Bug 1883560 - operator-registry image needs clean up in /tmp
Summary: operator-registry image needs clean up in /tmp
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: OLM
Version: 4.6
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.7.0
Assignee: Evan Cordell
QA Contact: Jian Zhang
URL:
Whiteboard:
Depends On:
Blocks: 1889865
TreeView+ depends on / blocked
 
Reported: 2020-09-29 15:04 UTC by Akram Ben Aissi
Modified: 2021-02-24 15:21 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-02-24 15:21:17 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github operator-framework operator-registry pull 461 0 None closed Bug 1883560: fix(dockerfile): clean out tmp directory after binaries are placed 2021-02-12 07:42:25 UTC
Github operator-framework operator-registry pull 531 0 None closed Bug 1883560: Avoid duplicate registry binaries across downstream image layers. 2021-02-12 07:42:25 UTC
Red Hat Product Errata RHSA-2020:5633 0 None None None 2021-02-24 15:21:38 UTC

Description Akram Ben Aissi 2020-09-29 15:04:12 UTC
Description of problem:
operator-registry image needs clean up has 265MB+ data in /tmp that are copied to /bin

also, the darwin and windows binaries are copied there and not needed as the image is platform dependant

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 4 Jian Zhang 2020-10-22 03:31:41 UTC
1, Built an image without this PR, its size is 1.03G
[root@preserve-olm-env operator-registry]# docker image ls quay.io/olmqe/builder:1883560
REPOSITORY              TAG                 IMAGE ID            CREATED             SIZE
quay.io/olmqe/builder   1883560             788fad670d98        6 minutes ago       1.03GB

2, Build another image with this PR, its size is 1.03G too, seems like no effects to the image size although the /tmp size is 4.0K now.
[root@preserve-olm-env operator-registry]# docker image ls quay.io/olmqe/builder:new1883560
REPOSITORY              TAG                 IMAGE ID            CREATED             SIZE
quay.io/olmqe/builder   new1883560          06c701aaf65a        31 seconds ago      1.03GB

[root@preserve-olm-env operator-registry]# docker run --rm --entrypoint="/bin/bash" -ti quay.io/olmqe/builder:new1883560
bash-4.4$ ls
...
bash-4.4$ du -h /bin/
398M	/bin/
bash-4.4$ du -h /tmp 
4.0K	/tmp
bash-4.4$ 

Details as follows:
[root@preserve-olm-env operator-registry]# docker build -f Dockerfile -t quay.io/olmqe/builder:new1883560 .
Sending build context to Docker daemon  790.7MB
Step 1/22 : FROM registry.svc.ci.openshift.org/ocp/builder:rhel-8-golang-openshift-4.6 as builder
 ---> 46c7c3b83298
Step 2/22 : ENV GOPATH /go
 ---> Using cache
 ---> 99af01b81b0a
Step 3/22 : ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH
 ---> Using cache
 ---> 60bbe03b6762
Step 4/22 : WORKDIR /src
 ---> Using cache
 ---> 77ea56f63ac4
Step 5/22 : COPY vendor vendor
 ---> Using cache
 ---> 42cae8abb29b
Step 6/22 : COPY cmd cmd
 ---> 34df77d30c4b
Step 7/22 : COPY pkg pkg
 ---> 5181cab46c2a
Step 8/22 : COPY Makefile go.mod go.sum ./
 ---> 58a3c68ddeae
Step 9/22 : RUN make build cross
 ---> Running in 08b43ee05e28
fatal: not a git repository (or any of the parent directories): .git
fatal: not a git repository (or any of the parent directories): .git
GOFLAGS="-mod=vendor" go build  -tags "json1" -o bin/appregistry-server ./cmd/appregistry-server
GOFLAGS="-mod=vendor" go build  -tags "json1" -o bin/configmap-server ./cmd/configmap-server
GOFLAGS="-mod=vendor" go build  -tags "json1" -o bin/initializer ./cmd/initializer
GOFLAGS="-mod=vendor" go build  -tags "json1" -o bin/registry-server ./cmd/registry-server
GOFLAGS="-mod=vendor" go build -ldflags "-X 'github.com/operator-framework/operator-registry/cmd/opm/version.gitCommit=' -X 'github.com/operator-framework/operator-registry/cmd/opm/version.opmVersion=' -X 'github.com/operator-framework/operator-registry/cmd/opm/version.buildDate=2020-10-22T02:56:00Z'"  -tags "json1" -o bin/opm ./cmd/opm
GOOS=darwin CC=o64-clang CXX=o64-clang++ CGO_ENABLED=1 GOFLAGS="-mod=vendor" go build -ldflags "-X 'github.com/operator-framework/operator-registry/cmd/opm/version.gitCommit=' -X 'github.com/operator-framework/operator-registry/cmd/opm/version.opmVersion=' -X 'github.com/operator-framework/operator-registry/cmd/opm/version.buildDate=2020-10-22T02:56:00Z'" -tags "json1" -o "bin/darwin-amd64-opm" --ldflags "-extld=o64-clang" ./cmd/opm
GOOS=windows CC=x86_64-w64-mingw32-gcc CXX=x86_64-w64-mingw32-g++ CGO_ENABLED=1 GOFLAGS="-mod=vendor" go build -ldflags "-X 'github.com/operator-framework/operator-registry/cmd/opm/version.gitCommit=' -X 'github.com/operator-framework/operator-registry/cmd/opm/version.opmVersion=' -X 'github.com/operator-framework/operator-registry/cmd/opm/version.buildDate=2020-10-22T02:56:00Z'" -tags "json1"  -o "bin/windows-amd64-opm" --ldflags "-extld=x86_64-w64-mingw32-gcc" ./cmd/opm
Removing intermediate container 08b43ee05e28
 ---> b6df710a1e94
Step 10/22 : RUN CGO_ENABLED=0 go build -mod=vendor -tags netgo -ldflags "-w" ./vendor/github.com/grpc-ecosystem/grpc-health-probe/...
 ---> Running in 8eabf8588b47
Removing intermediate container 8eabf8588b47
 ---> 56e195ddaecf
Step 11/22 : FROM registry.svc.ci.openshift.org/ocp/4.6:base
 ---> f109cb3fdc46
Step 12/22 : COPY --from=builder /src/bin/* /tmp/bin/
 ---> a74f5ff2eb45
Step 13/22 : COPY --from=builder /src/grpc-health-probe /bin/grpc_health_probe
 ---> 9d5ec16af0b4
Step 14/22 : RUN cp -avr /tmp/bin/. /bin/ && rm -rf /tmp/bin
 ---> Running in 66bc158304cb
'/tmp/bin/./appregistry-server' -> '/bin/./appregistry-server'
'/tmp/bin/./configmap-server' -> '/bin/./configmap-server'
'/tmp/bin/./darwin-amd64-opm' -> '/bin/./darwin-amd64-opm'
'/tmp/bin/./initializer' -> '/bin/./initializer'
'/tmp/bin/./opm' -> '/bin/./opm'
'/tmp/bin/./registry-server' -> '/bin/./registry-server'
'/tmp/bin/./windows-amd64-opm' -> '/bin/./windows-amd64-opm'
Removing intermediate container 66bc158304cb
 ---> 04403e416e81
Step 15/22 : RUN mkdir /registry
 ---> Running in 1615cb4b8c77
Removing intermediate container 1615cb4b8c77
 ---> b87ffa39c878
Step 16/22 : RUN chgrp -R 0 /registry &&     chmod -R g+rwx /registry
 ---> Running in fb9183ec6cc5
Removing intermediate container fb9183ec6cc5
 ---> aa3d1c58c500
Step 17/22 : WORKDIR /registry
 ---> Running in 217a65da3bc0
Removing intermediate container 217a65da3bc0
 ---> 15d4194ae607
Step 18/22 : USER 1001
 ---> Running in 15a45257ec7a
Removing intermediate container 15a45257ec7a
 ---> 9701218218e2
Step 19/22 : EXPOSE 50051
 ---> Running in 39435c3260df
Removing intermediate container 39435c3260df
 ---> 5dad712c10f7
Step 20/22 : ENTRYPOINT ["/bin/registry-server"]
 ---> Running in eec2283b2bd0
Removing intermediate container eec2283b2bd0
 ---> 3e523725b05f
Step 21/22 : CMD ["--database", "/bundles.db"]
 ---> Running in 8929c0d000f2
Removing intermediate container 8929c0d000f2
 ---> 5b3e01586165
Step 22/22 : LABEL io.k8s.display-name="OpenShift Operator Registry"       io.k8s.description="This is a component of OpenShift Operator Lifecycle Manager and is the base for operator catalog API containers."       maintainer="Odin Team <aos-odin>"       summary="Operator Registry runs in a Kubernetes or OpenShift cluster to provide operator catalog data to Operator Lifecycle Manager."
 ---> Running in 94306e952cd3
Removing intermediate container 94306e952cd3
 ---> 06c701aaf65a
Successfully built 06c701aaf65a
Successfully tagged quay.io/olmqe/builder:new1883560

