Skip to main content
Question

Generic storage backup with free license

F

Hi,

I have an instance of Kasten K10 on the free license, and need to use Generic Volume backup.
I have already requested and received a Generic Volume Backup key from support and updated my helm installation to include the key.

I have also configured Kanister sidecar injection, and the sidecar containers are injected correctly.
However, if I try to run a backup of the application used for testing, I run into this error message:

{
	"message":"Failed to backup data to Kopia API server",
	"function":"kasten.io/k10/kio/kanister/function.(*backupDataToServerFunc).Exec",
	"linenumber":155,
	"file":"kasten.io/k10/kio/kanister/function/backup_data_to_server.go:155",
	"cause": {
		"message":"Failed to establish connection to Kopia API server",
		"function":"kasten.io/k10/kio/kanister/function.backupDataToServer",
		"linenumber":218,
		"file":"kasten.io/k10/kio/kanister/function/backup_data_to_server.go:218",
		"cause": {
			"message":"Failed while waiting for Kopia API server to start",
			"function":"kasten.io/k10/kio/kopiaapiserver.WaitTillCommandSucceeds",
			"linenumber":56,
			"file":"kasten.io/k10/kio/kopiaapiserver/wait.go:56",
			"cause": {
				"message":"Failed to exec command in pod: command terminated with exit code 126.\nstdout: OCI runtime exec failed: exec failed: unable to start container process: exec /usr/local/bin/kopia: operation not permitted: unknown\nstderr: "
			}
		}
	}
}

I couldn’t find anything on this or a similar error message anywhere online.
Has anyone experienced this before and can point me in a direction on what to look for?

Thank you all very much!

Kind regards,
Felix

    4 comments

    Madi.Cristil
    Forum|alt.badge.img+8
    • Madi.Cristil
    • Community Manager
    • 617 comments
    • April 9, 2024

    @FRubens 

    Madi Cristil
    leduardoserrano
    1 person likes this
    • leduardoserrano
      leduardoserrano
    FRubens
    Forum|alt.badge.img+2
    • FRubens
    • Experienced User
    • 96 comments
    • April 9, 2024

    Hello @felix.teupke,

    Would you please let me know if you are on OCP cluster and which K10 version?

    That could be related to the default SCC that are being applied to the kanister sidecar pods, that does not have the capabilities necessary to the execution.

    If you please check which SCC is being used in the kanister pods, the right one should be k10-scc or a SCC that has the following capabilities:
     

    Docs: https://docs.kasten.io/latest/install/generic.html#required-capabilities-for-generic-storage-backup

    - CHOWN
- DAC_OVERRIDE
- FOWNER

    Regards

    Rubens

    leduardoserrano
    1 person likes this
    • leduardoserrano
      leduardoserrano
    L
    • lidw123
    • Not a newbie anymore
    • 7 comments
    • May 8, 2024

    @FRubens    

    I have the same problem here,

    kasten v6.5.8

    Generic storage has been activated, Generic Storage Backup will now be enable

    cause:
            message: '{"message":"Failed to backup data to Kopia API
              server","function":"kasten.io/k10/kio/kanister/function.(*backupDataToServerFunc).Exec","linenumber":155,"file":"kasten.io/k10/kio/kanister/function/backup_data_to_server.go:155","cause":{"message":"Failed
              to establish connection to Kopia API
              server","function":"kasten.io/k10/kio/kanister/function.backupDataToServer","linenumber":218,"file":"kasten.io/k10/kio/kanister/function/backup_data_to_server.go:218","cause":{"message":"Failed
              while waiting for Kopia API server to
              start","function":"kasten.io/k10/kio/kopiaapiserver.WaitTillCommandSucceeds","linenumber":56,"file":"kasten.io/k10/kio/kopiaapiserver/wait.go:56","cause":{"message":"Timeout
              while
              polling","function":"kasten.io/k10/kio/poll.waitWithBackoffWithRetries","linenumber":86,"file":"kasten.io/k10/kio/poll/poll.go:86","fields":[{"name":"duration","value":"10m0.197563972s"}],"cause":{"message":"Context
              done while
              polling","function":"kasten.io/k10/kio/poll.waitWithBackoffWithRetriesHelper","linenumber":116,"file":"kasten.io/k10/kio/poll/poll.go:116","cause":{"message":"context
              deadline exceeded"}}}}}}'

     

    leduardoserrano
    1 person likes this
    • leduardoserrano
      leduardoserrano
    jaiganeshjk
    Forum|alt.badge.img+2
    • jaiganeshjk
    • Experienced User
    • 274 comments
    • May 8, 2024

    @lidw123 As Frubens mentioned in his earlier comment, K10 needs specific linux capabilities to run backups in rootless mode. These capabilities are necessary for the operations to work properly.

    Any ephemeral pods created by K10 comes up with these capabilites. However, the kanister-sidecar injected in to the applications might not have these capabilities.

    You might have to patch these kanister-sidecar containers securityContext to add the capabilites mentioned. Below Kb article mentions about Openshift but ideally this is applicable for any k8s cluster that has pod security standard/admission enabled.

     

    https://kb.kasten.io/knowledge/security-context-constraintsscc-settings-to-use-ocp-4.11-or-higher

    Jaiganesh

    Comment


    Terms & Conditions