From 804a345185c1a63069ca89f56a12425221b6f9b8 Mon Sep 17 00:00:00 2001
From: Thales Elero Cervi <thaleselero.cervi@windriver.com>
Date: Fri, 27 Aug 2021 17:39:39 -0300
Subject: [PATCH] Reserving libvirt default migration port range

The default live-migration port range (49152-49215) that is
specified by libvirt and used by qemu (qemu.conf) conflicts
with CentOS ephemeral port range (32768-60999) and eventually
it leads to connection errors during live-migration operations.

Reserving this port range from ephemeral range on worker nodes,
so only explicit port binding will be available for those ports.

Closes-Bug: #1941646
Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
Change-Id: I8a8705bf3939aa4fe1faf8f5d487ac64096ea880
---
 .../src/modules/platform/manifests/sysctl.pp  | 21 ++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/puppet-manifests/src/modules/platform/manifests/sysctl.pp b/puppet-manifests/src/modules/platform/manifests/sysctl.pp
index 8c56c0193..92c679cf1 100644
--- a/puppet-manifests/src/modules/platform/manifests/sysctl.pp
+++ b/puppet-manifests/src/modules/platform/manifests/sysctl.pp
@@ -102,8 +102,13 @@ class platform::sysctl::controller::reserve_ports
   # from the ephemeral port range. This will avoid potential port conflicts
   # that will cause the tiller pod to crash when the port is assigned to
   # another client/server
+  #
+  # libvirt v4.7.0 hardcodes the ports 49152-49215 as its default port range
+  # for migrations (qemu.conf). Reserve them from the ephemeral port range.
+  # This will avoid potential port conflicts that will cause migration
+  # failures when the port is assigned to another service
   sysctl::value { 'net.ipv4.ip_local_reserved_ports':
-    value => '35357,44134-44136'
+    value => '35357,44134-44136,49152-49215'
   }
 }
 
@@ -164,6 +169,7 @@ class platform::sysctl::controller
 
 class platform::sysctl::compute {
   include ::platform::sysctl
+  include ::platform::sysctl::compute::reserve_ports
 
   # Increase min_free_kbytes to 128 MiB from 88 MiB, helps prevent OOM
   sysctl::value { 'vm.min_free_kbytes':
@@ -171,6 +177,19 @@ class platform::sysctl::compute {
   }
 }
 
+class platform::sysctl::compute::reserve_ports
+  inherits ::platform::sysctl::params {
+
+  # Reserve ports in the ephemeral port range:
+  #
+  # libvirt v4.7.0 hardcodes the ports 49152-49215 as its default port range
+  # for migrations (qemu.conf). Reserve them from the ephemeral port range.
+  # This will avoid potential port conflicts that will cause migration
+  # failures when the port is assigned to another service
+  sysctl::value { 'net.ipv4.ip_local_reserved_ports':
+    value => '49152-49215'
+  }
+}
 
 class platform::sysctl::storage {
   include ::platform::sysctl