Bug 1951551 - Live migration fails when VMI has specified port any of [22222, 49152, 49153]
Summary: Live migration fails when VMI has specified port any of [22222, 49152, 49153]
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Container Native Virtualization (CNV)
Classification: Red Hat
Component: Networking
Version: 2.6.0
Hardware: Unspecified
OS: Unspecified
high
medium
Target Milestone: ---
: 4.8.0
Assignee: Radim Hrazdil
QA Contact: Ofir Nash
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-04-20 12:17 UTC by Radim Hrazdil
Modified: 2022-05-03 13:20 UTC (History)
3 users (show)

Fixed In Version: virt-handler-container-v4.8.0-55
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-07-27 14:29:42 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github kubevirt kubevirt pull 5514 0 None Merged Avoid forwarding local traffic to ports used by live migration 2022-05-03 13:20:20 UTC
Red Hat Product Errata RHSA-2021:2920 0 None None None 2021-07-27 14:30:51 UTC

Description Radim Hrazdil 2021-04-20 12:17:53 UTC 
Description of problem:
Live Migration fails if user explicitly specifies any of the 
following ports [22222, 49152, 49153] when following documentation [0]


[0] https://docs.openshift.com/container-platform/4.7/virt/virtual_machines/vm_networking/virt-using-the-default-pod-network-with-virt.html#virt-configuring-masquerade-mode-cli_virt-using-the-default-pod-network-with-virt


Version-Release number of selected component (if applicable):


How reproducible:
100%

Steps to Reproduce:
1. create vmi with the following spec, where the port specified in masquarade interface is any from [22222, 49152, 49153]:
spec:
  domain:
    devices:
      interfaces:
        - name: default
          masquerade: {}
          ports:
            - port: 22222

(See complete manifest at the end)

2. create migration:
apiVersion: kubevirt.io/v1alpha3
kind: VirtualMachineInstanceMigration
metadata:
  name: migration
spec:
  vmiName: <vmi-cirros>


Actual results:
migration fails

Expected results:
migration should succeed. 

Additional info:

complete VMI yaml example with specified port 22222:
apiVersion: kubevirt.io/v1alpha3
kind: VirtualMachineInstance
metadata:
  labels:
    app: vmi-cirros
    special: vmi-cirros
  name: vmi-cirros
spec:
  domain:
    devices:
      interfaces:
        - name: default
          masquerade: {}
          ports:
            - port: 22222
      disks:
      - disk:
          bus: virtio
        name: containerdisk
      - disk:
          bus: virtio
        name: serviceaccountdisk
    machine:
      type: ""
    resources:
      requests:
        memory: 128M
  networks:
    - name: default
      pod: {}
  terminationGracePeriodSeconds: 0
  volumes:
  - name: containerdisk
    containerDisk:
      image: kubevirt/cirros-container-disk-demo:devel
  - name: serviceaccountdisk
    serviceAccount:
      serviceAccountName: default
Comment 1 Ofir Nash 2021-05-20 17:11:41 UTC 
Scenario verified:

1. Create and apply vmi with specified port `22222` (attached in Bug info under Additional Info)

2. Verify vmi applied successfully and running:

[cnv-qe-jenkins@onash-48-2-958d6-executor ofir]$ oc get vmi -A
NAMESPACE   NAME         AGE     PHASE     IP            NODENAME
default     vmi-cirros   4m19s   Running   10.131.0.43   onash-48-2-958d6-worker-0-vscr2

3. Create and apply migration 

apiVersion: kubevirt.io/v1alpha3
kind: VirtualMachineInstanceMigration
metadata:
  name: migration
spec:
  vmiName: vmi-cirros

4. Migration is applied successfully and succeeds:

> oc describe vmim migration
Status:
  Phase:  Succeeded
Events:
  Type    Reason               Age    From                       Message
  ----    ------               ----   ----                       -------
  Normal  SuccessfulCreate     3m48s  virtualmachine-controller  Created migration target pod virt-launcher-vmi-cirros-knfsq
  Normal  SuccessfulHandOver   3m33s  virtualmachine-controller  Migration target pod is ready for preparation by virt-handler.
  Normal  SuccessfulMigration  3m30s  virtualmachine-controller  Source node reported migration succeeded

5. Verified the same scenario with other ports specified in vmi ([49152, 49153])
Comment 4 errata-xmlrpc 2021-07-27 14:29:42 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Virtualization 4.8.0 Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:2920
Note You need to log in before you can comment on or make changes to this bug.