Bug 1825925 - opm index export cannot run unprivileged
Summary: opm index export cannot run unprivileged
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: OLM
Version: 4.5
Hardware: Unspecified
OS: Unspecified
high
low
Target Milestone: ---
: 4.5.0
Assignee: Evan Cordell
QA Contact: Jian Zhang
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-04-20 13:49 UTC by Evan Cordell
Modified: 2020-07-13 17:29 UTC (History)
0 users

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-07-13 17:29:07 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github operator-framework operator-registry pull 283 0 None closed Bug 1825925: support deamonless export 2020-12-16 20:39:56 UTC
Red Hat Product Errata RHBA-2020:2409 0 None None None 2020-07-13 17:29:22 UTC

Description Evan Cordell 2020-04-20 13:49:04 UTC
Description of problem:

opm requires a docker or podman to run `opm index export`. This makes it impossible to use in unprivileged environments like image builds.


Version-Release number of selected component (if applicable):


How reproducible:
Always 


Steps to Reproduce:
1. Run opm index export in an unprivileged container


Actual results:
Fails to extract, podman and/or docker fails to run


Expected results:
Exports the desired files to disk.


Additional info:

Comment 3 Jian Zhang 2020-04-21 07:34:20 UTC
1, Compile the `opm` binary.
mac:operator-registry jianzhang$ git log
commit 2bdcd07e6f9ea23a35f1fdbb6a7c6584ec53a0a1 (HEAD -> master, origin/master, origin/HEAD)
Merge: a25687c a022e61
Author: OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>
Date:   Mon Apr 20 11:44:36 2020 -0400

    Merge pull request #283 from ecordell/index-separate-dirs
    
    Bug 1825925: support deamonless export
...
...
mac:operator-registry jianzhang$ go build ./cmd/opm/
...

2, Check the help info:
mac:operator-registry jianzhang$ ./opm index export --help
Export an operator from an index image into the appregistry format.

 This command will take an index image (specified by the --index option), parse it for the given operator (set by the --operator option) and export the operator metadata into an appregistry compliant format (a package.yaml file). This command requires access to docker or podman to complete successfully.

 Note: the appregistry format is being deprecated in favor of the new index image and image bundle format.

Usage:
  opm index export [flags]

Flags:
  -c, --container-tool string    tool to interact with container images (save, build, etc.). One of: [none, docker, podman] (default "none")
  -f, --download-folder string   directory where downloaded operator bundle(s) will be stored (default "downloaded")
  -h, --help                     help for export
  -i, --index string             index to get package from
  -o, --package string           the package to export

3, Disable the docker and podman.
mac:operator-registry jianzhang$ docker ps
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
mac:operator-registry jianzhang$ podman ps
Error: error creating libpod runtime: dial unix /run/podman/io.podman: connect: no such file or directory

4, Run the `export` command.
mac:operator-registry jianzhang$ ./opm index export -i quay.io/olmqe/etcd-index:0.9.2 -f etcd -o etcd 
INFO[0000] export from the index                         index="quay.io/olmqe/etcd-index:0.9.2" package=etcd
INFO[0000] Pulling previous image quay.io/olmqe/etcd-index:0.9.2 to get metadata  index="quay.io/olmqe/etcd-index:0.9.2" package=etcd
INFO[0006] resolved name: quay.io/olmqe/etcd-index:0.9.2  index="quay.io/olmqe/etcd-index:0.9.2" package=etcd
INFO[0006] fetched                                       digest="sha256:1ca0123056f7cac6c79e24c4b0ea23ddd1bb0f490153e6cdeb729ba6a102c689" index="quay.io/olmqe/etcd-index:0.9.2" package=etcd
INFO[0009] fetched                                       digest="sha256:ec0323ade3ce27b8d19a4426e6854b3dbcc2adfaffa1796d0df29942f27f5fce" index="quay.io/olmqe/etcd-index:0.9.2" package=etcd
INFO[0009] fetched                                       digest="sha256:586b95cd120e6808fd21c6f383c43d06340c458fcba718dd91cc221a1d5327ab" index="quay.io/olmqe/etcd-index:0.9.2" package=etcd
INFO[0009] fetched                                       digest="sha256:8d54299bc95110a9fe483cb34532e66bf94d3dd9c57299e8a587c02532cccd14" index="quay.io/olmqe/etcd-index:0.9.2" package=etcd
INFO[0009] fetched                                       digest="sha256:a19566f553d54051ab647f2932327faa99cb258170e1f1efd849459c15c8b15d" index="quay.io/olmqe/etcd-index:0.9.2" package=etcd
WARN[0070] {"architecture":"amd64","config":{"Hostname":"","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"ExposedPorts":{"50051/tcp":{}},"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"Cmd":["registry","serve","--database","index.db"],"ArgsEscaped":true,"Image":"sha256:cd092e951a726a22b51d78a6f9552dba8efdf757d0a930a010a074b612dc84bd","Volumes":null,"WorkingDir":"","Entrypoint":["/opm"],"OnBuild":null,"Labels":{"operators.operatorframework.io.index.database.v1":"./index.db"}},"container":"4d871a20d4dc0eac2280c8a4c4a1e8d05760cd4ebc506bc677aeb9cc1597cab4","container_config":{"Hostname":"4d871a20d4dc","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"ExposedPorts":{"50051/tcp":{}},"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"Cmd":["/bin/sh","-c","#(nop) ","CMD [\"registry\" \"serve\" \"--database\" \"index.db\"]"],"ArgsEscaped":true,"Image":"sha256:cd092e951a726a22b51d78a6f9552dba8efdf757d0a930a010a074b612dc84bd","Volumes":null,"WorkingDir":"","Entrypoint":["/opm"],"OnBuild":null,"Labels":{"operators.operatorframework.io.index.database.v1":"./index.db"}},"created":"2020-04-02T08:35:55.073348516Z","docker_version":"18.06.1-ce","history":[{"created":"2020-03-24T05:39:48.399484299Z","created_by":"/bin/sh -c #(nop)  LABEL operators.operatorframework.io.index.database.v1=./index.db","empty_layer":true},{"created":"2020-04-02T08:35:52.924642585Z","created_by":"/bin/sh -c #(nop) COPY dir:fe5f12da73d07562a16de3f18f6b2bf85c71e6d571e126bc3b071eb5a58bea66 in ./ "},{"created":"2020-04-02T08:35:53.790595015Z","created_by":"/bin/sh -c #(nop) COPY file:1bad8dc46cb149bb081b9cbbf02d43165bebdab4d5eff4bfa72b54f5a26abd11 in /opm "},{"created":"2020-04-02T08:35:54.194887708Z","created_by":"/bin/sh -c #(nop) COPY file:9501a4e82bb8fa49a1f5b0ba285f0b3f779adbb71346b968b1c4940041ff9c17 in /bin/grpc_health_probe "},{"created":"2020-04-02T08:35:54.504166764Z","created_by":"/bin/sh -c #(nop)  EXPOSE 50051","empty_layer":true},{"created":"2020-04-02T08:35:54.804902549Z","created_by":"/bin/sh -c #(nop)  ENTRYPOINT [\"/opm\"]","empty_layer":true},{"created":"2020-04-02T08:35:55.073348516Z","created_by":"/bin/sh -c #(nop)  CMD [\"registry\" \"serve\" \"--database\" \"index.db\"]","empty_layer":true}],"os":"linux","rootfs":{"type":"layers","diff_ids":["sha256:5e2933ca28bd5a7092323193596da27ff3c614dee1e1d7649548bc6a875678a8","sha256:f27cb8e6279c934e6d80d8662a3d1d0b25e38f7ccf0107df6a82e492a7f7b72b","sha256:3cdb1e70dfcfbc9ae75b383ebc4865f526f0a6161c336aab7aaa7731c74f0f11"]}}  index="quay.io/olmqe/etcd-index:0.9.2" package=etcd
