2226728 – Failed to use subscription-manager tool when building UBI9 image on OpenShift container platform 4

Bug 2226728 - Failed to use subscription-manager tool when building UBI9 image on OpenShift container platform 4

Summary: Failed to use subscription-manager tool when building UBI9 image on OpenShift...

Keywords:
Status:	CLOSED DUPLICATE of bug 2216079
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	subscription-manager
Sub Component:
Version:	9.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	CSI Client Tools Bugs
QA Contact:	CSI Client Tools Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2023-07-26 10:20 UTC by Wei Liu
Modified:	2023-07-26 23:01 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-07-26 23:01:36 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHELPLAN-163529	0	None	None	None	2023-07-26 10:21:50 UTC

Description Wei Liu 2023-07-26 10:20:15 UTC

Description of problem:
Failed to use subscription-manager tool when building ubi9 image on OCP4

Version-Release number of selected component (if applicable):
OCP 4.13.4
[root@ocp4-rhel8-ent-slave-1 entitlement-tests]# oc get clusterversion
NAME      VERSION   AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.13.4    True        False         145m    Cluster version is 4.13.4

How reproducible:
always

Steps to Reproduce:
1. Create build config and start the image build process:
[root@ocp4-rhel8-ent-slave-1 entitlement-tests]# cat buildconfig.yaml 
apiVersion: build.openshift.io/v1
kind: BuildConfig
metadata:
  name: my-csi-bc-s2i
  namespace: ent-test
spec:
  runPolicy: Serial
  source:
    dockerfile: |
      FROM registry.access.redhat.com/ubi9/ubi:latest
      RUN ls -la /etc/pki/entitlement &&\
          rm /etc/rhsm-host &&\
          env SMDEV_CONTAINER_OFF=1 yum install -y yum-utils
      RUN  echo rhocp-4.13-for-rhel-9-x86_64-rpms >>repo.txt;  echo rhocp-4.13-for-rhel-9-x86_64-debug-rpms >>repo.txt; 
      RUN cat repo.txt | xargs -I {} subscription-manager repos --enable={}
      RUN cat repo.txt | xargs -I {} repoquery --available --quiet --all --repoid={} >> packages.txt  
      RUN shuf -n 3 packages.txt > installed_pck &&\
          cat installed_pck 
      RUN cat installed_pck | xargs -I {} dnf install -y --setopt=*.module_hotfixes=True --skip-broken {}
  strategy:
    type: Docker
    dockerStrategy:
      volumes:
        - mounts:
            - destinationPath: "/etc/pki/entitlement"
          name: my-csi-shared-secret
          source:
            csi:
              driver: csi.sharedresource.openshift.io
              readOnly: true
              volumeAttributes:
                sharedSecret: my-share 
            type: CSI
  output:
    to:
      kind: "ImageStreamTag"
      name: "sample-custom:latest"
[root@ocp4-rhel8-ent-slave-1 entitlement-tests]# oc create -f buildconfig.yaml
buildconfig.build.openshift.io/my-csi-bc-s2i created

[root@ocp4-rhel8-ent-slave-1 entitlement-tests]# oc start-build my-csi-bc-s2i -F
build.build.openshift.io/my-csi-bc-s2i-1 started
time="2023-07-26T10:06:46Z" level=info msg="Not using native diff for overlay, this may cause degraded performance for building images: kernel has CONFIG_OVERLAY_FS_REDIRECT_DIR enabled"
I0726 10:06:46.831029       1 defaults.go:112] Defaulting to storage driver "overlay" with options [mountopt=metacopy=on].
Caching blobs under "/var/cache/blobs".

Pulling image registry.access.redhat.com/ubi9/ubi:latest ...
Trying to pull registry.access.redhat.com/ubi9/ubi:latest...
Getting image source signatures
Copying blob sha256:7b3dd25bf011f6e84d1eaf4cce367d6d7c3d1d82385a65ebb394b5bf096f8d7a
Copying config sha256:663a35613bf10445ee2fd4af90024ccb83aecf3985b7e98c9e9a87f0f3131865
Writing manifest to image destination
Storing signatures
Adding transient rw bind mount for /run/secrets/rhsm
STEP 1/9: FROM registry.access.redhat.com/ubi9/ubi:latest
STEP 2/9: RUN ls -la /etc/pki/entitlement &&    rm /etc/rhsm-host &&    env SMDEV_CONTAINER_OFF=1 yum install -y yum-utils
total 0
drwxrwxrwt.  3 root root 120 Jul 26 10:06 .
drwxr-xr-x. 10 root root 154 Jun 15 01:44 ..
drwxr-xr-x.  2 root root  80 Jul 26 10:06 ..2023_07_26_10_06_44.1276182633
lrwxrwxrwx.  1 root root  32 Jul 26 10:06 ..data -> ..2023_07_26_10_06_44.1276182633
lrwxrwxrwx.  1 root root  26 Jul 26 10:06 entitlement-key.pem -> ..data/entitlement-key.pem
lrwxrwxrwx.  1 root root  22 Jul 26 10:06 entitlement.pem -> ..data/entitlement.pem
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Red Hat Enterprise Linux 9 for x86_64 - AppStre  33 MB/s |  23 MB     00:00    
Red Hat Enterprise Linux 9 for x86_64 - BaseOS   24 MB/s |  13 MB     00:00    
Red Hat Universal Base Image 9 (RPMs) - BaseOS  759 kB/s | 580 kB     00:00    
Red Hat Universal Base Image 9 (RPMs) - AppStre 7.9 MB/s | 1.9 MB     00:00    
Red Hat Universal Base Image 9 (RPMs) - CodeRea 947 kB/s | 195 kB     00:00    
Dependencies resolved.
================================================================================
 Package           Arch    Version         Repository                      Size
================================================================================
Installing:
 yum-utils         noarch  4.3.0-5.el9_2   rhel-9-for-x86_64-baseos-rpms   45 k
Installing dependencies:
 dnf-plugins-core  noarch  4.3.0-5.el9_2   rhel-9-for-x86_64-baseos-rpms   42 k

