search

weaveworks / ignite

Ignite a Firecracker microVM
https://ignite.readthedocs.org
Apache License 2.0
3.49k stars 224 forks source link

Port mapping without protocol fails to modify iptables #891

Open bianchidotdev opened 2 years ago

bianchidotdev commented 2 years ago

Hey there 👋 Trying ignite out because I love the concept of a declarative lightweight KVM based VM system.

When trying to run a VM declaratively and specifying a port mapping without a protocol results in an iptables error signifying a missing protocol. The docs state the protocol should be optional and default to tcp, but that doesn't seem to be the case. Specifying the protocol in the port mapping resolves this particular issue.

Error message:

FATA[0001] unable to setup DNAT: running [/usr/sbin/iptables -t nat -C CNI-DN-623a366de0b03c610b85a -p  --dport 3001 -s 10.61.0.5/16 -j CNI-HOSTPORT-SETMARK --wait]: exit status 2: iptables v1.8.4 (legacy): unknown protocol "" specified

Additionally, a VM created this way is in a broken state that makes it challenging to remove.

The VM is marked as stopped:

$ ignite ps -a | grep weave-ubuntu
96fbd4ec2357b46c    weaveworks/ignite-ubuntu:latest weaveworks/ignite-kernel:5.10.51    3.0 GB  1   800.0 MB    4m8s ago    Stopped         0.0.0.0:3001->3000  weave-ubuntu

But an ignite rm command results in a device-mapper error, I'm guessing due to the volume not being unmounted properly:

$ ignite rm weave-ubuntu
FATA[0000] command ["dmsetup" "remove" "--verifyudev" "ignite-96fbd4ec2357b46c" "ignite-96fbd4ec2357b46c-base"] exited with "device-mapper: remove ioctl on ignite-96fbd4ec2357b46c  failed: Device or resource busy\nCommand failed.\n": exit status 1

Instead of mucking around with dmsetup, I was able to remove the VM after a reboot.

Diagnostics

Full runtime log:

$ ignite run --config ./weave-test.yml --ssh --interactive
INFO[0000] Created VM with ID "96fbd4ec2357b46c" and name "weave-ubuntu"
ERRO[0001] failed to setup network for namespace "ignite-96fbd4ec2357b46c": unable to setup DNAT: running [/usr/sbin/iptables -t nat -C CNI-DN-623a366de0b03c610b85a -p  --dport 3001 -s 10.61.0.5/16 -j CNI-HOSTPORT-SETMARK --wait]: exit status 2: iptables v1.8.4 (legacy): unknown protocol "" specified
Try `iptables -h' or 'iptables --help' for more information.
FATA[0001] unable to setup DNAT: running [/usr/sbin/iptables -t nat -C CNI-DN-623a366de0b03c610b85a -p  --dport 3001 -s 10.61.0.5/16 -j CNI-HOSTPORT-SETMARK --wait]: exit status 2: iptables v1.8.4 (legacy): unknown protocol "" specified
Try `iptables -h' or 'iptables --help' for more information.

VM Spec:

$ cat weave-test.yml
apiVersion: ignite.weave.works/v1alpha4
kind: VM
metadata:
  name: weave-ubuntu
spec:
  image:
    oci: weaveworks/ignite-ubuntu
  cpus: 1
  diskSize: 3GB
  memory: 800MB
  network:
    ports:
      - hostPort: 3001
        vmPort: 3000