Clear Linux + KVM + OpenVswitch

Gorian · May 10, 2023, 6:54pm

Yeah, I was going to suggest this next - run everything as root (services, etc) and then add yourself to the right groups for actually managing VMs

Gorian · May 10, 2023, 6:57pm

What issues are you having with Open vSwitch? In my experience, it’s pretty much the same across all distributions. Start the service, then use ovs-vsctl to configure the network. On my Clear Linux hosts, I’m using Open vSwitch to manage the interface configurations - bonds, vlans, bridges, etc. - and then systemd to actually assign the IPs to the resulting virtual interfaces, and it seems to be working fine. (this is how other solutions like proxmox use it, iirc)

anowak · May 10, 2023, 10:07pm

Hi Marioroy,

KVM works fine for me. I too have my USER added to the following groups

$ groups
wheel qemu kvm libvirt kvmadm

Is there a group for access to openvswitch through KVM.

Regards

anowak · May 10, 2023, 11:26pm

Gorian,

I think I may have worded the question incorrectly, and may have been misinterpreted. Openvswitch works just fine, as root, as it does in other distributions. I can create bridges, VLAN etc. What I can’t find is how I can give a user rights to doing the configurations. Is there a specific group I can add the user too. Or chmod a directory/file?

Kind Regards

anowak · May 11, 2023, 3:35am

Alright so I configured kvm using root.

 $ sudo virsh net-list
 Name          State    Autostart   Persistent
------------------------------------------------
 ovs-network   active   yes         yes

 $ sudo virsh pool-list
 Name   State    Autostart
----------------------------
 iso    active   yes
 vms    active   yes

# Also installed the VM using root which works fine.
$ sudo virt-install --name toad --memory 4096 --disk toad.qcow2,pool=vms,bus=virtio,size=10 --vcpus 2 --os-variant debian11 --network network=ovs-network,model=virtio --graphic spice,listen='0.0.0.0' --boot hd --noautoconsole --features kvm_hidden=on --autostart --cdrom /opt/kvm/iso/debian-11.7.0-amd64-netinst.iso

Starting install...
Allocating 'toad.qcow2'                                                                                                                                                                                                               |    0 B  00:00:00 ...
Creating domain...                                                                                                                                                                                                                    |    0 B  00:00:00

Domain is still running. Installation may be in progress.
You can reconnect to the console to complete the installation process.

# And I can see VM running
 $ sudo virsh list
 Id   Name   State
----------------------
 2    toad   running

If I try seeing/managing this as the user - they see nothing.

 $ virsh list --all
 Id   Name   State
--------------------

$ virsh net-list --all
 Name   State   Autostart   Persistent
----------------------------------------

$ virsh pool-list --all
 Name   State   Autostart
---------------------------

How do I give USER access to the VMs created under root account?

anowak · May 11, 2023, 4:21am

Yay! I have resolved the issue - such a simple and stupid mistake!

I forgot to create ~/.config/libvirt/libvirt.conf with the following line:

uri_default = "qemu:///system"

I missed it in my notes! Aaaghhh!!

Really appreciate your help.

Happy to post the full deployment here for anyone else

anowak · May 12, 2023, 12:04am

Hi All,

Here is my working solution.

After Initial installation of Clear Linux.

add user kadmin

Change the hostname

sudo hostnamectl hostname kvm01

Add Required Bundles

Install the KVM bundles

sudo swupd bundle-add kvm-host

Install the tools for creating virtual machines

sudo swupd bundle-add virt-manager

Install Openvswitch bundle.

sudo swupd bundle-add openvswitch

Install vim for modifying files.

##### Optional Bundles
sudo swupd bundle-add vim

Add wget for pulling down ISO images

sudo swupd bundle-add wget

Install Network Basics which will give you ping command

sudo swupd bundle-add network-basic

Add user to groups

Set permissions for user

sudo usermod -G kvm -a kadmin
# Add access to virsh commands
sudo usermod -G libvirt -a kadmin
# refresh the group.
exec newgrp kvm
exec newgrp libvirt
exec newgrp kvmadm

Enable and start required services

sudo systemctl enable libvirtd
sudo systemctl start libvirtd

Disable network manager

sudo systemctl status NetworkManager
sudo systemctl stop NetworkManager
sudo systemctl disable NetworkManager
sudo systemctl mask NetworkManager

Enable systemd-networkd.

sudo systemctl status systemd-networkd
sudo systemctl enable systemd-networkd
sudo systemctl start systemd-networkd
sudo systemctl enable systemd-resolved

Enable openvswitch services

sudo systemctl enable openvswitch
sudo systemctl start openvswitch

System Configurations

(Optional) Before starting configure default vim file.

touch ~/.vimrc

mkdir -p ~/.config/libvirt
vim ~/.config/libvirt/libvirt.conf
# Add line to file
uri_default = "qemu:///system"

Create network configuration files.

sudo mkdir -p /etc/systemd/network/

Create a bridge network file sudo vim /etc/systemd/network/70-ovs-br0.network

[Match]
Name=ovs-br0

[Network]
DHCP=yes

Copy the default sudo vim /etc/systemd/network/71-ovs-br0-eno1.network file for the ethernet adapter…

[Match]
Name=eno1

[Network]
Bridge=ovs-br0
IPForward=ipv4

OpenvSwitch configuration - Run direct terminal - will lose network connectivity.

Show the openvswitch configuration

sudo ovs-vsctl show
6aa580b5-5f3a-4dfe-9d0c-ad8addd0078a
    ovs_version: "3.1.0"

Create network bridge in ovs before resetting systemd-network

sudo ovs-vsctl add-br ovs-br0
sudo ovs-vsctl add-port ovs-br0 eno1
sudo ip link set ovs-br0 up
sudo systemctl restart systemd-networkd

Create KVM folders - still working out permissions

sudo mkdir -p /opt/kvm/vms
sudo mkdir -p /opt/kvm/iso
sudo chmod -R 775 /opt/kvm/
sudo chown -R root:kvm /opt/kvm
sudo chmod -R g+s kvm/

Define Networks

In home directory create network.xml

<network>
    <name>ovs-network</name>
    <forward mode='bridge' />
    <bridge name='ovs-br0' />
    <model type='virtio'/>
    <virtualport type='openvswitch' />
    <portgroup name='native' default='yes' />
    <portgroup name='vlan60'>
        <vlan>
            <tag id='60' />
        </vlan>
    </portgroup>
       <portgroup name='vlan80'>
        <vlan>
            <tag id='80' />
        </vlan>
    </portgroup>
</network>

Define network in kvm

virsh net-define network.xml
virsh net-start ovs-network
virah net-autostart ovs-network

Define Storage

In home directory create store.xml

<pool type="dir">
  <name>vms</name>
  <target>
    <path>/opt/kvm/vms</path>
  </target>
</pool>

Define storage in kvm

virsh pool-define store.xml
virsh pool-start vms
virah pool-autostart vms

Create a VM on native VLAN

virt-install --name cl01 --memory 2048 --disk cl01.qcow2,pool=vms,bus=sata,size=15 --vcpus 2 --os-variant clearlinux --network network=ovs-network,model=virtio --graphic spice,listen='0.0.0.0' --boot hd --noautoconsole --features kvm_hidden=on --autostart --cdrom /opt/kvm/iso/clear-39030-live-server.iso

Create a VM on native VLAN60

virt-install --name cl02 --memory 2048 --disk cl02.qcow2,pool=vms,bus=sata,size=15 --vcpus 2 --os-variant clearlinux --network network=ovs-network,portgroup='vlan60',model=virtio --graphic spice,listen='0.0.0.0' --boot hd --noautoconsole --features kvm_hidden=on --autostart --cdrom /opt/kvm/iso/clear-39030-live-server.iso

Regards