Transaction Summary
================================================================================
Install  2 Packages

Total download size: 86 k
Installed size: 45 k
Downloading Packages:
(1/2): dnf-plugins-core-4.3.0-5.el9_2.noarch.rp 416 kB/s |  42 kB     00:00    
(2/2): yum-utils-4.3.0-5.el9_2.noarch.rpm       259 kB/s |  45 kB     00:00    
--------------------------------------------------------------------------------
Total                                           495 kB/s |  86 kB     00:00     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Installing       : dnf-plugins-core-4.3.0-5.el9_2.noarch                  1/2 
  Installing       : yum-utils-4.3.0-5.el9_2.noarch                         2/2 
  Running scriptlet: yum-utils-4.3.0-5.el9_2.noarch                         2/2 
  Verifying        : yum-utils-4.3.0-5.el9_2.noarch                         1/2 
  Verifying        : dnf-plugins-core-4.3.0-5.el9_2.noarch                  2/2 
Installed products updated.

Installed:
  dnf-plugins-core-4.3.0-5.el9_2.noarch      yum-utils-4.3.0-5.el9_2.noarch     

Complete!
--> ba7b02affdb
STEP 3/9: RUN echo rhocp-4.13-for-rhel-9-x86_64-rpms >>repo.txt;  echo rhocp-4.13-for-rhel-9-x86_64-debug-rpms >>repo.txt;
--> b57a613d160
STEP 4/9: RUN cat repo.txt | xargs -I {} subscription-manager repos --enable={}
subscription-manager is disabled when running inside a container. Please refer to your host system for subscription management.

subscription-manager is disabled when running inside a container. Please refer to your host system for subscription management.

error: build error: building at STEP "RUN cat repo.txt | xargs -I {} subscription-manager repos --enable={}": while running runtime: exit status 123


Actual results:
With the workaround env SMDEV_CONTAINER_OFF=1 and rm /etc/rhsm-host, but still show the error: subscription-manager is disabled when running inside a container. Please refer to your host system for subscription management.

Expected results:
subscription-manager can be used successfully

Additional info:

Comment 1 Pino Toscano 2023-07-26 10:45:25 UTC

(In reply to Wei Liu from comment #0)
>     dockerfile: |
>       FROM registry.access.redhat.com/ubi9/ubi:latest
>       RUN ls -la /etc/pki/entitlement &&\
>           rm /etc/rhsm-host &&\
>           env SMDEV_CONTAINER_OFF=1 yum install -y yum-utils
>       RUN  echo rhocp-4.13-for-rhel-9-x86_64-rpms >>repo.txt;  echo
> rhocp-4.13-for-rhel-9-x86_64-debug-rpms >>repo.txt; 
>       RUN cat repo.txt | xargs -I {} subscription-manager repos --enable={}
>       RUN cat repo.txt | xargs -I {} repoquery --available --quiet --all
> --repoid={} >> packages.txt  
>       RUN shuf -n 3 packages.txt > installed_pck &&\
>           cat installed_pck 
>       RUN cat installed_pck | xargs -I {} dnf install -y
> --setopt=*.module_hotfixes=True --skip-broken {}
> [...]
> Actual results:
> With the workaround env SMDEV_CONTAINER_OFF=1 and rm /etc/rhsm-host, but
> still show the error: subscription-manager is disabled when running inside a
> container. Please refer to your host system for subscription management.

SMDEV_CONTAINER_OFF=1 was used only for the first "yum" command; you need to make sure it applies for all the commands of subscription-manager and dnf, so "subscription-manager", "repoquery" (part of dnf), "yum", and "dnf".

Otherwise, this seems a duplicate of bug 2216079.

Comment 2 Wei Liu 2023-07-26 23:01:36 UTC

ACK. Thanks for the update and let's move to it as duplicated.

*** This bug has been marked as a duplicate of bug 2216079 ***

Note You need to log in before you can comment on or make changes to this bug.