Bug 1879497 - Support --image-stream flag in oc debug
Summary: Support --image-stream flag in oc debug
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: oc
Version: 4.6
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.6.0
Assignee: Jan Chaloupka
QA Contact: RamaKasturi
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-09-16 12:22 UTC by Maciej Szulik
Modified: 2020-10-27 16:41 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-10-27 16:41:19 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift oc pull 588 0 None closed bug 1879497: oc debug: add --image-stream flag 2020-11-03 09:11:35 UTC
Red Hat Product Errata RHBA-2020:4196 0 None None None 2020-10-27 16:41:31 UTC

Description Maciej Szulik 2020-09-16 12:22:12 UTC
Currently oc adm must-gather supports both --image and --image-stream flag, but oc debug supports only --image. We should support both, especially that for debugging node we lookup tools ImageStream from openshift namespace.

Comment 1 Maciej Szulik 2020-09-16 12:23:18 UTC
This was mentioned in https://bugzilla.redhat.com/show_bug.cgi?id=1728135#c25

Comment 3 RamaKasturi 2020-09-23 13:19:12 UTC
Checked and  still see that --image-stream as --unknown flag, will check again tomorrow.

Comment 4 RamaKasturi 2020-09-24 09:54:21 UTC
Verified with the payload below and i see that oc debug now supports --image-stream flag.

[ramakasturinarra@dhcp35-60 openshift-client-linux-4.6.0-0.nightly-2020-09-24-015627]$ ./oc version
Client Version: 4.6.0-0.nightly-2020-09-24-015627
Server Version: 4.6.0-0.nightly-2020-09-24-015627
Kubernetes Version: v1.19.0+fff8183

[ramakasturinarra@dhcp35-60 openshift-client-linux-4.6.0-0.nightly-2020-09-24-015627]$ ./oc debug --help | grep image
 When debugging images and setup problems, it's useful to get an exact copy of a running pod configuration and troubleshoot with a shell. Since a pod that is failing may not be started and not accessible to 'rsh' or 'exec', the 'debug' command makes it easy to create a carbon copy of that setup.
 You may invoke other types of objects besides pods - any controller resource that creates a pod (like a deployment, build, or job), objects that can host pods (like nodes), or resources that can be used to create pods (such as image stream tags).
  # Launch a shell in a pod using the provided image stream tag
      --image='': Override the image used by the targeted container.
      --image-stream='': Specify an image stream (namespace/name:tag) containing a debug image to run.

with an invalid image stream:
===============================
[ramakasturinarra@dhcp35-60 openshift-client-linux-4.6.0-0.nightly-2020-09-24-015627]$ ./oc -v=2 debug nodes/ip-10-0-202-185.ap-northeast-1.compute.internal --image-stream="openshift2/tools:latest"
I0924 15:01:35.554888   16375 debug.go:922] Unable to resolve image stream 'openshift2/tools:latest': imagestreams.image.openshift.io "tools" not found
I0924 15:01:35.555082   16375 debug.go:926] Falling to 'registry.redhat.io/rhel8/support-tools' image
Creating debug namespace/openshift-debug-node-hf6fb ...
Starting pod/ip-10-0-202-185ap-northeast-1computeinternal-debug ...
To use host binaries, run `chroot /host`
I0924 15:01:38.554387   16375 reflector.go:207] Starting reflector *v1.Pod (0s) from k8s.io/client-go/tools/watch/informerwatcher.go:146
I0924 15:01:47.951166   16375 reflector.go:213] Stopping reflector *v1.Pod (0s) from k8s.io/client-go/tools/watch/informerwatcher.go:146
Pod IP: 10.0.202.185
If you don't see a command prompt, try pressing enter.
sh-4.4# 

we see that it is falling back to below
[ramakasturinarra@dhcp35-60 openshift-client-linux-4.6.0-0.nightly-2020-09-24-015627]$ oc get pods -n $(oc get ns | grep debug | cut -d' ' -f1) -o json | jq '.items[0].spec.containers[0].image'
"registry.redhat.io/rhel8/support-tools"

