Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1477847

Summary: Jenkins slave images missing 32bit JVM
Product: OpenShift Container Platform Reporter: Dongbo Yan <dyan>
Component: ImageStreamsAssignee: Samuel Munilla <smunilla>
Status: CLOSED ERRATA QA Contact: Dongbo Yan <dyan>
Severity: high Docs Contact:
Priority: high    
Version: 3.6.0CC: aos-bugs, bparees, dyan, jokerman, mmccomas, smunilla, wmeng, wsun, xtian, xxia
Target Milestone: ---   
Target Release: 3.6.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
undefined
 Story Points: ---
Clone Of: Environment:
Last Closed: 2017-10-25 13:04:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1477139    

Description Dongbo Yan 2017-08-03 05:30:03 UTC 
Description of problem:
Failed to create jenkins slave pod when set resource limit in container

Version-Release number of selected component (if applicable):
openshift v3.6.173.0.2
kubernetes v1.6.1+5115d708d7
etcd 3.2.1

brew-pulp.../openshift3/jenkins-slave-maven-rhel7   sha256:aba6f3f30589aa3cfb7cbf1ff37fd79cd4d8e5ac589c24c93cb46570260f76fd
brew-pulp.../openshift3/jenkins-slave-nodejs-rhel7          sha256:e9910a95d1fd504164205a709234e193fc3a08b24f406a0b7b5be2b7a8ade924
brew-pulp.../openshift3/jenkins-slave-base-rhel7          sha256:d4dc875e148b6595201f2f480a79a1f268543f1c51592fd63968d35158e900d9

How reproducible:
Always

Steps to Reproduce:
1.Create a project, create limit range
$ oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/templates/OCP-15196/limitrange.json  --config=admin.kubeconfig
2.Create pipeline build
 $ oc new-app -f https://raw.githubusercontent.com/openshift/origin/master/examples/jenkins/pipeline/samplepipeline.yaml 
 $ oc start-build sample-pipeline
3.Check pod status

Actual results:
slave pod is error
# oc get pod
NAME                             READY     STATUS      RESTARTS   AGE
nodejs-4fa8fffb48b0              0/1       Error       0          1h
nodejs-4fab5389b34c              0/1       Error       0          1h

# oc logs -f nodejs-4fa4575142ac
Using 64 bit Java since OPENSHIFT_JENKINS_JVM_ARCH is not set
Downloading http://172.30.244.182:80/jnlpJars/remoting.jar ...
max heap in MB is 256 and 64 bit was not explicitly set so using 32 bit Java
alternatives version 1.7.2 - Copyright (C) 2001 Red Hat, Inc.
This may be freely redistributed under the terms of the GNU Public License.
usage: alternatives --install <link> <name> <path> <priority>
                    [--initscript <service>]
                    [--family <family>]
                    [--slave <link> <name> <path>]*
       alternatives --remove <name> <path>
       alternatives --auto <name>
       alternatives --config <name>
       alternatives --display <name>
       alternatives --set <name> <path>
       alternatives --list
common options: --verbose --test --help --usage --version --keep-missing
                --altdir <directory> --admindir <directory>

