Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Undefined
Fix Version/s: None
Affects Version/s: 4.16.z
Component/s: Storage / Operators
Labels:
None

Activity Type:
Quality / Stability / Reliability
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
Low
Regression:
None

Target Backport Versions:
None
Target Version:
None
Release Blocker:
None
Sprint:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Impact Score:

Release Note Status:
None
Release Note Type:
None
Release Note Text:
None

Escape Reason:
None
Escape Impact:
None
Corrective Measures:
None
SDLC stage when should've been found:
None

Description of problem:

    I create this bug in complement to OCPBUGS-58380, because that one focuses on the Documentation side, but I think it should be looked at from Engineering perspective in case any change should have to be made.

Customer is getting the warning message:
CheckComputeClusterPermissions:<OCP_Node> failed: missing privileges for compute cluster <vSphere Cluster>: Resource.AssignVMToPool, VApp.AssignResourcePool, VApp.Import, VirtualMachine.Config.AddNewDisk

I think this should not happen because according to documentation, those permissions should be at the cluster level if you're not planning to have the VMs in the cluster root folder.

Taking a look at the code (https://github.com/openshift/vsphere-problem-detector/blob/3683c120278fb79a30340f66d22948aaddf3c16a/pkg/check/permissions.go#L64-L69), it seems it gets triggered independently of configuration. I would appreciate Engineering taking a look at it if it's the intended behavior or it could be improved to adapt to the different scenarios.

Version-Release number of selected component (if applicable):

How reproducible:

I don't have the environment to test it. This comes from customer's side.

Steps to Reproduce:

    1. Have a vSphere instance to create UPI OpenShift environment. Must have a Resource Pool where VMs will be created, with permissions: Resource.AssignVMToPool, VApp.AssignResourcePool, VApp.Import and VirtualMachine.Config.AddNewDisk at the Resource Pool level, and those permissions missing from the Cluster, as documentation indicates is the case when not creating VMs at cluster's root (https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/installing_on_vsphere/user-provisioned-infrastructure#installation-vsphere-installer-infra-requirements-account_upi-vsphere-installation-reqs).
    2. Create the cluster

Actual results:

    Customer sees that vsphere-problem-detector is complaining about permissions at the vSphere cluster level, when their VMs are being created in a Resource Pool.

Expected results:

    As the VMs are created in a Resource Pool, it should not report misconfiguration.

Additional info:

    We see that the vsphere-problem-detector message has different nodes each time it runs, don't know if it could be relevant while checking this, so writing it down just in case.

Assignee:: Unassigned

Reporter:: Tomas Dominguez

Need Info From:: None

Contributors:: None

QA Contact:: Wei Duan

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2025/10/27 3:41 PM

Updated:: 2025/10/27 3:50 PM

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates

Hide