Bug 2114922

Summary: Can run with host-Model cpuModel even if it is in ObsoleteCPUModels
Product: Container Native Virtualization (CNV) Reporter: Barak <bmordeha>
Component: VirtualizationAssignee: Barak <bmordeha>
Status: CLOSED ERRATA QA Contact: zhe peng <zpeng>
Severity: high Docs Contact:
Priority: high    
Version: 4.12.0CC: acardace, fdeutsch, sgott
Target Milestone: ---   
Target Release: 4.13.0   
Hardware: All   
OS: Unspecified   
Whiteboard:
Fixed In Version: hco-bundle-registry-container-v4.13.0.rhel9-848 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-05-18 02:55:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Barak 2022-08-03 14:11:32 UTC 
Description of problem:
Currently if a node has host-model cpu that is included in ObsoleteCPUModels
and we create vmi with host-model cpu it can still be scheduled to that node,
than the vmi will run with host-model cpu and won't be able to migrate.

Version-Release number of selected component (if applicable):


How reproducible:
Add a node's host-model cpu model to the ObsoleteCPUModels
can find out which model is that through the node's label:
"host-model-cpu.node.kubevirt.io/<HostModelOfTheNode>": "true"  

Create a vm to start on the node with host-model(the default cpuModel)

Actual results:
The vm will be scheduled and run with the obsolete cpuModel

Expected results:
Virt launcher shouldn't be scheduled

Additional info:
Comment 1 sgott 2022-08-10 12:29:53 UTC 
In this scenario, we allow a VM to be created that cannot be migrated, which will block upgrade. Because of this we're increasing the severity.
Comment 5 zhe peng 2023-03-07 10:40:27 UTC 
verify with build: CNV-v4.13.0.rhel9-1639

step:
1: check cluster node cpu model(in the test is "EPYC-Rome")
2: add  cpu mode to ObsoleteCPUModels
$ oc get HyperConverged kubevirt-hyperconverged -n openshift-cnv -o yaml
...
  obsoleteCPUs:
    cpuModels:
    - EPYC-Rome
...
3: check node's label
...
host-model-cpu.node.kubevirt.io/EPYC-Rome: "true"
...

4: create a vm with default template
$ oc get vm
NAME        AGE     STATUS               READY
vm-fedora   6m24s   ErrorUnschedulable   False

$ oc get pods
NAME                            READY   STATUS    RESTARTS   AGE
virt-launcher-vm-fedora-dqnh6   0/1     Pending   0          6m39s

error msg is:
Events:
  Type     Reason            Age   From               Message
  ----     ------            ----  ----               -------
  Warning  FailedScheduling  7m5s  default-scheduler  0/6 nodes are available: 3 Insufficient devices.kubevirt.io/kvm, 3 Insufficient devices.kubevirt.io/tun, 3 Insufficient devices.kubevirt.io/vhost-net, 3 node(s) had untolerated taint {node-role.kubernetes.io/master: }, 6 node(s) didn't match Pod's node affinity/selector. preemption: 0/6 nodes are available: 6 Preemption is not helpful for scheduling..

move to verified.
Comment 8 errata-xmlrpc 2023-05-18 02:55:41 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Virtualization 4.13.0 Images security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:3205