Bug 2011293

Summary: Build pod are not pulling images if we are not explicitly giving the registry name with the image
Product: OpenShift Container Platform Reporter: Jobin A T <jat>
Component: BuildAssignee: Gabe Montero <gmontero>
Status: CLOSED ERRATA QA Contact: Jitendar Singh <jitsingh>
Severity: medium Docs Contact: Rolfe Dlugy-Hegwer <rdlugyhe>
Priority: unspecified    
Version: 4.7CC: aos-bugs, gmontero, nalin, pbhattac, pkumari, spandura
Target Milestone: ---   
Target Release: 4.10.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
* Before this update, image references in Builds needed to specify the Red Hat registry name explicitly. With this update, if an image reference does not contain the registry, the Build searches the Red Hat registries and the other well-known registries to locate the image. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2011293[BZ#2011293])
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-03-10 16:17:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jobin A T 2021-10-06 11:07:17 UTC 
Description of problem:
Build pod are not pulling images if we are not explicitly giving the registry name with the image

Using build strategy docker the build pod will not work if we explicitly not give the registry name with the image, but in the case of podman pull command it's different. 
The podman pull command uses the image name obtained from the search subcommand to pull an image from a registry. The pull subcommand allows adding the registry name to the image.
This variant supports having the same image in multiple registries. why the same is not happening in the builder pod?


OpenShift release version:
4.7.x


How reproducible:
100%

Steps to Reproduce:
1. Create Dockerfile using "FROM rhel7.7:latest"

2. Create an application Using the Dockerfile
 
$ oc new-app --name test1 https://github.com/xxxx/Dockerbuildtest.git


Actual results:
$ oc new-app --name test1 https://github.com/xxxx/Dockerbuildtest.git
W0930 05:28:40.385891   31870 dockerimagelookup.go:237] container image remote registry lookup failed: unable to parse docker reference : invalid reference format
error: unable to locate any images in image streams, local docker images with name "rhel7.7:latest.

Expected results:
$ oc new-app --name test1 https://github.com/xxxx/Dockerbuildtest.git
--> Found container image 6682529 (18 months old) from registry.access.redhat.com for "registry.access.redhat.com/rhel7.7:latest"
Comment 11 Gabe Montero 2022-01-06 16:20:20 UTC 
As a reminder to QA, the simple BC in https://bugzilla.redhat.com/show_bug.cgi?id=2011293#c3 is a means for verification

Of course feel free to tweak that BC to try other images hosted on one of the RH registries as you see fit.
Comment 12 Priti Kumari 2022-01-18 11:12:24 UTC 
So I have used the build config in https://bugzilla.redhat.com/show_bug.cgi?id=2011293#c3 and build logs use `build-system` registries and recognises the registry.redhat.io or registry.access.redhat.com images without specifying the registry explicitly

----------------------------------

```
$ oc get build
NAME       TYPE     FROM         STATUS    STARTED         DURATION
rhel77-1   Docker   Dockerfile   Running   7 seconds ago   

$ oc logs build/rhel77-1 

I0118 10:22:27.586566       1 source.go:147] Replacing dockerfile
FROM rhel7.7:latest
with:
FROM rhel7.7:latest
ENV "BUILD_LOGLEVEL"="10"
ENV "OPENSHIFT_BUILD_NAME"="rhel77-1" "OPENSHIFT_BUILD_NAMESPACE"="testingbc"
LABEL "io.openshift.build.name"="rhel77-1" "io.openshift.build.namespace"="testingbc"
[...]
Caching blobs under "/var/cache/blobs".
I0118 10:22:29.714893       1 builder.go:375] Running build with cgroup limits: api.CGroupLimits{MemoryLimitBytes:92233720368547, CPUShares:0, CPUPeriod:0, CPUQuota:0, MemorySwap:92233720368547, Parent:""}
I0118 10:22:29.714915       1 builder.go:356] Starting Docker build from build config rhel77-1 ...
time="2022-01-18T10:22:29Z" level=debug msg="Looking up image \"rhel7.7:latest\" in local containers storage"
time="2022-01-18T10:22:29Z" level=debug msg="Trying \"rhel7.7:latest\" ..."
time="2022-01-18T10:22:29Z" level=debug msg="Loading registries configuration \"/var/run/configs/openshift.io/build-system/registries.conf\""
time="2022-01-18T10:22:29Z" level=debug msg="Trying \"localhost/rhel7.7:latest\" ..."
time="2022-01-18T10:22:29Z" level=debug msg="Trying \"registry.redhat.io/rhel7.7:latest\" ..."
time="2022-01-18T10:22:29Z" level=debug msg="Trying \"registry.access.redhat.com/rhel7.7:latest\" ..."
time="2022-01-18T10:22:29Z" level=debug msg="Trying \"quay.io/rhel7.7:latest\" ..."
time="2022-01-18T10:22:29Z" level=debug msg="Trying \"docker.io/library/rhel7.7:latest\" ..."
time="2022-01-18T10:22:29Z" level=debug msg="Trying \"docker.io/library/rhel7.7:latest\" ..."
Local copy of "rhel7.7:latest" is not present.
Caching blobs under "/var/cache/blobs".
I0118 10:22:29.714893       1 builder.go:375] Running build with cgroup limits: api.CGroupLimits{MemoryLimitBytes:92233720368547, CPUShares:0, CPUPeriod:0, CPUQuota:0, MemorySwap:92233720368547, Parent:""}
I0118 10:22:29.714915       1 builder.go:356] Starting Docker build from build config rhel77-1 ...
time="2022-01-18T10:22:29Z" level=debug msg="Looking up image \"rhel7.7:latest\" in local containers storage"
time="2022-01-18T10:22:29Z" level=debug msg="Trying \"rhel7.7:latest\" ..."
time="2022-01-18T10:22:29Z" level=debug msg="Loading registries configuration \"/var/run/configs/openshift.io/build-system/registries.conf\""
time="2022-01-18T10:22:29Z" level=debug msg="Trying \"localhost/rhel7.7:latest\" ..."
time="2022-01-18T10:22:29Z" level=debug msg="Trying \"registry.redhat.io/rhel7.7:latest\" ..."
time="2022-01-18T10:22:29Z" level=debug msg="Trying \"registry.access.redhat.com/rhel7.7:latest\" ..."
time="2022-01-18T10:22:29Z" level=debug msg="Trying \"quay.io/rhel7.7:latest\" ..."
time="2022-01-18T10:22:29Z" level=debug msg="Trying \"docker.io/library/rhel7.7:latest\" ..."
time="2022-01-18T10:22:29Z" level=debug msg="Trying \"docker.io/library/rhel7.7:latest\" ..."
Local copy of "rhel7.7:latest" is not present.
I0118 10:22:29.716161       1 docker.go:106] Locating docker config paths for type PULL_DOCKERCFG_PATH
I0118 10:22:29.716172       1 docker.go:106] Getting docker config in paths : [/var/run/secrets/openshift.io/pull]

Pulling image rhel7.7:latest ...
Attempting pull of image "rhel7.7:latest".
I0118 10:22:29.716197       1 daemonless.go:185] looking for config.json at /var/run/secrets/openshift.io/pull/config.json
I0118 10:22:29.716224       1 cfg.go:154] error reading file: open /var/run/secrets/openshift.io/pull/config.json: no such file or directory
[...]

time="2022-01-18T10:22:38Z" level=debug msg="FROM \"rhel7.7:latest\""
STEP 1/4: FROM rhel7.7:latest
time="2022-01-18T10:22:38Z" level=debug msg="Pulling image rhel7.7:latest (policy: missing)"
time="2022-01-18T10:22:38Z" level=debug msg="Looking up image \"rhel7.7:latest\" in local containers storage"
time="2022-01-18T10:22:38Z" level=debug msg="Trying \"rhel7.7:latest\" ..."
time="2022-01-18T10:22:38Z" level=debug msg="Trying \"localhost/rhel7.7:latest\" ..."
time="2022-01-18T10:22:38Z" level=debug msg="Trying \"registry.redhat.io/rhel7.7:latest\" ..."
time="2022-01-18T10:22:38Z" level=debug msg="parsed reference into \"[overlay@/var/lib/containers/storage+/run/containers/storage:mountopt=metacopy=on]@6682529ce3faf028687cef4fc6ffb30f51a1eb805b3709d31cb92a54caeb3daf\""
time="2022-01-18T10:22:38Z" level=debug msg="Found image \"rhel7.7:latest\" as \"registry.redhat.io/rhel7.7:latest\" in local containers storage"
time="2022-01-18T10:22:38Z" level=debug msg="Found image \"rhel7.7:latest\" as \"registry.redhat.io/rhel7.7:latest\" in local containers storage ([overlay@/var/lib/containers/storage+/run/containers/storage:mountopt=metacopy=on]@6682529ce3faf028687cef4fc6ffb30f51a1eb805b3709d31cb92a54caeb3daf)"
time="2022-01-18T10:22:38Z" level=debug msg="Looking up image \"registry.redhat.io/rhel7.7:latest\" in local containers storage"
time="2022-01-18T10:22:38Z" level=debug msg="Trying \"registry.redhat.io/rhel7.7:latest\" ..."
time="2022-01-18T10:22:38Z" level=debug msg="parsed reference into \"[overlay@/var/lib/containers/storage+/run/containers/storage:mountopt=metacopy=on]@6682529ce3faf028687cef4fc6ffb30f51a1eb805b3709d31cb92a54caeb3daf\""
time="2022-01-18T10:22:38Z" level=debug msg="Found image \"registry.redhat.io/rhel7.7:latest\" as \"registry.redhat.io/rhel7.7:latest\" in local containers storage"
time="2022-01-18T10:22:38Z" level=debug msg="Found image \"registry.redhat.io/rhel7.7:latest\" as \"registry.redhat.io/rhel7.7:latest\" in local containers storage ([overlay@/var/lib/containers/storage+/run/containers/storage:mountopt=metacopy=on]@6682529ce3faf028687cef4fc6ffb30f51a1eb805b3709d31cb92a54caeb3daf)"

[...]

STEP 2/4: ENV "BUILD_LOGLEVEL"="10"
[..]
time="2022-01-18T10:22:38Z" level=debug msg="Parsed Step: {Env:[PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin container=oci BUILD_LOGLEVEL=10] Command:env Args:[OPENSHIFT_BUILD_NAME rhel77-1 OPENSHIFT_BUILD_NAMESPACE testingbc] Flags:[] Attrs:map[] Message:ENV \"OPENSHIFT_BUILD_NAME\" \"rhel77-1\" \"OPENSHIFT_BUILD_NAMESPACE\" \"testingbc\" Original:ENV \"OPENSHIFT_BUILD_NAME\"=\"rhel77-1\" \"OPENSHIFT_BUILD_NAMESPACE\"=\"testingbc\"}"
STEP 3/4: ENV "OPENSHIFT_BUILD_NAME"="rhel77-1" "OPENSHIFT_BUILD_NAMESPACE"="testingbc"
[...]

Build complete, no image push requested
```
Comment 17 errata-xmlrpc 2022-03-10 16:17:19 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056