Description of problem: Deleted DataSource (which has a golden image and was opted-in/out with cdi label) is not reconciled If a DataSource is opted in using the label, if the label is removed (to opt out), DIC will re-add it, which means that effectively the DataSource will continue to be managed by DIC. Version-Release number of selected component (if applicable): CNV 4.10.0, SSP v4.10.0-47 How reproducible: 100% Steps to Reproduce: 1. opt out from enableCommonBootImageImport 2. import fedora golden image (named "fedora" under "openshift-virtualization-os-images" namespace) 3. opt in to enableCommonBootImageImport 4. Add "cdi.kubevirt.io/dataImportCron: 'true'" label to fedora DataSource (make sure the DataSource is updated with auto-updated fedora DV) 5. Delete the label 6. Delete fedora DataSource Actual results: The DataSource is not recreated Expected results: DataSource should be reconciled. workaround - opt out -> opt in The workaround is not a good solution as it would affect all DataSources with existing golden images PVCs Additional info:
Currently, when the label is added to DataSource, SSP removes annotations from the DataSource that mark it as owned by SSP. As a result SSP operator will not watch and react to changes on this DS. CDI watches the DS and recreates it, if it is deleted. But when the label is removed, then CDI does not recreate it anymore. I will try to solve this.
I think we cannot solve this without adding a new annotation to DataSource, because without it, there would be race between SSP and CDI: 1. User adds label cdi.kubevirt.io/dataImportCron: 'true' to DataSource 2. SSP creates DataImportCron 3. CDI updated the DataSource 4. User removes the label from DS 5. Now there is a race: - If DIC is modified in any way, it triggers CDI reconciliation and the label is added back to DS - SSP wants to remove the DIC, because DS does not have the label. I will add a new annotation to DataSource, that will specify if auto-update should be enabled for it.
akrejcir What about this solution? If DataSource has NO dataImportCron label (or user removed it), CDI will: (1) Not add a label (DIC controller) (2) Not update the PVC (DIC controller) (3) Update status conditions as usual (DataSource controller) If DataSource has dataImportCron label (or user added it), CDI will: (1) Update the label to the managing DataImportCron (DIC controller) (2) Update the PVC on new imports (DIC controller) (3) Update status conditions as usual (DataSource controller)
That would help for this bug. Then change in SSP will be simple.
(In reply to Arnon Gilboa from comment #3) > akrejcir > > What about this solution? > > If DataSource has NO dataImportCron label (or user removed it), CDI will: > (1) Not add a label (DIC controller) > (2) Not update the PVC (DIC controller) > (3) Update status conditions as usual (DataSource controller) In this case SSP will need to delete the dataImportCron > > If DataSource has dataImportCron label (or user added it), CDI will: > (1) Update the label to the managing DataImportCron (DIC controller) > (2) Update the PVC on new imports (DIC controller) > (3) Update status conditions as usual (DataSource controller)
@akrejcir If SSP want the DataSource to be immediately reconciled and updated to point the last PVC imported by the DIC, you should set `cdi.kubevirt.io/dataImportCron` to the name of the responsible DIC. Otherwise its PVC will be updated only in the next import.
@akrejcir changing status back to ASSIGNED, as both SSP and CDI fixes are needed.
Verified with SSP operator v4.10.0-48 Tested: - Feature disabled - DAS is reconciled when deleted/edited - Feature enabled (auto-update DV) - DAS and DIC are reconciled when deleted/edited - Feature enabled (dangling DAS) - DAS is reconciled when deleted/edited - Feature enabled, existing PVC (without dic label) - DAS is reconciled when deleted/edited, DIC is not created - Feature enabled, existing PVC (without dic label) - delete existing PVC - DIC is created, auto-update DV is imported - Feature enabled, existing PVC (add dic label) - DIC is created, DAS and DIC are reconciled when deleted/edited - Feature enabled, existing PVC (add -> delete dic label) - DAS is reconciled when deleted/edited; DIC is deleted
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Virtualization 4.10.0 Images security and bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0947