-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
None
-
Incidents & Support
-
0.42
-
False
-
-
False
-
CNV v4.21.0.rhel9-19
-
-
None
Description of problem:
Warm migrations from oVirt/RHV providers fail when "Skip certificate validation" is enabled. Warm migrations use CDI's ImageIO importer directly to transfer disk data from oVirt to OpenShift. The CDI importer: Always validates TLS certificates when connecting to the oVirt ImageIO service Required either: - A valid CA certificate in a ConfigMap, OR - An insecureSkipVerify flag in the DataVolume spec (which didn't exist) Without either, it failed with: "x509: certificate signed by unknown authority"
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
1. Create ocp remote provider (skip SSL) 2. create RHV provider (skip SSL) 3. select mtv-rhel8-warm-sanity-nfs' VM and start warm migration
Actual results:
'Unable to connect to imageio data source: Error creating connection: tls_error:
TLS error, check your CA certificate settings (failed to validate the connection
(Post "https://rhev10-m.gsslab.rdu2.redhat.com/ovirt-engine/sso/oauth/token":
tls: failed to verify certificate: x509: certificate signed by unknown authority))'
Expected results:
warm migration with TLS insecure (skip cert validation) should work
Additional info: