Skip to content
This repository has been archived by the owner on Dec 7, 2023. It is now read-only.

Port mapping without protocol fails to modify iptables #891

Open
bianchidotdev opened this issue Jan 26, 2022 · 0 comments
Open

Port mapping without protocol fails to modify iptables #891

bianchidotdev opened this issue Jan 26, 2022 · 0 comments

Comments

@bianchidotdev
Copy link

Hey there 馃憢
Trying ignite out because I love the concept of a declarative lightweight KVM based VM system.

When trying to run a VM declaratively and specifying a port mapping without a protocol results in an iptables error signifying a missing protocol. The docs state the protocol should be optional and default to tcp, but that doesn't seem to be the case. Specifying the protocol in the port mapping resolves this particular issue.

Error message:

FATA[0001] unable to setup DNAT: running [/usr/sbin/iptables -t nat -C CNI-DN-623a366de0b03c610b85a -p  --dport 3001 -s 10.61.0.5/16 -j CNI-HOSTPORT-SETMARK --wait]: exit status 2: iptables v1.8.4 (legacy): unknown protocol "" specified

Additionally, a VM created this way is in a broken state that makes it challenging to remove.

The VM is marked as stopped:

$ ignite ps -a | grep weave-ubuntu
96fbd4ec2357b46c	weaveworks/ignite-ubuntu:latest	weaveworks/ignite-kernel:5.10.51	3.0 GB	1	800.0 MB	4m8s ago	Stopped			0.0.0.0:3001->3000	weave-ubuntu

But an ignite rm command results in a device-mapper error, I'm guessing due to the volume not being unmounted properly:

$ ignite rm weave-ubuntu
FATA[0000] command ["dmsetup" "remove" "--verifyudev" "ignite-96fbd4ec2357b46c" "ignite-96fbd4ec2357b46c-base"] exited with "device-mapper: remove ioctl on ignite-96fbd4ec2357b46c  failed: Device or resource busy\nCommand failed.\n": exit status 1

Instead of mucking around with dmsetup, I was able to remove the VM after a reboot.

Diagnostics

Full runtime log:

$ ignite run --config ./weave-test.yml --ssh --interactive
INFO[0000] Created VM with ID "96fbd4ec2357b46c" and name "weave-ubuntu"
ERRO[0001] failed to setup network for namespace "ignite-96fbd4ec2357b46c": unable to setup DNAT: running [/usr/sbin/iptables -t nat -C CNI-DN-623a366de0b03c610b85a -p  --dport 3001 -s 10.61.0.5/16 -j CNI-HOSTPORT-SETMARK --wait]: exit status 2: iptables v1.8.4 (legacy): unknown protocol "" specified
Try `iptables -h' or 'iptables --help' for more information.
FATA[0001] unable to setup DNAT: running [/usr/sbin/iptables -t nat -C CNI-DN-623a366de0b03c610b85a -p  --dport 3001 -s 10.61.0.5/16 -j CNI-HOSTPORT-SETMARK --wait]: exit status 2: iptables v1.8.4 (legacy): unknown protocol "" specified
Try `iptables -h' or 'iptables --help' for more information.

VM Spec:

$ cat weave-test.yml
apiVersion: ignite.weave.works/v1alpha4
kind: VM
metadata:
  name: weave-ubuntu
spec:
  image:
    oci: weaveworks/ignite-ubuntu
  cpus: 1
  diskSize: 3GB
  memory: 800MB
  network:
    ports:
      - hostPort: 3001
        vmPort: 3000
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bianchidotdev