CloudBlue Technical Support

Symptoms

Container migration fails with the following errors:

Actual result that you got : 1392199064: 1392216715: /usr/sbin/vzctl --skiplock --skipowner --ignore-ha-cluster restore 2737 --undump --skip_arpdetect --dumpfile /vz/dump/dumpfile.MCxGOk
1392199066: 1392216717: vzctl : Cannot undump the file: Invalid argument
1392199066: 1392216717: vzctl : Error: iptables-restore exited with 2
1392199066: 1392216717: vzctl : Error: Most probably some iptables modules are not loaded
1392199066: 1392216717: vzctl : Error: or CT's iptables utilities are incompatible with this kernel (version is older than 1.4.0)
1392199066: 1392216717: vzctl : Error: (Offline migration and iptools upgrade might help).
1392199066: 1392216717: vzctl : Error: rst_restore_net: -22
1392199066: 1392216717: vzctl : Failed to start the Container
1392199066: 1392216717: vzctl : Container is not running
1392199066: 1392216717: vzctl : Failed to start the Container
1392199066: 1392216717: /usr/sbin/vzctl exited with code 17
1392199069: 1392216720: /usr/sbin/vzctl exited with code 17
1392199069: 1392216720: error [-52] : /usr/sbin/vzctl exited with code 17
1392199069: /usr/sbin/vzctl exited with code 17
1392199069: can not undump CT#2737 : /usr/sbin/vzctl exited with code 17

Iptables configuration has been synced between the nodes.

What is the problem?

Cause

The issue may arise from complex iptables configuration on the source node: it may contain a lot of rules that imply a big variety of iptables modules. As a result, all these modules are loaded on the source, and the container may freely use these modules inside of it, unless it's restricted to a certain set of modules.

Resolution

1. Get the list of modules, loaded on the source:

   [root@vz ~]# lsmod | awk '/^ip|^nf|^xt/{print$1}' | sort | uniq > file1
   

2. Copy file1 to the destination server.

3. Get the list of modules, loaded on the destination:

   [root@vz ~]# lsmod | awk '/^ip|^nf|^xt/{print$1}' | sort | uniq > file2
   

4. Check the difference:

   [root@vz ~]# diff -pruN file1 file2 | grep ^-
   -ipmi_devintf
   -iptable_raw
   -ipt_addrtype
   -ipt_ah
   -ipt_ecn
   -ipt_ECN
   -ipt_MASQUERADE
   -ipt_NETMAP
   -ipt_REDIRECT
   -ipt_ULOG
   -nfnetlink_log
   -xt_CLASSIFY
   -xt_comment
   -xt_dccp
   -xt_hashlimit
   -xt_iprange
   -xt_mac
   -xt_mark
   -xt_MARK
   -xt_NFLOG
   -xt_NFQUEUE
   -xt_owner
   -xt_physdev
   -xt_pkttype
   -xt_policy
   -xt_recent
   

   This is the list of modules to be loaded.

5. Load these modules:

   [root@vz ~]# diff -pruN file1 file2 | grep ^- | tail -n+3 | sed 's~-~~' | while read mod ; do modprobe $mod ; done
   

6. Retry the migration.

Internal content