Bug 1751124
| Summary: | Fix "volumes should store data" tests for hostPath volumes | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Jan Safranek <jsafrane> |
| Component: | Storage | Assignee: | Fabio Bertinatto <fbertina> |
| Status: | CLOSED ERRATA | QA Contact: | Chao Yang <chaoyang> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | unspecified | CC: | aos-bugs, aos-storage-staff, bchilds |
| Target Milestone: | --- | ||
| Target Release: | 4.3.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-01-23 11:05:47 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
The ci test cases are passed here https://prow.k8s.io/view/gcs/kubernetes-jenkins/logs/ci-kubernetes-e2e-gci-gce/1197020162776109056 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:0062 |
These two tests failed after rebase to Kubernetes 1.16 because of SELinux: [sig-storage] In-tree Volumes [Driver: hostPathSymlink] [Testpattern: Inline-volume (default fs)] volumes should store data [Suite:openshift/conformance/parallel] [Suite:k8s] expand_less [sig-storage] In-tree Volumes [Driver: hostPath] [Testpattern: Inline-volume (default fs)] volumes should store data [Suite:openshift/conformance/parallel] [Suite:k8s] expand_more fail [k8s.io/kubernetes/test/e2e/framework/volume/fixtures.go:587]: failed: writing the contents: Unexpected error: <exec.CodeExitError>: { Err: { s: "error running &{/usr/bin/kubectl [kubectl --server=https://api.ci-op-4vl6fx01-55c01.origin-ci-int-aws.dev.rhcloud.com:6443 --kubeconfig=/tmp/admin.kubeconfig exec hostpathsymlink-injector --namespace=e2e-volume-6879 -- /bin/sh -c echo 'Hello from hostPathSymlink from namespace e2e-volume-6879' > /opt/0/index.html] [] <nil> /bin/sh: can't create /opt/0/index.html: Permission denied\ncommand terminated with exit code 1\n [] <nil> 0xc005027110 exit status 1 <nil> <nil> true [0xc00452f6a8 0xc00452f6c0 0xc00452f6d8] [0xc00452f6a8 0xc00452f6c0 0xc00452f6d8] [0xc00452f6b8 0xc00452f6d0] [0x998ca0 0x998ca0] 0xc002b55800 <nil>}:\nCommand stdout:\n\nstderr:\n/bin/sh: can't create /opt/0/index.html: Permission denied\ncommand terminated with exit code 1\n\nerror:\nexit status 1", }, Code: 1, } error running &{/usr/bin/kubectl [kubectl --server=https://api.ci-op-4vl6fx01-55c01.origin-ci-int-aws.dev.rhcloud.com:6443 --kubeconfig=/tmp/admin.kubeconfig exec hostpathsymlink-injector --namespace=e2e-volume-6879 -- /bin/sh -c echo 'Hello from hostPathSymlink from namespace e2e-volume-6879' > /opt/0/index.html] [] <nil> /bin/sh: can't create /opt/0/index.html: Permission denied command terminated with exit code 1 [] <nil> 0xc005027110 exit status 1 <nil> <nil> true [0xc00452f6a8 0xc00452f6c0 0xc00452f6d8] [0xc00452f6a8 0xc00452f6c0 0xc00452f6d8] [0xc00452f6b8 0xc00452f6d0] [0x998ca0 0x998ca0] 0xc002b55800 <nil>}: Command stdout: stderr: /bin/sh: can't create /opt/0/index.html: Permission denied command terminated with exit code 1 https://prow.svc.ci.openshift.org/view/gcs/origin-ci-test/pr-logs/pull/23750/pull-ci-openshift-origin-master-e2e-aws/12677 Version-Release number of selected component (if applicable): 4.3 The tests were fixed by a temporary patch and they should be fixed properly upstream to simplify the next rebase. Note that the test was called "should be mountable" in 1.14 / 4.2 and it worked there - the pod that created index.html ran as privileged, while it's unprivileged in 1.16. Unprivileged pod cannot write to /tmp with label system_u:object_r:tmp_t:s0, while privileged can. We can either push the temporary patch upstream or find a better directory where unprivileged pod can write or prepare such directory in the test.