Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-52258

Increase context when the CVO fails to read update manifests

XMLWordPrintable

    • Moderate
    • None
    • 1
    • OTA 267, OTA 268
    • 2
    • False
    • Hide

      None

      Show
      None
    • Release Note Not Required
    • In Progress

      Description of problem:

      
Increase the verbosity of logging for the CVO when applying the manifests in"/etc/cvo/" directory.
We have a case when the error is "Permission Denied" but this is very vague.

The error in the CVO logs is:
~~~
failure=Unable to download and prepare the update: stat /etc/cvo/updatepayloads/7WNaprXJNWTsPAepCHJ00Q/release-manifests/release-metadata: permission denied.
~~~

At this moment we are unable to figure out the reason why it fails.
The CVO mounts the "/etc/cvo" directory as hostPath in Read-Only mode, and the files are in 444 with container_file_t selinux, but the CVO runs with spc_t so selinux should not cause the issue.

With that, it would be good to add additional context for the problem, why the CVO can't read the manifests.

      Version-Release number of selected component (if applicable):

      OpenShift Container Platform 4.15

      How reproducible:

      n/a

      Steps to Reproduce:

          1.
    2.
    3.

      Actual results:

      Expected results:

      Additional info:

              trking W. Trevor King
              rhn-support-vwalek Vladislav Walek
              Jian Li Jian Li
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: