Hi,
first of all thank you for adding that. I tried it a bit this morning and while it generally worked \o/ I ran into a few things I wanted to start a discussion on before considering to open bugs.
After spawning a new machine and trying to use virsh on it the first you get is:
$ multipass.virsh edit up-pony
error: failed to connect to the hypervisor
error: no valid connection
error: Failed to connect socket to '/var/snap/multipass/common/run/libvirt/libvirt-sock': Permission denied
I realized this is due to:
$ ll /var/snap/multipass/common/run/libvirt/libvirt-sock
srwx------ 1 root root 0 Apr 23 07:51 /var/snap/multipass/common/run/libvirt/libvirt-sock=
So I can work with it via sudo, but that feels odd.
Usually in Ubuntu access to this socket is controlled by membership to libvirtd
srwx------ 1 root libvirtd 0 Apr 23 07:02 /var/run/libvirt/libvirt-admin-sock=
srwxrwx--- 1 root libvirtd 0 Apr 23 07:02 /var/run/libvirt/libvirt-sock=
srwxrwxrwx 1 root libvirtd 0 Apr 23 07:02 /var/run/libvirt/libvirt-sock-ro=
I can see why in a snap you can’t rely on group ownership outside the snap.
I haven’t worked too much with snaps in regard to access control, but it would be nice if there is a way to automatically allow at least the user that installed it.
BTW I appreciate that the read-only socket works and that I can attach external libvirt versions.
Here the one of Ubuntu Cloud Archive pike listing my guest:
virsh -c qemu+unix:///system?socket=/var/snap/multipass/common/run/libvirt/libvirt-sock-ro list
Id Name State
----------------------------------------------------
1 up-pony running
Maybe for transparency and ease of use multipass could expose multipass.virsh with slight options:
- multipass.virsh could auto-run sudo internally to be allowed to connect (just a wrapper)
- multipass.virsh-ro could auto-add the -c for the RO connection
What do you think about that?
After finding the above I was able to add a secondary interface with multiple virtio queues and modified checksumming settings as well as passing through all my cpu features, by adding:.
<cpu mode='host-passthrough'/>
...
<interface type='bridge'>
<source bridge='mpbr0'/>
<model type='virtio'/>
<driver name='vhost' ioeventfd='on' queues='6'>
<host csum='off'/>
<guest csum='off'/>
</driver>
</interface>
Which is something I’d have had no way to do before - so \o/ !