Bug 2109975

Summary: DataVolume fails to import "cirros-container-disk-demo" image
Product: Container Native Virtualization (CNV) Reporter: Andrej Krejcir <akrejcir>
Component: StorageAssignee: Arnon Gilboa <agilboa>
Status: CLOSED ERRATA QA Contact: Yan Du <yadu>
Severity: high Docs Contact:
Priority: high    
Version: 4.12.0CC: agilboa, alitke, awels, dholler, yadu
Target Milestone: ---   
Target Release: 4.12.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: v4.12.0-351 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-01-24 13:38:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Andrej Krejcir 2022-07-22 15:16:11 UTC 
Description of problem:

The DataVolume created by the following DataImportCron fails to import the image.


apiVersion: cdi.kubevirt.io/v1beta1
kind: DataImportCron
metadata:
  annotations:
    cdi.kubevirt.io/storage.bind.immediate.requested: "true"
  name: cirros-test
spec:
  managedDataSource: cirros-test
  schedule: '* * * * *'
  template:
    metadata: {}
    spec:
      source:
        registry:
          pullMethod: node
          url: docker://quay.io/kubevirt/cirros-container-disk-demo
      storage:
        resources:
          requests:
            storage: 128Mi
    status: {}


The pod "importer-cirros-test-0e5ac38b20ab" is crash looping with this error in "server" container log:


/disk                                                  
/disk/downloaded
2022/07/22 14:51:45 Failed renaming image file disk.img, directory /disk: rename /disk/downloaded /disk/disk.img: permission denied
stream closed


Version-Release number of selected component (if applicable):
containerized-data-importer v1.52.0


How reproducible:
100%


Steps to Reproduce:
1. Create the above DataImportCron


Additional info:
I'm not sure if it's related, but I have noticed that the image hash in DataVolume created by DataImportCron is not the latest version. The hash is "0e5ac38b20abcc7752293425b239a147868facd62cd5030dede6da6f2fc526a1" which corresponds to tag "v0.40.1", but the latest tag in the repository is "v0.55.0".
Comment 1 Yan Du 2022-07-25 05:51:40 UTC 
DV imported successfully on CNV v4.11.577, it may only happen on 4.12?
$ oc get dic
NAME          AGE
cirros-test   104s
$ oc get dv
NAME                       PHASE       PROGRESS   RESTARTS   AGE
cirros-test-0e5ac38b20ab   Succeeded   100.0%                111s
Comment 2 Andrej Krejcir 2022-07-25 08:07:45 UTC 
Yes, it works correctly with CDI v1.51.0.
Comment 3 Arnon Gilboa 2022-07-26 15:00:05 UTC 
@awels looks like a regression caused by your PR: https://github.com/kubevirt/containerized-data-importer/pull/2331
and more precisely: https://github.com/kubevirt/containerized-data-importer/blob/main/pkg/controller/import-controller.go#L1021-L1028
can we remove it from the node server container or at least lighten it a bit?
Comment 4 Alexander Wels 2022-07-26 15:51:06 UTC 
Yes it is likely caused by that PR, we should see if we can make it work with the restrictions in place.
Comment 5 Yan Du 2022-08-15 07:27:50 UTC 
Test on CNV-v4.12.0-363

$ oc get dic
NAME          AGE
cirros-test   44s

$ oc get dv cirros-test-0e5ac38b20ab 
NAME                       PHASE       PROGRESS   RESTARTS   AGE
cirros-test-0e5ac38b20ab   Succeeded   100.0%                40s
Comment 9 errata-xmlrpc 2023-01-24 13:38:04 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Virtualization 4.12.0 Images security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:0408