ignite icon indicating copy to clipboard operation
ignite copied to clipboard

Published 20 hours ago verified publisher icon weaveworks

Port mapping without protocol fails to modify iptables

Open bianchidotdev opened this issue 3 years ago • 0 comments

Hey there 👋 Trying ignite out because I love the concept of a declarative lightweight KVM based VM system.

When trying to run a VM declaratively and specifying a port mapping without a protocol results in an iptables error signifying a missing protocol. The docs state the protocol should be optional and default to tcp, but that doesn't seem to be the case. Specifying the protocol in the port mapping resolves this particular issue.

Error message:

FATA[0001] unable to setup DNAT: running [/usr/sbin/iptables -t nat -C CNI-DN-623a366de0b03c610b85a -p  --dport 3001 -s 10.61.0.5/16 -j CNI-HOSTPORT-SETMARK --wait]: exit status 2: iptables v1.8.4 (legacy): unknown protocol "" specified

Additionally, a VM created this way is in a broken state that makes it challenging to remove.

The VM is marked as stopped:

$ ignite ps -a | grep weave-ubuntu
96fbd4ec2357b46c	weaveworks/ignite-ubuntu:latest	weaveworks/ignite-kernel:5.10.51	3.0 GB	1	800.0 MB	4m8s ago	Stopped			0.0.0.0:3001->3000	weave-ubuntu

But an ignite rm command results in a device-mapper error, I'm guessing due to the volume not being unmounted properly:

$ ignite rm weave-ubuntu
FATA[0000] command ["dmsetup" "remove" "--verifyudev" "ignite-96fbd4ec2357b46c" "ignite-96fbd4ec2357b46c-base"] exited with "device-mapper: remove ioctl on ignite-96fbd4ec2357b46c  failed: Device or resource busy\nCommand failed.\n": exit status 1

Instead of mucking around with dmsetup, I was able to remove the VM after a reboot.

Diagnostics

Full runtime log:

$ ignite run --config ./weave-test.yml --ssh --interactive
INFO[0000] Created VM with ID "96fbd4ec2357b46c" and name "weave-ubuntu"
ERRO[0001] failed to setup network for namespace "ignite-96fbd4ec2357b46c": unable to setup DNAT: running [/usr/sbin/iptables -t nat -C CNI-DN-623a366de0b03c610b85a -p  --dport 3001 -s 10.61.0.5/16 -j CNI-HOSTPORT-SETMARK --wait]: exit status 2: iptables v1.8.4 (legacy): unknown protocol "" specified
Try `iptables -h' or 'iptables --help' for more information.
FATA[0001] unable to setup DNAT: running [/usr/sbin/iptables -t nat -C CNI-DN-623a366de0b03c610b85a -p  --dport 3001 -s 10.61.0.5/16 -j CNI-HOSTPORT-SETMARK --wait]: exit status 2: iptables v1.8.4 (legacy): unknown protocol "" specified
Try `iptables -h' or 'iptables --help' for more information.

VM Spec:

$ cat weave-test.yml
apiVersion: ignite.weave.works/v1alpha4
kind: VM
metadata:
  name: weave-ubuntu
spec:
  image:
    oci: weaveworks/ignite-ubuntu
  cpus: 1
  diskSize: 3GB
  memory: 800MB
  network:
    ports:
      - hostPort: 3001
        vmPort: 3000

bianchidotdev avatar Jan 26 '22 12:01 bianchidotdev