Child process (ovs-vsctl --timeout=5 -- --if-exists del-port) unexpected exit status 1: ovs-vsctl: 'del-port' command requires at least 1 arguments Mar 06 14:04:46 selfip.ru libvirtd[6418]: Unable to delete port (null) from OVS: Operation not permitted
-- Vasiliy Tolstov, e-mail: v.tolstov@selfip.ru jabber: vase@selfip.ru _______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
_______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
On Thu, Mar 06, 2014 at 02:05:15PM +0400, Vasiliy Tolstov wrote:
Hello! How can i operate with openvswitch without root rights? For example - i can add my user to kvm group and create vm from libvirt with my own user, but now i'm failed with creating port.
errors in logs: Mar 06 14:04:46 selfip.ru ovs-vsctl[19065]: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port Mar 06 14:04:46 selfip.ru ovs-vsctl[19065]: ovs|00002|vsctl|ERR|'del-port' command requires at least 1 arguments Mar 06 14:04:46 selfip.ru libvirtd[6418]: internal error: Child process (ovs-vsctl --timeout=5 -- --if-exists del-port) unexpected exit status 1: ovs-vsctl: 'del-port' command requires at least 1 arguments Mar 06 14:04:46 selfip.ru libvirtd[6418]: Unable to delete port (null) from OVS: Operation not permitted
I assume that any admin commands related to OVS will require CAP_NET_ADMIN as is required for all non-OVS network tasks too, which pretty much means you have to be root. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
Thanks for answers,but as I see libvirt call ovs-vsctl that tries to connect to ovs-vswitchd socket,that have rw to root.how can I specify socket permissions in vswitchd? On Thu, Mar 06, 2014 at 02:05:15PM +0400, Vasiliy Tolstov wrote:
Hello! How can i operate with openvswitch without root rights? For example - i can add my user to kvm group and create vm from libvirt with my own user, but now i'm failed with creating port.
errors in logs: Mar 06 14:04:46 selfip.ru ovs-vsctl[19065]: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port Mar 06 14:04:46 selfip.ru ovs-vsctl[19065]: ovs|00002|vsctl|ERR|'del-port' command requires at least 1 arguments Mar 06 14:04:46 selfip.ru libvirtd[6418]: internal error: Child process (ovs-vsctl --timeout=5 -- --if-exists del-port) unexpected exit status 1: ovs-vsctl: 'del-port' command requires at least 1 arguments Mar 06 14:04:46 selfip.ru libvirtd[6418]: Unable to delete port (null) from OVS: Operation not permitted
I assume that any admin commands related to OVS will require CAP_NET_ADMIN as is required for all non-OVS network tasks too, which pretty much means you have to be root. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/:| |: http://libvirt.org -o- http://virt-manager.org:| |: http://autobuild.org -o- http://search.cpan.org/~danberr/:| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc:|
I don't believe we have a feature for that yet, but it seems like a reasonable feature to add if you wish to contribute it. On Fri, Mar 7, 2014 at 3:02 AM, Vasiliy Tolstov <v.tolstov@selfip.ru> wrote:
Thanks for answers,but as I see libvirt call ovs-vsctl that tries to connect to ovs-vswitchd socket,that have rw to root.how can I specify socket permissions in vswitchd?
On Thu, Mar 06, 2014 at 02:05:15PM +0400, Vasiliy Tolstov wrote:
Hello! How can i operate with openvswitch without root rights? For example - i can add my user to kvm group and create vm from libvirt with my own user, but now i'm failed with creating port.
errors in logs: Mar 06 14:04:46 selfip.ru ovs-vsctl[19065]: ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists del-port Mar 06 14:04:46 selfip.ru ovs-vsctl[19065]: ovs|00002|vsctl|ERR|'del-port' command requires at least 1 arguments Mar 06 14:04:46 selfip.ru libvirtd[6418]: internal error: Child process (ovs-vsctl --timeout=5 -- --if-exists del-port) unexpected exit status 1: ovs-vsctl: 'del-port' command requires at least 1 arguments Mar 06 14:04:46 selfip.ru libvirtd[6418]: Unable to delete port (null) from OVS: Operation not permitted
I assume that any admin commands related to OVS will require CAP_NET_ADMIN as is required for all non-OVS network tasks too, which pretty much means you have to be root.
Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- "I don't normally do acked-by's. I think it's my way of avoiding getting blamed when it all blows up." Andrew Morton
participants (5)
-
Aymen Fitati -
Ben Pfaff -
Daniel P. Berrange -
Justin Pettit -
Vasiliy Tolstov