Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1213314

Summary: dockercfg is not available inside builder
Product: OpenShift Container Platform Reporter: Ruikai Liu <ruliu>
Component: BuildAssignee: Michal Fojtik <mfojtik>
Status: CLOSED CURRENTRELEASE QA Contact: Wenjing Zheng <wzheng>
Severity: low Docs Contact:
Priority: low    
Version: 3.0.0CC: aos-bugs, bparees, dmcphers, jialiu, jliggitt, jokerman, libra-onpremise-devel, mmccomas, tdawson, wewang, xtian
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-09-07 21:24:33 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ruikai Liu 2015-04-20 10:20:12 UTC 
Description of problem:
When pushing image with docker credential, the dockercfg file cannot be visited inside the builder.

Version-Release number of selected component (if applicable):
openshift v0.4.3.2-115-gac38ebd-dirty
kubernetes v0.14.1-582-gb12d75d
registry.access.redhat.com/openshift3_beta/ose-docker-builder:v0.4.3.2  81dbd4c843a0

How reproducible:
Always

Steps to Reproduce:
1. Create a secret
$ cat secret.json:
{
"apiVersion": "v1beta3",
"kind": "Secret",
"metadata": {
"name": "push"
},
"data": {
"dockercfg": "<< place base64 encoded content of .dockercfg file here >>"
}
}
$ osc create -f secret.json
2. Edit the application-template-dockerbuild.json in sample-app.
       {
         "kind": "ImageStream",
         "apiVersion": "v1beta1",
         "metadata": {
           "name": "origin-ruby-sample"
         },
         "spec":{"dockerImageRepository": "$HUB_ACCOUNT_NAME/origin-ruby-sample"}
       }
...
      "parameters": {
        "output": {
          "to": {
            "name": "origin-ruby-sample"
          },
          "pushSecretName": "push"
        },
3. $ osc process -f application-template-dockerbuild.json | osc create -f -

Actual results:
3. The built image cannot be pushed to dockerhub

Expected results:
3. The image should be pushed successfully.

Additional info:
build logs:
...
Successfully built 4b5ea1670a39
I0420 05:51:07.442154       1 cfg.go:46] PUSH_DOCKERCFG_PATH=/var/run/secrets/push/dockercfg
E0420 05:51:07.442261       1 cfg.go:50] /var/run/secrets/push/dockercfg: stat /var/run/secrets/push/dockercfg: no such file or directory
I0420 05:51:07.442300       1 docker.go:90] Pushing ruliu/origin-ruby-sample image ...
E0420 05:51:07.864457       1 docker.go:92] Failed to push image: API error (403): Error: Status 403 trying to push repository ruliu/origin-ruby-sample to official registry: needs to be forced

docker inspect result:
...
    "Volumes": {
        "/dev/termination-log": "/var/lib/openshift/openshift.local.volumes/pods/011bbb15-e742-11e4-ae22-fa163e5ceffd/containers/docker-build/3ba19a154c93f383dcecf284ec3372955f74cce8038416a1a898a85b3dfcfe8d",
        "/var/run/docker.sock": "/run/docker.sock",
        "/var/run/secrets/push": "/var/lib/openshift/openshift.local.volumes/pods/011bbb15-e742-11e4-ae22-fa163e5ceffd/volumes/kubernetes.io~secret/push"
    },
...
And /var/lib/openshift/openshift.local.volumes/pods/011bbb15-e742-11e4-ae22-fa163e5ceffd/volumes/kubernetes.io~secret/push exists
Comment 3 Jordan Liggitt 2015-06-08 14:24:10 UTC 
buildconfig should have:

"pushSecret":{"name":"push"}
Comment 4 Ben Parees 2016-01-29 20:26:48 UTC 
QE can you please revisit this test case and see if there is still an issue here?  per comment (3) there was at least one issue with the buildconfig construction.

I believe the key in the secret should be ".dockercfg" and not "dockercfg" also.
Comment 5 wewang 2016-02-01 04:45:20 UTC 
verified in 
openshift v1.1.1-21-gbc1a879
kubernetes v1.1.0-origin-1107-g4c8e6f4
etcd 2.2.2

steps :
1. Creat app
   oc new-app -f  https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/build/ruby20rhel7-template-sti.json
2. Create a secret
3. Edit bc
  <----------snip--------->
                  "output": {
                    "to": {
                        "kind": "DockerImage",
                        "name": "docker.io/wewang58/origin-ruby-sample:latest"
                    },
                    "pushSecret": {
                        "name": "push"
                    }
   <----------snip--------->
4. start build
   $oc start-build ruby-sample-build
   $oc build-logs <build_name>

Pushing [==================================================>] 208.3 MB
Pushing [==================================================>] 208.8 MB
Pushing [==================================================>] 209.3 MB
Pushing [==================================================>] 209.8 MB
Pushing [==================================================>] 210.2 MB
Pushing [==================================================>] 210.2 MB
Pushed
latest: digest: sha256:4a17e06e4218c03fc3e2ec37cb078248e50fc1423d0b9f9f76ab3a434ff472b3 size: 23333
I0201 04:05:29.332668       1 sti.go:234] Successfully pushed docker.io/wewang58/origin-ruby-sample:latest

5. check the build status
   $oc get builds
   ruby-sample-build-2   Source    Git@00cadc3   Complete   4 minutes ago    3m46s