Hide Forgot
Description of problem: Create an container based on the php image v5.6 registry.access.redhat.com/rhscl/php-56-rhel7. Fetch data from a repo in our Gitlab, in the buildconfig declare gitlab secrets ---> Installing application source... chgrp: changing group of './..109810_27_10_09_29_37.722899757': Operation not permitted chgrp: changing group of './..109810_27_10_09_29_37.722899757/.gitconfig': Operation not permitted chgrp: changing group of './..109810_27_10_09_29_37.722899757/ca.crt': Operation not permitted chgrp: changing group of './..109810_27_10_09_29_37.722899757/password': Operation not permitted chgrp: changing group of './..109810_27_10_09_29_37.722899757/username': Operation not permitted chgrp: changing group of './..data': Operation not permitted chgrp: changing group of './..data/.gitconfig': Operation not permitted chgrp: changing group of './..data/ca.crt': Operation not permitted chgrp: changing group of './..data/password': Operation not permitted chgrp: changing group of './..data/username': Operation not permitted chgrp: changing group of './.gitconfig': Operation not permitted chgrp: changing group of './ca.crt': Operation not permitted chgrp: changing group of './password': Operation not permitted chgrp: changing group of './username': Operation not permitted chmod: changing permissions of './..109810_27_10_09_29_37.722899757': Operation not permitted chmod: changing permissions of './..109810_27_10_09_29_37.722899757/.gitconfig': Operation not permitted chmod: changing permissions of './..109810_27_10_09_29_37.722899757/ca.crt': Operation not permitted chmod: changing permissions of './..109810_27_10_09_29_37.722899757/password': Operation not permitted chmod: changing permissions of './..109810_27_10_09_29_37.722899757/username': Operation not permitted chmod: changing permissions of './..data': Operation not permitted chmod: changing permissions of './..data/.gitconfig': Operation not permitted chmod: changing permissions of './..data/ca.crt': Operation not permitted chmod: changing permissions of './..data/password': Operation not permitted chmod: changing permissions of './..data/username': Operation not permitted chmod: changing permissions of './.gitconfig': Operation not permitted chmod: changing permissions of './ca.crt': Operation not permitted chmod: changing permissions of './password': Operation not permitted chmod: changing permissions of './username': Operation not permitted chmod: changing permissions of './..109810_27_10_09_29_37.722899757': Operation not permitted chmod: changing permissions of './..data': Operation not permitted error: build error: non-zero (13) exit code from registry.access.redhat.com/rhscl/php-56-rhel7@sha256:743108b04515500100a0b3d170f23474fadb7ed94497d5556e48691f931bb619 As long as we DONT attach any gitlab secrets to the buildconfig we are able to build it from a local git repo, through the Openshift Client by using the following command: oc start-build from repo side notes: - The same container did work before upgrading to Openshift 3.3 - We are able to fetch data from gitlab with a buildconfig which is using the fis-karaf image. (it seems to be specific for the php image) Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Can we see the full buildconfig yaml?
relevant actions the php builder takes: https://github.com/sclorg/s2i-php-container/blob/master/5.6/s2i/bin/assemble#L29 https://github.com/sclorg/s2i-base-container/blob/master/bin/fix-permissions Guessing the issue here is that the buildconfig is defining secrets to be copied into the assemble container and the path being specified is part of the source. The fix would be to fix the buildconfig to place the secrets somewhere else.
It's not clear *why* you are injecting the gitlab secrets into the buildconfig (using sourceSecret for cloning makes sense, but why are you also injecting the secrets into the assembly process via the secret field?), since you are not providing a custom assemble script that will use them for anything, right? If there is a reason you need them there, i suggest you provide a DestinationDir for the secrets so they are not injected into the source directory that is being operated on by the assemble script, to avoid the issue you're hitting. Or you can provide a custom assemble script that doesn't run the fix-permission script. The purpose of the fix-permission script is to ensure the files are world-writable in the resulting application image, so you can rsh in and edit the source code at runtime for debugging/hot deployment purposes.
After removing the secrets from assembly process the issue is resolved.