Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-49294

OCL Builder Pod does not seem to have access to entitled repos

XMLWordPrintable

    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • 5
    • None
    • None
    • None
    • None
    • None
    • MCO Sprint 266
    • 1
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      The OCL builder pod, despite having entitled secrets mounted to /etc/pki/entitlement is unable to complete builds that require entitled repo access. These entitlement certs are volume mounted to the pod, and are originally sourced from the etc-pki-entitlement secret in the openshift-config-managed namespace, shortly prior to the build.

      We were able to confirm that the builder pod does have the secrets in the right locations by rshing into the pod via oc:

      sh-5.1# cat /etc/yum.repos.d/redhat.repo 
#
# Certificate-Based Repositories
# Managed by (rhsm) subscription-manager
#
# *** This file is auto-generated.  Changes made here will be over-written. ***
# *** Use "subscription-manager repo-override --help" if you wish to make changes. ***
#
# If this file is empty and this system is subscribed consider
# a "yum repolist" to refresh available repos
#
sh-5.1# cat /etc/yum.repos.d/ubi.repo    
[ubi-9-baseos]
name = Red Hat Universal Base Image 9 (RPMs) - BaseOS
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/baseos/os
enabled = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
gpgcheck = 1

[ubi-9-baseos-debug]
name = Red Hat Universal Base Image 9 (Debug RPMs) - BaseOS
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/baseos/debug
enabled = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
gpgcheck = 1

[ubi-9-baseos-source]
name = Red Hat Universal Base Image 9 (Source RPMs) - BaseOS
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/baseos/source/SRPMS
enabled = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
gpgcheck = 1

[ubi-9-appstream]
name = Red Hat Universal Base Image 9 (RPMs) - AppStream
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/appstream/os
enabled = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
gpgcheck = 1

[ubi-9-appstream-debug]
name = Red Hat Universal Base Image 9 (Debug RPMs) - AppStream
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/appstream/debug
enabled = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
gpgcheck = 1

[ubi-9-appstream-source]
name = Red Hat Universal Base Image 9 (Source RPMs) - AppStream
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/appstream/source/SRPMS
enabled = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
gpgcheck = 1

[ubi-9-codeready-builder]
name = Red Hat Universal Base Image 9 (RPMs) - CodeReady Builder
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/codeready-builder/os
enabled = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
gpgcheck = 1

[ubi-9-codeready-builder-debug]
name = Red Hat Universal Base Image 9 (Debug RPMs) - CodeReady Builder
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/codeready-builder/debug
enabled = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
gpgcheck = 1

[ubi-9-codeready-builder-source]
name = Red Hat Universal Base Image 9 (Source RPMs) - CodeReady Builder
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/codeready-builder/source/SRPMS
enabled = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
gpgcheck = 1

      Builder pod output:

      time="2025-01-23T18:27:54Z" level=debug msg="Running &exec.Cmd{Path:\"/bin/sh\", Args:[]string
{\"/bin/sh\", \"-c\", \"rm -rf /etc/rhsm-host && dnf -v install buildah && ln -s /run/secrets/rhsm /etc/rhsm-host && ostree container commit\"}
, Env:[]string{\"HTTP_PROXY=\", \"HTTPS_PROXY=\", \"NO_PROXY=\", \"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\", \"HOSTNAME=767b643869f5\", \"HOME=/root\"}, Dir:\"/\", Stdin*os.File)(0xc000060038), Stdout*os.File)(0xc000060040), Stderr*os.File)(0xc000060048), ExtraFiles:[]*os.File(nil), SysProcAttr*syscall.SysProcAttr)(0xc0001e33f0), Process*os.Process)(nil), ProcessState*os.ProcessState)(nil), ctx:context.Context(nil), Err:error(nil), Cancel:(func() error)(nil), WaitDelay:0, childIOFiles:[]io.Closer(nil), parentIOPipes:[]io.Closer(nil), goroutine:[]func() error(nil), goroutineErr<-chan error)(nil), ctxResult<-chan exec.ctxResult)(nil), createdByStack:[]uint8(nil), lookPathErr:error(nil)} (PATH = \"\")"
Loaded plugins: builddep, changelog, config-manager, copr, debug, debuginfo-install, download, generate_completion_cache, groups-manager, needs-restarting, playground, product-id, repoclosure, repodiff, repograph, repomanage, reposync, subscription-manager, system-upgrade, uploadprofile
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
DNF version: 4.14.0
cachedir: /var/cache/dnf
Error: There are no enabled repositories in "/etc/yum.repos.d", "/etc/yum/repos.d", "/etc/distro.repos.d".
subprocess exited with status 1
subprocess exited with status 1
time="2025-01-23T18:27:56Z" level=debug msg="Error building at step {Env:[HTTP_PROXY= HTTPS_PROXY= NO_PROXY= PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin] Command:run Args:[rm -rf /etc/rhsm-host && dnf -v install buildah && ln -s /run/secrets/rhsm /etc/rhsm-host && ostree container commit] Flags:[] Attrs:map[] Message:RUN rm -rf /etc/rhsm-host && dnf -v install buildah && ln -s /run/secrets/rhsm /etc/rhsm-host && ostree container commit Heredocs:[] Original:RUN rm -rf /etc/rhsm-host && dnf -v install buildah && ln -s /run/secrets/rhsm /etc/rhsm-host && ostree container commit}: exit status 1"
Error: building at STEP "RUN rm -rf /etc/rhsm-host && dnf -v install buildah && ln -s /run/secrets/rhsm /etc/rhsm-host && ostree container commit": exit status 1
time="2025-01-23T18:28:00Z" level=debug msg="shutting down the store"
time="2025-01-23T18:28:00Z" level=debug msg="exit status 1"
+ exit=1
+ count=3
Retry 3/3 exited 1, no more retries left.
+ '[' 3 -lt 3 ']'
+ echo 'Retry 3/3 exited 1, no more retries left.'
+ echo 1
+ return 1

       
      The container file used in TestEntitledBuilds e2e to test this behavior can be found here.

              djoshy David Joshy
              djoshy David Joshy
              None
              None
              Sergio Regidor de la Rosa Sergio Regidor de la Rosa
              None
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: