Description of problem: When opm uses docker save / podman save to unpack the bundle image, whiteout files are still present in the extracted filesystem. This cause the bundle validate command to fail. Version-Release number of selected component (if applicable): How reproducible: always Steps to Reproduce: opm alpha bundle validate --tag registry-proxy.engineering.redhat.com/rh-osbs/amq7-amq-streams-rhel7-operator-metadata:1.0.0-1 Actual results: EOF error Expected results: passes validation Additional info:
There is work underway to address the issue with the unpacking process that will clean up the whiteout files before it's reaching the validation. From validation perspective, it will simply validate what has been given and will error out if there are unwanted existing in the provided directory.
We may need to run the image with a "do nothing" entrypoint and copy its filesystem with `docker cp` https://docs.docker.com/engine/reference/commandline/cp/
I'll take this bug. Marking for upcoming sprint and moving to assigned.
Hi Tom, > I need current binaries from https://github.com/operator-framework/operator-registry/releases > ./opm-1.12.5 alpha bundle validate --image-builder podman --tag registry-proxy.engineering.redhat.com/rh-osbs/amq7-amq-streams-rhel7-operator-metadata:1.0.0-1 If no available opm binary, we can set the status to `POST` instead of the `MODIFIED`. Otherwise, the `MODIFIED` will be changed to `ON_QA` by the Bugzilla script automatically. For the olm binary, we can also build it by ourself, as follows: 1, Build the latest opm from the master branch. [root@preserve-olm-env operator-registry]# git branch 1.12.6 * master [root@preserve-olm-env operator-registry]# make build ... GOFLAGS="-mod=vendor" go build -ldflags "-X 'github.com/operator-framework/operator-registry/cmd/opm/version.gitCommit=3ca7ddd' -X 'github.com/operator-framework/operator-registry/cmd/opm/version.opmVersion=1.12.7' -X 'github.com/operator-framework/operator-registry/cmd/opm/version.buildDate=2020-07-07T08:48:26Z'" -o bin/opm ./cmd/opm [root@preserve-olm-env operator-registry]# ./bin/opm version Version: version.Version{OpmVersion:"1.12.7", GitCommit:"3ca7ddd", BuildDate:"2020-07-07T08:48:26Z", GoOs:"linux", GoArch:"amd64"} As we can see the GitCommit:"3ca7ddd" contains the fixed PR: https://github.com/operator-framework/operator-registry/pull/351 by checking https://github.com/operator-framework/operator-registry/commits/master 2, Run the `bundle validate`. It failed. As follows: [root@preserve-olm-env operator-registry]# ./bin/opm alpha bundle validate --tag registry-proxy.engineering.redhat.com/rh-osbs/amq7-amq-streams-rhel7-operator-metadata:1.0.0-1 INFO[0000] Create a temp directory at /tmp/bundle-776951841 container-tool=docker DEBU[0000] Pulling and unpacking container image container-tool=docker INFO[0000] running docker create container-tool=docker DEBU[0000] [docker create registry-proxy.engineering.redhat.com/rh-osbs/amq7-amq-streams-rhel7-operator-metadata:1.0.0-1 ] container-tool=docker INFO[0000] running docker cp container-tool=docker DEBU[0000] [docker cp Unable to find image 'registry-proxy.engineering.redhat.com/rh-osbs/amq7-amq-streams-rhel7-operator-metadata:1.0.0-1' locally 1.0.0-1: Pulling from rh-osbs/amq7-amq-streams-rhel7-operator-metadata ec602282be3e: Already exists Digest: sha256:8a4194473c8963f4419a0546b324995025147993bf2b583bab01207b601b85f5 Status: Downloaded newer image for registry-proxy.engineering.redhat.com/rh-osbs/amq7-amq-streams-rhel7-operator-metadata:1.0.0-1 a30b6e8ff549e576f8080bc16e8906b5fc9afc891376e8bf94f647ba0d7a564f:/ /tmp/bundle-776951841] container-tool=docker ERRO[0000] Error: No such container:path: Unable to find image 'registry-proxy.engineering.redhat.com/rh-osbs/amq7-amq-streams-rhel7-operator-metadata:1.0.0-1' locally 1.0.0-1: Pulling from rh-osbs/amq7-amq-streams-rhel7-operator-metadata ec602282be3e: Already exists Digest: sha256:8a4194473c8963f4419a0546b324995025147993bf2b583bab01207b601b85f5 Status: Downloaded newer image for registry-proxy.engineering.redhat.com/rh-osbs/amq7-amq-streams-rhel7-operator-metadata:1.0.0-1 a30b6e8ff549e576f8080bc16e8906b5fc9afc891376e8bf94f647ba0d7a564f:/ container-tool=docker Error: error copying container directory Error: No such container:path: Unable to find image 'registry-proxy.engineering.redhat.com/rh-osbs/amq7-amq-streams-rhel7-operator-metadata:1.0.0-1' locally 1.0.0-1: Pulling from rh-osbs/amq7-amq-streams-rhel7-operator-metadata ec602282be3e: Already exists Digest: sha256:8a4194473c8963f4419a0546b324995025147993bf2b583bab01207b601b85f5 Status: Downloaded newer image for registry-proxy.engineering.redhat.com/rh-osbs/amq7-amq-streams-rhel7-operator-metadata:1.0.0-1 a30b6e8ff549e576f8080bc16e8906b5fc9afc891376e8bf94f647ba0d7a564f:/ : exit status 1 Usage: opm alpha bundle validate [flags] Examples: $ opm alpha bundle validate --tag quay.io/test/test-operator:latest --image-builder docker Flags: -h, --help help for validate -b, --image-builder string Tool used to pull and unpack bundle images. One of: [none, docker, podman] (default "docker") -t, --tag string The path of a registry to pull from, image name and its tag that present the bundle image (e.g. quay.io/test/test-operator:latest) 3, But, it works well after pull the image to the local first. @Nick Is it as expected? Thanks! [root@preserve-olm-env operator-registry]# docker pull registry-proxy.engineering.redhat.com/rh-osbs/amq7-amq-streams-rhel7-operator-metadata:1.0.0-1 1.0.0-1: Pulling from rh-osbs/amq7-amq-streams-rhel7-operator-metadata ec602282be3e: Already exists Digest: sha256:8a4194473c8963f4419a0546b324995025147993bf2b583bab01207b601b85f5 Status: Downloaded newer image for registry-proxy.engineering.redhat.com/rh-osbs/amq7-amq-streams-rhel7-operator-metadata:1.0.0-1 registry-proxy.engineering.redhat.com/rh-osbs/amq7-amq-streams-rhel7-operator-metadata:1.0.0-1 [root@preserve-olm-env operator-registry]# ./bin/opm alpha bundle validate --tag registry-proxy.engineering.redhat.com/rh-osbs/amq7-amq-streams-rhel7-operator-metadata:1.0.0-1 INFO[0000] Create a temp directory at /tmp/bundle-118897420 container-tool=docker DEBU[0000] Pulling and unpacking container image container-tool=docker INFO[0000] running docker create container-tool=docker DEBU[0000] [docker create registry-proxy.engineering.redhat.com/rh-osbs/amq7-amq-streams-rhel7-operator-metadata:1.0.0-1 ] container-tool=docker INFO[0000] running docker cp container-tool=docker DEBU[0000] [docker cp 33241cb9ed2c17e4f31121e317dcbc749ea15c9a6421325801e26457b9b467be:/ /tmp/bundle-118897420] container-tool=docker INFO[0000] running docker rm container-tool=docker DEBU[0000] [docker rm 33241cb9ed2c17e4f31121e317dcbc749ea15c9a6421325801e26457b9b467be] container-tool=docker INFO[0000] Unpacked image layers, validating bundle image format & contents container-tool=docker DEBU[0000] Found manifests directory container-tool=docker DEBU[0000] Found metadata directory container-tool=docker DEBU[0000] Getting mediaType info from manifests directory container-tool=docker INFO[0000] Found annotations file container-tool=docker INFO[0000] Could not find optional dependencies file container-tool=docker DEBU[0000] Validating bundle contents container-tool=docker DEBU[0000] Validating "apiextensions.k8s.io/v1beta1, Kind=CustomResourceDefinition" from file "amq-streams-kafka.crd.yaml" container-tool=docker DEBU[0000] Validating "apiextensions.k8s.io/v1beta1, Kind=CustomResourceDefinition" from file "amq-streams-kafkaconnect.crd.yaml" container-tool=docker DEBU[0000] Validating "apiextensions.k8s.io/v1beta1, Kind=CustomResourceDefinition" from file "amq-streams-kafkaconnects2i.crd.yaml" container-tool=docker DEBU[0000] Validating "apiextensions.k8s.io/v1beta1, Kind=CustomResourceDefinition" from file "amq-streams-kafkamirrormaker.crd.yaml" container-tool=docker DEBU[0000] Validating "apiextensions.k8s.io/v1beta1, Kind=CustomResourceDefinition" from file "amq-streams-kafkatopic.crd.yaml" container-tool=docker DEBU[0000] Validating "apiextensions.k8s.io/v1beta1, Kind=CustomResourceDefinition" from file "amq-streams-kafkauser.crd.yaml" container-tool=docker DEBU[0000] Validating "operators.coreos.com/v1alpha1, Kind=ClusterServiceVersion" from file "amq-streams.v1.0.0.clusterserviceversion.yaml" container-tool=docker INFO[0000] All validation tests have been completed successfully container-tool=docker
I was able to reproduce the issue and filed a separate BZ and associated patch to cover fix it: https://bugzilla.redhat.com/show_bug.cgi?id=1857502 PTAL. After that PR merges we should be good to test this again at a newer commit.
