Bug 1806527 - ClusterTask - buildah dockerfile build(bud) with s2i-container/core fails on useradd RUN
Summary: ClusterTask - buildah dockerfile build(bud) with s2i-container/core fails on ...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat OpenShift Pipelines
Classification: Red Hat
Component: pipelines
Version: unspecified
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: 1.0
Assignee: Sunil Thaha
QA Contact: Ruchir Garg
Robert Krátký
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-02-24 13:06 UTC by Nicholas Nachefski
Modified: 2020-03-23 05:52 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-03-23 05:52:44 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Nicholas Nachefski 2020-02-24 13:06:32 UTC 
STEP 10: RUN rpm-file-permissions &&   useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin       -c "Default Application User" default &&   chown -R 1001:0 ${APP_ROOT}
useradd: /etc/passwd.355: lock file already used
useradd: cannot lock /etc/passwd; try again later.
subprocess exited with status 1
subprocess exited with status 1

It works fine if i manually clone https://github.com/sclorg/s2i-base-container.git, cd into 'core' directory, and run:

buildah bud --tls-verify=false --no-cache -f Dockerfile.rhel8 -t image-registry.openshift-image-registry.svc:5000/custom-images/s2i-custom-core:latest .

Here is my ClusterTask for buildah:

apiVersion: tekton.dev/v1alpha1
kind: ClusterTask
metadata:
  name: buildah
spec:
  inputs:
    params:
    - name: BUILDER_IMAGE
      description: The location of the buildah builder image.
      default: "quay.io/buildah/stable:latest"
    - name: TLSVERIFY
      description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry)
      default: "true"
    - name: contextDir
      description: the context dir within source
      default: "."
    - name: dockerFile
      description: the docker file to used for building the application
      default: "Dockerfile"
    resources:
    - name: source
      type: git
  outputs:
    resources:
    - name: image
      type: image
  steps:
  - name: build
    image: $(inputs.params.BUILDER_IMAGE)
    workingDir: /workspace/source/$(inputs.params.contextDir)
    command: ['buildah', 'bud', '--isolation', 'chroot', '--tls-verify=$(inputs.params.TLSVERIFY)', '--layers', '-f', '$(inputs.params.dockerFile)', '-t', '$(outputs.resources.image.url)', '.']
    volumeMounts:
    - name: varlibcontainers
      mountPath: /var/lib/containers
    securityContext:
      privileged: true
  - name: push
    image: $(inputs.params.BUILDER_IMAGE)
    workingDir: /workspace/source
    command: ['buildah', 'push', '--tls-verify=$(inputs.params.TLSVERIFY)', '$(outputs.resources.image.url)', 'docker://$(outputs.resources.image.url)']
    volumeMounts:
    - name: varlibcontainers
      mountPath: /var/lib/containers
    securityContext:
      privileged: true
  volumes:
  - name: varlibcontainers
    emptyDir: {}
Note You need to log in before you can comment on or make changes to this bug.