Expected results:
slave pod is running, pipeline build is completed

Additional info:
# oc get pod nodejs-4fa8fffb48b0 -o yaml
apiVersion: v1
kind: Pod
metadata:
  annotations:
    kubernetes.io/limit-ranger: 'LimitRanger plugin set: cpu, memory request for container
      jnlp; cpu, memory limit for container jnlp'
    openshift.io/scc: restricted
  creationTimestamp: 2017-08-03T03:16:35Z
  labels:
    jenkins: slave
    jenkins/nodejs: "true"
  name: nodejs-4fa8fffb48b0
  namespace: dyan2
  resourceVersion: "55476"
  selfLink: /api/v1/namespaces/dyan2/pods/nodejs-4fa8fffb48b0
  uid: 28418eb4-77fa-11e7-b121-fa163e45cfd3
spec:
  containers:
  - args:
    - 62a4a74b366d52f142fdd4b371b978e7c5bbb7f33b631430aa84dad00fbb3073
    - nodejs-4fa8fffb48b0
    env:
    - name: JENKINS_LOCATION_URL
      value: https://jenkins-dyan2.0802-8un.qe.rhcloud.com/
    - name: JENKINS_SECRET
      value: 62a4a74b366d52f142fdd4b371b978e7c5bbb7f33b631430aa84dad00fbb3073
    - name: JENKINS_JNLP_URL
      value: http://172.30.244.182:80/computer/nodejs-4fa8fffb48b0/slave-agent.jnlp
    - name: JENKINS_TUNNEL
      value: 172.30.212.191:50000
    - name: JENKINS_NAME
      value: nodejs-4fa8fffb48b0
    - name: JENKINS_URL
      value: http://172.30.244.182:80
    - name: HOME
      value: /tmp
    image: brew-pulp.../openshift3/jenkins-slave-nodejs-rhel7
    imagePullPolicy: IfNotPresent
    name: jnlp
    resources:
      limits:
        cpu: "1"
        memory: 512Mi
      requests:
        cpu: 60m
        memory: 307Mi
    securityContext:
      capabilities:
        drop:
        - KILL
        - MKNOD
        - SETGID
        - SETUID
        - SYS_CHROOT
      privileged: false
      runAsUser: 1000100000
      seLinuxOptions:
        level: s0:c10,c5
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /tmp
      name: workspace-volume
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: jenkins-token-ttgqz
      readOnly: true
    workingDir: /tmp
  dnsPolicy: ClusterFirst
  imagePullSecrets:
  - name: jenkins-dockercfg-451pz
  nodeName: host-8-174-65.host.centralci.eng.rdu2.redhat.com
  restartPolicy: Never
  schedulerName: default-scheduler
  securityContext:
    fsGroup: 1000100000
    seLinuxOptions:
      level: s0:c10,c5
  serviceAccount: jenkins
  serviceAccountName: jenkins
  terminationGracePeriodSeconds: 30
  volumes:
  - emptyDir: {}
    name: workspace-volume
  - name: jenkins-token-ttgqz
    secret:
      defaultMode: 420
      secretName: jenkins-token-ttgqz
status:
  conditions:
  - lastProbeTime: null
    lastTransitionTime: 2017-08-03T03:16:35Z
    status: "True"
    type: Initialized
  - lastProbeTime: null
    lastTransitionTime: 2017-08-03T03:16:35Z
    message: 'containers with unready status: [jnlp]'
    reason: ContainersNotReady
    status: "False"
    type: Ready
  - lastProbeTime: null
    lastTransitionTime: 2017-08-03T03:16:35Z
    status: "True"
    type: PodScheduled
  containerStatuses:
  - containerID: docker://24b334874e499f06a2d241f8833b187592a3ca052d7bd270494fd2158c972407
    image: brew-pulp.../openshift3/jenkins-slave-nodejs-rhel7:latest
    imageID: docker-pullable://brew-pulp.../openshift3/jenkins-slave-nodejs-rhel7@sha256:e9910a95d1fd504164205a709234e193fc3a08b24f406a0b7b5be2b7a8ade924
    lastState: {}
    name: jnlp
    ready: false
    restartCount: 0
    state:
      terminated:
        containerID: docker://24b334874e499f06a2d241f8833b187592a3ca052d7bd270494fd2158c972407
        exitCode: 2
        finishedAt: 2017-08-03T03:16:36Z
        reason: Error
        startedAt: 2017-08-03T03:16:36Z
  hostIP: 172.16.120.192
  phase: Failed
  qosClass: Burstable
  startTime: 2017-08-03T03:16:35Z
Comment 2 Dongbo Yan 2017-08-03 10:08:37 UTC 
1. For online free tier, cannot trigger pipeline build if you use the slave image as your pipeline job node;
2. For OCP, if admin set limit range for project like online, user will meet the same issue
Comment 4 Ben Parees 2017-08-03 12:48:56 UTC 
I see you were trying to use the 3.6 images, but how did you configure jenkins to use the brew slave images instead of the registry.access.redhat.com ones?  You would have to manually configure the jenkins slave pod templates to point to brew to accomplish that.  Otherwise you would have still picked up the registry.access.redhat.com(3.5) images.
Comment 5 Dongbo Yan 2017-08-03 14:35:15 UTC 
Yes, see comment 1 , when jenkins pod is ready, I log into jenkins webconsole first, then open 'manage jenkins' page, modify the "Kuberneters Pod Template" filed instead of brew.../openshift3/jenkins-slave-nodejs-rhel7 image

So the new slave pod will use brew image
Comment 6 Ben Parees 2017-08-03 15:12:34 UTC 
Our slave images do not appear to have the 32bit JVM installed.

We're going to need to fix this and respin them. Thanks Dongbo.
Comment 7 Ben Parees 2017-08-03 15:16:10 UTC 
fix is here:
https://github.com/openshift/jenkins/pull/345
Comment 13 errata-xmlrpc 2017-10-25 13:04:36 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:3049