Bug 1800460 - ose-operator-registry:v4.3.1-202002032140 unavailable as the base image
Summary: ose-operator-registry:v4.3.1-202002032140 unavailable as the base image
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: OLM
Version: 4.4
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.5.0
Assignee: Evan Cordell
QA Contact: Jian Zhang
URL:
Whiteboard:
Depends On:
Blocks: 1805409 1805747
TreeView+ depends on / blocked
 
Reported: 2020-02-07 07:08 UTC by Jian Zhang
Modified: 2020-07-13 17:14 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1805409 (view as bug list)
Environment:
Last Closed: 2020-07-13 17:14:10 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github operator-framework operator-registry pull 183 0 None closed Bug 1800460: fix(docker): add entrypoint 2021-02-09 16:14:13 UTC
Red Hat Product Errata RHBA-2020:2409 0 None None None 2020-07-13 17:14:32 UTC

Description Jian Zhang 2020-02-07 07:08:38 UTC
Description of problem:
No "registry-server" binary in it and it failed to as the base image of the CatalogSource image.

Version-Release number of selected component (if applicable):
v4.3.1-202002032140

How reproducible:
always

Steps to Reproduce:
1. Create a docker registry that supports v2-2.
[jzhang@dhcp-140-36 ~]$ docker run --entrypoint htpasswd registry:2 -Bbn xxx xxx > auth/htpasswd
[jzhang@dhcp-140-36 ~]$ 
[jzhang@dhcp-140-36 ~]$ docker run -it --rm -p 5000:5000 --name=registry -v "$(pwd)"/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd -v /home/jzhang/goproject/src/github.com/operator-framework/operator-lifecycle-manager/pkg/lib/filemonitor/testdata/:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/server-new.crt -e REGISTRY_HTTP_TLS_KEY=/certs/server-new.key registry
...
I0207 14:20:13.759455   23824 round_trippers.go:420] GET https://registry-proxy.engineering.redhat.com/v2/rh-osbs/openshift-ose-operator-registry/blobs/sha256:cdd8ce0fc15c0a9cb13b870869eca48b0a80e18f40af0a4db18cce898c85d2d5
...
I0207 14:21:48.851539   23824 round_trippers.go:452]     Date: Fri, 07 Feb 2020 06:21:48 GMT
Pushed sha256:e3bdc95c7cadbcafadd8211781e26e6b8f21e225fe3340006fe8dc12be38d5da to localhost:5000/olm/base:v1

2. Login this registry and create the CatalogSource image.
Use the `--from` option to set this base image.
[jzhang@dhcp-140-36 ~]$ oc adm --loglevel=8 catalog build --appregistry-org=redhat-operators --from=registry-proxy.engineering.redhat.com/rh-osbs/openshift-ose-operator-registry:v4.3.1-202002032140 --to=localhost:5000/olm/base:v1


3. After finished, pull this image to your local and then push it to the Quay.
[jzhang@dhcp-140-36 ~]$ docker pull localhost:5000/olm/base:v1
v1: Pulling from olm/base
...
[jzhang@dhcp-140-36 ~]$ docker tag localhost:5000/olm/base:v1 quay.io/jiazha/cs-base:v1
[jzhang@dhcp-140-36 ~]$ docker push quay.io/jiazha/cs-base:v1
 
4, Login 4.3.1 cluster and create a CatalogSource object to consume this image.
mac:~ jianzhang$ oc get clusterversion
NAME      VERSION   AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.3.1     True        False         3h41m   Cluster version is 4.3.1
mac:~ jianzhang$ cat cs-42.yaml 
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: base-test
  namespace: openshift-marketplace
spec:
  sourceType: grpc
  image: quay.io/jiazha/cs-base:v1
  displayName: Jian Operators
  publisher: jian

mac:~ jianzhang$ oc create -f cs-42.yaml 
catalogsource.operators.coreos.com/base-test created
mac:~ jianzhang$ oc get catalogsource
NAME                  DISPLAY               TYPE   PUBLISHER   AGE
base-test             Jian Operators        grpc   jian        16m
certified-operators   Certified Operators   grpc   Red Hat     4h15m
community-operators   Community Operators   grpc   Red Hat     4h15m
qe-app-registry                             grpc               3h32m
redhat-operators      Red Hat Operators     grpc   Red Hat     4h15m

Actual results:
Pod Crash.
mac:~ jianzhang$ oc get pods
NAME                                    READY   STATUS             RESTARTS   AGE
base-test-kszhw                         0/1     CrashLoopBackOff   7          16m
certified-operators-5cf657544c-q657c    1/1     Running            0          14m
community-operators-b58794b4d-ps95b     1/1     Running            1          4h15m
marketplace-operator-664f66c947-ppf4r   1/1     Running            0          4h15m
qe-app-registry-dfddfc759-thgsp         1/1     Running            0          3h32m
redhat-operators-5df78d689-7vjch        1/1     Running            1          4h15m

mac:~ jianzhang$ oc rsh base-test-kszhw
error: unable to upgrade connection: container not found ("registry-server")
mac:~ jianzhang$ oc logs base-test-kszhw

Expected results:
This downstream image ose-operator-registry:v4.3.1-202002032140 should avilable as the base image. 

Additional info:
Use the upstream image(quay.io/operator-framework/operator-registry-server:latest) as the base image. And, it works well. Details:
[jzhang@dhcp-140-36 ~]$ oc adm --loglevel=8 catalog build --appregistry-org=redhat-operators --from=quay.io/operator-framework/operator-registry-server:latest --to=localhost:5000/olm/base:v2

[jzhang@dhcp-140-36 ~]$ docker tag localhost:5000/olm/base:v2 quay.io/jiazha/cs-base:v2
[jzhang@dhcp-140-36 ~]$ docker push quay.io/jiazha/cs-base:v2
...

mac:~ jianzhang$ cat cs-42.yaml 
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: base-test
  namespace: openshift-marketplace
spec:
  sourceType: grpc
  image: quay.io/jiazha/cs-base:v2
  displayName: Jian Operators
  publisher: jian

mac:~ jianzhang$ oc get catalogsource
NAME                  DISPLAY               TYPE   PUBLISHER   AGE
base-test             Jian Operators        grpc   jian        4m28s
certified-operators   Certified Operators   grpc   Red Hat     4h25m
community-operators   Community Operators   grpc   Red Hat     4h25m
qe-app-registry                             grpc               3h43m
redhat-operators      Red Hat Operators     grpc   Red Hat     4h25m

mac:~ jianzhang$ oc get pods
NAME                                    READY   STATUS    RESTARTS   AGE
base-test-9v4cm                         1/1     Running   0          3m54s
certified-operators-5cf657544c-q657c    1/1     Running   0          23m
community-operators-b58794b4d-ps95b     1/1     Running   1          4h25m
marketplace-operator-664f66c947-ppf4r   1/1     Running   0          4h25m
qe-app-registry-dfddfc759-thgsp         1/1     Running   0          3h42m
redhat-operators-5df78d689-7vjch        1/1     Running   1          4h25m
mac:~ jianzhang$ oc logs base-test-9v4cm 
time="2020-02-07T07:00:56Z" level=info msg="serving registry" database=/bundles.db port=50051

mac:~ jianzhang$ oc get packagemanifest |grep Jian
kiali-ossm                                   Jian Operators        5m48s
amq-online                                   Jian Operators        5m48s
nfd                                          Jian Operators        5m48s
dv-operator                                  Jian Operators        5m48s
elasticsearch-operator                       Jian Operators        5m48s
servicemeshoperator                          Jian Operators        5m48s
amq7-cert-manager                            Jian Operators        5m48s
fuse-online                                  Jian Operators        5m48s
fuse-apicurito                               Jian Operators        5m48s
openshiftansibleservicebroker                Jian Operators        5m48s
ptp-operator                                 Jian Operators        5m48s
metering-ocp                                 Jian Operators        5m48s
local-storage-operator                       Jian Operators        5m48s
3scale-operator                              Jian Operators        5m48s
...

Comment 2 Evan Cordell 2020-02-20 18:07:32 UTC
The dockerfile used for that image does not have the entrypoint that is required for the layering that oc adm catalog performs.

The linked PR fixes this. To verify it, the steps I took:

- docker build -t quay.io/ecordell/registry:base .
- docker push quay.io/ecordell/registry:base
- (seperate shell): docker run -p 5000:5000 registry
- ./oc adm --loglevel=8 catalog build --appregistry-org=redhat-operators --from=quay.io/ecordell/registry:base --to=localhost:5000/olm/base:v1 --insecure
- docker run localhost:5000/olm/base:v1
- docker run localhost:5000/olm/base:v1
Unable to find image 'localhost:5000/olm/base:v1' locally
v1: Pulling from olm/base
c2340472a0fa: Already exists
6e55351c18ff: Already exists
b2d2704dda6c: Already exists
a2c10be042b9: Already exists
c650d4d4cf8a: Already exists
2804688251cb: Already exists
0d2ab85019d9: Already exists
9afbae6f1d65: Already exists
70ab7e77a35d: Already exists
5f49b5ca33af: Already exists
ba0de53c229d: Already exists
8b57fc6f3912: Already exists
82871cb69ec5: Pull complete
Digest: sha256:41844725de56431b94775d628cc83495bdf5955cbaa091e1f5f11236734a1b8d
Status: Downloaded newer image for localhost:5000/olm/base:v1
time="2020-02-20T18:06:29Z" level=warning msg="unable to set termination log path" error="open /dev/termination-log: permission denied"
time="2020-02-20T18:06:29Z" level=info msg="serving registry" database=/bundles.db port=50051

When the PR merges, this process should also work for `--from=<ose operator registry image from master>`

Comment 11 errata-xmlrpc 2020-07-13 17:14:10 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2409


Note You need to log in before you can comment on or make changes to this bug.