Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

opm using docker errors out with permission denied #870

Open
phantomjinx opened this issue Nov 25, 2021 · 6 comments
Open

opm using docker errors out with permission denied #870

phantomjinx opened this issue Nov 25, 2021 · 6 comments
Labels
triaged Issue has been considered by a member of the OLM community
Milestone
Backlog

Comments

@phantomjinx
Copy link

Creating a bundle index with docker has started in the last 24 hours throwing a permission denied error.

This same error is referred to in #339 and both workarounds, ie. using -c podman and using sudo, work. However, it would be helpful to get a fix for docker, if that's possible.

export LOCAL_IMAGE_BUNDLE=quay.io/phantomjinx/camel-k-bundle:1.8.0-SNAPSHOT
export LOCAL_IIB=quay.io/phantomjinx/camel-k-iib:1.8.0-SNAPSHOT

opm index add \
  -c docker --skip-tls \
  --bundles ${LOCAL_IMAGE_BUNDLE} \
  --from-index quay.io/operatorhubio/catalog:latest \
  --tag ${LOCAL_IIB}

WARN[0000] DEPRECATION NOTICE:
Sqlite-based catalogs and their related subcommands are deprecated. Support for
them will be removed in a future release. Please migrate your catalog workflows
to the new file-based catalog format. 
WARN[0000] --skip-tls flag is set: this mode is insecure and meant for development purposes only. 
INFO[0000] building the index                            bundles="[quay.io/phantomjinx/camel-k-bundle:1.8.0-SNAPSHOT]"
INFO[0000] Pulling previous image quay.io/operatorhubio/catalog:latest to get metadata  bundles="[quay.io/phantomjinx/camel-k-bundle:1.8.0-SNAPSHOT]"
INFO[0000] running /usr/bin/docker pull quay.io/operatorhubio/catalog:latest  bundles="[quay.io/phantomjinx/camel-k-bundle:1.8.0-SNAPSHOT]"
INFO[0001] running /usr/bin/docker pull quay.io/operatorhubio/catalog:latest  bundles="[quay.io/phantomjinx/camel-k-bundle:1.8.0-SNAPSHOT]"
INFO[0003] Getting label data from previous image        bundles="[quay.io/phantomjinx/camel-k-bundle:1.8.0-SNAPSHOT]"
INFO[0003] running docker inspect                        bundles="[quay.io/phantomjinx/camel-k-bundle:1.8.0-SNAPSHOT]"
INFO[0004] running docker create                         bundles="[quay.io/phantomjinx/camel-k-bundle:1.8.0-SNAPSHOT]"
INFO[0004] running docker cp                             bundles="[quay.io/phantomjinx/camel-k-bundle:1.8.0-SNAPSHOT]"
ERRO[0004] open /home/phantomjinx/programming/go/src/github.com/apache/camel-k/index_tmp_491770158/root/.bash_logout: permission denied  bundles="[quay.io/phantomjinx/camel-k-bundle:1.8.0-SNAPSHOT]"
Error: error copying container directory open /home/phantomjinx/programming/go/src/github.com/apache/camel-k/index_tmp_491770158/root/.bash_logout: permission denied
: exit status 1

opm version
Version: version.Version{OpmVersion:"v1.19.1", GitCommit:"c426f78", BuildDate:"2021-10-11T15:26:03Z", GoOs:"linux", GoArch:"amd64"}
ryanemerson added a commit to ryanemerson/infinispan-operator that referenced this issue Nov 26, 2021
@ryanemerson
Execute opm index add with sudo to overcome permissions issue
1bbb91d 
operator-framework/operator-registry#870
ryanemerson added a commit to infinispan/infinispan-operator that referenced this issue Nov 26, 2021
@ryanemerson
Execute opm index add with sudo to overcome permissions issue
025938f 
operator-framework/operator-registry#870
@ryanemerson
Copy link
Contributor

ryanemerson commented Nov 29, 2021
edited
Loading

@phantomjinx I worked around the need for sudo with docker by using the single architecture quay.io/operatorhubio/catalog_sa image instead.

