1391336 – unable to create php build in openshift 3.3

Bug 1391336 - unable to create php build in openshift 3.3

Summary: unable to create php build in openshift 3.3

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	ImageStreams
Sub Component:
Version:	3.3.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Ben Parees
QA Contact:	Wang Haoran
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-11-03 06:53 UTC by Jaspreet Kaur
Modified:	2019-12-16 07:17 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-11-07 15:10:21 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Jaspreet Kaur 2016-11-03 06:53:01 UTC

Description of problem: Create an container based on the php image v5.6 registry.access.redhat.com/rhscl/php-56-rhel7.
Fetch data from a repo in our Gitlab, in the buildconfig declare gitlab secrets


---> Installing application source...
chgrp: changing group of './..109810_27_10_09_29_37.722899757': Operation not permitted
chgrp: changing group of './..109810_27_10_09_29_37.722899757/.gitconfig': Operation not permitted
chgrp: changing group of './..109810_27_10_09_29_37.722899757/ca.crt': Operation not permitted
chgrp: changing group of './..109810_27_10_09_29_37.722899757/password': Operation not permitted
chgrp: changing group of './..109810_27_10_09_29_37.722899757/username': Operation not permitted
chgrp: changing group of './..data': Operation not permitted
chgrp: changing group of './..data/.gitconfig': Operation not permitted
chgrp: changing group of './..data/ca.crt': Operation not permitted
chgrp: changing group of './..data/password': Operation not permitted
chgrp: changing group of './..data/username': Operation not permitted
chgrp: changing group of './.gitconfig': Operation not permitted
chgrp: changing group of './ca.crt': Operation not permitted
chgrp: changing group of './password': Operation not permitted
chgrp: changing group of './username': Operation not permitted
chmod: changing permissions of './..109810_27_10_09_29_37.722899757': Operation not permitted
chmod: changing permissions of './..109810_27_10_09_29_37.722899757/.gitconfig': Operation not permitted
chmod: changing permissions of './..109810_27_10_09_29_37.722899757/ca.crt': Operation not permitted
chmod: changing permissions of './..109810_27_10_09_29_37.722899757/password': Operation not permitted
chmod: changing permissions of './..109810_27_10_09_29_37.722899757/username': Operation not permitted
chmod: changing permissions of './..data': Operation not permitted
chmod: changing permissions of './..data/.gitconfig': Operation not permitted
chmod: changing permissions of './..data/ca.crt': Operation not permitted
chmod: changing permissions of './..data/password': Operation not permitted
chmod: changing permissions of './..data/username': Operation not permitted
chmod: changing permissions of './.gitconfig': Operation not permitted
chmod: changing permissions of './ca.crt': Operation not permitted
chmod: changing permissions of './password': Operation not permitted
chmod: changing permissions of './username': Operation not permitted
chmod: changing permissions of './..109810_27_10_09_29_37.722899757': Operation not permitted
chmod: changing permissions of './..data': Operation not permitted

error: build error: non-zero (13) exit code from registry.access.redhat.com/rhscl/php-56-rhel7@sha256:743108b04515500100a0b3d170f23474fadb7ed94497d5556e48691f931bb619

 
As long as we DONT attach any gitlab secrets to the buildconfig we are able to build it from a local git repo, through the Openshift Client by using the following command:
oc start-build from repo

side notes:
 - The same container did work before upgrading to Openshift 3.3
 - We are able to fetch data from gitlab with a buildconfig which is using the fis-karaf image. (it seems to be specific for the php image)


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 1 Ben Parees 2016-11-03 14:20:09 UTC

Can we see the full buildconfig yaml?

Comment 2 Ben Parees 2016-11-03 16:58:01 UTC

relevant actions the php builder takes:
https://github.com/sclorg/s2i-php-container/blob/master/5.6/s2i/bin/assemble#L29
https://github.com/sclorg/s2i-base-container/blob/master/bin/fix-permissions

Guessing the issue here is that the buildconfig is defining secrets to be copied into the assemble container and the path being specified is part of the source.  The fix would be to fix the buildconfig to place the secrets somewhere else.

Comment 5 Ben Parees 2016-11-04 15:10:10 UTC

It's not clear *why* you are injecting the gitlab secrets into the buildconfig (using sourceSecret for cloning makes sense, but why are you also injecting the secrets into the assembly process via the secret field?), since you are not providing a custom assemble script that will use them for anything, right?


If there is a reason you need them there, i suggest you provide a DestinationDir for the secrets so they are not injected into the source directory that is being operated on by the assemble script, to avoid the issue you're hitting.  Or you can provide a custom assemble script that doesn't run the fix-permission script.

The purpose of the fix-permission script is to ensure the files are world-writable in the resulting application image, so you can rsh in and edit the source code at runtime for debugging/hot deployment purposes.

Comment 6 Jaspreet Kaur 2016-11-07 12:40:26 UTC

After removing the secrets from assembly process the issue is resolved.

Note You need to log in before you can comment on or make changes to this bug.