MTV-1590 Improved hooks description #586
+311
−54
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,67 @@ | ||
| // Module included in the following assemblies: | ||
| // | ||
| // * documentation/doc-Migration_Toolkit_for_Virtualization/master.adoc | ||
|
|
||
| :_content-type: CONCEPT | ||
| [id="about-hooks-for-migration-plans_{context}"] | ||
| = About hooks for {project-short} migration plans | ||
|
|
||
| You can add hooks to {project-first} migration plans using either the {project-short} CLI or the {project-short} user interface, which is located in the {ocp} web console. | ||
|
|
||
| * _Pre-migration_ hooks are hooks that perform operations on a VM that is located on a provider. This prepares the VM for migration. | ||
| * _Post-migration_ hooks are hooks that perform operations on a VM that has migrated to {virt}. | ||
| [id="default-hook-image_{context}"] | ||
| == Default hook image | ||
| The default hook image for an {project-short} hook is `quay.io/konveyor/hook-runner`. The image is based on the Ansible Runner image with the addition of `python-openshift` to provide Ansible Kubernetes resources and a recent `oc` binary. | ||
|
|
||
| [id="hook-execution_{context}"] | ||
| == Hook execution | ||
| An Ansible playbook that is provided as part of a migration hook is mounted into the hook container as a `ConfigMap`. The hook container is run as a job on the desired cluster, using the default `ServiceAccount` in the `konveyor-forklift` namespace. | ||
|
|
||
|
|
||
| When you add a hook, you must specify the namespace where the `Hook` CR is located, the name of the hook, and whether the hook is a pre-migration hook or a post-migration hook. | ||
|
|
||
| [IMPORTANT] | ||
| ==== | ||
| In order for a hook to run on a VM, the VM must be started and available using SSH. | ||
| ==== | ||
|
|
||
| The illustration that follows shows the general process of using a migration hook. For specific procedures, see xref:adding-migration-hook-via-ui_{context}[Adding a migration hook to a migration plan using the {ocp} web console] and xref:adding-migration-hook-via-cli_{context}[Adding a migration hook to a migration plan using the CLI]. | ||
|
|
||
| .Adding a hook to a migration plan | ||
| image::migration_hook_process.png[Adding a hook to a migration plan] | ||
|
|
||
| *Process:* | ||
|
|
||
| . Input your Ansible hook and credentials. | ||
|
|
||
| .. Input an Ansible hook image to the {project-short} controller using either the UI or the CLI. | ||
| + | ||
| * In the UI, specify the `ansible-runner` and enter the `playbook.yml` that contains the hook. | ||
| * In the CLI, input the hook image, which specifies the playbook that runs the hook. | ||
|
|
||
| .. If you need additional data to run the playbook inside the pod, such as SSH data, create a Secret that contains credentials for the VM. The Secret is not mounted to the pod, but is called by the playbook. | ||
| + | ||
| [NOTE] | ||
| ==== | ||
| This Secret is not the same as the `Secret` CR that contains the credentials of your source provider. | ||
| ==== | ||
|
|
||
| . The {project-short} controller creates the `ConfigMap`, which contains: | ||
|
|
||
| ** `workload.yml`, which contains information about the VMs. | ||
| ** `playbook.yml`, the raw string playbook you want to execute. | ||
| ** `plan.yml`, which is the `Plan` CR. | ||
| + | ||
| The `ConfigMap` contains the name of the VM and instructs the playbook what to do. | ||
|
|
||
| . The {project-short} controller creates a job that starts the user specified image. | ||
| .. Mounts the `ConfigMap` to the container. | ||
| + | ||
| The Ansible hook imports the Secret that the user previously entered. | ||
| . The job runs a pre-migration hook or a post-migration hook as follows: | ||
|
|
||
| .. For a pre-migration hook, the job logs into the VMs on the source provider using SSH and runs the hook. | ||
| .. For a post-migration hook, the job logs into the VMs on {virt} using SSH and runs the hook. | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,132 @@ | ||
| // Module included in the following assemblies: | ||
| // | ||
| // * documentation/doc-Migration_Toolkit_for_Virtualization/master.adoc | ||
|
|
||
| :_content-type: PROCEDURE | ||
| [id="adding-migration-hook-via-cli_{context}"] | ||
| = Adding a migration hook to a migration plan using the CLI | ||
|
|
||
| You can use a `Hook` CR to add a pre-migration hook or a post-migration hook to an existing migration plan using the {project-first} CLI. | ||
|
|
||
| For example, you can create a `Hook` CR to install the `cloud-init` service on a VM and write a file before migration. | ||
|
|
||
| [NOTE] | ||
| ==== | ||
| You can run one pre-migration hook, one post-migration hook, or one of each per migration plan. Each hook needs its own `Hook` needs its own CR, but a `Plan` CR contains data for all the hooks it uses. | ||
| ==== | ||
|
|
||
| [NOTE] | ||
| ==== | ||
| You can retrieve additional information stored in a secret or in a `ConfigMap` by using a `k8s` module. | ||
| ==== | ||
|
|
||
| .Prerequisites | ||
|
|
||
| * Migration plan | ||
| * Migration hook image or the playbook containing the hook image | ||
|
|
||
| [NOTE] | ||
| ==== | ||
| You can run one pre-migration hook, one post-migration hook, or one of each per migration plan. | ||
| ==== | ||
|
|
||
| * File containing the Secret for the source provider | ||
| * {ocp} service account that has at least write access for the namespace you are working in | ||
| * SSH access for VMs you want to migrate with the public key installed on the VMs | ||
| * VMs running on Microsoft Server only: Remote Execution enabled | ||
|
|
||
| .Procedure | ||
| . If needed, create a Secret with an SSH private key for the VM. | ||
| .. Choose an existing key or generate a key pair. | ||
| .. Install the public key on the VM. | ||
| .. Encode the private key in the Secret to base64. | ||
| + | ||
| [source,yaml] | ||
| ---- | ||
| apiVersion: v1 | ||
| data: | ||
| key: VGhpcyB3YXMgZ2Vu... | ||
| kind: Secret | ||
| metadata: | ||
| name: ssh-credentials | ||
| namespace: konveyor-forklift | ||
| type: Opaque | ||
| ---- | ||
| . Encode your playbook by concatenating a file and piping it for base64, for example: | ||
| + | ||
| [source,shell] | ||
| ---- | ||
| $ cat playbook.yml | base64 -w0 | ||
| ---- | ||
| + | ||
| [NOTE] | ||
| ==== | ||
| You can also use a `here` document to add instructions to encode a playbook inside a larger command: | ||
|
|
||
| [source,shell] | ||
| ---- | ||
| $ cat << EOF | base64 -w0 | ||
| - hosts: localhost | ||
| tasks: | ||
| - debug: | ||
| msg: test | ||
| EOF | ||
| ---- | ||
| ==== | ||
|
|
||
|
There was a problem hiding this comment. @mnecas Do you have a better way to explain what a 'here" document is? Is this note actually needed/useful for our users? |
||
| . Create a Hook CR: | ||
| + | ||
| [source,yaml,subs="attributes+"] | ||
| ---- | ||
| $ cat << EOF | {oc} apply -f - | ||
| apiVersion: forklift.konveyor.io/v1beta1 | ||
| kind: Hook | ||
| metadata: | ||
| name: <hook> | ||
| namespace: <namespace> | ||
| spec: | ||
| image: quay.io/konveyor/hook-runner | ||
| playbook: | | ||
| LS0tCi0gbm... | ||
| EOF | ||
| ---- | ||
| + | ||
| where: | ||
| + | ||
| `playbook` refers to an optional Base64-encoded Ansible Playbook. If you specify a playbook, the `image` must be `hook-runner`. | ||
| + | ||
|
There was a problem hiding this comment. @mnecas @matthewsecaur comments: |
||
| [NOTE] | ||
| ==== | ||
| You can use the default `hook-runner` image or specify a custom image. If you specify a custom image, you do not have to specify a playbook. | ||
| ==== | ||
| + | ||
| [NOTE] | ||
| ==== | ||
| To decode an attached playbook, retrieve the resource with custom output and pipe it to base64. For example: | ||
| [source,shell] | ||
| ---- | ||
| oc get -n konveyor-forklift hook playbook -o \ | ||
| go-template='{{ .spec.playbook }}' | base64 -d | ||
| ---- | ||
| ==== | ||
| + | ||
| . In the `Plan` CR of the migration, for each VM, add the following section to the end of the CR: | ||
| + | ||
| [source,yaml] | ||
| ---- | ||
| vms: | ||
| - id: <vm_id> | ||
| hooks: | ||
| - hook: | ||
| namespace: <namespace> | ||
| name: <name_of_hook> | ||
| step: <type_of_hook> <1> | ||
| ---- | ||
| <1> Options are `PreHook`, to run the hook before the migration, and `PostHook`, to run the hook after the migration. | ||
|
|
||
| [IMPORTANT] | ||
| ==== | ||
| In order for a PreHook to run on a VM, the VM must be started and available via SSH. | ||
| ==== | ||
|
|
||
| include::snip_example-hook-for-migration-plans.adoc[] | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| // Module included in the following assemblies: | ||
| // | ||
| // * documentation/doc-Migration_Toolkit_for_Virtualization/master.adoc | ||
|
|
||
| :_content-type: PROCEDURE | ||
| [id="adding-migration-hook-via-ui_{context}"] | ||
| = Adding a migration hook to a migration plan using the {ocp} web console | ||
|
|
||
| You can add a migration hook to an existing migration plan using the {ocp} web console. Note that you need to run one command in the {project-first} CLI. | ||
|
|
||
| .Prerequisites | ||
|
|
||
| * Migration plan | ||
| * Migration hook file, whose contents you copy and paste into the web console | ||
| [NOTE] | ||
| ==== | ||
| You can run one pre-migration hook, one post-migration hook, or one of each per migration plan. | ||
| ==== | ||
|
|
||
| * File containing the `Secret` for the source provider | ||
| * {ocp} service account that has at least write access for the namespace you are working in | ||
| * SSH access for VMs you want to migrate with the public key installed on the VMs | ||
| * VMs running on Microsoft Server only: Remote Execution enabled | ||
| .Procedure | ||
|
|
||
| . In the {ocp} web console, click *Migration* > *Plans for virtualization* and then click the migration plan you want to add the hook to. | ||
| . Click *Hooks*. | ||
| . For a pre-migration hook, perform the following steps: | ||
|
|
||
| .. In the *Pre migration hook* section, toggle the *Enable hook* switch to *Enable pre migration hook*. | ||
| .. Enter the *Hook runner image*. The default image is `quay.io/konveyor/hook-runner` and this value must be used if you are adding an Ansible playbook. | ||
|
There was a problem hiding this comment. @mnecas @matthewsecaur comments: |
||
| .. Paste your hook as a YAML file in the *Ansible playbook* text box. | ||
|
|
||
| . For a post-migration hook, perform the following steps: | ||
|
|
||
| .. In the *Post migration hook*, toggle the *Enable hook* switch *Enable post migration hook*.. | ||
| .. Enter the *Hook runner image*. The default image is `quay.io/konveyor/hook-runner` and this value must be used if you are adding an Ansible playbook. | ||
| .. Paste your hook as a YAML file in the *Ansible playbook* text box. | ||
|
|
||
| . At the top of the tab, click *Update hooks*. | ||
| . In a terminal, enter the following command to associate each hook with your {ocp} service account: | ||
| + | ||
| [source,terminal,subs="attributes+"] | ||
| ---- | ||
| $ oc -n openshift-mtv patch hook <name_of_hook> \ | ||
| -p '{"spec":{"serviceAccount":"<service_account>"}}' --type merge | ||
| ---- | ||
|
|
||
|
There was a problem hiding this comment. @mnecas @matthewsecaur notes: |
||
| include::snip_example-hook-for-migration-plans.adoc[] | ||
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,54 @@ | ||
| :_content-type: SNIPPET | ||
|
|
||
| The example migration hook that follows ensures that the VM can be accessed using SSH, creates an SSH key, and runs 2 tasks: stopping the Maria database and generating a text file. | ||
|
|
||
| .Example migration hook | ||
| [source,yaml,subs="attributes+"] | ||
| ---- | ||
RichardHoch marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| - name: Main | ||
| hosts: localhost | ||
| vars_files: | ||
| - plan.yml | ||
| - workload.yml | ||
| tasks: | ||
| - k8s_info: | ||
| api_version: v1 | ||
| kind: Secret | ||
| name: privkey | ||
| namespace: openshift-mtv | ||
| register: ssh_credentials | ||
| - name: Ensure SSH directory exists | ||
| file: | ||
| path: ~/.ssh | ||
| state: directory | ||
| mode: 0750 | ||
| - name: Create SSH key | ||
| copy: | ||
| dest: ~/.ssh/id_rsa | ||
| content: "{{ ssh_credentials.resources[0].data.key | b64decode }}" | ||
| mode: 0600 | ||
| - add_host: | ||
| name: "{{ workload.vm.ipaddress }}" # ALT "{{ workload.vm.guestnetworks[2].ip }}" | ||
| ansible_user: root | ||
| groups: vms | ||
| - hosts: vms | ||
| vars_files: | ||
| - plan.yml | ||
| - workload.yml | ||
| tasks: | ||
| - name: Stop MariaDB | ||
| service: | ||
| name: mariadb | ||
| state: stopped | ||
| - name: Create Test File | ||
| copy: | ||
| dest: /premigration.txt | ||
| content: "Migration from {{ provider.source.name }} | ||
| of {{ vm.vm1.vm0.id }} has finished\n" | ||
| mode: 0644 | ||
| ---- | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mnecas @matthewsecaur comments: The text says: "The hook container is run as a job on the desired cluster, using the default ServiceAccount in the konveyor-forklift namespace"
Issue: MTV is not installed in the konveyor-forklift namespace. It is installed in openshift-mtv. Also, the default serviceAccount is forklift-controller, though it might not be necessary to mention that.