1450490 – unable to 'atomic run' image if 'image:tag' format is not used

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1450490 - unable to 'atomic run' image if 'image:tag' format is not used

Summary: unable to 'atomic run' image if 'image:tag' format is not used

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	atomic
Sub Component:
Version:	7.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Lokesh Mandvekar
QA Contact:	atomic-bugs@redhat.com
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-05-12 18:27 UTC by Micah Abbott
Modified:	2017-06-28 15:41 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-06-28 15:41:26 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2017:1627	0	normal	SHIPPED_LIVE	atomic bug fix update	2017-06-28 19:34:50 UTC

Description Micah Abbott 2017-05-12 18:27:10 UTC

This is the downstream version of https://github.com/projectatomic/atomic/issues/995

We found this issue still exists in atomic-1.17.1-1.gitf304570.el7 on RHELAH 7.3.5


Below is the bulk of the text from the upstream issue, just for completeness sake.



# ./atomic images list
   REPOSITORY                               TAG      IMAGE ID       CREATED            VIRTUAL SIZE   TYPE      
   registry.fedoraproject.org/f25/cockpit   latest   40aaf4b46bdb   2017-04-21 02:45   429.17 MB      docker    
   registry.fedoraproject.org/f25/etcd      latest   b0ea91d92c73   2017-05-04 14:57                  ostree    
   registry.fedoraproject.org/f25/flannel   latest   e78f6af84c12   2017-05-05 18:43                  ostree    

# ./atomic install registry.fedoraproject.org/f25/cockpit
/usr/bin/docker run --rm --privileged -v /:/host registry.fedoraproject.org/f25/cockpit /container/atomic-install
+ sed -e /pam_selinux/d -e /pam_sepermit/d /etc/pam.d/cockpit
+ mkdir -p /host/etc/cockpit/ws-certs.d /host/etc/cockpit/machines.d
+ chmod 755 /host/etc/cockpit/ws-certs.d /host/etc/cockpit/machines.d
+ chown root:root /host/etc/cockpit/ws-certs.d /host/etc/cockpit/machines.d
+ mkdir -p /host/var/lib/cockpit
+ chmod 775 /host/var/lib/cockpit
+ chown root:wheel /host/var/lib/cockpit
+ mkdir -p /etc/ssh
+ /bin/mount --bind /host/etc/cockpit /etc/cockpit
+ /usr/sbin/remotectl certificate --ensure

# ./atomic run registry.fedoraproject.org/f25/cockpit                                                                                                                               
The image 'cockpit' appears to have not been installed and has an INSTALL label.  You should install this image first.  Re-run with --ignore to bypass this error.

# ./atomic --debug run registry.fedoraproject.org/f25/cockpit                                                                                                                       
The image 'cockpit' appears to have not been installed and has an INSTALL label.  You should install this image first.  Re-run with --ignore to bypass this error.
Traceback (most recent call last):
  File "./atomic", line 203, in <module>
    sys.exit(_func())
  File "/root/atomic/Atomic/run.py", line 120, in run
    return be.run(img_object, atomic=self, args=self.args)
  File "/root/atomic/Atomic/backends/_docker.py", line 543, in run
    "error.".format(iobject.name or iobject.image))
ValueError: The image 'cockpit' appears to have not been installed and has an INSTALL label.  You should install this image first.  Re-run with --ignore to bypass this error.

# git rev-parse HEAD
a6d74441ad9980993af4b7168f8dd06632977a5d

Comment 3 Daniel Walsh 2017-05-13 09:37:19 UTC

Fixed in atomic-1.17.2-1.git77ef28f.el7.src.rpm

Comment 5 Alex Jia 2017-06-19 03:24:06 UTC

It works well in atomic-1.17.2-1.git77ef28f.el7.x86_64.rpm and atomic-1.17.2-8.git2760e30.el7.x86_64 w/ skopeo-0.1.20-2.el7.x86_64.

[root@dell-per630-02 ~]# atomic --debug install registry.access.redhat.com/rhel7/cockpit-ws
Namespace(_class=<class 'Atomic.install.Install'>, args=[], assumeyes=False, debug=True, display=False, func='install', ignore=False, image='registry.access.redhat.com/rhel7/cockpit-ws', name=None, opt1=None, opt2=None, opt3=None, profile=False, remote=None, setvalues=None, storage=None, system=False, system_package='auto', user=False)
/usr/bin/docker run --rm --privileged -v /:/host registry.access.redhat.com/rhel7/cockpit-ws /container/atomic-install
+ sed -e /pam_selinux/d -e /pam_sepermit/d /etc/pam.d/cockpit
+ mkdir -p /host/etc/cockpit/ws-certs.d /host/etc/cockpit/machines.d
+ chmod 755 /host/etc/cockpit/ws-certs.d /host/etc/cockpit/machines.d
+ chown root:root /host/etc/cockpit/ws-certs.d /host/etc/cockpit/machines.d
+ mkdir -p /host/var/lib/cockpit
+ chmod 775 /host/var/lib/cockpit
+ chown root:wheel /host/var/lib/cockpit
+ mkdir -p /etc/ssh
+ /bin/mount --bind /host/etc/cockpit /etc/cockpit
+ /usr/sbin/remotectl certificate --ensure

[root@dell-per630-02 ~]# atomic --debug run registry.access.redhat.com/rhel7/cockpit-ws
/usr/bin/docker run -d --privileged --pid=host -v /:/host registry.access.redhat.com/rhel7/cockpit-ws /container/atomic-run --local-ssh

This container uses privileged security switches:

INFO: --pid=host 
      Processes in this container can see and interact with all processes on the host and disables SELinux within the container.

INFO: --privileged 
      This container runs without separation and should be considered the same as root on your system.

For more information on these switches and their security implications, consult the manpage for 'docker run'.

[root@dell-per630-02 ~]# atomic containers list
   CONTAINER ID IMAGE                COMMAND              CREATED          STATE      BACKEND    RUNTIME   
   34d295b4b2e9 registry.access.redh /container/atomic-ru 2017-06-19 11:15 running    docker     docker

Comment 7 errata-xmlrpc 2017-06-28 15:41:26 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:1627

Note You need to log in before you can comment on or make changes to this bug.