with a valid image stream:
============================
[ramakasturinarra@dhcp35-60 openshift-client-linux-4.6.0-0.nightly-2020-09-24-015627]$ ./oc -v=2 debug nodes/ip-10-0-202-185.ap-northeast-1.compute.internal --image-stream="openshift/tools:latest"
Creating debug namespace/openshift-debug-node-2v4tr ...
Starting pod/ip-10-0-202-185ap-northeast-1computeinternal-debug ...
To use host binaries, run `chroot /host`
I0924 15:03:23.035440   16452 reflector.go:207] Starting reflector *v1.Pod (0s) from k8s.io/client-go/tools/watch/informerwatcher.go:146
I0924 15:03:44.584873   16452 reflector.go:213] Stopping reflector *v1.Pod (0s) from k8s.io/client-go/tools/watch/informerwatcher.go:146
Pod IP: 10.0.202.185
If you don't see a command prompt, try pressing enter.
sh-4.4# 

[ramakasturinarra@dhcp35-60 openshift-client-linux-4.6.0-0.nightly-2020-09-24-015627]$ oc get pods -n $(oc get ns | grep debug | cut -d' ' -f1) -o json | jq '.items[0].spec.containers[0].image'
"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:79c0a1231d59657cba5aec6d1b61f5dda4a2484318877f4263ae16cf51f901f8"

without image stream:
================================
[ramakasturinarra@dhcp35-60 openshift-client-linux-4.6.0-0.nightly-2020-09-24-015627]$ ./oc -v=2 debug nodes/ip-10-0-202-185.ap-northeast-1.compute.internal
Creating debug namespace/openshift-debug-node-vx8tk ...
Starting pod/ip-10-0-202-185ap-northeast-1computeinternal-debug ...
To use host binaries, run `chroot /host`
I0924 15:07:24.159520   16705 reflector.go:207] Starting reflector *v1.Pod (0s) from k8s.io/client-go/tools/watch/informerwatcher.go:146
I0924 15:07:25.095065   16705 reflector.go:213] Stopping reflector *v1.Pod (0s) from k8s.io/client-go/tools/watch/informerwatcher.go:146
Pod IP: 10.0.202.185
If you don't see a command prompt, try pressing enter.
sh-4.4# exit
exit

Removing debug pod ...
Removing debug namespace/openshift-debug-node-vx8tk ...

[ramakasturinarra@dhcp35-60 openshift-client-linux-4.6.0-0.nightly-2020-09-24-015627]$ oc get pods -n $(oc get ns | grep debug | cut -d' ' -f1) -o json | jq '.items[0].spec.containers[0].image'
"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:79c0a1231d59657cba5aec6d1b61f5dda4a2484318877f4263ae16cf51f901f8"


Tried on a master node and that works as well:
==================================================
[ramakasturinarra@dhcp35-60 openshift-client-linux-4.6.0-0.nightly-2020-09-24-015627]$ ./oc -v=2 debug node/ip-10-0-128-207.ap-northeast-1.compute.internal --image-stream=openshift/tools:latest
Creating debug namespace/openshift-debug-node-p882f ...
Starting pod/ip-10-0-128-207ap-northeast-1computeinternal-debug ...
To use host binaries, run `chroot /host`
I0924 15:20:19.417827   17344 reflector.go:207] Starting reflector *v1.Pod (0s) from k8s.io/client-go/tools/watch/informerwatcher.go:146
I0924 15:20:39.551629   17344 reflector.go:213] Stopping reflector *v1.Pod (0s) from k8s.io/client-go/tools/watch/informerwatcher.go:146
Pod IP: 10.0.128.207
If you don't see a command prompt, try pressing enter.
sh-4.4# exit
exit

Removing debug pod ...
Removing debug namespace/openshift-debug-node-p882f ...

on master node with invalid image stream:
==============================================
[ramakasturinarra@dhcp35-60 openshift-client-linux-4.6.0-0.nightly-2020-09-24-015627]$ ./oc -v=2 debug node/ip-10-0-128-207.ap-northeast-1.compute.internal --image-stream=openshift2/tools:latest
I0924 15:21:40.095651   17382 debug.go:922] Unable to resolve image stream 'openshift2/tools:latest': imagestreams.image.openshift.io "tools" not found
I0924 15:21:40.096008   17382 debug.go:926] Falling to 'registry.redhat.io/rhel8/support-tools' image
Creating debug namespace/openshift-debug-node-x82jh ...
Starting pod/ip-10-0-128-207ap-northeast-1computeinternal-debug ...
To use host binaries, run `chroot /host`
I0924 15:21:42.277490   17382 reflector.go:207] Starting reflector *v1.Pod (0s) from k8s.io/client-go/tools/watch/informerwatcher.go:146
I0924 15:21:46.855634   17382 reflector.go:213] Stopping reflector *v1.Pod (0s) from k8s.io/client-go/tools/watch/informerwatcher.go:146
Pod IP: 10.0.128.207
If you don't see a command prompt, try pressing enter.



