Bug 2004039
| Summary: | [MTC] Rsync pods are not running as privileged | |||
|---|---|---|---|---|
| Product: | Migration Toolkit for Containers | Reporter: | Prasad Joshi <prajoshi> | |
| Component: | Controller | Assignee: | Pranav Gaikwad <pgaikwad> | |
| Status: | CLOSED ERRATA | QA Contact: | Xin jiang <xjiang> | |
| Severity: | medium | Docs Contact: | Avital Pinnick <apinnick> | |
| Priority: | high | |||
| Version: | 1.6.0 | CC: | ernelson, prajoshi, rjohnson, sregidor, ssingla, xjiang | |
| Target Milestone: | --- | |||
| Target Release: | 1.7.0 | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 2074044 (view as bug list) | Environment: | ||
| Last Closed: | 2022-03-24 06:32:26 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 2074044 | |||
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Migration Toolkit for Containers (MTC) 1.7.0 release advisory), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:1043 |
Description of problem: When we enable migration_rsync_privileged: true rsync pods should run as privileged Version-Release number of selected component (if applicable): SOURCE CLUSTER: Azure OCP 4.6 (MTC 1.6.0) TARGET CLUSTER: Azure OCP 4.9 (MTC 1.6.0) REPLICATION REPOSITORY: Azure Blob Storage How reproducible: Always Steps to Reproduce: 1. Create a project in source cluster $ oc new-project rsync 2. Create an application in source cluster $ oc new-app django-psql-persistent 3. Add migration_rsync_privileged: true in migrationcontroller CR. $ oc edit migrationcontroller -n openshift-migration 4. Create a migplan 5. Execute Cutover Actual results: Rsync pods are not running as privileged Expected results: Rsync pods should run as privileged Additional info: $ oc get pods rsync-server -n rsync -o yaml ... securityContext: capabilities: drop: - MKNOD - SETPCAP privileged: false readOnlyRootFilesystem: true $ oc get migrationcontroller -o yaml ... spec: azure_resource_group: "" cluster_name: host mig_namespace_limit: "10" mig_pod_limit: "100" mig_pv_limit: "100" migration_controller: true migration_log_reader: true migration_rsync_privileged: true migration_ui: true migration_velero: true olm_managed: true restic_timeout: 1h rsync_opt_bwlimit: 300 version: 1.6.0 $ oc get pods rsync-6jznh -n rsync -o yaml ... securityContext: capabilities: drop: - MKNOD - SETPCAP privileged: false readOnlyRootFilesystem: true runAsUser: 0