Red Hat SummitChapter 5. Migrating virtual machines from the command line
You can migrate virtual machines to OpenShift Virtualization from the command line.
- VMware only: You must have the minimal set of VMware privileges.
- VMware only: You must have the vCenter SHA-1 fingerprint.
- VMware only: You must create a VMware Virtual Disk Development Kit (VDDK) image.
- You must ensure that all prerequisites are met.
5.1. Migrating virtual machines
You migrate virtual machines (VMs) from the command line (CLI) by creating MTV custom resources (CRs).
You must specify a name for cluster-scoped CRs.
You must specify both a name and a namespace for namespace-scoped CRs.
As a Technology Preview, MTV supports migrations using OpenStack source providers.
Migration using OpenStack source providers is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
For more information about the support scope of Red Hat Technology Preview features, see https://access.redhat.com/support/offerings/techpreview/.
Migration using OpenStack source providers only supports VMs that use only Cinder volumes.
Prerequisites
- VMware only: You must have a VMware Virtual Disk Development Kit (VDDK) image in a secure registry that is accessible to all clusters.
Procedure
Create a
Secretmanifest for the source provider credentials:$ cat << EOF | oc apply -f - apiVersion: v1 kind: Secret metadata: name: <secret> namespace: openshift-mtv ownerReferences:1 - apiVersion: forklift.konveyor.io/v1beta1 kind: Provider name: <provider_name> uid: <provider_uid> labels: createdForProviderType: <provider_type>2 type: Opaque stringData: user: <user>3 password: <password>4 insecureSkipVerify: <true/false>5 domainName: <domain_name>6 projectName: <project_name>7 regionName: <region name>8 cacert: |9 <ca_certificate> url: <api_end_point>10 thumbprint: <vcenter_fingerprint>11 EOF- 1
- The
ownerReferencessection is optional. - 2
- Specify the type of source provider. Allowed values are
ovirt,vsphere, andopenstack. This label is needed to verify the credentials are correct when the remote system is accessible and, for RHV, to retrieve the Manager CA certificate when a third-party certificate is specified. - 3
- Specify the vCenter user, the RHV Manager user, or the OpenStack user.
- 4
- Specify the user password.
- 5
- Specify
<true>to skip certificate verification, which proceeds with an insecure migration and then the certificate is not required. Insecure migration means that the transferred data is sent over an insecure connection and potentially sensitive data could be exposed. Specifying<false>verifies the certificate. - 6
- OpenStack only: Specify the domain name.
- 7
- OpenStack only: Specify the project name.
- 8
- OpenStack only: Specify the name of the OpenStack region.
- 9
- RHV and OpenStack only: For RHV, enter the Manager CA certificate unless it was replaced by a third-party certificate, in which case enter the Manager Apache CA certificate. You can retrieve the Manager CA certificate at https://<engine_host>/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA. For OpenStack, enter the CA certificate for connecting to the source environment. The certificate is not used when
insecureSkipVerifyis set to<true>. - 10
- Specify the API end point URL, for example,
https://<vCenter_host>/sdkfor vSphere,https://<engine_host>/ovirt-engine/api/for RHV, orhttps://<identity_service>/v3for OpenStack. - 11
- VMware only: Specify the vCenter SHA-1 fingerprint.
Create a
Providermanifest for the source provider:$ cat << EOF | oc apply -f - apiVersion: forklift.konveyor.io/v1beta1 kind: Provider metadata: name: <provider> namespace: openshift-mtv spec: type: <provider_type>1 url: <api_end_point>2 settings: vddkInitImage: <registry_route_or_server_path>/vddk:<tag>3 secret: name: <secret>4 namespace: openshift-mtv EOF- 1
- Allowed values are
ovirt,vsphere, andopenstack. - 2
- Specify the API end point URL, for example,
https://<vCenter_host>/sdkfor vSphere,https://<engine_host>/ovirt-engine/api/for RHV, orhttps://<identity_service>/v3for OpenStack. - 3
- VMware only: Specify the VDDK image that you created.
- 4
- Specify the name of provider
SecretCR.
VMware only: Create a
Hostmanifest:$ cat << EOF | oc apply -f - apiVersion: forklift.konveyor.io/v1beta1 kind: Host metadata: name: <vmware_host> namespace: openshift-mtv spec: provider: namespace: openshift-mtv name: <source_provider>1 id: <source_host_mor>2 ipAddress: <source_network_ip>3 EOFCreate a
NetworkMapmanifest to map the source and destination networks:$ cat << EOF | oc apply -f - apiVersion: forklift.konveyor.io/v1beta1 kind: NetworkMap metadata: name: <network_map> namespace: openshift-mtv spec: map: - destination: name: <pod> namespace: openshift-mtv type: pod1 source:2 id: <source_network_id>3 name: <source_network_name> - destination: name: <network_attachment_definition>4 namespace: <network_attachment_definition_namespace>5 type: multus source: id: <source_network_id> name: <source_network_name> provider: source: name: <source_provider> namespace: openshift-mtv destination: name: <destination_cluster> namespace: openshift-mtv EOF- 1
- Allowed values are
podandmultus. - 2
- You can use either the
idor thenameparameter to specify the source network. - 3
- Specify the VMware network MOR, the RHV network UUID, or the OpenStack network UUID.
- 4
- Specify a network attachment definition for each additional OpenShift Virtualization network.
- 5
- Specify the namespace of the OpenShift Virtualization network attachment definition.
