Bug 1999617 - Unable to create a VM with nonroot VirtLauncher Pods
Summary: Unable to create a VM with nonroot VirtLauncher Pods
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Container Native Virtualization (CNV)
Classification: Red Hat
Component: Virtualization
Version: 4.9.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.9.0
Assignee: lpivarc
QA Contact: Israel Pinto
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-08-31 12:49 UTC by Kedar Bidarkar
Modified: 2021-11-02 16:01 UTC (History)
3 users (show)

Fixed In Version: virt-operator-container-v4.9.0-45 hco-bundle-registry-container-v4.9.0-194
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-11-02 16:00:55 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2021:4104 0 None None None 2021-11-02 16:01:03 UTC

Description Kedar Bidarkar 2021-08-31 12:49:37 UTC 
Description of problem:

Unable to create a VM with nonroot VirtLauncher Pods

Version-Release number of selected component (if applicable):
CNV-4.9.0

How reproducible:


Steps to Reproduce:
1. In CNV-4.9, update the HCO CR with the below command,
]$ oc annotate --overwrite -n openshift-cnv hyperconverged kubevirt-hyperconverged kubevirt.kubevirt.io/jsonpatch='[{
      "op": "add",
      "path": "/spec/configuration/developerConfiguration/featureGates",
      "value": ["DataVolumes", "SRIOV", "LiveMigration", "CPUManager", "CPUNodeDiscovery",
      "Snapshot", "HotplugVolumes", "GPU", "HostDevices", "WithHostModelCPU", "HypervStrictCheck",
      "SRIOVLiveMigration", "NonRootExperimental"]
  }]'

2. Create a VM
3.

Actual results:
Unable to create a VM with nonroot VirtLauncher Pods

{"component":"virt-launcher","level":"info","msg":"Collected all requested hook sidecar sockets","pos":"manager.go:74","timestamp":"2021-08-31T11:39:10.115352Z"}
{"component":"virt-launcher","level":"info","msg":"Sorted all collected sidecar sockets per hook point based on their priority and name: map[]","pos":"manager.go:77","timestamp":"2021-08-31T11:39:10.115425Z"}
panic: open /etc/libvirt/qemu.conf: permission denied

goroutine 1 [running]:
main.main()
	/go/src/kubevirt.io/kubevirt/cmd/virt-launcher/virt-launcher.go:422 +0x1c8a

Expected results:
Should be able to create a VM with nonroot VirtLauncher Pods

Additional info:
Comment 2 Kedar Bidarkar 2021-09-03 12:26:39 UTC 
TESTED this with virt-launcher:v4.9.0-39

1) Works for containerDisk based VMI , but takes time to get into Running state. ( I was able to remain logged in ) [ quay.io/kubevirt/fedora-cloud-container-disk-demo ]

2) Does not seems to work for DV based VMI ( continues to CrashLoopBackoff, at times for a few mins the VMI and Pod are seen in Running state though ) 

3) Issue seen for DV:  Could not open '/var/run/kubevirt-private/vmi-disks/datavolumedisk1/disk.img': Permission denied')"   ; There is no "vmi-disks" in "kubevirt-private" folder.
Comment 3 Kedar Bidarkar 2021-09-15 11:33:00 UTC 
The issue reported in this bug is fixed. Currently we can successfully create a VM with Nonroot-virtlauncherPod and volumeMode as Block.

There is still issue and bugs filed for nonroot-virtlauncher pod +  DV/PVC with volumeMode as FileSystem.

Also separate bugs are filed to track the specific issues mentioned.


VERIFIED with virt-operator-container-v4.9.0-45
Comment 6 errata-xmlrpc 2021-11-02 16:00:55 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Virtualization 4.9.0 Images security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:4104
Note You need to log in before you can comment on or make changes to this bug.