Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1832155

Summary: Migration stuck when a hook using a non existent service account is configured
Product: OpenShift Container Platform Reporter: Sergio <sregidor>
Component: Migration ToolingAssignee: Jason Montleon <jmontleo>
Status: CLOSED ERRATA QA Contact: Xin jiang <xjiang>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.5CC: chezhang, jmontleo, mberube, rjohnson, rpattath, whu, xjiang
Target Milestone: ---   
Target Release: 4.5.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of:
: 1832156 (view as bug list) Environment:
Last Closed: 2020-09-30 18:42:29 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1832156    

Description Sergio 2020-05-06 08:35:57 UTC 
Description of problem:
When we add a hook to a migration plan, and this hook is configured to use a service account that does not exist, the migration is stuck forever, without failing.

Version-Release number of selected component (if applicable):
KONVEYOR 1.2

How reproducible:
Always

Steps to Reproduce:
1. Create a migration plan and add a hook (no matter the playbook) that uses a service account that does not exist.
2. Run a migration.

Actual results:
The migration will remain stuck forever.

The job created by the hook, cannot create the pods to execute the hook, since the pod will use the configured service account and it does not exist. We find this information describing the job

$ oc describe job noservicaacc-prebackup-lb44r
Type     Reason        Age                            From            Message
  ----     ------        ----                           ----            -------
  Warning  FailedCreate  <invalid> (x5 over <invalid>)  job-controller  Error creating: pods "noservicaacc-prebackup-lb44r-" is forbidden: error looking up service account robot-source/fakename: serviceaccount "fakename" not found

An the pod is never created.


Expected results:
The service account should have been rejected in the hook's UI, or the migration should fail telling that the configured service account cannot be used because it does not exist.

Additional info:
Comment 1 Jason Montleon 2020-06-17 14:56:13 UTC 
I believe this was fixed for a prior release with https://github.com/konveyor/mig-controller/pull/518
Comment 4 Sergio 2020-09-18 09:58:33 UTC 
Verified using MTC 1.3


Verified running the testcase "OCP-33423 - Hook using a non existent service account"


Moved to VERIFIED status.
Comment 8 errata-xmlrpc 2020-09-30 18:42:29 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Migration Toolkit for Containers (MTC) Tool image release advisory 1.3.0), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4148