Bug 1806376

Summary: [feature][backport-4.3] support SR-IOV NIC partitioning in SR-IOV Operator
Product: OpenShift Container Platform Reporter: zenghui.shi <zshi>
Component: NetworkingAssignee: Peng Liu <pliu>
Networking sub component: SR-IOV QA Contact: zhaozhanqi <zzhao>
Status: CLOSED ERRATA Docs Contact:
Severity: high    
Priority: high CC: pliu, zzhao
Version: 4.3.z   
Target Milestone: ---   
Target Release: 4.3.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1806373 Environment:
Last Closed: 2020-03-10 23:54:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1806373    
Bug Blocks:    

Comment 6 zhaozhanqi 2020-02-28 07:33:38 UTC 
reopen this bug, found RBAC issue 

see logs from config daemon:

 I0228 07:03:50.556351   33907 daemon.go:407] cordoned node "dell-per740"
I0228 07:03:50.624263   33907 daemon.go:403] daemonsets.apps "multus" is forbidden: User "system:serviceaccount:openshift-sriov-network-operator:sriov-network-config-daemon" cannot get resource "daemonsets" in API group "apps" in the namespace "openshift-multus": multus-782xb; daemonsets.apps "ovnkube-node" is forbidden: User "system:serviceaccount:openshift-sriov-network-operator:sriov-network-config-daemon" cannot get resource "daemonsets" in API group "apps" in the namespace "openshift-ovn-kubernetes": ovnkube-node-5jv7j; daemonsets.apps "tuned" is forbidden: User "system:serviceaccount:openshift-sriov-network-operator:sriov-network-config-daemon" cannot get resource "daemonsets" in API group "apps" in the namespace "openshift-cluster-node-tuning-operator": tuned-rz94j; daemonsets.apps "dns-default" is forbidden: User "system:serviceaccount:openshift-sriov-network-operator:sriov-network-config-daemon" cannot get resource "daemonsets" in API group "apps" in the namespace "openshift-dns": dns-default-plc8k; daemonsets.apps "machine-config-daemon" is forbidden: User "system:serviceaccount:openshift-sriov-network-operator:sriov-network-config-daemon" cannot get resource "daemonsets" in API group "apps" in the namespace "openshift-machine-config-operator": machine-config-daemon-9pd98; daemonsets.apps "node-exporter" is forbidden: User "system:serviceaccount:openshift-sriov-network-operator:sriov-network-config-daemon" cannot get resource "daemonsets" in API group "apps" in the namespace "openshift-monitoring": node-exporter-rbd4j
I0228 07:03:50.624334   33907 daemon.go:407] unable to drain node "dell-per740"
I0228 07:03:50.624355   33907 daemon.go:407] there are pending nodes to be drained: dell-per740
I0228 07:03:50.624368   33907 daemon.go:438] drainNode(): Draining failed with: daemonsets.apps "multus" is forbidden: User "system:serviceaccount:openshift-sriov-network-operator:sriov-network-config-daemon" cannot get resource "daemonsets" in API group "apps" in the namespace "openshift-multus": multus-782xb; daemonsets.apps "ovnkube-node" is forbidden: User "system:serviceaccount:openshift-sriov-network-operator:sriov-network-config-daemon" cannot get resource "daemonsets" in API group "apps" in the namespace "openshift-ovn-kubernetes": ovnkube-node-5jv7j; daemonsets.apps "tuned" is forbidden: User "system:serviceaccount:openshift-sriov-network-operator:sriov-network-config-daemon" cannot get resource "daemonsets" in API group "apps" in the namespace "openshift-cluster-node-tuning-operator": tuned-rz94j; daemonsets.apps "dns-default" is forbidden: User "system:serviceaccount:openshift-sriov-network-operator:sriov-network-config-daemon" cannot get resource "daemonsets" in API group "apps" in the namespace "openshift-dns": dns-default-plc8k; daemonsets.apps "machine-config-daemon" is forbidden: User "system:serviceaccount:openshift-sriov-network-operator:sriov-network-config-daemon" cannot get resource "daemonsets" in API group "apps" in the namespace "openshift-machine-config-operator": machine-config-daemon-9pd98; daemonsets.apps "node-exporter" is forbidden: User "system:serviceaccount:openshift-sriov-network-operator:sriov-network-config-daemon" cannot get resource "daemonsets" in API group "apps" in the namespace "openshift-monitoring": node-exporter-rbd4j, retrying
Comment 8 zhaozhanqi 2020-03-02 03:28:55 UTC 
Verified this bug on 4.3.5-202002280917
Comment 10 errata-xmlrpc 2020-03-10 23:54:09 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0676