Description of problem: With the current validation rules for windows templates, windows machines cannot be created without disks defined (fail template-validator validations). Diskless VMs are a valid scenario for PXE booted VMs and are also used by the V2V team. Version-Release number of selected component (if applicable): common-templates-v0.11.2 How reproducible: 100% Steps to Reproduce: 1. Deploy ssp-operator (to deploy template-validator and common-templates) 1. Process a Windows VM from a template and remove all disks from the definition 2. POST the VM to the cluster 3. Actual results: VM creation will fail due to disk validation rules, because no disks exist in the VM definition Expected results: VM creation should pass because there are no disks to validate Additional info: Solution suggestion from Ruth Netser: --- I guess it is because for Windows, disks are validated for: { "name": "windows-virtio-bus", "path": "jsonpath::.spec.domain.devices.disks[*].disk.bus", "rule": "enum", "message": "virto disk bus type has better performance, install virtio drivers in VM and change bus type", "values": ["virtio"], "justWarning": true }, { "name": "windows-disk-bus", "path": "jsonpath::.spec.domain.devices.disks[*].disk.bus", "rule": "enum", "message": "disk bus has to be either virtio or sata", "values": ["virtio", "sata"] } @Omer Yahud I think that adding "valid": "jsonpath::.spec.domain.devices.disks[*] to each of the rules will solve itl; what do you think? ---
Upstream PR: https://github.com/kubevirt/common-templates/pull/161
Created attachment 1711338 [details] failed_win_import.png
@Piotr, @Omer I tried to import Windows2016 VM from RHV to CNV using UI Wizard And got an import error: The virtual machine could not be imported. VMCreationFailed: Error while creating virtual machine default/v2v-win2016: Internal error occurred: failed calling webhook "virt-template-admission.kubevirt.io": Post https://virt-template-validator.openshift-cnv.svc:443/virtualmachine-template-validate?timeout=30s: EOF (Attached screenshot: failed_win_import.png) Tested with versions: OpenShift 4.5.5 CNV 2.4.1 RHV 4.4.1.10-0.1.el8ev
Maayan, It seems like we still have the issue. Would you mind providing the logs to confirm it?
Hi Maayan, Is this cluster still up? can I access it?
(In reply to Piotr Kliczewski from comment #7) > Maayan, It seems like we still have the issue. Would you mind providing the > logs to confirm it? There is an issue with the current CNV build 2.4.1 I will re-verify this bug once we have a valid build
Created attachment 1711598 [details] vm-import-controller.log
Created attachment 1711599 [details] describe_vm-import-v2v-win2016-8zvbv_output.log
Created attachment 1711600 [details] virtualmachineimport-vm-import-v2v-win2016-8zvbv.yaml
Retested Windows2016 VM import from RHV to CNV with a valid CNV 2.4.1 - KubeVirt v0.30.6 I got the same error as described in comment #6 VM import wasn't started Attachments: attachment 1711598 [details] - vm-import-controller.log attachment 1711599 [details] - describe_vm-import-v2v-win2016-8zvbv_output.log attachment 1711600 [details] - virtualmachineimport-vm-import-v2v-win2016-8zvbv.yaml @Omer, environment details were sent by mail
Re-opening. Tested with ssp 2.4.1-3 (sha256:63c3fa962cc2be2bb9da31982b22c1b4b446b6e175bb6b48eb413548d3c450d0) Windows template - oc get template -n openshift windows-server-medium-v0.11.3 -oyaml: validations: | [ { "name": "minimal-required-memory", "path": "jsonpath::.spec.domain.resources.requests.memory", "rule": "integer", "message": "This VM requires more memory.", "min": 536870912 }, { "name": "windows-virtio-bus", "path": "jsonpath::.spec.domain.devices.disks[*].disk.bus", "valid": "jsonpath::.spec.domain.devices.disks[*]", "rule": "enum", "message": "virto disk bus type has better performance, install virtio drivers in VM and change bus type", "values": ["virtio"], "justWarning": true }, { "name": "windows-disk-bus", "path": "jsonpath::.spec.domain.devices.disks[*].disk.bus", "valid": "jsonpath::.spec.domain.devices.disks[*]", "rule": "enum", "message": "disk bus has to be either virtio or sata", "values": ["virtio", "sata"] }, { "name": "windows-cd-bus", "path": "jsonpath::.spec.domain.devices.disks[*].cdrom.bus", "valid": "jsonpath::.spec.domain.devices.disks[*].cdrom.bus", "rule": "enum", "message": "cd bus has to be sata", "values": ["sata"] } ] Template validator fails on: $ oc logs