Bug 1507424
Summary: | Build always failed in cri-o env | ||||||
---|---|---|---|---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | DeShuai Ma <dma> | ||||
Component: | Build | Assignee: | Ben Parees <bparees> | ||||
Status: | CLOSED ERRATA | QA Contact: | Wenjing Zheng <wzheng> | ||||
Severity: | urgent | Docs Contact: | |||||
Priority: | urgent | ||||||
Version: | 3.7.0 | CC: | aos-bugs, bparees, dma, dwalsh, smilner, weshi, wmeng, xiuwang | ||||
Target Milestone: | --- | ||||||
Target Release: | 3.8.0 | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: |
Cause: Build pods launch containers using the docker daemon. When run in environments in which the build pod itself was managed by CRIO, permission issues arose between the build pod and the docker-launched container.
Consequence: The docker-launched container would be unable to access cluster resources such as the network and builds could fail.
Fix: Additional permissions are granted to the docker-launched container to ensure it can access the cluster network.
Result: Builds can succeed when run on a cluster using CRIO to run pods and docker to run build containers.
|
Story Points: | --- | ||||
Clone Of: | Environment: | ||||||
Last Closed: | 2018-03-28 14:08:55 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
DeShuai Ma
2017-10-30 08:54:00 UTC
This block our test build on cri-o env The assemble container is supposed to be launched using the network namespace from the build pod. Mrunal can you take a look? DeShuai if you run the build with loglevel 5 I think we'll dump more information about the way the assemble container is being launched. Created attachment 1345529 [details]
build-logs.txt
Add build-loglevel=5 to get the detail build logs.
here's the network mode value we used to launch the container in question: NetworkMode: netns:/proc/50018/ns/net this also looks like it could be dns issues in the container, so perhaps a problem w/ the resolv.conf in the crio pod which is being mounted into the assemble container. DeShuai can your other pods(not build pods) successfully perform DNS resolution? Yes that would work. docs: https://github.com/openshift/openshift-docs/pull/6552 code: https://github.com/openshift/origin/pull/17314 ignore comment 13. relevant PR (comment 11) has merged. Test in openshift cluster v3.8.22 Can't reproduce this bug in cri-o env,s2i and docker builds work well. s2i and docker builds work well in openshift cluster v3.9.0-0.9.0 Move this bug as verified Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0489 |