Bug 1901982

Summary: [sig-builds][Feature:Builds] build can reference a cluster service with a build being created from new-build should be able to run a build that references a cluster service
Product: OpenShift Container Platform Reporter: Joel Speed <jspeed>
Component: BuildAssignee: Gabe Montero <gmontero>
Status: CLOSED ERRATA QA Contact: XiuJuan Wang <xiuwang>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 4.7CC: aos-bugs, gmontero, lsm5, obulatov, umohnani
Target Milestone: ---   
Target Release: 4.7.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of:
: 1902221 (view as bug list) Environment:
[sig-builds][Feature:Builds] build can reference a cluster service with a build being created from new-build should be able to run a build that references a cluster service [sig-builds][Feature:Builds] prune builds based on settings in the buildconfig should prune completed builds based on the successfulBuildsHistoryLimit setting [sig-auth][Feature:SecurityContextConstraints] TestPodDefaultCapabilities [sig-builds][Feature:Builds] Optimized image builds should succeed
Last Closed: 2021-02-24 15:35:50 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1895107, 1902029, 1902215, 1902221    

Description Joel Speed 2020-11-26 14:25:52 UTC 
test:
[sig-builds][Feature:Builds] build can reference a cluster service  with a build being created from new-build should be able to run a build that references a cluster service 

is failing frequently in CI, see search results:
https://search.ci.openshift.org/?maxAge=168h&context=1&type=bug%2Bjunit&name=&maxMatches=5&maxBytes=20971520&groupBy=job&search=%5C%5Bsig-builds%5C%5D%5C%5BFeature%3ABuilds%5C%5D+build+can+reference+a+cluster+service++with+a+build+being+created+from+new-build+should+be+able+to+run+a+build+that+references+a+cluster+service


Failed job: https://prow.ci.openshift.org/view/gs/origin-ci-test/logs/release-openshift-ocp-installer-e2e-aws-4.7/1331837576172015616

From the logs, it appears this job is depending on a docker image, and that, given the new docker pull rate limiting, the test is failing due to having hit that rate limit.

```
error: build error: failed to pull image: After retrying 2 times, Pull image still failed due to error: while pulling "docker://busybox" as "busybox": Error initializing source docker://busybox:latest: Error reading manifest latest in docker.io/library/busybox: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit
```
Comment 1 Joel Speed 2020-11-26 14:43:39 UTC 
Also seeing a significant number of failures for "[sig-builds][Feature:Builds] prune builds based on settings in the buildconfig should prune completed builds based on the successfulBuildsHistoryLimit setting" reporting docker hub rate limiting issues as well

https://prow.ci.openshift.org/view/gs/origin-ci-test/logs/periodic-ci-openshift-release-master-ocp-4.7-e2e-vsphere/1331455308672798720
Comment 2 Joel Speed 2020-11-26 14:50:03 UTC 
Also seeing a significant number of failures for "[sig-auth][Feature:SecurityContextConstraints] TestPodDefaultCapabilities" reporting docker hub rate limiting issues as well

https://prow.ci.openshift.org/view/gs/origin-ci-test/logs/periodic-ci-openshift-release-master-ocp-4.7-e2e-vsphere/1331447713761333248
Comment 3 Gabe Montero 2020-11-30 21:02:54 UTC 
*** Bug 1901192 has been marked as a duplicate of this bug. ***
Comment 4 Gabe Montero 2020-11-30 21:03:41 UTC 
*** Bug 1901734 has been marked as a duplicate of this bug. ***
Comment 5 Gabe Montero 2020-11-30 21:04:51 UTC 
*** Bug 1902205 has been marked as a duplicate of this bug. ***
Comment 6 Gabe Montero 2020-11-30 21:20:19 UTC 
OK, Clayton wants to solve the docker.io throttling with 
Bug 1816812 and https://github.com/openshift/origin/pull/24887

Now, that change involves more than just switching from docker.io, and has been in flight for a few weeks now.

Clayton thinks he is close to having this go green, so we are holding tight for now, but are in communication with him and monitoring.

If need be we have a more limited, back up option, borrowing from his changes, to address docker.io usage in the build e2e's if need be.
Comment 7 Gabe Montero 2020-12-02 18:55:30 UTC 
Clayton's https://github.com/openshift/origin/pull/24887 has been tagged for merge.

Once it does, I'll a quick sanity check of sig-build e2e's in openshift/origin and assuming we look good re: docker.io
I'll mark this bug a dup of https://bugzilla.redhat.com/show_bug.cgi?id=1816812
Comment 8 Gabe Montero 2020-12-07 12:06:38 UTC 
Clayton's PR has merged.  The BZ is on QA.

That said, I noticed a couple of busybox stragglers still in the build e2e's after Clayton's PR merged.  I'm using this bug 
to deal with those.  I have a PR up passing e2e's.

Will associated this with that momentarily.
Comment 9 Gabe Montero 2020-12-07 14:25:47 UTC 
*** Bug 1904682 has been marked as a duplicate of this bug. ***
Comment 13 errata-xmlrpc 2021-02-24 15:35:50 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633