Bug 1883418

Summary: [CNV-2.5] virt-handler fails to start due to a missing SEinux policy file
Product: Container Native Virtualization (CNV) Reporter: Lukas Bednar <lbednar>
Component: VirtualizationAssignee: Daniel Belenky <dbelenky>
Status: CLOSED ERRATA QA Contact: Kedar Bidarkar <kbidarka>
Severity: high Docs Contact:
Priority: unspecified    
Version: 2.5.0CC: cnv-qe-bugs, dbelenky, fdeutsch, kbidarka, lbednar, ncredi, sgott
Target Milestone: ---Keywords: AutomationBlocker, Regression, TestBlocker
Target Release: 2.5.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: hco-bundle-registry-container-v2.5.0-260 virt-operator-container-v2.5.0-58 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-11-17 13:24:55 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lukas Bednar 2020-09-29 07:00:55 UTC 
Description of problem:

[cloud-user@ocp-psi-executor ~]$ oc logs  -n openshift-cnv virt-handler-8nl2q
{"component":"virt-handler","hostname":"verify-25-jshxz-worker-0-2lbpt","level":"info","pos":"virt-handler.go:155","timestamp":"2020-09-29T06:55:25.601771Z"}
{"component":"virt-handler","level":"info","msg":"Starting collector: node name=verify-25-jshxz-worker-0-2lbpt","pos":"prometheus.go:483","timestamp":"2020-09-29T06:55:25.642959Z"}
{"component":"virt-handler","level":"info","msg":"STARTING informer kubeVirtInformer","pos":"virtinformers.go:251","timestamp":"2020-09-29T06:55:25.643078Z"}
{"component":"virt-handler","level":"info","msg":"STARTING informer extensionsKubeVirtCAConfigMapInformer","pos":"virtinformers.go:251","timestamp":"2020-09-29T06:55:25.643129Z"}
{"component":"virt-handler","level":"info","msg":"STARTING informer vmiInformer","pos":"virtinformers.go:251","timestamp":"2020-09-29T06:55:25.643144Z"}
{"component":"virt-handler","level":"info","msg":"STARTING informer configMapInformer","pos":"virtinformers.go:251","timestamp":"2020-09-29T06:55:25.643156Z"}
{"component":"virt-handler","level":"info","msg":"STARTING informer CRDInformer","pos":"virtinformers.go:251","timestamp":"2020-09-29T06:55:25.643166Z"}
{"component":"virt-handler","level":"info","msg":"certificate from /etc/virt-handler/clientcertificates with common name 'kubevirt.io:system:client:virt-handler' retrieved.","pos":"cert-manager.go:182","timestamp":"2020-09-29T06:55:25.643591Z"}
{"component":"virt-handler","level":"info","msg":"certificate from /etc/virt-handler/servercertificates with common name 'kubevirt.io:system:node:virt-handler' retrieved.","pos":"cert-manager.go:182","timestamp":"2020-09-29T06:55:25.646339Z"}
{"component":"virt-handler","level":"info","msg":"Updating cluster config to resource version '11380674'","pos":"config-map.go:457","timestamp":"2020-09-29T06:55:25.656342Z"}
{"component":"virt-handler","level":"info","msg":"SELinux is reported as 'enforcing'","pos":"virt-handler.go:326","timestamp":"2020-09-29T06:55:25.664788Z"}
panic: failed to install virt-launcher selinux policy: failed to copy policy /var/run/kubevirt/base_container.cil - err: failed to read a policy file /base_container.cil: open /base_container.cil: no such file or directory 

goroutine 1 [running]:
main.(*virtHandlerApp).Run(0xc002bf0360)
	/go/src/kubevirt.io/kubevirt/cmd/virt-handler/virt-handler.go:330 +0x253b
main.main()
	/go/src/kubevirt.io/kubevirt/cmd/virt-handler/virt-handler.go:453 +0x6e



Version-Release number of selected component (if applicable):
OCP-4.6.0-fc.8
HCO-v2.5.0-239


How reproducible: 100


Steps to Reproduce:
1. Install CNV
2.
3.

Actual results: virt-handler fails to start


Expected results: virt-handler running


Additional info:
It seems to be regression of https://bugzilla.redhat.com/show_bug.cgi?id=1770272
Comment 5 sgott 2020-10-01 11:52:43 UTC 
Steps to verify: observe that virt-handler is running.
Comment 6 Kedar Bidarkar 2020-10-06 17:48:14 UTC 
(cnv-tests) [kbidarka@kbidarka-host osdc]$ oc get pods -n openshift-cnv | grep virt-handler
virt-handler-gtc8n                                    1/1     Running   0          6h4m
virt-handler-wc6v9                                    1/1     Running   0          6h4m
virt-handler-wnhh8                                    1/1     Running   0          6h4m
(cnv-tests) [kbidarka@kbidarka-host osdc]$ oc get csv -n openshift-cnv 
NAME                                      DISPLAY                    VERSION   REPLACES                                  PHASE
kubevirt-hyperconverged-operator.v2.5.0   OpenShift Virtualization   2.5.0     kubevirt-hyperconverged-operator.v2.4.1   Succeeded

Summary: virt-handler pods are running fine and without any restarts.
Comment 9 errata-xmlrpc 2020-11-17 13:24:55 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Virtualization 2.5.0 Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:5127