vz: dismiss [hostagent] r.CreateEndpoint() = connection was refused

[AkihiroSuda]

I've been testing this PR today on an M1 machine running Ventura, and I saw this error when starting template://experimental/vz:

ERRO[0296] [hostagent] r.CreateEndpoint() = connection was refused

Which seems to originate from https://github.com/containers/gvisor-tap-vsock/blob/main/pkg/services/forwarder/tcp.go#L45.

Is this expected? There was no additional information in ha.stderr.log.

Originally posted by @jandubois in #1147 (comment)

[balajiv113]

On this, this is just one miss while doing tcp-forward.
Even with this error thrown, As far as i checked network was stable.

I will give a try with long running instances, and see if we are having any issues around there as well.

[AkihiroSuda]

Can we make this to a debug log?

[AkihiroSuda]

ping @balajiv113

[balajiv113]

@AkihiroSuda - Will check with gvisor-tap-vsock to see if this can be made a debug log

[TWBrown42]

Hi All, I've been attempting to expose my Lima VM guest to my Host, I'm actually wanting to run a Kubernetes instance on the VM and be able to browser to an app over port 80 (and 443 eventually) from my host. I have backed away from this until I get a basic Host to Guest network that is working.
I am running this on an M2 Mac Mini Pro v14.5 (Sonoma). I have had a few attempts to exposing the VM to my host over IP. The first trying and failing on the vmnet option so I am now trying the vz approach. During the limactl start ... I am seeing 3 errors that match this issue, there seems little in the stderr.

It is possible that I am missing some fundamental piece of the puzzle but after trying different approaches (using your excellent Network page) I am at a loss.

My lima config (actually yours):-

# A template to run ubuntu using vmType: vz instead of qemu (Default)
# This template requires Lima v0.14.0 or later and macOS 13.
vmType: "vz"
rosetta:
  # Enable Rosetta for Linux.
  # Hint: try `softwareupdate --install-rosetta` if Lima gets stuck at `Installing rosetta...`
  enabled: true
  # Register rosetta to /proc/sys/fs/binfmt_misc
  binfmt: true

# Note: On Intel Mac, macOS >= 13.5 is required to boot kernel v6.2 (used by Ubuntu 23.04, Fedora 38, etc.) with vz.
# https://github.com/lima-vm/lima/issues/1577
images:
- location: "https://cloud-images.ubuntu.com/releases/24.04/release/ubuntu-24.04-server-cloudimg-amd64.img"
  arch: "x86_64"
- location: "https://cloud-images.ubuntu.com/releases/24.04/release/ubuntu-24.04-server-cloudimg-arm64.img"
  arch: "aarch64"

mounts:
- location: "~"
- location: "/tmp/lima"
  writable: true
mountType: "virtiofs"

networks:
# The "vzNAT" IP address is accessible from the host, but not from other guests.
- vzNAT: true

To be clear the machine comes up but has no accessible IP address from my network, lima vm / ifconfig:-
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.5.15 netmask 255.255.255.0 broadcast 192.168.5.255
inet6 fe80::5055:55ff:fe93:2778 prefixlen 64 scopeid 0x20
ether 52:55:55:93:27:78 txqueuelen 1000 (Ethernet)
RX packets 21133 bytes 30199002 (30.1 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4022 bytes 347145 (347.1 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lima0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.105.2 netmask 255.255.255.0 broadcast 192.168.105.255
inet6 fe80::5055:55ff:fec0:d2e7 prefixlen 64 scopeid 0x20
inet6 fdc1:515d:10ad:2e8:5055:55ff:fec0:d2e7 prefixlen 64 scopeid 0x0
ether 52:55:55:c0:d2:e7 txqueuelen 1000 (Ethernet)
RX packets 4667 bytes 2006793 (2.0 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1352 bytes 116698 (116.6 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback)
RX packets 295 bytes 25208 (25.2 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 295 bytes 25208 (25.2 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

From your documentation I see that 192.168.5.15 is by "design not accessible", not sure if I am reading the document correctly here but I was therefore expecting another IP address that I can ping?

[AkihiroSuda]

@AkihiroSuda - Will check with gvisor-tap-vsock to see if this can be made a debug log

@balajiv113 ping 🙂

[balajiv113]

@AkihiroSuda - Done raised a ticket with gvisor-tap-vsock

[jandubois]

@balajiv113 They wrote on your ticket 3 weeks ago:

A PR making the warning less visible is welcome.

Are you going to create a PR? I'm not sure if this would just be downgrading from Error to Debug, or making the logic change they talk about.

[balajiv113]

@jandubois Sorry bit occupied this month. I won't be able to raise a PR.