+++ This bug was initially created as a clone of Bug #2028531 +++ Description of problem: When deploying OpenShift on OpenStack, we only need to provide the netFilter to the nicSelector in the SriovNetworkNodePolicy. Until now, we were workarounding by disabling the webhook but this isn't clean as the webhook could really be helpful to us as well. Version-Release number of selected component (if applicable): 4.10 How reproducible: Create a policy like this: apiVersion: sriovnetwork.openshift.io/v1 kind: SriovNetworkNodePolicy metadata: name: sriov1 namespace: openshift-sriov-network-operator spec: deviceType: vfio-pci nicSelector: netFilter: openstack/NetworkID:OPENSTACK_SRIOV_NET_UUID nodeSelector: feature.node.kubernetes.io/network-sriov.capable: 'true' numVfs: 1 priority: 99 resourceName: sriov1 Actual results: The webhook will fail with message "at least one of these parameters (vendor, deviceID, pfNames or rootDevices) has to be defined in nicSelector". Expected results: The webhook should accept netFilter to be enough when the platform is OpenStack.
Hello, I was able to verify it and also created a dedicated dut pod with attached Intel X710 SR-IOV VF's: (shiftstack) [cloud-user@installer-host ~]$ oc get clusterversions.config.openshift.io NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.9.0-0.nightly-2022-02-07-031906 True False 5d13h Cluster version is 4.9.0-0.nightly-2022-02-07-031906 (shiftstack) [cloud-user@installer-host ~]$ (shiftstack) [cloud-user@installer-host ~]$ (shiftstack) [cloud-user@installer-host ~]$ (shiftstack) [cloud-user@installer-host ~]$ oc get csv -n openshift-sriov-network-operator NAME DISPLAY VERSION REPLACES PHASE performance-addon-operator.v4.9.5 Performance Addon Operator 4.9.5 performance-addon-operator.v4.9.4 Succeeded sriov-network-operator.4.9.0-202202120107 SR-IOV Network Operator 4.9.0-202202120107 Succeeded (shiftstack) [cloud-user@installer-host ~]$ (shiftstack) [cloud-user@installer-host ~]$ (shiftstack) [cloud-user@installer-host ~]$ (shiftstack) [cloud-user@installer-host ~]$ oc get all -n openshift-sriov-network-operator NAME READY STATUS RESTARTS AGE pod/network-resources-injector-jrrqq 1/1 Running 0 6m27s pod/network-resources-injector-pt5w5 1/1 Running 0 6m27s pod/network-resources-injector-tqxbk 1/1 Running 0 6m27s pod/operator-webhook-85nvr 1/1 Running 0 6m27s pod/operator-webhook-zkdkl 1/1 Running 0 6m27s pod/operator-webhook-ztlrk 1/1 Running 0 6m27s pod/sriov-device-plugin-b7gn8 1/1 Running 0 85s pod/sriov-network-config-daemon-98f95 3/3 Running 0 6m27s pod/sriov-network-config-daemon-gx4z5 3/3 Running 0 6m27s pod/sriov-network-operator-7b77bc6678-tt789 1/1 Running 0 6m48s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/network-resources-injector-service ClusterIP 172.30.228.239 <none> 443/TCP 6m27s service/operator-webhook-service ClusterIP 172.30.229.65 <none> 443/TCP 6m27s NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE daemonset.apps/network-resources-injector 3 3 3 3 3 beta.kubernetes.io/os=linux 6m27s daemonset.apps/operator-webhook 3 3 3 3 3 beta.kubernetes.io/os=linux 6m27s daemonset.apps/sriov-device-plugin 1 1 1 1 1 beta.kubernetes.io/os=linux,node-role.kubernetes.io/worker= 4m44s daemonset.apps/sriov-network-config-daemon 2 2 2 2 2 beta.kubernetes.io/os=linux,node-role.kubernetes.io/worker= 6m27s NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/sriov-network-operator 1/1 1 1 6m48s NAME DESIRED CURRENT READY AGE replicaset.apps/sriov-network-operator-7b77bc6678 1 1 1 6m48s (shiftstack) [cloud-user@installer-host ~]$ (shiftstack) [cloud-user@installer-host ~]$ (shiftstack) [cloud-user@installer-host ~]$ (shiftstack) [cloud-user@installer-host ~]$ oc get SriovNetworkNodePolicy -n openshift-sriov-network-operator sriov10 -o yaml apiVersion: sriovnetwork.openshift.io/v1 kind: SriovNetworkNodePolicy metadata: creationTimestamp: "2022-02-14T08:24:00Z" generation: 1 name: sriov10 namespace: openshift-sriov-network-operator resourceVersion: "2796346" uid: ce519c3c-1774-411d-ab79-67ebc9e590b0 spec: deviceType: vfio-pci isRdma: false nicSelector: netFilter: openstack/NetworkID:e8247778-7691-460e-82dd-9cf280f62831 nodeSelector: feature.node.kubernetes.io/network-sriov.capable: "true" numVfs: 1 priority: 99 resourceName: sriov10 (shiftstack) [cloud-user@installer-host ~]$ (shiftstack) [cloud-user@installer-host ~]$ (shiftstack) [cloud-user@installer-host ~]$ (shiftstack) [cloud-user@installer-host ~]$ oc get pods NAME READY STATUS RESTARTS AGE dpdk-testpmd 1/1 Running 0 2m29s (shiftstack) [cloud-user@installer-host ~]$ (shiftstack) [cloud-user@installer-host ~]$ (shiftstack) [cloud-user@installer-host ~]$ (shiftstack) [cloud-user@installer-host ~]$ oc logs dpdk-testpmd | grep 'Virtual Function' 0000:00:05.0 'Ethernet Virtual Function 700 Series 154c' drv=vfio-pci unused= 0000:00:06.0 'Ethernet Virtual Function 700 Series 154c' if= drv=iavf unused=vfio-pci 0000:00:05.0 'Ethernet Virtual Function 700 Series 154c' drv=vfio-pci unused= 0000:00:06.0 'Ethernet Virtual Function 700 Series 154c' if= drv=iavf unused=vfio-pci Please note, the image source that was used for pulling the sriov-network-operator is the "qe-optional-operators" in the marketplace. Thanks, Ziv
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.9.22 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0561