INFO[0070] unpacking layer: {application/vnd.docker.image.rootfs.diff.tar.gzip sha256:586b95cd120e6808fd21c6f383c43d06340c458fcba718dd91cc221a1d5327ab 17635307 [] map[] <nil>}  index="quay.io/olmqe/etcd-index:0.9.2" package=etcd
INFO[0071] unpacking layer: {application/vnd.docker.image.rootfs.diff.tar.gzip sha256:a19566f553d54051ab647f2932327faa99cb258170e1f1efd849459c15c8b15d 14211201 [] map[] <nil>}  index="quay.io/olmqe/etcd-index:0.9.2" package=etcd
INFO[0071] unpacking layer: {application/vnd.docker.image.rootfs.diff.tar.gzip sha256:ec0323ade3ce27b8d19a4426e6854b3dbcc2adfaffa1796d0df29942f27f5fce 3405424 [] map[] <nil>}  index="quay.io/olmqe/etcd-index:0.9.2" package=etcd
INFO[0071] Preparing to pull bundles ["quay.io/olmqe/etcd-bundle:0.9.0" "quay.io/olmqe/etcd-bundle:0.9.2"]  index="quay.io/olmqe/etcd-index:0.9.2" package=etcd
INFO[0073] resolved name: quay.io/olmqe/etcd-bundle:0.9.0  img="quay.io/olmqe/etcd-bundle:0.9.0"
INFO[0073] fetched                                       digest="sha256:df6e623ed57f46c4ff80fd2fb027859986066570f7e6aae6435cd74908ed3333" img="quay.io/olmqe/etcd-bundle:0.9.0"
INFO[0078] fetched                                       digest="sha256:b107658da605b5721c34b3fc2abf9e6515aba4d0a7020e407131f783d77148f3" img="quay.io/olmqe/etcd-bundle:0.9.0"
INFO[0078] fetched                                       digest="sha256:e2e833ebbda87e017110ab08bd2c03b46540409d9014e4685d2736e206caf0f2" img="quay.io/olmqe/etcd-bundle:0.9.0"
INFO[0078] fetched                                       digest="sha256:78a6cdfac35dc99cea2ae6e012ddd6d556c163ecf55e694767efb1593f1eeb2c" img="quay.io/olmqe/etcd-bundle:0.9.0"
INFO[0082] unpacking layer: {application/vnd.docker.image.rootfs.diff.tar.gzip sha256:78a6cdfac35dc99cea2ae6e012ddd6d556c163ecf55e694767efb1593f1eeb2c 8006 [] map[] <nil>}  img="quay.io/olmqe/etcd-bundle:0.9.0"
INFO[0082] unpacking layer: {application/vnd.docker.image.rootfs.diff.tar.gzip sha256:b107658da605b5721c34b3fc2abf9e6515aba4d0a7020e407131f783d77148f3 260 [] map[] <nil>}  img="quay.io/olmqe/etcd-bundle:0.9.0"
INFO[0092] resolved name: quay.io/olmqe/etcd-bundle:0.9.2  img="quay.io/olmqe/etcd-bundle:0.9.2"
INFO[0092] fetched                                       digest="sha256:5f8392171c5ac2d88ddad4190f90832d3bc2bfd5e6fb28cc06796d50affa2146" img="quay.io/olmqe/etcd-bundle:0.9.2"
INFO[0094] fetched                                       digest="sha256:c33d42016ad76184eb76bcfab4438270937dd50590cbcb0a79bee78fb57dca54" img="quay.io/olmqe/etcd-bundle:0.9.2"
INFO[0094] fetched                                       digest="sha256:8a86add1fcb00a5bf64eed1d096d356aff63503b88319299e4ecaafc5292cadd" img="quay.io/olmqe/etcd-bundle:0.9.2"
INFO[0094] fetched                                       digest="sha256:3d183a586408a7a9ccdac8eab16fd9dbed2570c45dd88b6b8e68221fb05654f6" img="quay.io/olmqe/etcd-bundle:0.9.2"
INFO[0105] unpacking layer: {application/vnd.docker.image.rootfs.diff.tar.gzip sha256:8a86add1fcb00a5bf64eed1d096d356aff63503b88319299e4ecaafc5292cadd 8288 [] map[] <nil>}  img="quay.io/olmqe/etcd-bundle:0.9.2"
INFO[0105] unpacking layer: {application/vnd.docker.image.rootfs.diff.tar.gzip sha256:3d183a586408a7a9ccdac8eab16fd9dbed2570c45dd88b6b8e68221fb05654f6 260 [] map[] <nil>}  img="quay.io/olmqe/etcd-bundle:0.9.2"


5, Check the expotred files.
mac:operator-registry jianzhang$ tree etcd/
etcd/
├── 0.9.0
│   ├── etcdbackups.etcd.database.coreos.com.crd.yaml
│   ├── etcdclusters.etcd.database.coreos.com.crd.yaml
│   ├── etcdoperator.v0.9.0.clusterserviceversion.yaml
│   └── etcdrestores.etcd.database.coreos.com.crd.yaml
├── 0.9.2
│   ├── etcdbackups.etcd.database.coreos.com.crd.yaml
│   ├── etcdclusters.etcd.database.coreos.com.crd.yaml
│   ├── etcdoperator.v0.9.2.clusterserviceversion.yaml
│   └── etcdrestores.etcd.database.coreos.com.crd.yaml
└── package.yaml

2 directories, 9 files

LGTM, verify it. And submit a PR to update the above `help` info. https://github.com/operator-framework/operator-registry/pull/290

Comment 4 errata-xmlrpc 2020-07-13 17:29:07 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2409


Note You need to log in before you can comment on or make changes to this bug.