error: --strategy is specified and none of the arguments provided could be classified as a source code location

[JiriHusak-lab]

Hi,

yesterday I've downloaded version crc-linux-2.10.2-amd64 and successfully installed.

CRC VM:          Running
OpenShift:       Running (v4.11.7)
RAM Usage:       6.524GB of 9.399GB
Disk Usage:      14.97GB of 32.74GB (Inside the CRC VM)
Cache Usage:     16.43GB
Cache Directory: /var/crc/.crc/cache

I have reached one issue. In all previous CRC versions I've used oc new-app command as follows:

oc new-app --strategy docker git@X.Y.Z.W:mgrp/xxx-ds.git --source-secret repo-at-gitlab --name xxx-ds

Now this command returns error:

error: --strategy is specified and none of the arguments provided could be classified as a source code location

The same error returns following commands as well:

oc new-app --strategy docker https://X.Y.Z.W:mgrp/xxx-ds.git  --source-secret repo-at-gitlab --name xxx-ds
oc new-app --strategy=docker https://X.Y.Z.W:mgrp/xxx-ds.git  --source-secret repo-at-gitlab --name xxx-ds

Question: what has changed in the latest CRC version that oc new-app commands I have always used do not work? As far as I tried, I haven't reach other issue in this version.

[anjannath]

It could be due to some network connectivity issues where oc is not able to pull from the supplied git repos, i couldn't reproduce this locally:

❯ oc new-app --strategy=docker https://github.com/evanshortiss/openshift-typescript-example
--> Found image da98079 (7 months old) in image stream "dev-test/node" under tag "12-alpine" for "node:12-alpine"

    * A Docker build using source code from https://github.com/evanshortiss/openshift-typescript-example will be created
      * The resulting image will be pushed to image stream tag "openshift-typescript-example:latest"
      * Use 'oc start-build' to trigger a new build

--> Creating resources ...
    imagestream.image.openshift.io "openshift-typescript-example" created
    buildconfig.build.openshift.io "openshift-typescript-example" created
Warning: would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "openshift-typescript-example" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "openshift-typescript-example" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "openshift-typescript-example" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "openshift-typescript-example" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
    deployment.apps "openshift-typescript-example" created
--> Success
    Build scheduled, use 'oc logs -f buildconfig/openshift-typescript-example' to track its progress.
    Run 'oc status' to view your app.

Using the same oc version as in 2.10.2:

❯ oc version
Client Version: 4.10.34
Server Version: 4.11.7
Kubernetes Version: v1.24.0+3882f8f

[JiriHusak-lab]

Hi, in previous version it has worked properly. There is no network issue, issue is present from yesterday when I have installed latest crc version. I can clone repo, I have used it in the same way long time using previous crc versions.

Issue is present in version: Client Version: 4.11.7 Kustomize Version: v4.5.4 Server Version: 4.11.7 Kubernetes Version: v1.24.0+3882f8f

[anjannath]

@JiriHusak-lab not sure how a new release could cause this, since the bundle and oc client version is 4.11.7 same as in crc v2.10.1

since am not able to reproduce this on my side really not sure what could cause this for you, make sure you are using the correct oc binaries, maybe try clearing your ~/.crc/bin directory and start from a clean state:

$ rm -rf ~/.crc/bin
$ crc cleanup
$ crc setup

[JiriHusak-lab]

I did it twice completely:

crc setup and crc start log: [crc@rhel821 ~]$ crc setup CRC is constantly improving and we would like to know more about usage (more details at https://developers.redhat.com/article/tool-data-collection) Your preference can be changed manually if desired using 'crc config set consent-telemetry <yes/no>' Would you like to contribute anonymous usage statistics? [y/N]: N No worry, you can still enable telemetry manually with the command 'crc config set consent-telemetry yes'. INFO Using bundle path /var/crc/.crc/cache/crc_libvirt_4.11.7_amd64.crcbundle INFO Checking if running as non-root
INFO Checking if running inside WSL2
INFO Checking if crc-admin-helper executable is cached INFO Caching crc-admin-helper executable
INFO Using root access: Changing ownership of /var/crc/.crc/bin/crc-admin-helper-linux [sudo] password for crc: INFO Using root access: Setting suid for /var/crc/.crc/bin/crc-admin-helper-linux INFO Checking for obsolete admin-helper executable INFO Checking if running on a supported CPU architecture INFO Checking minimum RAM requirements
INFO Checking if crc executable symlink exists
INFO Creating symlink for crc executable
INFO Checking if Virtualization is enabled
INFO Checking if KVM is enabled
INFO Checking if libvirt is installed
INFO Checking if user is part of libvirt group
INFO Checking if active user/process is currently part of the libvirt group INFO Checking if libvirt daemon is running
INFO Checking if a supported libvirt version is installed INFO Checking if crc-driver-libvirt is installed
INFO Installing crc-driver-libvirt
INFO Checking crc daemon systemd service
INFO Setting up crc daemon systemd service
INFO Checking crc daemon systemd socket units
INFO Setting up crc daemon systemd socket units
INFO Checking if systemd-networkd is running
INFO Checking if NetworkManager is installed
INFO Checking if NetworkManager service is running INFO Checking if dnsmasq configurations file exist for NetworkManager INFO Checking if the systemd-resolved service is running INFO Checking if /etc/NetworkManager/dispatcher.d/99-crc.sh exists INFO Checking if libvirt 'crc' network is available INFO Checking if libvirt 'crc' network is active
INFO Checking if CRC bundle is extracted in '$HOME/.crc' INFO Checking if /var/crc/.crc/cache/crc_libvirt_4.11.7_amd64.crcbundle exists INFO Getting bundle for the CRC executable
3.15 GiB / 3.15 GiB [----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------] 100.00% 8.58 MiB p/s INFO Uncompressing /var/crc/.crc/cache/crc_libvirt_4.11.7_amd64.crcbundle crc.qcow2: 12.01 GiB / 12.01 GiB [----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------] 100.00% oc: 118.14 MiB / 118.14 MiB [---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------] 100.00% Your system is correctly setup for using CRC. Use 'crc start' to start the instance

