+++ This bug was initially created as a clone of Bug #1860392 +++ Description of problem: It appears that copying certs for the velero container will sometimes result in errors if the files already exist and the -f/--force option for cp is not used due to the restrictive permissions Version-Release number of selected component (if applicable): CAM 1.2.3 How reproducible: Seems always in certain environments, and yet never occurs in most. Actual results: velero enters a crash loop because the init pod cannot copy the files Expected results: velero starts normally Additional info:
Verified in MTC 1.3 openshift-migration-rhel7-operator@sha256:233af9517407e792bbb34c58558346f2424b8b0ab54be6f12f9f97513e391a6a Since we cannot reproduce the issue, we only verify that the copy is being done with "force". In OCP4.5 $ oc get pods velero-696d9f9b5b-nvd6x -o yaml .... - command: - sh - -ec - cp -f /etc/ssl/certs/* /certs/; ln -sf /credentials/ca_bundle.pem /certs/ca_bundle.pem; image: quay-enterprise-quay-enterprise.apps.cam-tgt-8570.qe.azure.devcluster.openshift.com/admin/openshift-migration-velero-rhel8@sha256:f844d84dd85f8ae75dc651ca7dd206463f4a10167417f8d6c8793c01c9b72152 In OCP3.11 $ oc get pods -o yaml velero-7c7b85556f-xmvcg - command: - sh - -ec - cp -f /etc/ssl/certs/* /certs/; ln -sf /credentials/ca_bundle.pem /certs/ca_bundle.pem; image: quay-enterprise-quay-enterprise.apps.cam-tgt-8690.qe.devcluster.openshift.com/admin/openshift-migration-velero-rhel8@sha256:f844d84dd85f8ae75dc651ca7dd206463f4a10167417f8d6c8793c01c9b72152 imagePullPolicy: Always Moved to VERIFIED status.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Migration Toolkit for Containers (MTC) Tool image release advisory 1.3.0), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4148