[PVE-User] Firewall settings for migration type insecure

Uwe Sauter uwe.sauter.de at gmail.com
Fri Mar 23 15:02:40 CET 2018


Hi there,

I wanted to test "migration: type=insecure" in /etc/pve/datacenter.cfg but migrations fail with this setting.

##### log of failed insecure migration #####
2018-03-23 14:58:44 starting migration of VM 101 to node 'px-bravo-cluster' (169.254.42.49)
2018-03-23 14:58:44 copying disk images
2018-03-23 14:58:44 starting VM 101 on remote node 'px-bravo-cluster'
2018-03-23 14:58:46 start remote tunnel
2018-03-23 14:58:47 ssh tunnel ver 1
2018-03-23 14:58:47 starting online/live migration on tcp:169.254.42.49:60000
2018-03-23 14:58:47 migrate_set_speed: 8589934592
2018-03-23 14:58:47 migrate_set_downtime: 0.1
2018-03-23 14:58:47 set migration_caps
2018-03-23 14:58:47 set cachesize: 429496729
2018-03-23 14:58:47 start migrate command to tcp:169.254.42.49:60000
2018-03-23 14:58:48 migration status error: failed
2018-03-23 14:58:48 ERROR: online migrate failure - aborting
2018-03-23 14:58:48 aborting phase 2 - cleanup resources
2018-03-23 14:58:48 migrate_cancel
2018-03-23 14:58:50 ERROR: migration finished with problems (duration 00:00:06)
TASK ERROR: migration problems
#############################################

If I migrate without this setting, all is well:

##### log of secure migration #####
2018-03-23 14:59:22 starting migration of VM 101 to node 'px-bravo-cluster' (169.254.42.49)
2018-03-23 14:59:22 copying disk images
2018-03-23 14:59:22 starting VM 101 on remote node 'px-bravo-cluster'
2018-03-23 14:59:24 start remote tunnel
2018-03-23 14:59:25 ssh tunnel ver 1
2018-03-23 14:59:25 starting online/live migration on unix:/run/qemu-server/101.migrate
2018-03-23 14:59:25 migrate_set_speed: 8589934592
2018-03-23 14:59:25 migrate_set_downtime: 0.1
2018-03-23 14:59:25 set migration_caps
2018-03-23 14:59:25 set cachesize: 429496729
2018-03-23 14:59:25 start migrate command to unix:/run/qemu-server/101.migrate
2018-03-23 14:59:26 migration status: active (transferred 364346358, remaining 1538641920), total 4312604672)
2018-03-23 14:59:26 migration xbzrle cachesize: 268435456 transferred 0 pages 0 cachemiss 0 overflow 0
2018-03-23 14:59:27 migration status: active (transferred 807140830, remaining 406495232), total 4312604672)
2018-03-23 14:59:27 migration xbzrle cachesize: 268435456 transferred 0 pages 0 cachemiss 0 overflow 0
2018-03-23 14:59:28 migration speed: 1365.33 MB/s - downtime 55 ms
2018-03-23 14:59:28 migration status: completed
2018-03-23 14:59:31 migration finished successfully (duration 00:00:09)
TASK OK
###################################

I suspect that the failure is due to firewall settings. Could someone explain which ports need to be opened to allow insecure
migration? From the log I can see port 60000/tcp but are there others?


Regards,

	Uwe





More information about the pve-user mailing list