Uploaded image for project: 'Migration Toolkit for Virtualization'
  1. Migration Toolkit for Virtualization
  2. MTV-4547

Block the migration plan when the target namespace don't have permission to the transfer network

XMLWordPrintable

    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • True
    • Hide
      Migration stalls during VM migration to OCP with FC::

      During the migration of VMs to an OpenShift Container Platform (OCP) cluster with Fibre Channel (FC), the migration stalls when attempting to add a transfer network to a target namespace that does not have permissions to the transfer network.
      +
      *Workaround:* Currently, there is no workaround for this issue.
      +
      link:https://issues.redhat.com/browse/MTV-4547[MTV-4547]
      Show
      Migration stalls during VM migration to OCP with FC:: During the migration of VMs to an OpenShift Container Platform (OCP) cluster with Fibre Channel (FC), the migration stalls when attempting to add a transfer network to a target namespace that does not have permissions to the transfer network. + *Workaround:* Currently, there is no workaround for this issue. + link: https://issues.redhat.com/browse/MTV-4547 [ MTV-4547 ]
    • Known Issue
    • Done

      Description of problem:

      Create a migration plan to migrate VM to OCP cluster with FC and plan setting: transfer network: openshift-mtv/br-eno8403 to target ns: mtv-test. The migration is hang, as the inspection pod in mtv-test namespace, it fails to add the transfer network: openshift-mtv/br-eno8403. We need to block the migration when the target namespace don't have permission to the transfer network.

      Version-Release number of selected component (if applicable):

      MTV 2.11.0-39 with CNV 4.20.5

      How reproducible:

      Always

      Steps to Reproduce:

      1) Create a migration plan: warm-rhel-transfer-2ns to migrate VM: mtv-func-rhel9-6 to OCP cluster with FC and plan transfer network: openshift-mtv/br-eno8403, target ns: mtv-test

      2) The plan is Ready, start the plan

      3) The plan is hang, as the inspection pod in mtv-test namespace, it fails to add the transfer network: openshift-mtv/br-eno8403. We need to block the migration when the target namespace don't have permission to the transfer network.

      More details in attached files: warm-rhel-transfer-2ns-vm-1009-inspection-74j4s-describe, warm-rhel-transfer-2ns-vm-1009-inspection-74j4s-yam

      # oc describe pod warm-rhel-transfer-2ns-vm-1009-inspection-74j4s|grep Events -A 10
Events:
  Type     Reason                  Age                   From     Message
  ----     ------                  ----                  ----     -------
  Warning  FailedCreatePodSandBox  88s (x6362 over 23h)  kubelet  (combined from similar events): Failed to create pod sandbox: rpc error: code = Unknown desc = failed to create pod network sandbox k8s_warm-rhel-transfer-2ns-vm-1009-inspection-74j4s_mtv-test_dce26c36-83ff-42e4-9526-b3c65ce7430e_0(3fcf9201c6a685803a4978e21d7597f38ee1174203d157e85c3052697b5ae4a5): error adding pod mtv-test_warm-rhel-transfer-2ns-vm-1009-inspection-74j4s to CNI network "multus-cni-network": plugin type="multus-shim" name="multus-cni-network" failed ....
Path:"" ERRORED: error configuring pod [mtv-test/warm-rhel-transfer-2ns-vm-1009-inspection-74j4s] networking: Multus: [mtv-test/warm-rhel-transfer-2ns-vm-1009-inspection-74j4s/dce26c36-83ff-42e4-9526-b3c65ce7430e]: error loading k8s delegates k8s args: TryLoadPodDelegates: error in getting k8s network for pod: GetNetworkDelegates: namespace isolation enabled, annotation violates permission, pod is in namespace mtv-test but refers to target namespace openshift-mtv

      Actual results:

       In step2,3: The plan is hang

      Expected results:

       In step2,3: The plan is blocked with error message

      Additional info:

       

        1. warm-rhel-transfer-2ns-vm-1009-inspection-74j4s-yaml
          8 kB
        2. warm-rhel-transfer-2ns-vm-1009-inspection-74j4s-describe
          7 kB
        3. warm-rhel9-2ns-vm-1009-inspection-2fjk9-describe
          23 kB
        4. plan-warm-rhel9-2ns.yaml
          3 kB
        5. plan-ova-test-rhel8-transfernet.yaml
          7 kB
        6. ova-importer-prime-31b1fb2f-69b5-49a6-afee-0864812ce553-yaml
          7 kB
        7. ova-importer-prime-31b1fb2f-69b5-49a6-afee-0864812ce553-describe
          19 kB
        8. image-2026-02-19-14-22-16-878.png
          image-2026-02-19-14-22-16-878.png
          287 kB
        9. image-2026-02-19-14-14-07-914.png
          image-2026-02-19-14-14-07-914.png
          101 kB
        10. image-2026-02-19-14-09-53-467.png
          image-2026-02-19-14-09-53-467.png
          282 kB
        11. image-2026-02-18-12-14-50-362.png
          image-2026-02-18-12-14-50-362.png
          107 kB
        12. image-2026-02-17-10-20-37-209.png
          image-2026-02-17-10-20-37-209.png
          237 kB
        13. forkliftcontroller-forklift-controller.yaml
          2 kB

              rh-ee-ehazan Elad Hazan
              chhu@redhat.com Chenli Hu
              Chenli Hu Chenli Hu
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: