I'll see if I can find a PoE switch.  In the meantime, I understand that a PoE injector might not be supported, but I _do_ see traffic on the other side, so it looks like the AP is trying to do something:

10:19:59.183929 IP (tos 0x0, ttl 250, id 22778, offset 0, flags [none], proto UDP (17), length 332)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 48:8b:0a:XX:XX:XX (oui Unknown), length 304, xid 0x6b2ad88d, Flags [Broadcast] (0x8000)
          Client-Ethernet-Address 48:8b:0a:XX:XX:XX (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x----------
            DHCP-Message Option 53, length 1: Release
            Server-ID Option 54, length 4: 0.0.0.0
            Client-ID Option 61, length 7: ether 48:8b:0a:XX:XX:XX
            Vendor-Class Option 60, length 16: "Cisco AP C9130AX"
            Parameter-Request Option 55, length 10:
              Subnet-Mask, Domain-Name, Default-Gateway, BR
              Hostname, Domain-Name-Server, LOG, MTU
              NTP, Vendor-Option

 (this is the output of `tcpdump` on the interface on the linux side).  So I have a feeling if I could just get the WLC software running, it could talk to the AP.  

I would also like to point out that my original post was regarding the installation of the 9800-CL software on Linux KVM, as described in https://www.cisco.com/c/en/us/products/collateral/wireless/catalyst-9800-cl-wireless-controller-cloud/nb-06-cat9800-cl-wirel-cloud-dep-guide-cte-en.html#Deployingthe9800CLonLinuxKVM , so I assume that this _is_ supported behavior.  

So @david101011 - see the 9800-CL release notes for supported hypervisors and platforms - anything else is NOT supported as Marce has said.

For PoE you can use a PoE switch or power injector (802.3at/POE+).

You do not need a separate WLC - you can convert the AP to run Embedded Wireless Controller (EWC) on AP.  This installs a cut-down version of the IOS-XE WLC image on the AP which then runs the WLC and AP processes separately on the AP.  You need a DHCP server which can provide at least 2 IP addresses because the WLC and the AP both require an IP.  Once you have it setup you can change to static IPs if required.

https://www.cisco.com/c/en/us/products/collateral/wireless/catalyst-9800-series-wireless-controllers/nb-o6-embded-wrls-cont-ds-cte-en.html
https://www.cisco.com/c/en/us/products/collateral/wireless/embedded-wireless-controller-catalyst-access-points/white-paper-c11-743398.html
https://www.cisco.com/c/en/us/support/docs/wireless/embedded-wireless-controller-on-catalyst-access-points/215303-embedded-wireless-controller-conversion.html
https://www.cisco.com/c/en/us/products/collateral/wireless/catalyst-9800-series-wireless-controllers/q-and-a-c67-743152.html
https://www.cisco.com/c/en/us/td/docs/wireless/controller/ewc/17-9/config-guide/ewc_cg_17_9.html

For the record, I was able to get it to at least talk to the WLC if I used the virtual bridge as the management interface, and a bridge to the physical card as the 2nd (PCI passthrough would not work for me).  The command to create the image was something like:

sudo virt-install   \
    --virt-type=kvm   \
    --name C9800  \
    --ram 16384  \
    --vcpus=9     \
    --hvm  \
    --cdrom=/path/to/C9800-CL-universalk9.17.09.03.iso \
    --network bridge=virbr0,model=virtio \
    --network bridge=br0,model=virtio \
    --graphics vnc  \
    --disk path=/var/lib/libvirt/images/C9800.qcow2,size=8,bus=virtio,format=qcow2

I got pretty far with this.  The WLC was able to see the device and talk to it.  However, I hit the next brick wall when I'm unable to configure it because apparently version 8.10.130.0 is too old to be configured with anything.  The AP console shows an "out of space" error:

...
[*08/07/2023 19:36:24.0158] upgrade.sh: /tmp space: OK available 80600, required 40000 
[*08/07/2023 19:36:24.0163] wtpImgFileReadRequest: request ap1g6a, local /tmp/part.tar
[*08/07/2023 19:36:24.0181] Image Data Request sent to 192.168.122.2, fileName [ap1g6a], slaveStatus 0
[*08/07/2023 19:36:24.0196] Image Data Response from 192.168.122.2
[*08/07/2023 19:36:24.0196] AC accepted join request with result code: 0
[*08/07/2023 19:36            
AP1#
AP1#..................................................
[*08/07/2023 19:36:50.0911] .......................Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: Image Data(10).
[*08/07/2023 19:36:55.6436] ...........................
[*08/07/2023 19:37:08.3372] .....................................<30>systemd[1]: Starting Pnp Watcher...
[*08/07/2023 19:37:20.8715] Warning: Stopping dbg_day0_bundle.service, but it can still be activated by:
[*08/07/2023 19:37:20.8716]   dbg_day0_bundle.timer
[*08/07/2023 19:37:21.1631] ............<30>systemd[1]: Stopped Pnp agent.
[*08/07/2023 19:37:24.2132] .
[*08/07/2023 19:37:24.4398] ..................................................
[*08/07/2023 19:37:36.1966] .........Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: Image Data(10).
[*08/07/2023 19:37:42.3446] .Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: Image Data(10).
[*08/07/2023 19:37:42.5553] Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: Image Data(10).
[*08/07/2023 19:37:42.5715] ........................................
[*08/07/2023 19:37:54.5462] .......................................Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: Image Data(10).
[*08/07/2023 19:38:06.7515] ...........
[*08/07/2023 19:38:15.1207] ..........Invalid event 56 & state 10 combination.
[*08/07/2023 19:38:17.8069] Failed to handle timer message.
[*08/07/2023 19:38:18.0955] ...> 84387840 bytes, 62742 msgs, 1195 last
[*08/07/2023 19:38:21.3307] Last block stored, IsPre 0, WriteTaskId 0
[*08/07/2023 19:38:21.3309] wtpProcessImageDataRequest(10): fileName ap1g6a, pre 0
[*08/07/2023 19:38:21.3554] upgrade.sh: Script called with args:[PREDOWNLOAD]
[*08/07/2023 19:38:21.3872] do PREDOWNLOAD, part2 is active part
[*08/07/2023 19:38:21.4018] upgrade.sh: Start doing upgrade arg1=PREDOWNLOAD arg2= arg3= ...
[*08/07/2023 19:38:21.4585] upgrade.sh: Using image /tmp/part.tar on axel-qca ...
[*08/07/2023 19:38:21.4587] sh: write error: No space left on device
[*08/07/2023 19:38:21.4639] tar: write error: No space left on device

I can't upgrade it either, because as I said before, I'm just a sole developer with no support contract.

I also can't load in the software for the EWC, presumably because of the same "out of space" problem.  It goes through the TFTP step and fails after a while, just saying "Terminated, curl: (143) Error".  No idea what to try next.

This is a known issue - which is why in the release notes https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-9/release-notes/rn-17-9-9800.html you'll see Upgrade Path for Deployments with 9130 or 9124!  The AP must be upgraded first to 17.3.5 or later and then to 17.9.x.  You'd be best upgrading the AP to 8.10.185.0 - 15.3(3)JK9 - before trying that though.

> You'd be best upgrading the AP to 8.10.185.0 - 15.3(3)JK9

Which I cannot do without a service contract with Cisco, correct?

Thank you.  I will go back to my client to tell them they have purchased a 1000 USD useless piece of plastic and recommend they avoid buying Cisco products again.  

Well it's about buying the right product for the right solution and customer.
The 9130 is a very capable high end AP but customers which use the Cisco enterprise products (like the 9130 AP) will normally buy that together with a support contract for software updates and TAC support.

Customers looking for a single AP solution without any support or subscription are probably better placed looking at the Meraki Go range.  https://www.meraki-go.com/products/wifi-access-points/