virt-template-validator-56b4d7b6db-zcnb4 -n openshift-cnv {"component":"kubevirt-template-validator","level":"info","msg":"kubevirt-template-validator v0.6.6 (revision: ) starting","pos":"app.go:75","timestamp":"2020-08-17T11:24:38.765207Z"} {"component":"kubevirt-template-validator","level":"info","msg":"kubevirt-template-validator using kubevirt client-go (v0.0.0-master+$Format:%h$ $Format:%H$ 1970-01-01T00:00:00Z)","pos":"app.go:76","timestamp":"2020-08-17T11:24:38.765379Z"} W0817 11:24:38.765569 1 client_config.go:549] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work. {"component":"kubevirt-template-validator","level":"info","msg":"certificate from /etc/webhook/certs with common name 'virt-template-validator.openshift-cnv.svc' retrieved.","pos":"tlsinfo.go:131","timestamp":"2020-08-17T11:24:38.767645Z"} {"component":"kubevirt-template-validator","level":"info","msg":"validator app: started informers","pos":"app.go:97","timestamp":"2020-08-17T11:24:38.802144Z"} {"component":"kubevirt-template-validator","level":"info","msg":"validator app: synched informers","pos":"app.go:102","timestamp":"2020-08-17T11:24:39.102480Z"} {"component":"kubevirt-template-validator","level":"info","msg":"validator app: running with TLSInfo.CertsDirectory/etc/webhook/certs","pos":"app.go:105","timestamp":"2020-08-17T11:24:39.102674Z"} {"component":"kubevirt-template-validator","level":"info","msg":"validator app: TLS configured, serving over HTTPS on 0.0.0.0:8443","pos":"app.go:113","timestamp":"2020-08-17T11:24:39.146404Z"} W0817 11:42:40.149797 1 reflector.go:270] github.com/fromanirh/kubevirt-template-validator/pkg/template-validator/app.go:96: watch of *v1.Template ended with: The resourceVersion for the provided watch is too old. W0817 11:58:14.557139 1 reflector.go:270] github.com/fromanirh/kubevirt-template-validator/pkg/template-validator/app.go:96: watch of *v1.Template ended with: The resourceVersion for the provided watch is too old. W0817 12:09:30.933632 1 reflector.go:270] github.com/fromanirh/kubevirt-template-validator/pkg/template-validator/app.go:96: watch of *v1.Template ended with: The resourceVersion for the provided watch is too old. W0817 12:17:06.194396 1 reflector.go:270] github.com/fromanirh/kubevirt-template-validator/pkg/template-validator/app.go:96: watch of *v1.Template ended with: The resourceVersion for the provided watch is too old. {"component":"kubevirt-template-validator","level":"info","msg":"evalution summary for rhel-diskless-vm:\nminimal-required-memory applied: OK, 1610612736 in [1610612736, N/A]\n\nsucceeded=true","pos":"admission.go:42","timestamp":"2020-08-17T12:20:15.875572Z"} {"component":"kubevirt-template-validator","level":"info","msg":"evalution summary for rhel-diskless-vm:\nminimal-required-memory applied: OK, 1610612736 in [1610612736, N/A]\n\nsucceeded=true","pos":"admission.go:42","timestamp":"2020-08-17T12:20:15.918690Z"} I0817 12:20:23.069811 1 server.go:3055] http: panic serving 10.129.0.1:32794: runtime error: index out of range [0] with length 0 goroutine 104 [running]: net/http.(*conn).serve.func1(0xc000154960) /usr/lib/golang/src/net/http/server.go:1767 +0x139 panic(0x13c93c0, 0xc00042e620) /usr/lib/golang/src/runtime/panic.go:679 +0x1b2 github.com/fromanirh/kubevirt-template-validator/pkg/validation.decodeJSONPathString(0xc00041be00, 0x30, 0xc000014f00, 0x1, 0xc0008ce330, 0xc0002c8d80, 0xc0002c9140) /go/src/github.com/fromanirh/kubevirt-template-validator/pkg/validation/specialized.go:190 +0x248 github.com/fromanirh/kubevirt-template-validator/pkg/validation.decodeString(0xc00041be00, 0x30, 0xc000014f00, 0xc000015080, 0xc0002c9140, 0x0, 0x0, 0x0) /go/src/github.com/fromanirh/kubevirt-template-validator/pkg/validation/specialized.go:144 +0x57 github.com/fromanirh/kubevirt-template-validator/pkg/validation.(*enumRule).Apply(0xc0002c9140, 0xc000014f00, 0xc000015080, 0x1658600, 0xc0002c9140, 0x0) /go/src/github.com/fromanirh/kubevirt-template-validator/pkg/validation/specialized.go:266 +0x53 github.com/fromanirh/kubevirt-template-validator/pkg/validation.(*Evaluator).Evaluate(0xc0005b90e8, 0xc00074c300, 0x4, 0x4, 0xc000014f00, 0x2000) /go/src/github.com/fromanirh/kubevirt-template-validator/pkg/validation/eval.go:217 +0x55d github.com/fromanirh/kubevirt-template-validator/pkg/webhooks/validating.ValidateVMTemplate(0xc00074c300, 0x4, 0x4, 0xc000014f00, 0x0, 0x8, 0x0, 0x0) /go/src/github.com/fromanirh/kubevirt-template-validator/pkg/webhooks/validating/admission.go:41 +0xc7 github.com/fromanirh/kubevirt-template-validator/pkg/webhooks/validating.admitVMTemplate(0xc000a087e0, 0x14a07f0) /go/src/github.com/fromanirh/kubevirt-template-validator/pkg/webhooks/validating/hook.go:64 +0x745 github.com/fromanirh/kubevirt-template-validator/pkg/webhooks/validating.serve(0x1683b80, 0xc00019c2a0, 0xc0000feb00, 0x1542c08) /go/src/github.com/fromanirh/kubevirt-template-validator/pkg/webhooks/validating/hook.go:86 +0x4a3 github.com/fromanirh/kubevirt-template-validator/pkg/webhooks/validating.ServeVMTemplateValidate(...) /go/src/github.com/fromanirh/kubevirt-template-validator/pkg/webhooks/validating/hook.go:40 github.com/fromanirh/kubevirt-template-validator/pkg/template-validator.(*App).Run.func1(0x1683b80, 0xc00019c2a0, 0xc0000feb00) /go/src/github.com/fromanirh/kubevirt-template-validator/pkg/template-validator/app.go:108 +0x4b net/http.HandlerFunc.ServeHTTP(0x1542bf8, 0x1683b80, 0xc00019c2a0, 0xc0000feb00) /usr/lib/golang/src/net/http/server.go:2007 +0x44 net/http.(*ServeMux).ServeHTTP(0x2016680, 0x1683b80, 0xc00019c2a0, 0xc0000feb00) /usr/lib/golang/src/net/http/server.go:2387 +0x1bd net/http.serverHandler.ServeHTTP(0xc00019c000, 0x1683b80, 0xc00019c2a0, 0xc0000feb00) /usr/lib/golang/src/net/http/server.go:2802 +0xa4 net/http.(*conn).serve(0xc000154960, 0x1687cc0, 0xc0004dc0c0) /usr/lib/golang/src/net/http/server.go:1890 +0x875 created by net/http.(*Server).Serve /usr/lib/golang/src/net/http/server.go:2927 +0x38e
With this change the cretion passes: { "name": "windows-virtio-bus", "path": "jsonpath::.spec.domain.devices[*].disks.disk.bus", "valid": "jsonpath::.spec.domain.devices[*].disks", "rule": "enum", "message": "virto disk bus type has better performance, install virtio drivers in VM and change bus type", "values": ["virtio"], "justWarning": true }, { "name": "windows-disk-bus", "path": "jsonpath::.spec.domain.devices[*].disks.disk.bus", "valid": "jsonpath::.spec.domain.devices[*].disks", "rule": "enum", "message": "disk bus has to be either virtio or sata", "values": ["virtio", "sata"] }, { "name": "windows-cd-bus", "path": "jsonpath::.spec.domain.devices[*].disks.cdrom.bus", "valid": "jsonpath::.spec.domain.devices[*].disks", "rule": "enum", "message": "cd bus has to be sata", "values": ["sata"] }
This works as well (devices[*].disks[*]): "name": "windows-virtio-bus", "path": "jsonpath::.spec.domain.devices[*].disks.disk.bus", "valid": "jsonpath::.spec.domain.devices[*].disks[*]", "rule": "enum", "message": "virto disk bus type has better performance, install virtio drivers in VM and change bus type", "values": ["virtio"], "justWarning": true }, { "name": "windows-disk-bus", "path": "jsonpath::.spec.domain.devices[*].disks.disk.bus", "valid": "jsonpath::.spec.domain.devices[*].disks[*]", "rule": "enum", "message": "disk bus has to be either virtio or sata", "values": ["virtio", "sata"] }, { "name": "windows-cd-bus", "path": "jsonpath::.spec.domain.devices[*].disks.cdrom.bus", "valid": "jsonpath::.spec.domain.devices[*].disks[*]", "rule": "enum", "message": "cd bus has to be sata", "values": ["sata"] }
New validator build is available: kubevirt-template-validator-container-v2.4.1-2
This issue cannot be verified yet due to CNV deployment bug: Bug 1870439 - [deploy cnv] various Init:ImagePullBackOff when deploying CNV on indeximage format (indeximage should be updated with kubevirt-template-validator-container-v2.4.1-2)
Verified from SSP side on template validator 2.4.1-2 and SSP operator 2.4.1-3: 1. Create a Window VM using Windows Server templates, VM does not have a disks section -> vm is created successfully 2. Remove the "valid" key from template disks validations -> VM creation fails as expected, template validator did not crash The request is invalid: * .spec.domain.devices.disks[*].disk.bus: virto disk bus type has better performance, install virtio drivers in VM and change bus type: no values were found 3. Add new validation rule on cpu.cores (bug 1870541)
Verified as fixed in kubevirt-template-validator-container-v2.4.1-2 Windows2016 VM import from RHV to CNV 2.4.1 has successfully started Verification steps: import Windows VM with Wizard (RHV->CNV), using NFS storage class
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Virtualization 2.4.1 images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:3629
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days