Bug 1926522
| Summary: | oc adm catalog does not clean temporary files | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | tonyg |
| Component: | OLM | Assignee: | Tyler Slaton <tyslaton> |
| OLM sub component: | OLM | QA Contact: | Tom Buskey <tbuskey> |
| Status: | CLOSED ERRATA | Docs Contact: | |
| Severity: | medium | ||
| Priority: | medium | CC: | anbhatta, aos-bugs, davegord, krizza, mfojtik, nhale, rcernin, tflannag |
| Version: | 4.6 | Keywords: | Triaged |
| Target Milestone: | --- | ||
| Target Release: | 4.10.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | No Doc Update | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-03-10 16:02:37 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Thanks for the fix, is there anything that's needed on my side? Hi @tonyg Question, the current Target release is set to latest. Once this is merged in the latest, if possible do you want me to backporting this into any other versions or are you fine with latest? Hi Robin, I just realized that the temp files may be used by others, this documentation actually suggest that: https://docs.openshift.com/container-platform/4.6/operators/admin/olm-restricted-networks.html#olm-mirror-catalog_olm-restricted-networks Step 4 mentions: $ echo "select * from related_image \ where operatorbundle_name like '%jaeger%';" \ | sqlite3 -line /tmp/153048078/index.db This change will affect those doing that. With that in mind I'd say to only merge it in the latest version, but that implies that the above won't be possible from that version forward. What would be the procedure to request an additional option to write those files in a specific directory, that way anyone using those files would be able to still access them. Thanks! Hi Tony,
With the change, one needs to add `--path` argument for example:
mkdir <dir>
oc adm catalog mirror --path <dir> \
<index_image> \
<mirror_registry>:<port> \
[-a ${REG_CREDS}] \
[--insecure] \
--filter-by-os='.*' \
[--manifests-only]
echo "select * from related_image \
where operatorbundle_name like '%jaeger%';" \
| sqlite3 -line <dir>/index.db
Hi Robin, That's great then in that case I see no problem if it's backported. Thanks again! oc adm catalog mirror quay.io/tbuskey/tpb-operator-index:latest file:///local/index --insecure --manifests-only !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !! DEPRECATION NOTICE: !! Sqlite-based catalogs are deprecated. Support for them will be removed in a !! future release. Please migrate your catalog workflows to the new file-based !! catalog format. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! src image has index label for database path: /database/index.db using index path mapping: /database/index.db:/tmp/540893272 wrote database to /tmp/540893272 using database at: /tmp/540893272/index.db wrote mirroring manifests to manifests-tpb-operator-index-1633707218 To upload local images to a registry, run: oc adm catalog mirror file://local/index/tbuskey/tpb-operator-index:latest REGISTRY/REPOSITORY deleted dir /tmp/540893272 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0056 |
Description of problem: oc adm catalog mirror does not clean temporary files after run Version-Release number of selected component (if applicable): Tested on versions: 4.4.33 4.5.30 4.6.16 How reproducible: All the time Steps to Reproduce: Once the catalog is built the temporary files are not removed from the system. To test with the script below the following values need to be defined to use the local registry and the secrets as needed. CLIENT_DIR=<PATH_TO_OC_VERSIONS> LOCAL_SECRET_JSON=<PATH_TO_PULL_SECRET> LOCAL_REGISTRY=<REGISTRY_AND_PORT_ADDRESS> LOCAL_REPOSITORY=<PATH_TO_LOCAL_REPOSITORY> OC_VERSIONS=( 4.4.33 4.5.30 4.6.16 ) for ver in ${OC_VERSIONS[@]}; do echo ${ver} === { ${CLIENT_DIR}/${ver}/oc adm catalog mirror \ ${LOCAL_REGISTRY}${LOCAL_REPOSITORY}:v${ver%.*} \ ${LOCAL_REGISTRY} \ -a ${LOCAL_SECRET_JSON} \ --insecure \ --filter-by-os="linux/amd64" \ --manifests-only \ --to-manifests=oc_${ver%.*} &>mirror.log } grep -m1 wrote mirror.log | grep -oP '/tmp/\d+' | xargs du -sh done Actual results: A single directory is created every time the catalog is built taking considerable amount of disk space. From the example above the results are: 4.4.33 === 453M /tmp/488783710 4.5.30 === 477M /tmp/064672583 4.6.16 === 630M /tmp/265655726 Expected results: If the temporary files created are not going to be reused they should be deleted to avoid filling the file system. Additional info: