Bug 2046271

Summary: virt-cdi-importer fails to import a VM image when clusterwide proxy configured
Product: Container Native Virtualization (CNV) Reporter: Yan Du <yadu>
Component: StorageAssignee: Alexander Wels <awels>
Status: CLOSED ERRATA QA Contact: dalia <dafrank>
Severity: high Docs Contact:
Priority: unspecified    
Version: 4.10.0CC: alitke, awels, cnv-qe-bugs, dafrank, mhenriks, mrashish, nsurati, yadu
Target Milestone: ---   
Target Release: 4.10.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: CNV v4.10.0-675 Doc Type: Bug Fix
Doc Text:
Cause: In certain scenarios the cluster-wide proxy config was passed incorrectly to the importer Pod. Consequence: VM disk imports would sometimes fail when a cluster-wide proxy was configured. Fix: The proxy configuration is now passed correctly. Result: VM disk imports should now work with a cluster-wide proxy configured.
 Story Points: ---
Clone Of: 2043999 Environment:
Last Closed: 2022-03-16 16:06:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2043999, 2049800    
Bug Blocks: 2046268    

Description Yan Du 2022-01-26 13:41:00 UTC 
+++ This bug was initially created as a clone of Bug #2043999 +++

Description of problem:

virt-cdi-importer fails to import a VM image when global proxy settings.


Version-Release number of selected component (if applicable):
OpenShift 4.8.15
OpenShift Virtualization 4.8.3

How reproducible:
1. Configure global proxy settings to access Internet
2. Import qcow2 image from the Internet

Actual results:
I0120 00:54:31.368755       1 importer.go:52] Starting importer
I0120 00:54:31.369483       1 importer.go:135] begin import process
E0120 00:55:31.370197       1 importer.go:140] Get "https://access.cdn.redhat.com/content/origin/files/sha256/8e/8e34e57feb68d19ba9ffbefcd3f662b1a3437c9f7d811449c5ad452adda64384/rhel-8.2-x86_64-kvm.qcow2?user=16cbb97d7034eaaf6884a3a99e6751f8&_auth_=1642654271_686502123a3cc36afa60deff5b253224": dial tcp 23.223.151.32:443: i/o timeout
HTTP request errored
kubevirt.io/containerized-data-importer/pkg/importer.createHTTPReader
    /remote-source/app/pkg/importer/http-datasource.go:301
kubevirt.io/containerized-data-importer/pkg/importer.NewHTTPDataSource
    /remote-source/app/pkg/importer/http-datasource.go:89
main.main
    /remote-source/app/cmd/cdi-importer/importer.go:138
runtime.main
    /usr/lib/golang/src/runtime/proc.go:204
runtime.goexit
    /usr/lib/golang/src/runtime/asm_amd64.s:1374

Expected results:

Image downloaded using the proxy


Additional info:

Following messages observed in cdi-deployment pod

2022-01-18T18:36:17.664722324Z E0118 18:36:17.664670       1 reflector.go:138] sigs.k8s.io/controller-runtime/pkg/cache/internal/informers_map.go:229: Failed to watch *v1.ConfigMap: failed to list *v1.ConfigMap: configmaps is forbidden: User "system:serviceaccount:openshift-cnv:cdi-sa" cannot list resource "configmaps" in API group "" at the cluster scope

--- Additional comment from  on 2022-01-23 07:11:15 UTC ---

Please find must gather : https://attachments.access.redhat.com/hydra/rest/cases/03128786/attachments/e22311e9-aa46-4b31-813b-1bb2f227d81f?usePresignedUrl=true
Comment 1 Maya Rashish 2022-02-10 15:01:01 UTC 
Moving back to POST - the changes introduced a regression and we'd like to fix it within the context of this bug.
Comment 2 Yan Du 2022-03-02 06:15:34 UTC 
Test on CNV-v4.10.0-696, issue has been fixed.
$ oc edit proxy
  spec:
    httpProxy: http://$http_proxy:3128
    noProxy: '*'
    trustedCA:
      name: ""
$ oc get dv
NAME             PHASE       PROGRESS   RESTARTS   AGE
import-http-dv   Succeeded   100.0%                4m56s
Comment 6 errata-xmlrpc 2022-03-16 16:06:49 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Virtualization 4.10.0 Images security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0947