Bug 1871050
| Summary: | ovirt CSI driver needs permission to patch volumeattachment/status | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Jan Safranek <jsafrane> |
| Component: | Storage | Assignee: | Jan Safranek <jsafrane> |
| Storage sub component: | Operators | QA Contact: | Qin Ping <piqin> |
| Status: | CLOSED ERRATA | Docs Contact: | |
| Severity: | medium | ||
| Priority: | unspecified | CC: | aos-bugs, gzaidman |
| Version: | 4.6 | ||
| Target Milestone: | --- | ||
| Target Release: | 4.6.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-10-27 16:30:14 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Jan Safranek
2020-08-21 08:39:54 UTC
This change[3] caused ovirt installation and CI to break[1] due to:
"
level=error msg="Cluster operator storage Degraded is True with OVirtCSIDriverOperatorCR_OvirtDriverStaticResources_SyncError: OVirtCSIDriverOperatorCRDegraded: OvirtDriverStaticResourcesDegraded: \"rbac/attacher_binding.yaml\" (string): clusterroles.rbac.authorization.k8s.io \"ovirt-external-attacher-role\" not found\nOVirtCSIDriverOperatorCRDegraded: OvirtDriverStaticResourcesDegraded: \"rbac/attacher_role.yaml\" (string): clusterroles.rbac.authorization.k8s.io \"ovirt-external-attacher-role\" is forbidden: user \"system:serviceaccount:openshift-cluster-csi-drivers:ovirt-csi-driver-operator\" (groups=[\"system:serviceaccounts\" \"system:serviceaccounts:openshift-cluster-csi-drivers\" \"system:authenticated\"]) is attempting to grant RBAC permissions not currently held:\nOVirtCSIDriverOperatorCRDegraded: OvirtDriverStaticResourcesDegraded: {APIGroups:[\"storage.k8s.io\"], Resources:[\"volumeattachments/status\"], Verbs:[\"patch\"]}\nOVirtCSIDriverOperatorCRDegraded: OvirtDriverStaticResourcesDegraded: "
"
Moving to post so I can link PR[2] which complete the fix (didn't want to open a separate bug just to link the PR).
[1] https://prow.ci.openshift.org/view/gs/origin-ci-test/logs/release-openshift-ocp-installer-e2e-ovirt-4.6/1297494770666442752
[2] https://github.com/openshift/ovirt-csi-driver-operator/pull/22
[3] https://github.com/openshift/ovirt-csi-driver-operator/pull/21
Verified with: 4.6.0-0.nightly-2020-08-26-010422 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196 |