@adambkaplan
Copy link

I am running into this issue as well - seems this is an issue with the quay.io/operatorhubio/catalog:latest image.

adambkaplan added a commit to adambkaplan/shipwright-operator that referenced this issue Nov 30, 2021
@adambkaplan
Work around operator-registry copy issue
3bc1fb2 
Use the `operatorhub/catalog_sa` image as the base for the catalog
index. The default operatorhub catalog appears to have a root-owned file
that causes `opm index add` to fail.

See operator-framework/operator-registry#870
adambkaplan added a commit to adambkaplan/shipwright-operator that referenced this issue Dec 1, 2021
@adambkaplan
Work around operator-registry copy issue
d308182 
Use the `operatorhub/catalog_sa` image as the base for the catalog
index. The default operatorhub catalog appears to have a root-owned file
that causes `opm index add` to fail.

See operator-framework/operator-registry#870
adambkaplan added a commit to adambkaplan/shipwright-operator that referenced this issue Dec 2, 2021
@adambkaplan
Work around operator-registry copy issue
3351c63 
Use the `operatorhub/catalog_sa` image as the base for the catalog
index. The default operatorhub catalog appears to have a root-owned file
that causes `opm index add` to fail.

See operator-framework/operator-registry#870
adambkaplan added a commit to adambkaplan/shipwright-operator that referenced this issue Dec 3, 2021
@adambkaplan
Work around operator-registry copy issue
26c8194 
Use the `operatorhub/catalog_sa` image as the base for the catalog
index. The default operatorhub catalog appears to have a root-owned file
that causes `opm index add` to fail.

See operator-framework/operator-registry#870
@adambkaplan adambkaplan mentioned this issue Dec 3, 2021
Merged
@adambkaplan
Copy link

Use case that failed:

$ export CATALOG_INDEX_IMG = quay.io/operatorhubio/catalog:latest
$ export VERSION = 0.0.1-SNAPSHOT
$ export BUNDLE_IMAGE = my-bundle:latest
$ opm index add --container-tool podman --mode semver --tag $VERSION --bundles $BUNDLE_IMAGE --from-index $CATALOG_INDEX_IMG

It succeeds when I switch to using quay.io/operatorhubio/catalog_sa:latest

adambkaplan added a commit to adambkaplan/shipwright-operator that referenced this issue Dec 3, 2021
@adambkaplan
Work around operator-registry copy issue
03f3e48 
Use the `operatorhub/catalog_sa` image as the base for the catalog
index. The default operatorhub catalog appears to have a root-owned file
that causes `opm index add` to fail.

See operator-framework/operator-registry#870
@dinhxuanvu dinhxuanvu added the triaged Issue has been considered by a member of the OLM community label Dec 9, 2021
@dinhxuanvu
Copy link
Member

Hi there,

Docker is just a third-party tool that we use with opm so we simply don't have a control over it. If there is a permission problem with the file inside the bundle, then the permission needs to be fixed. Otherwise, I recommend you to use podman or you can use containerd option -c none and generate the DB file and Dockerfile instead. Then, you can build the index via docker run with the Dockfile later.

@adambkaplan
Copy link

Docker is just a third-party tool that we use with opm so we simply don't have a control over it. If there is a permission problem with the file inside the bundle, then the permission needs to be fixed.

@dinhxuanvu please note that I was able to reproduce this issue with rootless podman as well, so this isn't just a docker problem.

@dinhxuanvu dinhxuanvu added this to the Backlog milestone Jan 20, 2022
@leigh-j
Copy link

leigh-j commented Feb 26, 2022

Running into this issue with rootless opm, customizing the index image with opm is the only step in my mirroring needing root.
OpmVersion:"3cd421db3"
podman: 3.4.4

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
triaged Issue has been considered by a member of the OLM community
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
5 participants
@ryanemerson @adambkaplan @phantomjinx @dinhxuanvu @leigh-j