Bug 1842982
| Summary: | Dockerfile builds ignore preamble build args | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Adam Kaplan <adam.kaplan> |
| Component: | Build | Assignee: | Nalin Dahyabhai <nalin> |
| Status: | CLOSED ERRATA | QA Contact: | wewang <wewang> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 4.4 | CC: | aos-bugs, wzheng |
| Target Milestone: | --- | ||
| Target Release: | 4.6.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
Previously, if a Dockerfile used in Docker strategy builds used the ARG instruction to define build arguments before the first FROM instruction occurred in the Dockerfile, that instruction would be dropped when the Dockerfile was preprocessed to incorporate any overrides which might have been specified in the Build or BuildConfig. References to those arguments would subsequently not be resolved properly while building an image using the preprocessed Dockerfile.
The preprocessing logic has been modified so that it preserves ARG instructions which are encountered before the first FROM instruction when generating the updated Dockerfile contents, so this problem should no longer occur.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-10-27 16:03:54 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1843405 | ||
Still wait for available 4.6 nightly build payload to verify it. Verified in version:
4.6.0-0.nightly-2020-06-07-065515
Steps:
1. Create a bc:
```
apiVersion: build.openshift.io/v1
kind: BuildConfig
metadata:
name: dropped-build-arg
spec:
source:
dockerfile: |-
ARG foo=centos
FROM registry.redhat.io/ubi8/ubi:latest
RUN echo "hello from ubi!"
FROM $foo
RUN echo "hello from $foo"
type: Dockerfile
strategy:
dockerStrategy: {}
type: Docker
```
2. Start build with bc
$ oc get builds
NAME TYPE FROM STATUS STARTED DURATION
dropped-build-arg-1 Docker Dockerfile Failed (PullBuilderImageFailed) 2 hours ago 44s
$ oc logs -f build/dropped-build-arg-1
Caching blobs under "/var/cache/blobs".
Pulling image registry.redhat.io/ubi8/ubi:latest ...
Warning: Pull failed, retrying in 5s ...
Warning: Pull failed, retrying in 5s ...
Warning: Pull failed, retrying in 5s ...
error: build error: failed to pull image: After retrying 2 times, Pull image still failed due to error: while pulling "docker://registry.redhat.io/ubi8/ubi:latest" as "registry.redhat.io/ubi8/ubi:latest": Error initializing source docker://registry.redhat.io/ubi8/ubi:latest: unexpected http code: 500 (Internal Server Error), URL: https://registry.redhat.io/auth/realms/rhcc/protocol/redhat-docker-v2/auth?account=53065484%7Cuhc-1V6IJfkUxJwJq1N5Z0k0aWL3AhR&scope=repository%3Aubi8%2Fubi%3Apull&service=docker-registry
3. Check the build pod, Build pod always mounts correctpull secrets
$ oc describe pod/dropped-build-arg-1-build
node-pullsecrets:
Type: HostPath (bare host directory volume)
Path: /var/lib/kubelet/config.json
HostPathType: File
$ oc debug pod/dropped-build-arg-1-build
Starting pod/dropped-build-arg-1-build-debug, command was: openshift-docker-build --loglevel=0
Pod IP: 10.128.2.119
If you don't see a command prompt, try pressing enter.
sh-4.2# cat /var/lib/kubelet/config.json
4. Create secret for registry.redhat.io and set build secret to bc, then pull registry.redhat.io/ubi8/ubi:latest successfully
$ oc logs -f build/dropped-build-arg-3
STEP 1: FROM registry.redhat.io/ubi8/ubi:latest
STEP 2: RUN echo "hello from ubi!"
hello from ubi!
time="2020-06-08T05:09:29Z" level=info msg="Image operating system mismatch: image uses \"\", expecting \"linux\""
time="2020-06-08T05:09:29Z" level=info msg="Image architecture mismatch: image uses \"\", expecting \"amd64\""
--> 9377eebee87
STEP 3: FROM centos
Getting image source signatures
Copying blob sha256:8a29a15cefaeccf6545f7ecf11298f9672d2f0cdaf9e357a95133ac3ad3e1f07
Copying config sha256:470671670cac686c7cf0081e0b37da2e9f4f768ddc5f6a26102ccd1c6954c1ee
Writing manifest to image destination
Storing signatures
STEP 4: RUN echo "hello from $foo"
hello from centos
when I replace registry.redhat.io/ubi8/ubi:latest with registry.redhat.io/rhscl/ruby-26-rhel7:latest in above bc, no need to create secret and set build secret to bc, pull successfully, so I am confused what different pull from registry.redhat.io/ubi8 and registry.redhat.io/rhscl? I thought should the same, should use node credentials to pull image, no need to create secret in my project anymore @adam could you know the reason? thanks.
Please ingore message about comment 4, checked another 4.6.0-0.nightly-2020-06-07-065515 env, not met issue about comment 4, seems env has issue. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196 |
Description of problem: If a Dockerfile used in Docker strategy builds has build args that precede the first FROM statement, the build arg is dropped from the generated Dockerfile. Version-Release number of selected component (if applicable): 4.4 How reproducible: Always Steps to Reproduce: 1. Create a Docker strategy build with a BuildConfig that has ARG instructions that precede the first FROM statement: ``` apiVersion: build.openshift.io/v1 kind: BuildConfig metadata: name: dropped-build-arg spec: source: dockerfile: |- ARG foo=centos FROM registry.redhat.io/ubi8/ubi:latest RUN echo "hello from ubi!" FROM $foo RUN echo "hello from $foo" type: Dockerfile strategy: dockerStrategy: {} type: Docker 2. Start the build Actual results: Build will fail - no such image $foo Expected results: Build should succeed. Additional info: