Bug 1860392

Summary: Copying certs without force option sometimes results in errors
Product: OpenShift Container Platform Reporter: Jason Montleon <jmontleo>
Component: Migration ToolingAssignee: Jason Montleon <jmontleo>
Status: CLOSED ERRATA QA Contact: Xin jiang <xjiang>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.4CC: jmatthew, mberube, rjohnson, sregidor
Target Milestone: ---   
Target Release: 4.4.z   
Hardware: Unspecified   
OS: Unspecified   
URL: https://github.com/konveyor/mig-operator/pull/390
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of:
: 1860394 (view as bug list) Environment:
Last Closed: 2020-08-05 10:51:25 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1860394    
Bug Blocks:    

Description Jason Montleon 2020-07-24 12:56:06 UTC 
Description of problem:
It appears that copying certs for the velero container will sometimes result in errors if the files already exist and the -f/--force option for cp is not used due to the restrictive permissions

Version-Release number of selected component (if applicable):
CAM 1.2.3

How reproducible:
Seems always in certain environments, and yet never occurs in most.

Actual results:
velero enters a crash loop because the init pod cannot copy the files

Expected results:
velero starts normally

Additional info:
Comment 4 Sergio 2020-07-27 09:24:23 UTC 
Verified in CAM 1.2.4 stage, in OCP 3.11 and in OCP 4.5

Image: openshift-migration-rhel7-operator@sha256:5f1deddb16fcf9688f59f7e977f4246cff08e765a4da83c15f3c94bf1ecb68c8

Since we cannot reproduce the issue, we only verify that the copy is being done with "force".


This is how we make the copy now, the force parameter is included both in 3.11 and 4.5:

oc get pods velero-7868dc6455-64n6m  -o yaml

  - command:
    - sh
    - -ec
    - cp -f /etc/ssl/certs/* /certs/; ln -sf /credentials/ca_bundle.pem /certs/ca_bundle.pem;
    image: quay-enterprise-quay-enterprise.apps.cam-tgt-7120.qe.devcluster.openshift.com/admin/openshift-migration-velero-rhel8@sha256:461ea0c165ed525d4276056f6aab879dcf011facb00e94acc88ae6e9f33f1637
Comment 7 errata-xmlrpc 2020-08-05 10:51:25 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Cluster Application Migration (CAM) Tool Image Release Advisory 1.2.4), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:3320