Bug 1946100 - Import DV with https fails
Summary: Import DV with https fails
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Container Native Virtualization (CNV)
Classification: Red Hat
Component: Storage
Version: 4.8.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.8.0
Assignee: Maya Rashish
QA Contact: dalia
URL:
Whiteboard:
: 1946101 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-04-04 13:22 UTC by dalia
Modified: 2021-07-27 14:30 UTC (History)
6 users (show)

Fixed In Version: virt-cdi-importer v4.8.0-17
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-07-27 14:29:42 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github kubevirt containerized-data-importer pull 1735 0 None closed Restore compatibility in specifying custom CAs by using Go client 2021-05-12 18:22:28 UTC
Red Hat Product Errata RHSA-2021:2920 0 None None None 2021-07-27 14:30:51 UTC

Description dalia 2021-04-04 13:22:56 UTC 
Description of problem:
Import a DV with https end up with failure

Version-Release number of selected component (if applicable):
4.8

How reproducible:
100%

Steps to Reproduce:
1. create a DV with import https
---
apiVersion: cdi.kubevirt.io/v1beta1
kind: DataVolume
metadata:
  name: test-dv
spec:
  source:
    http:
      url: https://....
  pvc:
    accessModes:
    - ReadWriteOnce
    resources:
      requests:
        storage: 13Gi
    storageClassName: hostpath-provisioner
    volumeMode: Filesystem
  contentType: kubevirt


2. create pod/vm to consume the dv

3. Check DV status

$ oc get dv -A
NAMESPACE                    NAME       PHASE              PROGRESS   RESTARTS   AGE
default   test-dv   ImportInProgress   N/A        3          57s


Actual results:
DV in progress (after some time you can is restarted) 

Expected results:
DV success

Additional info:

$ oc logs -f importer-dv-test 
I0401 17:44:17.030969       1 importer.go:52] Starting importer
I0401 17:44:17.031142       1 importer.go:134] begin import process
I0401 17:44:17.071016       1 http-datasource.go:244] Attempting to get certs from /certs/tlsregistry.crt
I0401 17:44:17.092478       1 data-processor.go:355] Calculating available size
I0401 17:44:17.092528       1 data-processor.go:367] Checking out file system volume size.
I0401 17:44:17.092547       1 data-processor.go:375] Request image size not empty.
I0401 17:44:17.092576       1 data-processor.go:380] Target size 1Gi.
I0401 17:44:17.092724       1 data-processor.go:238] New phase: Convert
I0401 17:44:17.092751       1 data-processor.go:244] Validating image
E0401 17:44:17.127290       1 prlimit.go:174] nbdkit failed output is:
E0401 17:44:17.127333       1 prlimit.go:175]
E0401 17:44:17.127361       1 prlimit.go:176] nbdkit: curl[1]: error: problem doing HEAD request to fetch size of URL [https://internal-http.kube-system/cirros-qcow2.img]: Problem with the SSL CA cert (path? access rights?): error setting certificate verify locations:
  CAfile: /certs/tls.crt
  CApath: none
qemu-img: Could not open 'nbd:unix:/tmp/nbdkitQFNqNV/socket': Requested export not available
 
E0401 17:44:17.127421       1 data-processor.go:235] nbdkit: curl[1]: error: problem doing HEAD request to fetch size of URL [https://internal-http.kube-system/cirros-qcow2.img]: Problem with the SSL CA cert (path? access rights?): error setting certificate verify locations:
  CAfile: /certs/tls.crt
  CApath: none
qemu-img: Could not open 'nbd:unix:/tmp/nbdkitQFNqNV/socket': Requested export not available
, nbdkit execution failed: exit status 1
Unable to convert source data to target format
kubevirt.io/containerized-data-importer/pkg/importer.(*DataProcessor).ProcessDataWithPause
        /remote-source/app/pkg/importer/data-processor.go:219
kubevirt.io/containerized-data-importer/pkg/importer.(*DataProcessor).ProcessData
        /remote-source/app/pkg/importer/data-processor.go:167
main.main
        /remote-source/app/cmd/cdi-importer/importer.go:189
runtime.main
        /usr/lib/golang/src/runtime/proc.go:203
runtime.goexit
        /usr/lib/golang/src/runtime/asm_amd64.s:1373
E0401 17:44:17.127530       1 importer.go:191] nbdkit: curl[1]: error: problem doing HEAD request to fetch size of URL [https://internal-http.kube-system/cirros-qcow2.img]: Problem with the SSL CA cert (path? access rights?): error setting certificate verify locations:
  CAfile: /certs/tls.crt
  CApath: none
qemu-img: Could not open 'nbd:unix:/tmp/nbdkitQFNqNV/socket': Requested export not available
, nbdkit execution failed: exit status 1
Unable to convert source data to target format
kubevirt.io/containerized-data-importer/pkg/importer.(*DataProcessor).ProcessDataWithPause
        /remote-source/app/pkg/importer/data-processor.go:219
kubevirt.io/containerized-data-importer/pkg/importer.(*DataProcessor).ProcessData
        /remote-source/app/pkg/importer/data-processor.go:167
main.main
        /remote-source/app/cmd/cdi-importer/importer.go:189
runtime.main
        /usr/lib/golang/src/runtime/proc.go:203
runtime.goexit
        /usr/lib/golang/src/runtime/asm_amd64.s:1373
Comment 2 Maya Rashish 2021-04-04 16:44:07 UTC 
*** Bug 1946101 has been marked as a duplicate of this bug. ***
Comment 3 Adam Litke 2021-05-12 18:24:05 UTC 
Maya, the linked PR is merged.  Can we move this to MODIFIED or is there more work to be done?
Comment 4 dalia 2021-05-23 16:42:37 UTC 
verefied: 
CDI v1.34.0
CNV 4.8
Comment 5 dalia 2021-05-23 16:42:38 UTC 
verefied: 
CDI v1.34.0
CNV 4.8
Comment 8 errata-xmlrpc 2021-07-27 14:29:42 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Virtualization 4.8.0 Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:2920
Note You need to log in before you can comment on or make changes to this bug.