Based on the above moving the bug to verified state.

Comment 5 RamaKasturi 2020-09-24 09:57:28 UTC
Verified with the payload below and i see that oc debug now supports --image-stream flag.

[ramakasturinarra@dhcp35-60 openshift-client-linux-4.6.0-0.nightly-2020-09-24-015627]$ ./oc version
Client Version: 4.6.0-0.nightly-2020-09-24-015627
Server Version: 4.6.0-0.nightly-2020-09-24-015627
Kubernetes Version: v1.19.0+fff8183

[ramakasturinarra@dhcp35-60 openshift-client-linux-4.6.0-0.nightly-2020-09-24-015627]$ ./oc debug --help | grep image
 When debugging images and setup problems, it's useful to get an exact copy of a running pod configuration and troubleshoot with a shell. Since a pod that is failing may not be started and not accessible to 'rsh' or 'exec', the 'debug' command makes it easy to create a carbon copy of that setup.
 You may invoke other types of objects besides pods - any controller resource that creates a pod (like a deployment, build, or job), objects that can host pods (like nodes), or resources that can be used to create pods (such as image stream tags).
  # Launch a shell in a pod using the provided image stream tag
      --image='': Override the image used by the targeted container.
      --image-stream='': Specify an image stream (namespace/name:tag) containing a debug image to run.

with an invalid image stream:
===============================
[ramakasturinarra@dhcp35-60 openshift-client-linux-4.6.0-0.nightly-2020-09-24-015627]$ ./oc -v=2 debug nodes/ip-10-0-202-185.ap-northeast-1.compute.internal --image-stream="openshift2/tools:latest"
I0924 15:01:35.554888   16375 debug.go:922] Unable to resolve image stream 'openshift2/tools:latest': imagestreams.image.openshift.io "tools" not found
I0924 15:01:35.555082   16375 debug.go:926] Falling to 'registry.redhat.io/rhel8/support-tools' image
Creating debug namespace/openshift-debug-node-hf6fb ...
Starting pod/ip-10-0-202-185ap-northeast-1computeinternal-debug ...
To use host binaries, run `chroot /host`
I0924 15:01:38.554387   16375 reflector.go:207] Starting reflector *v1.Pod (0s) from k8s.io/client-go/tools/watch/informerwatcher.go:146
I0924 15:01:47.951166   16375 reflector.go:213] Stopping reflector *v1.Pod (0s) from k8s.io/client-go/tools/watch/informerwatcher.go:146
Pod IP: 10.0.202.185
If you don't see a command prompt, try pressing enter.
sh-4.4# 

we see that it is falling back to below
[ramakasturinarra@dhcp35-60 openshift-client-linux-4.6.0-0.nightly-2020-09-24-015627]$ oc get pods -n $(oc get ns | grep debug | cut -d' ' -f1) -o json | jq '.items[0].spec.containers[0].image'
"registry.redhat.io/rhel8/support-tools"

with a valid image stream:
============================
[ramakasturinarra@dhcp35-60 openshift-client-linux-4.6.0-0.nightly-2020-09-24-015627]$ ./oc -v=2 debug nodes/ip-10-0-202-185.ap-northeast-1.compute.internal --image-stream="openshift/tools:latest"
Creating debug namespace/openshift-debug-node-2v4tr ...
Starting pod/ip-10-0-202-185ap-northeast-1computeinternal-debug ...
To use host binaries, run `chroot /host`
I0924 15:03:23.035440   16452 reflector.go:207] Starting reflector *v1.Pod (0s) from k8s.io/client-go/tools/watch/informerwatcher.go:146
I0924 15:03:44.584873   16452 reflector.go:213] Stopping reflector *v1.Pod (0s) from k8s.io/client-go/tools/watch/informerwatcher.go:146
Pod IP: 10.0.202.185
If you don't see a command prompt, try pressing enter.
sh-4.4# 

