21 - 12 - 2024

Openvswitch + libvirt = FIX - operation not permitted

There is an issue with Libvirt and openvswitch. After a some time of usage and reboots openvswitch saves the current state into its' conf.db. This is very annoying issue because you won't be able to start VMs with this configuration, the start will end with "error: Unable to add port vnet0 to OVS bridge CORE: Operation not permitted" error. But if you know what is causing this there is easy fix for it.

 

The erros looks like this:

┌─[✗]─[19:19:22]─[root@sco]
└──> tomz $ >> virsh start _CORE_NEXUS-1
error: Failed to start domain _CORE_NEXUS-1
error: Unable to add port vnet0 to OVS bridge CORE: Operation not permitted
And the output from openvswit but can be different:
2014-02-07T15:06:58.973Z|00065|bridge|INFO|bridge CORE: added interface vnet12 on port 3
2014-02-07T15:06:59.106Z|00066|bridge|WARN|could not open network device vnet15 (No such device)
2014-02-07T15:06:59.106Z|00067|bridge|INFO|bridge NEXUS_1: added interface vnet13 on port 7
2014-02-07T15:06:59.230Z|00068|bridge|WARN|could not open network device vnet15 (No such device)
2014-02-07T15:06:59.230Z|00069|bridge|INFO|bridge NEXUS_1: added interface vnet14 on port 8
2014-02-07T15:06:59.391Z|00070|netdev_linux|WARN|ethtool command ETHTOOL_GSET on network device vnet13 failed: No such device
2014-02-07T15:06:59.445Z|00071|ofproto|WARN|CORE: cannot get STP status on nonexistent port 3
2014-02-07T15:06:59.445Z|00072|ofproto|WARN|NEXUS_1: cannot get STP status on nonexistent port 8
2014-02-07T15:06:59.445Z|00073|ofproto|WARN|NEXUS_1: cannot get STP status on nonexistent port 7
2014-02-07T15:06:59.455Z|00074|bridge|WARN|could not open network device vnet15 (No such device)
2014-02-07T15:06:59.457Z|00075|bridge|WARN|could not open network device vnet14 (No such device)
2014-02-07T15:06:59.458Z|00076|bridge|WARN|could not open network device vnet13 (No such device)
For the temporary fix we can remove conf.db and recreate it:
┌─[✗]─[19:19:22]─[root@sco]
└──> tomz $ >> virsh start _CORE_NEXUS-1
error: Failed to start domain _CORE_NEXUS-1
error: Unable to add port vnet0 to OVS bridge CORE: Operation not permitted

┌─[✗]─[19:19:48]─[root@sco]
└──> tomz $ >> systemctl stop openvswitch-switch.service

┌─[19:19:52]─[root@sco]
└──> tomz $ >> systemctl stop openvswitch.service

┌─[✗]─[19:20:09]─[root@sco]
└──> tomz $ >> rm -f /etc/openvswitch/conf.db 

┌─[✗]─[19:22:34]─[root@sco]
└──> openvswitch $ >> /etc/init.d/openvswitch-switch start
redirecting to systemctl start openvswitch-switch.service

┌─[19:22:38]─[root@sco]
└──> openvswitch $ >> ovs-vsctl list-br

┌─[19:23:30]─[root@sco]
└──> openvswitch $ >> ovs-vsctl add-br NEXUS_1

┌─[19:23:57]─[root@sco]
└──> openvswitch $ >> ovs-vsctl add-br NEXUS_2

┌─[19:23:58]─[root@sco]
└──> openvswitch $ >> ovs-vsctl add-br CORE

┌─[19:24:00]─[root@sco]
└──> openvswitch $ >> ovs-vsctl add-br EXTERNAL

┌─[19:24:04]─[root@sco]
└──> openvswitch $ >> virsh start _CORE_NEXUS-2
Domain _CORE_NEXUS-2 started
But as I said it an temporary solution, but we can make a copy of the correct file in other place and replace the config after each start of openvswitch.
[Unit]
Description=Open vSwitch
After=syslog.target network.target

[Service]
Type=oneshot
ExecStart=/etc/init.d/openvswitch-switch start
ExecStop=/etc/init.d/openvswitch-switch stop
ExecStartPre=/usr/bin/cp -f /srv/NFS/CFGs/etc/openvswitch/conf.db /etc/openvswitch/
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target
This will recover the state included in backup of conf.db. Just be sure that it has all interfaces needed.
Please see the attached files for more info.
This has been reported to openSUSE : https://bugzilla.novell.com/show_bug.cgi?id=863159 
Attachments:
Download this file (openvswitch-difference.txt)openvswitch-difference.txt[The difference between unworking and working config.db]36 kB