Comment 5 Kevin Rizza 2020-11-30 18:19:16 UTC
Jian,

Building the docker image locally may not be the best way to test this. I think the right verification steps should be to take a look at the size of the downstream images that are being produced by OpenShift CI and nightly builds.

Comment 6 Jian Zhang 2020-12-01 03:17:44 UTC
Thanks, Kevin. 

Checking the openshift CI, seems like the builder is incorrect, submit a PR for it: https://github.com/operator-framework/operator-registry/pull/525

For the nightly build:

1, Check this image for 4.6(no fixed PR), its size is 453MB.
[root@preserve-olm-env data]# oc adm release info registry.svc.ci.openshift.org/ocp/release:4.6.0-0.nightly-2020-11-29-153115 --image-for=operator-lifecycle-manager
quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:52e6b2c81e32ba34d4c015480eb76864c3ad59438e58ec243f4622afb76b2482

[root@preserve-olm-env data]# docker pull quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:52e6b2c81e32ba34d4c015480eb76864c3ad59438e58ec243f4622afb76b2482
sha256:52e6b2c81e32ba34d4c015480eb76864c3ad59438e58ec243f4622afb76b2482: Pulling from openshift-release-dev/ocp-v4.0-art-dev
...
Status: Downloaded newer image for quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:52e6b2c81e32ba34d4c015480eb76864c3ad59438e58ec243f4622afb76b2482
quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:52e6b2c81e32ba34d4c015480eb76864c3ad59438e58ec243f4622afb76b2482

[root@preserve-olm-env data]# docker image ls quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:52e6b2c81e32ba34d4c015480eb76864c3ad59438e58ec243f4622afb76b2482
REPOSITORY                                       TAG                 IMAGE ID            CREATED             SIZE
quay.io/openshift-release-dev/ocp-v4.0-art-dev   <none>              640149bf3816        4 days ago          453MB

2, Check this image for 4.7(fixed PR merged), its size is 454M.

[root@preserve-olm-env data]# oc adm release info registry.svc.ci.openshift.org/ocp/release:4.7.0-0.nightly-2020-11-30-172451 --image-for=operator-lifecycle-manager
quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f51f9afc958b188a65833c6297dee5f149d4c1521a01a1a54e3501d670b2afd0
[root@preserve-olm-env data]# docker pull quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f51f9afc958b188a65833c6297dee5f149d4c1521a01a1a54e3501d670b2afd0
...

[root@preserve-olm-env data]# docker image ls quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f51f9afc958b188a65833c6297dee5f149d4c1521a01a1a54e3501d670b2afd0
REPOSITORY                                       TAG                 IMAGE ID            CREATED             SIZE
quay.io/openshift-release-dev/ocp-v4.0-art-dev   <none>              32b607403dbd        4 days ago          454MB

Seems like the fixed PR didn't reduce this image size, or the base image changed. Change it to ASSIGNED first.

