Having trouble using the CDI importer with rook-ceph - how to get a base image imported

108 views
Skip to first unread message

Craig Lawson

unread,
Sep 22, 2023, 4:21:18 AM9/22/23
to kubevirt-dev
I'm new to kubvirt and I need  to get an AlmaLinux9 image running so followed the labs page to try and import the disk image but hit an issue with rook-ceph. I just wanted to reach out as I'm not sure if I'm doing something wrong or there is a problem with rook-ceph.

blockdev: cannot open /dev/cdi-block-volume: Permission denied is the error I get - these are the steps I followed -

First need to imported our operating system disk images "using the CDI importer":https://kubevirt.io/labs/kubernetes/lab2


> kubevirt % export VERSION=$(basename $(curl -s -w %{redirect_url} https://github.com/kubevirt/containerized-data-importer/releases/latest))
> kubevirt % kubectl create -f https://github.com/kubevirt/containerized-data-importer/releases/download/$VERSION/cdi-operator.yaml
namespace/cdi created
customresourcedefinition.apiextensions.k8s.io/cdis.cdi.kubevirt.io created
clusterrole.rbac.authorization.k8s.io/cdi-operator-cluster created
clusterrolebinding.rbac.authorization.k8s.io/cdi-operator created
serviceaccount/cdi-operator created
role.rbac.authorization.k8s.io/cdi-operator created
rolebinding.rbac.authorization.k8s.io/cdi-operator created
deployment.apps/cdi-operator created
> kubevirt % kubectl create -f https://github.com/kubevirt/containerized-data-importer/releases/download/$VERSION/cdi-cr.yaml
cdi.cdi.kubevirt.io/cdi created
> % kubectl get cdi cdi -n cdi
NAME   AGE     PHASE
cdi    5m59s   Deployed
> % kubectl get pods -n cdi  
NAME                               READY   STATUS    RESTARTS   AGE
cdi-apiserver-658bf5b984-58jnr     1/1     Running   0          4m5s
cdi-deployment-84bf6ff644-b68nn    1/1     Running   0          4m5s
cdi-operator-c6d799b6d-vzdmr       1/1     Running   0          6m9s
cdi-uploadproxy-8579479494-w2c5q   1/1     Running   0          4m5s

I'm going to use Alma linux 9 for a base... since we like this as a production image...

cat <<EOF > dv_alma9.yml
apiVersion: cdi.kubevirt.io/v1beta1
kind: DataVolume
metadata:
  name: "al9"
spec:
  storage:
    resources:
      requests:
        storage: 5Gi
  source:
    http:
      url: "https://repo.almalinux.org/almalinux/9/cloud/x86_64/images/AlmaLinux-9-GenericCloud-9.2-20230513.x86_64.qcow2"
EOF

kubectl create -f dv_alma9.yml


datavolume.cdi.kubevirt.io/al9 created


kubevirt % kubectl get pvc al9 -o yaml


apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  annotations:
    cdi.kubevirt.io/storage.condition.running: "false"
    cdi.kubevirt.io/storage.condition.running.message: ""
    cdi.kubevirt.io/storage.condition.running.reason: Error
    cdi.kubevirt.io/storage.contentType: kubevirt
    cdi.kubevirt.io/storage.pod.phase: Running
    cdi.kubevirt.io/storage.pod.restarts: "6"
    cdi.kubevirt.io/storage.preallocation.requested: "false"
    cdi.kubevirt.io/storage.usePopulator: "true"
    volume.beta.kubernetes.io/storage-provisioner: rook-ceph.rbd.csi.ceph.com
    volume.kubernetes.io/storage-provisioner: rook-ceph.rbd.csi.ceph.com
  creationTimestamp: "2023-09-19T15:00:02Z"
  finalizers:
  - kubernetes.io/pvc-protection
  labels:
    app: containerized-data-importer
    app.kubernetes.io/component: storage
    app.kubernetes.io/managed-by: cdi-controller
  name: al9
  namespace: default
  ownerReferences:
  - apiVersion: cdi.kubevirt.io/v1beta1
    blockOwnerDeletion: true
    controller: true
    kind: DataVolume
    name: al9
    uid: e3d3ce4d-65a5-4790-b4b1-1bad753437fa
  resourceVersion: "4791164"
  uid: da643f96-1217-4f31-82ed-d12ca92e6534
spec:
  accessModes:
  - ReadWriteMany
  dataSource:
    apiGroup: cdi.kubevirt.io
    kind: VolumeImportSource
    name: volume-import-source-e3d3ce4d-65a5-4790-b4b1-1bad753437fa
  dataSourceRef:
    apiGroup: cdi.kubevirt.io
    kind: VolumeImportSource
    name: volume-import-source-e3d3ce4d-65a5-4790-b4b1-1bad753437fa
  resources:
    requests:
      storage: "5368709120"
  storageClassName: ceph-block
  volumeMode: Block
status:
  phase: Pending

> kubevirt % kubectl get pod
NAME                                                     READY   STATUS             RESTARTS       AGE
alertmanager-prometheus-kube-prometheus-alertmanager-0   2/2     Running            0              4d1h
importer-prime-da643f96-1217-4f31-82ed-d12ca92e6534      0/1     CrashLoopBackOff   6 (91s ago)    9m12s
nginx-ingress-controller-bfb996b74-tdzwx                 1/1     Running            0              29h
prometheus-grafana-75cd5d9cfc-n6ws7                      3/3     Running            1 (5d1h ago)   5d1h
prometheus-kube-prometheus-operator-6445b4bc68-m4kpm     1/1     Running            0              4d1h
prometheus-kube-state-metrics-77bbdb6c6c-m87rq           1/1     Running            0              4d1h
prometheus-prometheus-kube-prometheus-prometheus-0       2/2     Running            0              8d
quickstart-es-default-0                                  1/1     Running            0              3d1h
> % kubectl logs -f importer-prime-da643f96-1217-4f31-82ed-d12ca92e6534
I0919 15:10:36.713833       1 importer.go:103] Starting importer
E0919 15:10:36.714560       1 importer.go:133] exit status 1, blockdev: cannot open /dev/cdi-block-volume: Permission denied

kubevirt.io/containerized-data-importer/pkg/util.GetAvailableSpaceBlock
        pkg/util/util.go:136
kubevirt.io/containerized-data-importer/pkg/util.GetAvailableSpaceByVolumeMode
        pkg/util/util.go:106
main.main
        cmd/cdi-importer/importer.go:131
runtime.main
        GOROOT/src/runtime/proc.go:250
runtime.goexit
        GOROOT/src/runtime/asm_amd64.s:1594

And thats as far as I get - blockdev: cannot open /dev/cdi-block-volume: Permission denied

Theres a mention of something similar here -

I tried 3 other versions of rook-ceph and re-tested - Tried 1.12.4 (first) then 1.11.11 , 1.12.3 and 1.12.2 - same error with each version.

Then tried the basic example from -https://kubevirt.io/labs/kubernetes/lab1 and that worked - however that I don't think is using the CDI importer.

Appreciate any pointers any of you have - I just want to get a base image of AL9 so that I can spin up some VMS based on this distro...

Thanks in advance!

Alexander Wels

unread,
Sep 22, 2023, 8:01:47 AM9/22/23
to Craig Lawson, kubevirt-dev
Hi,

You are probably hitting the fact that CDI runs rootless importer containers, and you need to configure the CRI you are using to set the permissions properly on block devices [0].


--
You received this message because you are subscribed to the Google Groups "kubevirt-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kubevirt-dev...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/kubevirt-dev/37c2f22e-a7b8-422a-9588-65effa1f0297n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages