Bug 2032876 - [4.8] Windows VMs fail to start on air-gapped environments for non-admin users
Summary: [4.8] Windows VMs fail to start on air-gapped environments for non-admin users
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Container Native Virtualization (CNV)
Classification: Red Hat
Component: Installation
Version: 4.8.4
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 4.10.0
Assignee: Oren Cohen
QA Contact: Guohua Ouyang
URL:
Whiteboard:
Depends On: 2025295
Blocks: 2032873
TreeView+ depends on / blocked
 
Reported: 2021-12-15 12:40 UTC by Oren Cohen
Modified: 2022-03-16 15:59 UTC (History)
5 users (show)

Fixed In Version: CNV-v4.8.4-31
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 2025295
Environment:
Last Closed: 2022-03-16 15:59:44 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github kubevirt hyperconverged-cluster-operator pull 1661 0 None open [release-1.4] grant access for v2v-vmware config map for non-admin users 2021-12-17 19:10:51 UTC

Description Oren Cohen 2021-12-15 12:40:18 UTC 
+++ This bug was initially created as a clone of Bug #2025295 +++

Cloning this bug for CNV 4.8

Description of problem:
During Windows VM creation there is a virtio-win containerDisk that is being used.
Previously we had Bug 1942839 which was fixed for 4.8 (fail to pull image with latest tag).
The solution was to reference this image with a digest instead of tag (the digest is taken from a configmap).
We experience now a similar issue but only for regular users (not cluster-admins).
 

Version-Release number of selected component (if applicable):


How reproducible:
Try to create a Windows VM (that requires the default virtio-win drivers) in a disconnected (air-gapped) environment. 

Steps to Reproduce:
1. Create a Windows VM using a regular user (not cluster-admin)
2. Wait until the VM starts 
3. Verify that is stuck on starting phase and that the virt-launcher is in imagePullBackoff

Actual results:
VM is stuck on starting, virt-launcher fails to pull the virtio-win containerDisk image

Expected results:
Windows VM is successfully created 

Additional info:
Currently we use configmaps/v2v-vmware to let us know the clusters virtio-win image, this configmap is not readable to all.

--- Additional comment from Yaacov Zamir on 2021-11-22 10:54:08 UTC ---

Moving to installation (hyper converged operator)

because HCO installs the local images air gaped environment images, and can put them in a config map that should be readable by project admin (non cluster admin users)

--- Additional comment from Oren Cohen on 2021-12-13 12:36:12 UTC ---

Fixed in version:
hco-bundle-registry-container-v4.10.0-465
hyperconverged-cluster-operator-container-v4.10.0-88 (https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=1824536)

--- Additional comment from Guohua Ouyang on 2021-12-15 03:34:30 UTC ---

Verified the bug with hco-bundle-registry-container-v4.10.0-465 and latest console, create a windows VM by non-admin user is running normally, virtio-win image is using the one in virtio-win config map and is able to pull down.
Comment 1 Guohua Ouyang 2021-12-21 03:36:33 UTC 
verified with CNV-v4.8.4-31
Comment 7 errata-xmlrpc 2022-03-16 15:59:44 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Virtualization 4.10.0 Images security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0947
Note You need to log in before you can comment on or make changes to this bug.