+++ This bug was initially created as a clone of Bug #2143716 +++ Description of problem: DV Error message when trying to import without secret-headers shouldn't contain the stack trace Version-Release number of selected component (if applicable): 4.12.0-682 How reproducible: Always Steps to Reproduce: 1. Create a VM, Stop it 2. Create a VMExport without specifying the tokenSecretRef: $ cat vmexport-vm.yaml apiVersion: export.kubevirt.io/v1alpha1 kind: VirtualMachineExport metadata: name: export-vm-object spec: source: apiGroup: "kubevirt.io" kind: VirtualMachine name: vm-cirros-source 3. See VMExport certs and links are populated: $ oc get vmexport export-vm-object -oyaml 3. Create a target VM using an internal link, without specifying the certConfigMap and secretExtraHeaders: $ cat vm-target-internal-raw.yaml apiVersion: kubevirt.io/v1alpha3 kind: VirtualMachine metadata: name: vm-cirros-target-1 labels: kubevirt.io/vm: vm-cirros-target-1 spec: dataVolumeTemplates: - metadata: name: cirros-dv-target-1 spec: storage: resources: requests: storage: 1Gi storageClassName: hostpath-csi-basic source: http: url: "https://virt-export-export-vm-object.default.svc/volumes/cirros-dv-source-ocs/disk.img" # certConfigMap: "router-cert" # secretExtraHeaders: # - secret-headers running: true template: metadata: labels: kubevirt.io/vm: vm-cirros-target-1 spec: domain: devices: disks: - disk: bus: virtio name: datavolumetarget machine: type: "" resources: requests: memory: 100M terminationGracePeriodSeconds: 0 volumes: - dataVolume: name: cirros-dv-target-1 name: datavolumetarget Actual results: $ oc get vm -A NAMESPACE NAME AGE STATUS READY default vm-cirros-source 41m Stopped False default vm-cirros-target-1 24m DataVolumeError False $ oc describe dv cirros-dv-target-1 | grep Message Message: PVC cirros-dv-target-1 Bound Message: Unable to connect to http data source: Get "https://virt-export-export-vm-object.default.svc/volumes/cirros-dv-source-ocs/disk.img": x509: certificate signed by unknown authority HTTP request errored kubevirt.io/containerized-data-importer/pkg/importer.createHTTPReader /remote-source/app/pkg/importer/http-datasource.go:326 kubevirt.io/containerized-data-importer/pkg/importer.NewHTTPDataSource /remote-source/app/pkg/importer/http-datasource.go:100 main.newDataSource /remote-source/app/cmd/cdi-importer/importer.go:255 main.handleImport /remote-source/app/cmd/cdi-importer/importer.go:173 main.main /remote-source/app/cmd/cdi-importer/importer.go:143 runtime.main /usr/lib/golang/src/runtime/proc.go:250 runtime.goexit /usr/lib/golang/src/runtime/asm_amd64.s:1594 Expected results: The Error message shouldn't contain the stack trace --- Additional comment from Yan Du on 2022-11-23 13:00:15 UTC --- Alexander, could we improve the error message to enable user to fix the problem for themselves? --- Additional comment from Red Hat Bugzilla on 2022-12-15 08:28:59 UTC --- Account disabled by LDAP Audit for extended failure --- Additional comment from Yan Du on 2023-02-01 13:11:22 UTC --- Alvaro, could you please take a look? --- Additional comment from Álvaro Romero on 2023-02-01 13:14:48 UTC --- @yadu sure!
Verified on CNV v4.12.2-7 The error message: $ oc describe dv cirros-dv-target-1 | grep Message Message: Unable to connect to http data source: HTTP request errored: Get "https://virt-export-export-vm-object.default.svc/volumes/cirros-dv-source-ocs/disk.img": x509: certificate signed by unknown authority
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Virtualization 4.12.2 Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2023:1523