Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-643

catsrc is not ready due to "compute digest: compute hash: write tar: open /tmp/cache/cache: permission denied"

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 4.12
    • 4.12
    • OLM
    • [OLM-224] FBC/PSA - Pikachu
    • 1
    • False
    • Hide

      None

      Show
      None
    • NA
    • Done

      Description of problem:

      catsrc is not ready due to "compute digest: compute hash: write tar: open /tmp/cache/cache: permission denied"

      Version-Release number of selected component (if applicable):

      zhaoxia@xzha-mac test % ../bin/opm version  
      Version: version.Version{OpmVersion:"b94e073b5", GitCommit:"b94e073b5187ecaa687c322beccf76f1d1f26d54", BuildDate:"2022-08-29T06:30:05Z", GoOs:"darwin", GoArch:"amd64"}
      zhaoxia@xzha-mac test % oc exec catalog-operator-79d885b755-6cnbp  -- olm --version
      OLM version: 0.19.0
      git commit: dfa7f0e70578432117e63867706630cda5366fb7
      
      

      How reproducible:

      always

      Steps to Reproduce:

      1. generate index image
      zhaoxia@xzha-mac test % mkdir catalog
      zhaoxia@xzha-mac test % ../bin/opm generate dockerfile catalog
      zhaoxia@xzha-mac test % cat catalog.Dockerfile 
      # The base image is expected to contain
      # /bin/opm (with a serve subcommand) and /bin/grpc_health_probe
      FROM quay.io/operator-framework/opm:latest
      
      
      # Configure the entrypoint and command
      ENTRYPOINT ["/bin/opm"]
      CMD ["serve", "/configs", "--cache-dir=/tmp/cache"]
      
      
      # Copy declarative config root into image at /configs and pre-populate serve cache
      ADD catalog /configs
      RUN ["/bin/opm", "serve", "/configs", "--cache-dir=/tmp/cache", "--cache-only"]
      
      
      # Set DC-specific label for the location of the DC root directory
      # in the image
      LABEL operators.operatorframework.io.index.configs.v1=/configs
      
      zhaoxia@xzha-mac test % docker build . -f catalog.Dockerfile -t quay.io/olmqe/nginxolm-operator-index:2726 
      zhaoxia@xzha-mac test % docker push quay.io/olmqe/nginxolm-operator-index:2726
      
      2. create catsrc
      zhaoxia@xzha-mac test % cat catsrc.yaml 
      apiVersion: operators.coreos.com/v1alpha1
      kind: CatalogSource
      metadata:
        name: test-index
        namespace: test-1
      spec:
        displayName: Test
        publisher: OLM-QE
        sourceType: grpc
        image: quay.io/olmqe/nginxolm-operator-index:2726
        updateStrategy:
          registryPoll:
            interval: 10m
      
      oc new-project test-1
      oc apply -f catsrc.yaml 
       3. check pod status
      zhaoxia@xzha-mac test % oc get pod
      NAME               READY   STATUS             RESTARTS        AGE
      test-index-hbqlv   0/1     Error              8 (5m13s ago)   16m
      test-index-l6mzq   0/1     CrashLoopBackOff   10 (59s ago)    27m
      
