Bug 1391336

Summary: unable to create php build in openshift 3.3
Product: OpenShift Container Platform Reporter: Jaspreet Kaur <jkaur>
Component: ImageStreamsAssignee: Ben Parees <bparees>
Status: CLOSED NOTABUG QA Contact: Wang Haoran <haowang>
Severity: medium Docs Contact:
Priority: high    
Version: 3.3.0CC: aos-bugs, jkaur, jokerman, mmccomas
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-07 15:10:21 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Jaspreet Kaur 2016-11-03 06:53:01 UTC 
Description of problem: Create an container based on the php image v5.6 registry.access.redhat.com/rhscl/php-56-rhel7.
Fetch data from a repo in our Gitlab, in the buildconfig declare gitlab secrets


---> Installing application source...
chgrp: changing group of './..109810_27_10_09_29_37.722899757': Operation not permitted
chgrp: changing group of './..109810_27_10_09_29_37.722899757/.gitconfig': Operation not permitted
chgrp: changing group of './..109810_27_10_09_29_37.722899757/ca.crt': Operation not permitted
chgrp: changing group of './..109810_27_10_09_29_37.722899757/password': Operation not permitted
chgrp: changing group of './..109810_27_10_09_29_37.722899757/username': Operation not permitted
chgrp: changing group of './..data': Operation not permitted
chgrp: changing group of './..data/.gitconfig': Operation not permitted
chgrp: changing group of './..data/ca.crt': Operation not permitted
chgrp: changing group of './..data/password': Operation not permitted
chgrp: changing group of './..data/username': Operation not permitted
chgrp: changing group of './.gitconfig': Operation not permitted
chgrp: changing group of './ca.crt': Operation not permitted
chgrp: changing group of './password': Operation not permitted
chgrp: changing group of './username': Operation not permitted
chmod: changing permissions of './..109810_27_10_09_29_37.722899757': Operation not permitted
chmod: changing permissions of './..109810_27_10_09_29_37.722899757/.gitconfig': Operation not permitted
chmod: changing permissions of './..109810_27_10_09_29_37.722899757/ca.crt': Operation not permitted
chmod: changing permissions of './..109810_27_10_09_29_37.722899757/password': Operation not permitted
chmod: changing permissions of './..109810_27_10_09_29_37.722899757/username': Operation not permitted
chmod: changing permissions of './..data': Operation not permitted
chmod: changing permissions of './..data/.gitconfig': Operation not permitted
chmod: changing permissions of './..data/ca.crt': Operation not permitted
chmod: changing permissions of './..data/password': Operation not permitted
chmod: changing permissions of './..data/username': Operation not permitted
chmod: changing permissions of './.gitconfig': Operation not permitted
chmod: changing permissions of './ca.crt': Operation not permitted
chmod: changing permissions of './password': Operation not permitted
chmod: changing permissions of './username': Operation not permitted
chmod: changing permissions of './..109810_27_10_09_29_37.722899757': Operation not permitted
chmod: changing permissions of './..data': Operation not permitted

error: build error: non-zero (13) exit code from registry.access.redhat.com/rhscl/php-56-rhel7@sha256:743108b04515500100a0b3d170f23474fadb7ed94497d5556e48691f931bb619

 
As long as we DONT attach any gitlab secrets to the buildconfig we are able to build it from a local git repo, through the Openshift Client by using the following command:
oc start-build from repo

side notes:
 - The same container did work before upgrading to Openshift 3.3
 - We are able to fetch data from gitlab with a buildconfig which is using the fis-karaf image. (it seems to be specific for the php image)


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Ben Parees 2016-11-03 14:20:09 UTC 
Can we see the full buildconfig yaml?
Comment 2 Ben Parees 2016-11-03 16:58:01 UTC 
relevant actions the php builder takes:
https://github.com/sclorg/s2i-php-container/blob/master/5.6/s2i/bin/assemble#L29
https://github.com/sclorg/s2i-base-container/blob/master/bin/fix-permissions

Guessing the issue here is that the buildconfig is defining secrets to be copied into the assemble container and the path being specified is part of the source.  The fix would be to fix the buildconfig to place the secrets somewhere else.
Comment 5 Ben Parees 2016-11-04 15:10:10 UTC 
It's not clear *why* you are injecting the gitlab secrets into the buildconfig (using sourceSecret for cloning makes sense, but why are you also injecting the secrets into the assembly process via the secret field?), since you are not providing a custom assemble script that will use them for anything, right?


If there is a reason you need them there, i suggest you provide a DestinationDir for the secrets so they are not injected into the source directory that is being operated on by the assemble script, to avoid the issue you're hitting.  Or you can provide a custom assemble script that doesn't run the fix-permission script.

The purpose of the fix-permission script is to ensure the files are world-writable in the resulting application image, so you can rsh in and edit the source code at runtime for debugging/hot deployment purposes.
Comment 6 Jaspreet Kaur 2016-11-07 12:40:26 UTC 
After removing the secrets from assembly process the issue is resolved.