[ramakasturinarra@dhcp35-60 openshift-client-linux-4.6.0-0.nightly-2020-09-24-015627]$ oc get pods -n $(oc get ns | grep debug | cut -d' ' -f1) -o json | jq '.items[0].spec.containers[0].image'
"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:79c0a1231d59657cba5aec6d1b61f5dda4a2484318877f4263ae16cf51f901f8"

without image stream:
================================
[ramakasturinarra@dhcp35-60 openshift-client-linux-4.6.0-0.nightly-2020-09-24-015627]$ ./oc -v=2 debug nodes/ip-10-0-202-185.ap-northeast-1.compute.internal
Creating debug namespace/openshift-debug-node-vx8tk ...
Starting pod/ip-10-0-202-185ap-northeast-1computeinternal-debug ...
To use host binaries, run `chroot /host`
I0924 15:07:24.159520   16705 reflector.go:207] Starting reflector *v1.Pod (0s) from k8s.io/client-go/tools/watch/informerwatcher.go:146
I0924 15:07:25.095065   16705 reflector.go:213] Stopping reflector *v1.Pod (0s) from k8s.io/client-go/tools/watch/informerwatcher.go:146
Pod IP: 10.0.202.185
If you don't see a command prompt, try pressing enter.
sh-4.4# exit
exit

Removing debug pod ...
Removing debug namespace/openshift-debug-node-vx8tk ...

[ramakasturinarra@dhcp35-60 openshift-client-linux-4.6.0-0.nightly-2020-09-24-015627]$ oc get pods -n $(oc get ns | grep debug | cut -d' ' -f1) -o json | jq '.items[0].spec.containers[0].image'
"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:79c0a1231d59657cba5aec6d1b61f5dda4a2484318877f4263ae16cf51f901f8"


Tried on a master node and that works as well:
==================================================
[ramakasturinarra@dhcp35-60 openshift-client-linux-4.6.0-0.nightly-2020-09-24-015627]$ ./oc -v=2 debug node/ip-10-0-128-207.ap-northeast-1.compute.internal --image-stream=openshift/tools:latest
Creating debug namespace/openshift-debug-node-p882f ...
Starting pod/ip-10-0-128-207ap-northeast-1computeinternal-debug ...
To use host binaries, run `chroot /host`
I0924 15:20:19.417827   17344 reflector.go:207] Starting reflector *v1.Pod (0s) from k8s.io/client-go/tools/watch/informerwatcher.go:146
I0924 15:20:39.551629   17344 reflector.go:213] Stopping reflector *v1.Pod (0s) from k8s.io/client-go/tools/watch/informerwatcher.go:146
Pod IP: 10.0.128.207
If you don't see a command prompt, try pressing enter.
sh-4.4# exit
exit

Removing debug pod ...
Removing debug namespace/openshift-debug-node-p882f ...

on master node with invalid image stream:
==============================================
[ramakasturinarra@dhcp35-60 openshift-client-linux-4.6.0-0.nightly-2020-09-24-015627]$ ./oc -v=2 debug node/ip-10-0-128-207.ap-northeast-1.compute.internal --image-stream=openshift2/tools:latest
I0924 15:21:40.095651   17382 debug.go:922] Unable to resolve image stream 'openshift2/tools:latest': imagestreams.image.openshift.io "tools" not found
I0924 15:21:40.096008   17382 debug.go:926] Falling to 'registry.redhat.io/rhel8/support-tools' image
Creating debug namespace/openshift-debug-node-x82jh ...
Starting pod/ip-10-0-128-207ap-northeast-1computeinternal-debug ...
To use host binaries, run `chroot /host`
I0924 15:21:42.277490   17382 reflector.go:207] Starting reflector *v1.Pod (0s) from k8s.io/client-go/tools/watch/informerwatcher.go:146
I0924 15:21:46.855634   17382 reflector.go:213] Stopping reflector *v1.Pod (0s) from k8s.io/client-go/tools/watch/informerwatcher.go:146
Pod IP: 10.0.128.207
If you don't see a command prompt, try pressing enter.



Based on the above moving the bug to verified state.

Comment 8 errata-xmlrpc 2020-10-27 16:41:19 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196


Note You need to log in before you can comment on or make changes to this bug.