Uploaded image for project: 'Migration Toolkit for Virtualization'
  1. Migration Toolkit for Virtualization
  2. MTV-1904

Warm migration failed when mtv is installed on normal namespace

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • 2.7.8
    • Controller
    • None
    • False
    • None
    • True

      Description of problem:

      Install mtv on normal namespace: mtv-ns1, create warm migration to migrate win2019 vm from vsphere 7 to target namespace: mtv-test1, after cutover, "Image Conversion" failed with error:
------------------------------------------------------------------------
pods "mtv-ns1-vm-1524-" is forbidden: unable to validate against any security context constraint: [pod.metadata.annotations[seccomp.security.alpha.kubernetes.io/pod]: Forbidden: seccomp may not be set, pod.metadata.annotations[container.seccomp.security.alpha.kubernetes.io/vddk-side-car]: Forbidden: seccomp may not be set, pod.metadata.annotations[container.seccomp.security.alpha.kubernetes.io/virt-v2v]: Forbidden: seccomp may not be set, 
provider restricted-v2: .spec.securityContext.fsGroup: Invalid value: []int64{107}: 107 is not an allowed group, 
provider restricted-v2: .initContainers[0].runAsUser: Invalid value: 107: must be in the ranges: [1000790000, 1000799999], 
provider restricted-v2: .containers[0].runAsUser: Invalid value: 107: must be in the ranges: [1000790000, 1000799999], 
provider "restricted": Forbidden: not usable by user or serviceaccount, 
provider "containerized-data-importer": Forbidden: not usable by user or serviceaccount, 
......

      Version-Release number of selected component (if applicable):

      MTV 2.7.8, CNV 4.17.3

      How reproducible:

      100 %

      Steps to Reproduce:

      1) Install MTV 2.7.8 on namespace: mtv-ns1

      2) Create warm migration to migrate win2019 vm from vsphere 7 to target namespace: mtv-test1, after cutover, "Image Conversion" failed with error below, attached the v2v pod log: mtv-ns1-vm-1524-52tjt-virt-v2v.log

      pods "mtv-ns1-vm-1524-" is forbidden: unable to validate against any security context constraint: [pod.metadata.annotations[seccomp.security.alpha.kubernetes.io/pod]: Forbidden: seccomp may not be set, pod.metadata.annotations[container.seccomp.security.alpha.kubernetes.io/vddk-side-car]: Forbidden: seccomp may not be set, pod.metadata.annotations[container.seccomp.security.alpha.kubernetes.io/virt-v2v]: Forbidden: seccomp may not be set, 
provider restricted-v2: .spec.securityContext.fsGroup: Invalid value: []int64{107}: 107 is not an allowed group, 
provider restricted-v2: .initContainers[0].runAsUser: Invalid value: 107: must be in the ranges: [1000790000, 1000799999], 
provider restricted-v2: .containers[0].runAsUser: Invalid value: 107: must be in the ranges: [1000790000, 1000799999], 
provider "restricted": Forbidden: not usable by user or serviceaccount, 
provider "containerized-data-importer": Forbidden: not usable by user or serviceaccount, provider "nonroot-v2": Forbidden: not usable by user or serviceaccount, 
provider "nonroot": Forbidden: not usable by user or serviceaccount, 
provider "noobaa": Forbidden: not usable by user or serviceaccount, 
provider "forklift-controller-scc": Forbidden: not usable by user or serviceaccount, 
provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, 
provider "kubevirt-controller": Forbidden: not usable by user or serviceaccount, 
provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount, provider "bridge-marker": Forbidden: not usable by user or serviceaccount, 
provider "hostnetwork-v2": Forbidden: not usable by user or serviceaccount, 
provider "hostnetwork": Forbidden: not usable by user or serviceaccount, 
provider "hostaccess": Forbidden: not usable by user or serviceaccount, 
provider "hostpath-provisioner-csi": Forbidden: not usable by user or serviceaccount, 
provider "linux-bridge": Forbidden: not usable by user or serviceaccount, 
provider "kubevirt-handler": Forbidden: not usable by user or serviceaccount, 
provider "rook-ceph": Forbidden: not usable by user or serviceaccount, 
provider "rook-ceph-csi": Forbidden: not usable by user or serviceaccount, 
provider "node-exporter": Forbidden: not usable by user or serviceaccount, 
provider "privileged": Forbidden: not usable by user or serviceaccount]

      Actual result:

      In step2: Warm migrate failed

      Expected result:

      In step2: Warm migration succeed

        1. image-2025-01-20-18-01-59-726.png
          image-2025-01-20-18-01-59-726.png
          52 kB
        2. mtv-ns1-vm-1524-52tjt-virt-v2v.log
          6.09 MB

              Unassigned Unassigned
              chhu@redhat.com Chenli Hu
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: