virt-launcher pod in crashingbackoff state in kernel versions < 4.11

[Muyan0828]

What happened:
virt-launcher pod crash

What you expected to happen:
virt-launcher pod

How to reproduce it (as minimally and precisely as possible):
create a vm

Additional context:
virt-handler log:

{"component":"virt-handler","kind":"","level":"info","msg":"mounting kernel artifacts","name":"gpool1-1","namespace":"sy-vg","pos":"mount.go:429","timestamp":"2024-05-09T15:41:11.006779Z","uid":"1f7a2138-c189-44ed-bd6c-edbe65125f62"}
{"component":"virt-handler","kind":"","level":"info","msg":"kernel boot not defined - nothing to mount","name":"gpool1-1","namespace":"sy-vg","pos":"mount.go:432","timestamp":"2024-05-09T15:41:11.006839Z","uid":"1f7a2138-c189-44ed-bd6c-edbe65125f62"}
{"component":"virt-handler","kind":"","level":"error","msg":"Synchronizing the VirtualMachineInstance failed.","name":"gpool1-1","namespace":"sy-vg","pos":"vm.go:2002","reason":"failed to configure vmi network: setup failed, err: open /proc/sys/net/ipv4/ip_unprivileged_port_start: no such file or directory","timestamp":"2024-05-09T15:41:11.009452Z","uid":"1f7a2138-c189-44ed-bd6c-edbe65125f62"}
{"component":"virt-handler","level":"info","msg":"re-enqueuing VirtualMachineInstance sy-vg/gpool1-1","pos":"vm.go:1673","reason":"failed to configure vmi network: setup failed, err: open /proc/sys/net/ipv4/ip_unprivileged_port_start: no such file or directory","timestamp":"2024-05-09T15:41:11.085940Z"}

Environment:

• KubeVirt version (use virtctl version): v1.2.0
• Kubernetes version (use kubectl version): v1.28.8
• VM or VMI specifications:
• Cloud provider or hardware configuration: N/A
• OS (e.g. from /etc/os-release): CentOS Linux 7 (Core)
• Kernel (e.g. uname -a): 3.10.0-1160.el7.x86_64 1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
• Install tools: N/A
• Others: N/A

[Muyan0828]

the root cause is

func (n NMState) readLinuxStack() (LinuxStack, error) {
    arpIgnore, err := n.adapter.IPv4GetArpIgnore("all")
    if err != nil {
       return LinuxStack{}, err
    }
    ip4Forwarding, err := n.adapter.IPv4GetForwarding()
    if err != nil {
       return LinuxStack{}, err
    }
    pgrFrom, pgrTo, err := n.adapter.IPv4GetPingGroupRange()
    if err != nil {
       return LinuxStack{}, err
    }
    unprvPortStart, err := n.adapter.IPv4GetUnprivilegedPortStart()
    if err != nil {
       return LinuxStack{}, err
    }
    ip6Forwarding, err := n.adapter.IPv6GetForwarding()
    if err != nil {
       return LinuxStack{}, err
    }

    return LinuxStack{
       IPv4: LinuxStackIP4{
          ArpIgnore:             &arpIgnore,
          Forwarding:            &ip4Forwarding,
          PingGroupRange:        []int{pgrFrom, pgrTo},
          UnprivilegedPortStart: &unprvPortStart,
       },
       IPv6: LinuxStackIP6{
          Forwarding: &ip6Forwarding,
       },
    }, nil
}

IPv4GetUnprivilegedPortStart want open /proc/sys/net/ipv4/ip_unprivileged_port_start for read，but centos7 not support

Can we remove this restriction? Currently, we still have a large number of centos7 machines

[victortoso]

jfyi @EdDev

[EdDev]

CentOS 7 kernel is way too old, I would be surprised to see this being the only problem.

We use this parameter in one of the supported bindings, therefore I am unsure if we can tolerate it being missing.

I can try and check if we can be more tolerable to such things.

[victortoso]

CentOS 7 eol is just around the corner as well.

I know KubeVirt tries to work well with different host OSes but do we have some written hard requirements for KubeVirt to function properly? From the installation guide centos 7 might be okay for example, but it isn't the case if components crash due lack of system's capabilities

[victortoso]

Perhaps we could have a kubevirt-validate-host where we check key features?

[EdDev]

In practice, we support only what we test.
Per what I know, we only test CentOS Stream.

Anything else is best-effort.