Open daFritz84 opened 3 years ago
exdx
commented
3 years ago Hi @daFritz84, what version of opm are you on?
We ran into this same issue where registry was using the umask of the terminal session, but it should be fixed in the most recent upstream opm releases.
daFritz84
commented
3 years ago Hi @exdx ,
I originally used version 1.15.4:
❯ opm version
Version: version.Version{OpmVersion:"v1.15.4-6-ga97d366a", GitCommit:"a97d366a92d302ff2056fa2d19aa3e48b0fbc99c", BuildDate:"2021-03-13T02:24:44Z", GoOs:"linux", GoArch:"amd64"}Next, I tried the latest opm available from the openshift-v4 mirror.
❯ opm version
Version: version.Version{OpmVersion:"v1.15.4-6-ga97d366a", GitCommit:"a97d366a92d302ff2056fa2d19aa3e48b0fbc99c", BuildDate:"2021-04-14T22:47:35Z", GoOs:"linux", GoArch:"amd64"}Same version but slightly newer build date.
Regardless of the build date, I still see the CrashLoopBackoff, i.e.:
Error: open db-522839942: permission deniedFinally, I tried the latest version from the github repository release page:
❯ opm version
Version: version.Version{OpmVersion:"v1.17.0", GitCommit:"ebeac77", BuildDate:"2021-04-13T18:40:36Z", GoOs:"linux", GoArch:"amd64"}But sadly, I encountered the same CrashLoopBackoff situation.
One thing I noticed, that opm inside the pod does not seem to have any version information (openshift remote shell):
/registry $ opm version
Version: version.Version{OpmVersion:"unknown", GitCommit:"", BuildDate:"", GoOs:"linux", GoArch:"amd64"}Maybe I am fetching some wrong base container image? Here ist the output of my docker build command (with my /registry folder fix):
=> [internal] load build definition from index.Dockerfile 0.0s
=> => transferring dockerfile: 379B 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load metadata for quay.io/operator-framework/upstream-opm-builder:latest 0.6s
=> [internal] load build context 0.0s
=> => transferring context: 68B 0.0s
=> [1/4] FROM quay.io/operator-framework/upstream-opm-builder@sha256:6d3677d60356613b5e9f51012a44f826cb08b592e0f3e90fa8133b853c7720ac 0.0s
=> CACHED [2/4] ADD database/index.db /database/index.db 0.0s
=> [3/4] RUN mkdir /registry && chmod 775 /registry 0.3s
=> [4/4] WORKDIR /registry 0.0s
=> exporting to image 0.1s
=> => exporting layers 0.0s
=> => writing image sha256:7c18d4d6784e97e1dd966f0c98c605326bec2c8c7aeecd08c998cddbe03ef63b 0.0s
=> => naming to XXX/operator-test/seconet-index:latest 0.0s
Hi,
so, I tried to build an Index and deploy it via catalog source to an openshift cluster according to the README. This went without hickups, except that the spawned pod crashlooped after deployment.
After some initial debugging, I figured out that the index.db could not be opened due to insufficient write permissions. Then, I examined the existing RedHat marketplace index and found that they have a folder
/registrywith permissions755. I replicated this behavior by generating the dockerfile, patch it, and pushed it to our registry. And guess what? It worked.However, my solution seems kinda fishy. I just expected it to work out of the box, and not having to modify the generated Dockerfile. Does anyone have any insights what I might did wrong? Do I need to set some additional service account permissions in openshift? Or is my solution fine?
Here is my current solution:
Modify the generated Dockerfile, creating the
/registryfolder and set it as working dir.And push it to the registry