Bug 1570968

Summary: Jenkins image enabled htb repository but OSD does not allow to enable it.
Product: OpenShift Container Platform Reporter: jooho lee <jlee>
Component: ReleaseAssignee: Adam Haile <ahaile>
Status: CLOSED CANTFIX QA Contact: Wei Sun <wsun>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 3.7.0CC: ahaile, aos-bugs, bleanhar, bparees, jlee, jokerman, jupierce, mmccomas, smunilla, xiuwang
Target Milestone: ---   
Target Release: 3.10.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-25 18:50:33 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description jooho lee 2018-04-23 21:28:31 UTC 
Description of problem:
If a customer wants to install any package on top of Jenkins image, it will try to enable htb repository but OpenShift Dedicate node does not allow that. Therefore, build process fail.

In order to avoid this, a client should disable the htb repository before installing any package in Dockerfile. Can we disable the repository when the image built?

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.oc project test
2.git clone https://github.com/Jooho/jenkins-test-dockerbuild.git;cd jenkins-test-test-dockerbuild
3.oc new-build .

Actual results:
....
  Installing : epel-release-7-11.noarch                                     1/1https://cdn.redhat.com/content/htb/rhel/server/7/x86_64/os/repodata/repomd.xml:  [Errno 14] HTTPS Error 403 - Forbidden
Trying other mirror.
To address this issue please refer to the below knowledge base article

https://access.redhat.com/solutions/69319 
...

Expected results:
Build successfully without any issues.

Additional info:
Comment 2 Ben Parees 2018-04-23 21:53:49 UTC 
Justin or Brenton do you have any idea where this repo is coming from?  Our dockerfile does not install or enable it.  Nor do i see it in /etc/yum.repos.d for the image.

https://github.com/openshift/jenkins/blob/master/2/Dockerfile.rhel7
Comment 3 Brenton Leanhardt 2018-04-24 12:14:58 UTC 
I'd bet anything this is an artifact from the base image or something the build system is injecting automatically.
Comment 5 Ben Parees 2018-04-24 16:45:08 UTC 
Can you attempt to recreate this using a different FROM image, such as the "rhel7" base image?  We are trying to determine if the issue is really specific to the Jenkins image since nothing in the jenkins image references the htb repository.
Comment 6 Justin Pierce 2018-04-24 18:03:14 UTC 
If I pull the current image, the only repo file is /etc/yum.conf.d/redhat.repo - which is as it should be. I'm guessing you can bypass this by disabling the subscription-manager plugin.

Can you try using --disableplugin='*' on your yum operation?

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/sec-yum_plugins
Comment 7 jooho lee 2018-04-25 13:37:50 UTC 
it occurs the same errors even if I change FROM image so I bet the repos are enabled by something else like host repos. 

From this doc[1], I understand a subscription of host will be loaded to containter but I am still wondering where those repositories are coming from. I feel those repos are default one if we don't specify.(guess).


[1]https://access.redhat.com/solutions/1443553
Comment 8 Ben Parees 2018-04-25 18:48:22 UTC 
*** Bug 1330852 has been marked as a duplicate of this bug. ***
Comment 9 Ben Parees 2018-04-25 18:50:09 UTC 
My understanding is that the resolution to this is to have the HTB repos disabled on the dedicated nodes.  We can't fix this, tickets need to be opened w/ the ops team to get the repos disabled.