      zhaoxia@xzha-mac test % oc get pod test-index-hbqlv -o yaml
      apiVersion: v1
      kind: Pod
      metadata:
        annotations:
          cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
          k8s.v1.cni.cncf.io/network-status: |-
            [{
                "name": "openshift-sdn",
                "interface": "eth0",
                "ips": [
                    "10.131.0.84"
                ],
                "default": true,
                "dns": {}
            }]
          k8s.v1.cni.cncf.io/networks-status: |-
            [{
                "name": "openshift-sdn",
                "interface": "eth0",
                "ips": [
                    "10.131.0.84"
                ],
                "default": true,
                "dns": {}
            }]
          kubectl.kubernetes.io/last-applied-configuration: |
            {"apiVersion":"operators.coreos.com/v1alpha1","kind":"CatalogSource","metadata":{"annotations":{},"name":"test-index","namespace":"test-1"},"spec":{"displayName":"Test","image":"quay.io/olmqe/nginxolm-operator-index:2726","publisher":"OLM-QE","sourceType":"grpc","updateStrategy":{"registryPoll":{"interval":"10m"}}}}
          openshift.io/scc: restricted-v2
          seccomp.security.alpha.kubernetes.io/pod: runtime/default
        creationTimestamp: "2022-08-29T06:57:55Z"
        generateName: test-index-
        labels:
          catalogsource.operators.coreos.com/update: test-index
          olm.catalogSource: ""
          olm.pod-spec-hash: 777849c67c
        name: test-index-hbqlv
        namespace: test-1
        ownerReferences:
        - apiVersion: operators.coreos.com/v1alpha1
          blockOwnerDeletion: false
          controller: false
          kind: CatalogSource
          name: test-index
          uid: 5ef60ce9-6ade-43e1-bae4-7d69f6c9d5e0
        resourceVersion: "218774"
        uid: 7606a54a-6a7d-4979-833a-97c2f87a88b8
      spec:
        containers:
        - image: quay.io/olmqe/nginxolm-operator-index:2726
          imagePullPolicy: Always
          livenessProbe:
            exec:
              command:
              - grpc_health_probe
              - -addr=:50051
            failureThreshold: 3
            initialDelaySeconds: 10
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 5
          name: registry-server
          ports:
          - containerPort: 50051
            name: grpc
            protocol: TCP
          readinessProbe:
            exec:
              command:
              - grpc_health_probe
              - -addr=:50051
            failureThreshold: 3
            initialDelaySeconds: 5
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 5
          resources:
            requests:
              cpu: 10m
              memory: 50Mi
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
              - ALL
            readOnlyRootFilesystem: false
            runAsNonRoot: true
            runAsUser: 1001130000
          startupProbe:
            exec:
              command:
              - grpc_health_probe
              - -addr=:50051
            failureThreshold: 15
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 1
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: FallbackToLogsOnError
          volumeMounts:
          - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
            name: kube-api-access-bfzvh
            readOnly: true
        dnsPolicy: ClusterFirst
        enableServiceLinks: true
        imagePullSecrets:
        - name: test-index-dockercfg-wp8s4
        nodeName: qe-daily-412-0829-qf9lx-worker-1-djpwq
        nodeSelector:
          kubernetes.io/os: linux
        preemptionPolicy: PreemptLowerPriority
        priority: 0
        restartPolicy: Always
        schedulerName: default-scheduler
        securityContext:
          fsGroup: 1001130000
          seLinuxOptions:
            level: s0:c34,c4
          seccompProfile:
            type: RuntimeDefault
        serviceAccount: test-index
        serviceAccountName: test-index
        terminationGracePeriodSeconds: 30
        tolerations:
        - effect: NoExecute
          key: node.kubernetes.io/not-ready
          operator: Exists
          tolerationSeconds: 300
        - effect: NoExecute
          key: node.kubernetes.io/unreachable
          operator: Exists
          tolerationSeconds: 300
        - effect: NoSchedule
          key: node.kubernetes.io/memory-pressure
          operator: Exists
        volumes:
        - name: kube-api-access-bfzvh
          projected:
            defaultMode: 420
            sources:
            - serviceAccountToken:
                expirationSeconds: 3607
                path: token
            - configMap:
                items:
                - key: ca.crt
                  path: ca.crt
                name: kube-root-ca.crt
            - downwardAPI:
                items:
                - fieldRef:
                    apiVersion: v1
                    fieldPath: metadata.namespace
                  path: namespace
            - configMap:
                items:
                - key: service-ca.crt
                  path: service-ca.crt
                name: openshift-service-ca.crt
      status:
        conditions:
        - lastProbeTime: null
          lastTransitionTime: "2022-08-29T06:57:55Z"
          status: "True"
          type: Initialized
        - lastProbeTime: null
          lastTransitionTime: "2022-08-29T06:57:55Z"
          message: 'containers with unready status: [registry-server]'
          reason: ContainersNotReady
          status: "False"
          type: Ready
        - lastProbeTime: null
          lastTransitionTime: "2022-08-29T06:57:55Z"
          message: 'containers with unready status: [registry-server]'
          reason: ContainersNotReady
          status: "False"
          type: ContainersReady
        - lastProbeTime: null
          lastTransitionTime: "2022-08-29T06:57:55Z"
          status: "True"
          type: PodScheduled
        containerStatuses:
        - containerID: cri-o://54d7a5ba94c061fb86ad056ad964dbda2824c864c6fdcd2d7d5a7ada515bc70e
          image: quay.io/olmqe/nginxolm-operator-index:2726
          imageID: quay.io/olmqe/nginxolm-operator-index@sha256:d70f38fa773ea5030b5b80bfe34d9168aabff5039ead44b7f7e7cd76f8705eb1
          lastState:
            terminated:
              containerID: cri-o://54d7a5ba94c061fb86ad056ad964dbda2824c864c6fdcd2d7d5a7ada515bc70e
              exitCode: 1
              finishedAt: "2022-08-29T07:14:23Z"
              message: |+
                Error: compute digest: compute hash: write tar: open /tmp/cache/cache: permission denied
                Usage:
                  opm serve <source_path> [flags]
      
      
                Flags:
                      --cache-dir string         if set, sync and persist server cache directory
                      --cache-only               sync the serve cache and exit without serving
                      --debug                    enable debug logging
                  -h, --help                     help for serve
                  -p, --port string              port number to serve on (default "50051")
                      --pprof-addr string        address of startup profiling endpoint (addr:port format)
                  -t, --termination-log string   path to a container termination log file (default "/dev/termination-log")
      
      
                Global Flags:
                      --skip-tls-verify   skip TLS certificate verification for container image registries while pulling bundles
                      --use-http          use plain HTTP for container image registries while pulling bundles
      
      
              reason: Error
              startedAt: "2022-08-29T07:14:23Z"
          name: registry-server
          ready: false
          restartCount: 8
          started: false
          state:
            waiting:
              message: back-off 5m0s restarting failed container=registry-server pod=test-index-hbqlv_test-1(7606a54a-6a7d-4979-833a-97c2f87a88b8)
              reason: CrashLoopBackOff
        hostIP: 10.242.0.4
        phase: Running
        podIP: 10.131.0.84
        podIPs:
        - ip: 10.131.0.84
        qosClass: Burstable
        startTime: "2022-08-29T06:57:55Z" 

      Actual results:

      the status of pod for catsrc is not running

      Expected results:

      the status of pod for catsrc is running

      Additional info:

      When using project openshift-marketplace, the same error will be raised.
      
      Error: compute digest: compute hash: write tar: open /tmp/cache/cache: permission denied

            rh-ee-jkeister Jordan Keister
            rhn-support-xzha Xia Zhao
            Jian Zhang Jian Zhang
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: