Description of problem: VM not in running state with nonroot VirtLauncher Pods with volumeMode as Filesystem and using a PVC. Version-Release number of selected component (if applicable): CNV-4.9.0 How reproducible: Always Steps to Reproduce: 1. With nonroot VirtLauncher Pods set in FeatureGates 2. with volumeMode as Filesystem ( ocs-cephfs or NFS or HPP ) 3. and using the PVC in the vm spec. Actual results: As seen below in additional details: a) preparing host-disks failed: chown /var/run/kubevirt-private/vmi-disks/disk1/disk.img: operation not permitted" b) VMI is stuck in Scheduled state Expected results: VMI should be in Running state. And we should be able to successfully login to the VMI. Additional info: Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal SuccessfulCreate 119s virtualmachine-controller Created virtual machine pod virt-launcher-vm-rhel84-virtiofs-ocsfs2-9hpmz Warning SyncFailed 15s (x15 over 98s) virt-handler server error. command SyncVMI failed: "preparing host-disks failed: chown /var/run/kubevirt-private/vmi-disks/disk1/disk.img: operation not permitted" [kbidarka@localhost virtiofs]$ oc get vmi NAME AGE PHASE IP NODENAME READY vm-fedora 27m Running xx.yy.zz.aa node13.redhat.com True vm-rhel84-virtiofs-ocsfs2 2m8s Scheduled node14.redhat.com False [kbidarka@localhost virtiofs]$ oc get pods NAME READY STATUS RESTARTS AGE virt-launcher-vm-fedora-r6svj 2/2 Running 0 27m virt-launcher-vm-rhel84-virtiofs-ocsfs2-9hpmz 1/1 Running 0 2m27s [kbidarka@localhost virtiofs]$ oc rsh virt-launcher-vm-rhel84-virtiofs-ocsfs2-9hpmz sh-4.4$ cd /var/run/kubevirt-private/vmi-disks/ sh-4.4$ ls disk1 sh-4.4$ cd disk1 sh-4.4$ ls -l total 29726720 -rw-rw----. 1 root root 30440161280 Sep 7 13:22 disk.img sh-4.4$ id uid=107(qemu) gid=107(qemu) groups=107(qemu),36(kvm)
@lpivarc could you please have a look at this?
https://github.com/kubevirt/kubevirt/pull/6357 has been merged
]$ oc get kubevirt kubevirt-kubevirt-hyperconverged -n openshift-cnv -o yaml | grep -i NonRootExperimental - NonRootExperimental (cnv-tests) [kbidarka@localhost ocs]$ virtctl console vm-rhel84-nfs Successfully connected to vm-rhel84-nfs console. The escape sequence is ^] Red Hat Enterprise Linux 8.4 (Ootpa) Kernel 4.18.0-305.29.1.el8_4.x86_64 on an x86_64 Activate the web console with: systemctl enable --now cockpit.socket vm-rhel84-nfs login: cloud-user Password: Last login: Sun Dec 5 10:28:19 on ttyS0 [cloud-user@vm-rhel84-nfs ~]$ (cnv-tests) [kbidarka@localhost ocs]$ (cnv-tests) [kbidarka@localhost ocs]$ virtctl console vm-rhel84-ocs Successfully connected to vm-rhel84-ocs console. The escape sequence is ^] Red Hat Enterprise Linux 8.4 (Ootpa) Kernel 4.18.0-305.29.1.el8_4.x86_64 on an x86_64 Activate the web console with: systemctl enable --now cockpit.socket vm-rhel84-ocs login: cloud-user Password: Last login: Sun Dec 5 10:28:46 on ttyS0 [cloud-user@vm-rhel84-ocs ~]$ [cloud-user@vm-rhel84-ocs ~]$ (cnv-tests) [kbidarka@localhost ocs]$ VERIFIED With container-native-virtualization/virt-operator/images/v4.10.0-123
VERIFIED With container-native-virtualization/virt-operator/images/v4.10.0-123
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Virtualization 4.10.0 Images security and bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0947