[crc@rhel821 ~]$ crc start INFO Checking if running as non-root
INFO Checking if running inside WSL2
INFO Checking if crc-admin-helper executable is cached INFO Checking for obsolete admin-helper executable INFO Checking if running on a supported CPU architecture INFO Checking minimum RAM requirements
INFO Checking if crc executable symlink exists
INFO Checking if Virtualization is enabled
INFO Checking if KVM is enabled
INFO Checking if libvirt is installed
INFO Checking if user is part of libvirt group
INFO Checking if active user/process is currently part of the libvirt group INFO Checking if libvirt daemon is running
INFO Checking if a supported libvirt version is installed INFO Checking if crc-driver-libvirt is installed
INFO Checking crc daemon systemd socket units
INFO Checking if systemd-networkd is running
INFO Checking if NetworkManager is installed
INFO Checking if NetworkManager service is running INFO Checking if dnsmasq configurations file exist for NetworkManager INFO Checking if the systemd-resolved service is running INFO Checking if /etc/NetworkManager/dispatcher.d/99-crc.sh exists INFO Checking if libvirt 'crc' network is available INFO Checking if libvirt 'crc' network is active
INFO Loading bundle: crc_libvirt_4.11.7_amd64...
CRC requires a pull secret to download content from Red Hat. You can copy it from the Pull Secret section of https://console.redhat.com/openshift/create/local. ? Please enter the pull secret ** WARN Cannot add pull secret to keyring: failed to unlock correct collection '/org/freedesktop/secrets/aliases/default' INFO Creating CRC VM for openshift 4.11.7...
INFO Generating new SSH key pair...
INFO Generating new password for the kubeadmin user INFO Starting CRC VM for openshift 4.11.7...
INFO CRC instance is running with IP 192.168.130.11 INFO CRC VM is running
INFO Updating authorized keys...
INFO Check internal and public DNS query...
INFO Check DNS query from host...
INFO Verifying validity of the kubelet certificates... INFO Starting kubelet service
INFO Waiting for kube-apiserver availability... [takes around 2min] INFO Adding user's pull secret to the cluster...
INFO Updating SSH key to machine config resource... INFO Waiting for user's pull secret part of instance disk... INFO Changing the password for the kubeadmin user INFO Updating cluster ID...
INFO Updating root CA cert to admin-kubeconfig-client-ca configmap... INFO Starting openshift instance... [waiting for the cluster to stabilize] INFO Operator openshift-controller-manager is progressing INFO Operator openshift-controller-manager is progressing INFO Operator openshift-controller-manager is progressing INFO Operator openshift-controller-manager is progressing INFO Operator openshift-controller-manager is progressing INFO All operators are available. Ensuring stability... INFO Operators are stable (2/3)...
INFO Operators are stable (3/3)...
INFO Adding crc-admin and crc-developer contexts to kubeconfig... Started the OpenShift cluster.