Comment 8 Jian Zhang 2020-12-07 08:05:10 UTC
Sorry, my mistake. I mixed operator-registry image with OLM. Please ignore comment 6.

1, Check the image with the fixed PR: https://github.com/operator-framework/operator-registry/pull/461 Its image size is 632MB.
[root@preserve-olm-env data]# oc adm release info registry.svc.ci.openshift.org/ocp/release:4.7.0-0.nightly-2020-12-04-013308 --commits|grep operator-registry 
  operator-registry                              https://github.com/operator-framework/operator-registry                     9e924740f21ee19ee9b643f8536f37d4cc820c21
[root@preserve-olm-env data]# oc adm release info registry.svc.ci.openshift.org/ocp/release:4.7.0-0.nightly-2020-12-04-013308 --image-for=operator-registry
quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:50bff02141f6c736b4dace020ece9a12f45f6d764bf4739c59c6063ebb5889e4

[jzhang@dhcp-140-36 ~]$ docker image ls quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:50bff02141f6c736b4dace020ece9a12f45f6d764bf4739c59c6063ebb5889e4 
REPOSITORY                                       TAG                 IMAGE ID            CREATED             SIZE
quay.io/openshift-release-dev/ocp-v4.0-art-dev   <none>              9c065538e052        3 days ago          632MB


2, Check the image with fixed PR: https://github.com/operator-framework/operator-registry/pull/531. Its image size is 632MB.

[root@preserve-olm-env data]# oc adm release info registry.svc.ci.openshift.org/ocp/release:4.7.0-0.nightly-2020-12-04-222446 --commits |grep operator-registry
  operator-registry                              https://github.com/operator-framework/operator-registry                     2e9bb75c2ebf38cdd1c154bc82a41554fcd97986

[root@preserve-olm-env data]# oc adm release info registry.svc.ci.openshift.org/ocp/release:4.7.0-0.nightly-2020-12-04-222446 --image-for=operator-registry
quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2dc2974340e4dd767d2936cea476a1bf37b3c145fec4dbcfceb512af4869049a
[jzhang@dhcp-140-36 ~]$ docker pull quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2dc2974340e4dd767d2936cea476a1bf37b3c145fec4dbcfceb512af4869049a
sha256:2dc2974340e4dd767d2936cea476a1bf37b3c145fec4dbcfceb512af4869049a: Pulling from openshift-release-dev/ocp-v4.0-art-dev
...
quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2dc2974340e4dd767d2936cea476a1bf37b3c145fec4dbcfceb512af4869049a
[jzhang@dhcp-140-36 ~]$ 
[jzhang@dhcp-140-36 ~]$ docker image ls quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2dc2974340e4dd767d2936cea476a1bf37b3c145fec4dbcfceb512af4869049a 
REPOSITORY                                       TAG                 IMAGE ID            CREATED             SIZE
quay.io/openshift-release-dev/ocp-v4.0-art-dev   <none>              6279f00a3378        2 days ago          632MB


3, check the image in 4.6 nightly payload without any fixed PR. Its image size is 1.01GB.

[root@preserve-olm-env data]# oc adm release info registry.svc.ci.openshift.org/ocp/release:4.6.0-0.nightly-2020-12-06-095114 --image-for=operator-registry
quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b8e4dd73262db7ab949234d1acada14f3a5c3c701aa36aa6e252e6be3d2109f4
...
[jzhang@dhcp-140-36 ~]$ docker image ls  quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b8e4dd73262db7ab949234d1acada14f3a5c3c701aa36aa6e252e6be3d2109f4
REPOSITORY                                       TAG                 IMAGE ID            CREATED             SIZE
quay.io/openshift-release-dev/ocp-v4.0-art-dev   <none>              1cdceba109eb        2 days ago          1.01GB

LGTM, verify it.

Comment 11 errata-xmlrpc 2021-02-24 15:21:17 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633


Note You need to log in before you can comment on or make changes to this bug.