Not using the Ubuntu FAN is probably for the best then. If running other people’s workload, it’s probably a good thing being able to create separate networks, have the ability to put ACLs on those and be able to move workloads within your cluster without all addresses changing.
So for MicroOVN and Incus, what you need installed is:
- openvswitch-switch (for ovs-vsctl command)
- ovn-common (for ovn-nbctl and ovn-sbctl)
However you need to make sure that OpenVSwitch doesn’t actually start, so you’ll want to do:
- systemctl disable ovs-vswitchd openvswitch-switch
With that done, you still need to make ovs-vsctl work, the way I’ve done it is with:
[Service]
ExecStartPost=-/usr/bin/mkdir -p /run/openvswitch
ExecStartPost=-/usr/bin/mkdir -p /var/snap/microovn/common/run/switch/
ExecStartPost=-/usr/bin/umount -l /run/openvswitch/
ExecStartPost=-/usr/bin/mount -o bind /var/snap/microovn/common/run/switch/ /run/openvswitch/
Which you can add as an override on snap.microovn.switch.service with systemctl edit snap.microovn.switch.
With that done and MicroOVN or the system restarted, you should now have ovs-vsctl show work properly.’
And can finally configure Incus to use MicroOVN with:
. /var/snap/microovn/common/data/ovn.env
incus config set network.ovn.northbound_connection="${OVN_NB_CONNECT}"
cat /var/snap/microovn/common/data/pki/client-cert.pem | incus config set network.ovn.client_cert -
cat /var/snap/microovn/common/data/pki/client-privkey.pem | incus config set network.ovn.client_key -
cat /var/snap/microovn/common/data/pki/cacert.pem | incus config set network.ovn.ca_cert -
That will result in your OVN connection string and certificates being loaded into the Incus config (requires Incus 0.4 or higher) which you can confirm with incus config show.