The server is accessible via web console at: https://console-openshift-console.apps-crc.testing

Log in as administrator: Username: kubeadmin Password: EGPAw-kibED-RHM2V-wbW3L

Log in as user: Username: developer Password: developer

Use the 'oc' command line interface: $ eval $(crc oc-env) $ oc login -u developer https://api.crc.testing:6443 [crc@rhel821 ~]$ crc status CRC VM: Running OpenShift: Running (v4.11.7) RAM Usage: 6.249GB of 9.399GB Disk Usage: 14.91GB of 32.74GB (Inside the CRC VM) Cache Usage: 16.43GB Cache Directory: /var/crc/.crc/cache

[JiriHusak-lab]

Here is an oc output when I've increased loglevel severity. But warning: Cannot check if git requires authentication. has been present also in previous versions where oc new-app worked properly. oc new-app --strategy docker git@X.Y.Z.W:mgrp/xxx-ds.git --source-secret repo-at-gitlab --name xxx-ds --loglevel 10

I1110 12:49:02.095423 3702136 loader.go:372] Config loaded from file: /var/crc/.kube/config I1110 12:49:02.096850 3702136 newapp.go:655] Container service did not respond to a ping: Get "http://unix.sock/_ping": dial unix /var/run/docker.sock: connect: no such file or directory I1110 12:49:02.097034 3702136 sourcelookup.go:316] Checking if git@X.Y.Z.W:mgrp/xxx-ds.git requires authentication I1110 12:49:02.097051 3702136 repository.go:450] Executing git ls-remote --heads git@X.Y.Z.W:mgrp/xxx-ds.git I1110 12:49:02.097072 3702136 repository.go:459] Environment: I1110 12:49:02.097077 3702136 repository.go:461] - HOME=/tmp/githome4060803832 I1110 12:49:02.097083 3702136 repository.go:461] - GIT_SSH=/dev/null I1110 12:49:02.097087 3702136 repository.go:461] - GIT_CONFIG_NOSYSTEM=true I1110 12:49:02.097093 3702136 repository.go:461] - GIT_ASKPASS=true I1110 12:49:02.099885 3702136 repository.go:541] Error executing command: exit status 128 warning: Cannot check if git requires authentication. I1110 12:49:02.100005 3702136 newapp.go:346] treating git@X.Y.Z.W:mgrp/xxx-ds.git as a component ref error: --strategy is specified and none of the arguments provided could be classified as a source code location

[JiriHusak-lab]

I've successfully used oc new-app command with public github repo using https:/...githuburl.

So I guess that in version crc-linux-2.10.2-amd64 according version crc-linux-2.0.1-amd64 thera is some change (hardening) of security in terms of access to git repo. And maybe message reported (which is missleading) has changed.

BTW - I have to change my yaml files apiVersion as it has chagned since K8 version 1.16. So I assume change in git access security as well. Problem is - according my guess - in authentication to access git repo. In previous version it has worked , now oc new-app reportes "error: --strategy is specified and none of the arguments provided could be classified as a source code location" what is a bit missleading. It is not a problem of syntax but it seems to be that CRC can't access git repo in this new version. Can you help me and give a hint what security change is there sinse version crc-linux-2.0.1-amd64?

Thanks a lot, Jiri

[anjannath]

I am certain it's the same oc client binaries and OCP bundle that was shipped in 2.10.1 that is in 2.10.2, the client binaries are packed in the *.crcbundle and that didn't change as i already have mentioned earlier.

have you also ruled out that the --source-secret value is correct/upto date for the repo in question?

[JiriHusak-lab]

Hi, so, there is a progress. CRC can successfully access my git repo as I realized now. There is a really some bug in CRC version. When I've used he same oc new-app command and add image from Dockerfile FROM statement with ~ - it workes.

ERROR: oc new-app --strategy docker git@X.Y.Z.W:mgrp/xxx-ds.git --source-secret repo-at-gitlab --name xxx-ds OK: oc new-app --strategy docker image-name~git@X.Y.Z.W:mgrp/xxx-ds.git --source-secret repo-at-gitlab --name xxx-ds

So without specifying image-name~ oc new-app reports "error: --strategy is specified and none of the arguments provided could be classified as a source code location". When image-name~ is specified, build from git repo is successfully started according Dockerfile in git repo.

The same behaviour has my colleague independently using the same CRC version. And of course, my Dockerfile has correct FROM statement with the proper image.

[JiriHusak-lab]

Hi, any comment regarding latest CRC version bug (oc new-app using strategy Docker can't recognize git repo without prefixing git repo with image~) ? Because for services where I use multi-stage build (Dockerfile contains 2 FROM statements) this BUG IS A SHOWSTOPPER.

I've used image used for first stage (first FROM in Dockerfile) but it overides second FROM (second build stage) in Dockerfile as well. In Dockerfile second stage (second FROM) is using another image. Build of course fails then.

Any hint, any help, any fix please?

[praveenkumar]

@JiriHusak-lab Is it bug from CRC or from openshift side itself because we are just running the cluster without much change. Can you perform same action on a production grade openshift cluster which have similar OCP version which crc ships. Looking at the comments looks like it is bug on openshift side not CRC side.

We are going to do another release by this week which will have updated version of ocp do try once it is available and able to fix that bug.