On 9/18/21 4:39 AM, Jiatong Shen wrote:> Hello community,
>
> I am seeing following error during performing a live migration
>
> libvirtError: unsupported configuration: Unable to find security driver for
> model apparmor
>
> The root cause is the destination libvirtd runs inside a container and
> apparmor profile is not enabled. Right now I am researching how to enable
> apparmor profile for a k8s pod.
>
> But Is it possible to do a live migrate an instance and disable security
> driver at the same time?
Yes. You can feed libvirt with a new XML at the beginning of migration.
This XML will be transferred to the destination and used to start QEMU -
hence users can use it to adapt to new environment.
Long story short, you should be able to dumpx XML of the guest, remove
apparmor profile and feed it to the migration.
virsh migrate --xml $modified.xml ...
Michal