1, check the olm version: [root@preserve-olm-env operator-registry]# ./bin/opm version Version: version.Version{OpmVersion:"v1.12.5-78-g24965bb", GitCommit:"24965bb", BuildDate:"2020-07-22T02:25:53Z", GoOs:"linux", GoArch:"amd64"} 2, Run the validation: `bundle validate`. It works well, LGTM, verify it. [root@preserve-olm-env operator-registry]# ./bin/opm alpha bundle validate --tag registry-proxy.engineering.redhat.com/rh-osbs/amq7-amq-streams-rhel7-operator-metadata:1.0.0-1 INFO[0000] Create a temp directory at /tmp/bundle-053862621 container-tool=docker DEBU[0000] Pulling and unpacking container image container-tool=docker INFO[0000] running /usr/bin/docker pull registry-proxy.engineering.redhat.com/rh-osbs/amq7-amq-streams-rhel7-operator-metadata:1.0.0-1 container-tool=docker INFO[0001] running docker create container-tool=docker DEBU[0001] [docker create registry-proxy.engineering.redhat.com/rh-osbs/amq7-amq-streams-rhel7-operator-metadata:1.0.0-1 ] container-tool=docker INFO[0001] running docker cp container-tool=docker DEBU[0001] [docker cp bfd701d2fc59aceeda85b99fa3802875d9d05a09e207b3cd1823ba77378eddc0:/. /tmp/bundle-053862621] container-tool=docker INFO[0001] running docker rm container-tool=docker DEBU[0001] [docker rm bfd701d2fc59aceeda85b99fa3802875d9d05a09e207b3cd1823ba77378eddc0] container-tool=docker INFO[0001] Unpacked image layers, validating bundle image format & contents container-tool=docker DEBU[0001] Found manifests directory container-tool=docker DEBU[0001] Found metadata directory container-tool=docker DEBU[0001] Getting mediaType info from manifests directory container-tool=docker INFO[0001] Found annotations file container-tool=docker INFO[0001] Could not find optional dependencies file container-tool=docker DEBU[0001] Validating bundle contents container-tool=docker DEBU[0001] Validating "apiextensions.k8s.io/v1beta1, Kind=CustomResourceDefinition" from file "amq-streams-kafka.crd.yaml" container-tool=docker DEBU[0001] Validating "apiextensions.k8s.io/v1beta1, Kind=CustomResourceDefinition" from file "amq-streams-kafkaconnect.crd.yaml" container-tool=docker DEBU[0001] Validating "apiextensions.k8s.io/v1beta1, Kind=CustomResourceDefinition" from file "amq-streams-kafkaconnects2i.crd.yaml" container-tool=docker DEBU[0001] Validating "apiextensions.k8s.io/v1beta1, Kind=CustomResourceDefinition" from file "amq-streams-kafkamirrormaker.crd.yaml" container-tool=docker DEBU[0001] Validating "apiextensions.k8s.io/v1beta1, Kind=CustomResourceDefinition" from file "amq-streams-kafkatopic.crd.yaml" container-tool=docker DEBU[0001] Validating "apiextensions.k8s.io/v1beta1, Kind=CustomResourceDefinition" from file "amq-streams-kafkauser.crd.yaml" container-tool=docker DEBU[0001] Validating "operators.coreos.com/v1alpha1, Kind=ClusterServiceVersion" from file "amq-streams.v1.0.0.clusterserviceversion.yaml" container-tool=docker INFO[0001] All validation tests have been completed successfully container-tool=docker
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196