Bug 2046271 - virt-cdi-importer fails to import a VM image when clusterwide proxy configured
Summary: virt-cdi-importer fails to import a VM image when clusterwide proxy configured
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Container Native Virtualization (CNV)
Classification: Red Hat
Component: Storage
Version: 4.10.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 4.10.0
Assignee: Alexander Wels
QA Contact: dalia
URL:
Whiteboard:
Depends On: 2043999 2049800
Blocks: 2046268
TreeView+ depends on / blocked
 
Reported: 2022-01-26 13:41 UTC by Yan Du
Modified: 2022-03-16 16:07 UTC (History)
8 users (show)

Fixed In Version: CNV v4.10.0-675
Doc Type: Bug Fix
Doc Text:
Cause: In certain scenarios the cluster-wide proxy config was passed incorrectly to the importer Pod. Consequence: VM disk imports would sometimes fail when a cluster-wide proxy was configured. Fix: The proxy configuration is now passed correctly. Result: VM disk imports should now work with a cluster-wide proxy configured.
Clone Of: 2043999
Environment:
Last Closed: 2022-03-16 16:06:49 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github kubevirt containerized-data-importer pull 2055 0 None Merged used uncached client to get cluster proxy configmap 2022-02-01 10:23:38 UTC
Github kubevirt containerized-data-importer pull 2137 0 None Merged [release-v1.43] Set http(s)_proxy to lower case env variable 2022-02-06 14:20:12 UTC
Github kubevirt containerized-data-importer pull 2148 0 None Merged Fix failing imageio test 2022-02-16 12:33:20 UTC
Github kubevirt containerized-data-importer pull 2152 0 None Merged [release-v1.43] Fix failing imageio test 2022-02-16 12:33:21 UTC
Red Hat Product Errata RHSA-2022:0947 0 None None None 2022-03-16 16:07:04 UTC

Description Yan Du 2022-01-26 13:41:00 UTC 
+++ This bug was initially created as a clone of Bug #2043999 +++

Description of problem:

virt-cdi-importer fails to import a VM image when global proxy settings.


Version-Release number of selected component (if applicable):
OpenShift 4.8.15
OpenShift Virtualization 4.8.3

How reproducible:
1. Configure global proxy settings to access Internet
2. Import qcow2 image from the Internet

Actual results:
I0120 00:54:31.368755       1 importer.go:52] Starting importer
I0120 00:54:31.369483       1 importer.go:135] begin import process
E0120 00:55:31.370197       1 importer.go:140] Get "https://access.cdn.redhat.com/content/origin/files/sha256/8e/8e34e57feb68d19ba9ffbefcd3f662b1a3437c9f7d811449c5ad452adda64384/rhel-8.2-x86_64-kvm.qcow2?user=16cbb97d7034eaaf6884a3a99e6751f8&_auth_=1642654271_686502123a3cc36afa60deff5b253224": dial tcp 23.223.151.32:443: i/o timeout
HTTP request errored
kubevirt.io/containerized-data-importer/pkg/importer.createHTTPReader
    /remote-source/app/pkg/importer/http-datasource.go:301
kubevirt.io/containerized-data-importer/pkg/importer.NewHTTPDataSource
    /remote-source/app/pkg/importer/http-datasource.go:89
main.main
    /remote-source/app/cmd/cdi-importer/importer.go:138
runtime.main
    /usr/lib/golang/src/runtime/proc.go:204
runtime.goexit
    /usr/lib/golang/src/runtime/asm_amd64.s:1374

Expected results:

Image downloaded using the proxy


Additional info:

Following messages observed in cdi-deployment pod

2022-01-18T18:36:17.664722324Z E0118 18:36:17.664670       1 reflector.go:138] sigs.k8s.io/controller-runtime/pkg/cache/internal/informers_map.go:229: Failed to watch *v1.ConfigMap: failed to list *v1.ConfigMap: configmaps is forbidden: User "system:serviceaccount:openshift-cnv:cdi-sa" cannot list resource "configmaps" in API group "" at the cluster scope

--- Additional comment from  on 2022-01-23 07:11:15 UTC ---

Please find must gather : https://attachments.access.redhat.com/hydra/rest/cases/03128786/attachments/e22311e9-aa46-4b31-813b-1bb2f227d81f?usePresignedUrl=true
Comment 1 Maya Rashish 2022-02-10 15:01:01 UTC 
Moving back to POST - the changes introduced a regression and we'd like to fix it within the context of this bug.
Comment 2 Yan Du 2022-03-02 06:15:34 UTC 
Test on CNV-v4.10.0-696, issue has been fixed.
$ oc edit proxy
  spec:
    httpProxy: http://$http_proxy:3128
    noProxy: '*'
    trustedCA:
      name: ""
$ oc get dv
NAME             PHASE       PROGRESS   RESTARTS   AGE
import-http-dv   Succeeded   100.0%                4m56s
Comment 6 errata-xmlrpc 2022-03-16 16:06:49 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Virtualization 4.10.0 Images security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0947
Note You need to log in before you can comment on or make changes to this bug.