[PVE-User] Firewall settings for migration type insecure
Thomas Lamprecht
t.lamprecht at proxmox.com
Fri Mar 23 15:15:45 CET 2018
Hi Uwe!
On 3/23/18 3:02 PM, Uwe Sauter wrote:
> Hi there,
>
> I wanted to test "migration: type=insecure" in /etc/pve/datacenter.cfg but migrations fail with this setting.
>
> ##### log of failed insecure migration #####
> 2018-03-23 14:58:44 starting migration of VM 101 to node 'px-bravo-cluster' (169.254.42.49)
> 2018-03-23 14:58:44 copying disk images
> 2018-03-23 14:58:44 starting VM 101 on remote node 'px-bravo-cluster'
> 2018-03-23 14:58:46 start remote tunnel
> 2018-03-23 14:58:47 ssh tunnel ver 1
> 2018-03-23 14:58:47 starting online/live migration on tcp:169.254.42.49:60000
> 2018-03-23 14:58:47 migrate_set_speed: 8589934592
> 2018-03-23 14:58:47 migrate_set_downtime: 0.1
> 2018-03-23 14:58:47 set migration_caps
> 2018-03-23 14:58:47 set cachesize: 429496729
> 2018-03-23 14:58:47 start migrate command to tcp:169.254.42.49:60000
> 2018-03-23 14:58:48 migration status error: failed
> 2018-03-23 14:58:48 ERROR: online migrate failure - aborting
> 2018-03-23 14:58:48 aborting phase 2 - cleanup resources
> 2018-03-23 14:58:48 migrate_cancel
> 2018-03-23 14:58:50 ERROR: migration finished with problems (duration 00:00:06)
> TASK ERROR: migration problems
> #############################################
>
> If I migrate without this setting, all is well:
>
> ##### log of secure migration #####
> 2018-03-23 14:59:22 starting migration of VM 101 to node 'px-bravo-cluster' (169.254.42.49)
> 2018-03-23 14:59:22 copying disk images
> 2018-03-23 14:59:22 starting VM 101 on remote node 'px-bravo-cluster'
> 2018-03-23 14:59:24 start remote tunnel
> 2018-03-23 14:59:25 ssh tunnel ver 1
> 2018-03-23 14:59:25 starting online/live migration on unix:/run/qemu-server/101.migrate
> 2018-03-23 14:59:25 migrate_set_speed: 8589934592
> 2018-03-23 14:59:25 migrate_set_downtime: 0.1
> 2018-03-23 14:59:25 set migration_caps
> 2018-03-23 14:59:25 set cachesize: 429496729
> 2018-03-23 14:59:25 start migrate command to unix:/run/qemu-server/101.migrate
> 2018-03-23 14:59:26 migration status: active (transferred 364346358, remaining 1538641920), total 4312604672)
> 2018-03-23 14:59:26 migration xbzrle cachesize: 268435456 transferred 0 pages 0 cachemiss 0 overflow 0
> 2018-03-23 14:59:27 migration status: active (transferred 807140830, remaining 406495232), total 4312604672)
> 2018-03-23 14:59:27 migration xbzrle cachesize: 268435456 transferred 0 pages 0 cachemiss 0 overflow 0
> 2018-03-23 14:59:28 migration speed: 1365.33 MB/s - downtime 55 ms
> 2018-03-23 14:59:28 migration status: completed
> 2018-03-23 14:59:31 migration finished successfully (duration 00:00:09)
> TASK OK
> ###################################
>
> I suspect that the failure is due to firewall settings. Could someone explain which ports need to be opened to allow insecure
> migration? From the log I can see port 60000/tcp but are there others?
>
Migration ports are allocated from the range [60000 to 60050],
to allow multiple migrations at the same time.
cheers,
Thomas
More information about the pve-user
mailing list