Bug 2142490

Summary: tekton disk-virt-* containers are missing libguestfs appliance file
Product: Container Native Virtualization (CNV) Reporter: Karel Šimon <ksimon>
Component: InfrastructureAssignee: Karel Šimon <ksimon>
Status: CLOSED ERRATA QA Contact: Geetika Kapoor <gkapoor>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 4.11.0CC: dholler, gkapoor, ycui
Target Milestone: ---   
Target Release: 4.11.3   
Hardware: Unspecified   
OS: All   
Whiteboard:
Fixed In Version: kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.2-1, kubevirt-tekton-tasks-disk-virt-customize-container-v4.11.2-1, kubevirt-tekton-tasks-operator-container-v4.11.3-7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-02-07 15:16:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Karel Šimon 2022-11-14 08:09:16 UTC 
Description of problem:
tekton disk-virt-* containers are missing libguestfs appliance file. Due to that, disk-virt-* tasks are failing. This is caused by different us/ds path of libguestfs appliance file in kubevirt/libguestfs-tools container.

Version-Release number of selected component (if applicable):


How reproducible:
100%

Steps to Reproduce:
1. Run disk-virt-* tekton task.
2. Observe newly created task pod
3.

Actual results:
task run fails

Expected results:
task run passes

Additional info:
Comment 2 Geetika Kapoor 2023-01-09 00:03:06 UTC 
Test Env:

$ oc get csv -n openshift-cnv
NAME                                       DISPLAY                       VERSION   REPLACES                                   PHASE
kubevirt-hyperconverged-operator.v4.11.2   OpenShift Virtualization      4.11.2    kubevirt-hyperconverged-operator.v4.11.1   Succeeded
openshift-pipelines-operator-rh.v1.8.2     Red Hat OpenShift Pipelines   1.8.2                                                Succeeded


Test Case 1: Run the pipelines and look for errors. No errors seen in existing pipelines.
Test Case 2: Run task disk-virt-customize.Failed with Below error.  Triggered by: kube:admin


failed to create task run pod "new-pipeline-1ti157-disk-virt-customize": pods "new-pipeline-1ti157-disk-virt-customize-pod" is forbidden: unable to validate against any security context constraint: [provider "anyuid": Forbidden: not usable by user or serviceaccount, provider "pipelines-scc": Forbidden: not usable by user or serviceaccount, provider "containerized-data-importer": Forbidden: not usable by user or serviceaccount, spec.containers[0].securityContext.runAsUser: Invalid value: 0: must be in the ranges: [1000710000, 1000719999], provider "restricted": Forbidden: not usable by user or serviceaccount, provider "nonroot-v2": Forbidden: not usable by user or serviceaccount, spec.containers[0].securityContext.runAsUser: Invalid value: 0: running with the root UID is forbidden, provider "noobaa": Forbidden: not usable by user or serviceaccount, provider "noobaa-endpoint": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, provider "kubevirt-controller": Forbidden: not usable by user or serviceaccount, provider "bridge-marker": Forbidden: not usable by user or serviceaccount, provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount, provider "hostnetwork-v2": Forbidden: not usable by user or serviceaccount, provider "hostnetwork": Forbidden: not usable by user or serviceaccount, provider "hostaccess": Forbidden: not usable by user or serviceaccount, provider "ocs-metrics-exporter": Forbidden: not usable by user or serviceaccount, provider "hostpath-provisioner-csi": Forbidden: not usable by user or serviceaccount, provider "linux-bridge": Forbidden: not usable by user or serviceaccount, provider "kubevirt-handler": Forbidden: not usable by user or serviceaccount, provider "rook-ceph": Forbidden: not usable by user or serviceaccount, provider "node-exporter": Forbidden: not usable by user or serviceaccount, provider "rook-ceph-csi": Forbidden: not usable by user or serviceaccount, provider "privileged": Forbidden: not usable by user or serviceaccount]. Maybe missing or invalid Task openshift-cnv/disk-virt-customize

NeedInfo on TC 2.
Comment 4 Karel Šimon 2023-01-24 06:01:30 UTC 
There is necessary another fix, which is currently open https://github.com/kubevirt/tekton-tasks-operator/pull/119
Comment 9 errata-xmlrpc 2023-02-07 15:16:28 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Virtualization 4.11.3 Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2023:0621