Create a
StorageMapmanifest to map source and destination storage:$ cat << EOF | oc apply -f - apiVersion: forklift.konveyor.io/v1beta1 kind: StorageMap metadata: name: <storage_map> namespace: openshift-mtv spec: map: - destination: storageClass: <storage_class> accessMode: <access_mode>1 source: id: <source_datastore>2 - destination: storageClass: <storage_class> accessMode: <access_mode> source: id: <source_datastore> provider: source: name: <source_provider> namespace: openshift-mtv destination: name: <destination_cluster> namespace: openshift-mtv EOFOptional: Create a
Hookmanifest to run custom code on a VM during the phase specified in thePlanCR:$ cat << EOF | oc apply -f - apiVersion: forklift.konveyor.io/v1beta1 kind: Hook metadata: name: <hook> namespace: openshift-mtv spec: image: quay.io/konveyor/hook-runner1 playbook: |2 LS0tCi0gbmFtZTogTWFpbgogIGhvc3RzOiBsb2NhbGhvc3QKICB0YXNrczoKICAtIG5hbWU6IExv YWQgUGxhbgogICAgaW5jbHVkZV92YXJzOgogICAgICBmaWxlOiAiL3RtcC9ob29rL3BsYW4ueW1s IgogICAgICBuYW1lOiBwbGFuCiAgLSBuYW1lOiBMb2FkIFdvcmtsb2FkCiAgICBpbmNsdWRlX3Zh cnM6CiAgICAgIGZpbGU6ICIvdG1wL2hvb2svd29ya2xvYWQueW1sIgogICAgICBuYW1lOiB3b3Jr bG9hZAoK EOFCreate a
Planmanifest for the migration:$ cat << EOF | oc apply -f - apiVersion: forklift.konveyor.io/v1beta1 kind: Plan metadata: name: <plan>1 namespace: openshift-mtv spec: warm: true2 provider: source: name: <source_provider> namespace: openshift-mtv destination: name: <destination_cluster> namespace: openshift-mtv map: network:3 name: <network_map>4 namespace: openshift-mtv storage: name: <storage_map>5 namespace: openshift-mtv targetNamespace: openshift-mtv vms:6 - id: <source_vm>7 - name: <source_vm> hooks:8 - hook: namespace: openshift-mtv name: <hook>9 step: <step>10 EOF- 1
- Specify the name of the
PlanCR. - 2
- Specify whether the migration is warm or cold. If you specify a warm migration without specifying a value for the
cutoverparameter in theMigrationmanifest, only the precopy stage will run. - 3
- You can add multiple network mappings.
- 4
- Specify the name of the
NetworkMapCR. - 5
- Specify the name of the
StorageMapCR. - 6
- You can use either the
idor thenameparameter to specify the source VMs. - 7
- Specify the VMware VM MOR, RHV VM UUID or the OpenStack VM UUID.
- 8
- Optional: You can specify up to two hooks for a VM. Each hook must run during a separate migration step.
- 9
- Specify the name of the
HookCR. - 10
- Allowed values are
PreHook, before the migration plan starts, orPostHook, after the migration is complete.
Create a
Migrationmanifest to run thePlanCR:$ cat << EOF | oc apply -f - apiVersion: forklift.konveyor.io/v1beta1 kind: Migration metadata: name: <migration>1 namespace: openshift-mtv spec: plan: name: <plan>2 namespace: openshift-mtv cutover: <cutover_time>3 EOF- 1
- Specify the name of the
MigrationCR. - 2
- Specify the name of the
PlanCR that you are running. TheMigrationCR creates aVirtualMachineCR for each VM that is migrated. - 3
- Optional: Specify a cutover time according to the ISO 8601 format with the UTC time offset, for example,
2021-04-04T01:23:45.678+09:00.
You can associate multiple
MigrationCRs with a singlePlanCR. If a migration does not complete, you can create a newMigrationCR, without changing thePlanCR, to migrate the remaining VMs.Retrieve the
MigrationCR to monitor the progress of the migration:$ oc get migration/<migration> -n openshift-mtv -o yaml
5.2. Obtaining the SHA-1 fingerprint of a vCenter host
You must obtain the SHA-1 fingerprint of a vCenter host in order to create a Secret CR.
Procedure
Run the following command:
$ openssl s_client \ -connect <vcenter_host>:443 \1 < /dev/null 2>/dev/null \ | openssl x509 -fingerprint -noout -in /dev/stdin \ | cut -d '=' -f 2- 1
- Specify the IP address or FQDN of the vCenter host.
Example output
01:23:45:67:89:AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23:45:67
5.3. Canceling a migration
You can cancel an entire migration or individual virtual machines (VMs) while a migration is in progress from the command line interface (CLI).
Canceling an entire migration
Delete the
MigrationCR:$ oc delete migration <migration> -n openshift-mtv1 - 1
- Specify the name of the
MigrationCR.
Canceling the migration of individual VMs
Add the individual VMs to the
spec.cancelblock of theMigrationmanifest:$ cat << EOF | oc apply -f - apiVersion: forklift.konveyor.io/v1beta1 kind: Migration metadata: name: <migration> namespace: openshift-mtv ... spec: cancel: - id: vm-1021 - id: vm-203 - name: rhel8-vm EOF- 1
- You can specify a VM by using the
idkey or thenamekey.
The value of the
idkey is the managed object reference, for a VMware VM, or the VM UUID, for a RHV VM.Retrieve the
MigrationCR to monitor the progress of the remaining VMs:$ oc get migration/<migration> -n openshift-mtv -o yaml
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}