Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Need to make sure that arbitrary-users-patch images work on OpenShift v4 #13960

Closed
ibuziuk opened this issue Jul 22, 2019 · 10 comments
Closed

Need to make sure that arbitrary-users-patch images work on OpenShift v4 #13960

ibuziuk opened this issue Jul 22, 2019 · 10 comments
Assignees
@ibuziuk
Labels
kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P2 Has a minor but important impact to the usage or development of the system. status/in-progress This issue has been taken by an engineer and is under active development.
Milestone
7.0.0

Comments

@ibuziuk
Copy link
Member

ibuziuk commented Jul 22, 2019

We have to do arbitrary-users-patch [1] of the community images been supported on OpenShift. During the discussion on openshift/origin#23369 it appeared to be that CRI-O now has support for adding the entry of the user to the /etc/password if it does not exists in /etc/passwd. Assuming that CRI-O is the default contianer engine for OpenShift v4 we need to verify that our patched images work correctly on both OpenShift v3 and OpenShift v4 and there are no side-effects.

[1] https://github.com/eclipse/che-devfile-registry/tree/master/arbitrary-users-patch
@ibuziuk ibuziuk added the kind/task Internal things, technical debt, and to-do tasks to be performed. label Jul 22, 2019
@ibuziuk ibuziuk added this to the 7.0.0 milestone Jul 22, 2019
@l0rd l0rd modified the milestones: 7.0.0, 7.1.0 Jul 22, 2019
@l0rd l0rd added the severity/P1 Has a major impact to usage or development of the system. label Jul 22, 2019
@ibuziuk
Copy link
Member Author

ibuziuk commented Jul 22, 2019

@rhopp should help us with the OpenShift v4 access

@rhopp
Copy link
Contributor

rhopp commented Jul 23, 2019

I have Che 7 (some nightly version) deployed on OCP 4 right now (while trying something else), so I tried to start workspace from this devfile: https://github.com/eclipse/che-devfile-registry/blob/master/devfiles/java-maven/devfile.yaml

Image used in the devfile:

Image:         quay.io/eclipse/che-java11-maven:nightly
    Image ID:      quay.io/eclipse/che-java11-maven@sha256:33000ee0000b18ea5a7dd8c32cc4871ed7c5baba03c449f0110f5b33e06718c9

This is how it looks like in Che, when I open terminal:
image
@amisevsk This doesn't look correct, right? ^^

@amisevsk
Copy link
Contributor

Nope, the entrypoint doesn't seem to run here.

@ibuziuk
Copy link
Member Author

ibuziuk commented Jul 23, 2019

@rhopp @l0rd @slemeur please consider adding this issue to the end game plan during triage (I think we need to add it as a subtask for Verify and fix devfile registry images to work on openshift )

@ibuziuk
Copy link
Member Author

ibuziuk commented Jul 23, 2019

@rhopp quay.io/eclipse/che-java11-maven:nightly definitely works on v3.11.82 it is pretty frustrating if this is failing on OpenShift v4

@l0rd
Copy link
Contributor

l0rd commented Jul 23, 2019

@rhopp are you able to get the UID and the corresponding line in the /etc/passwd in the maven container?

@l0rd
Copy link
Contributor

l0rd commented Jul 23, 2019

That is pretty weird. Assuming CRI-O updates /etc/passwd:

  1. you should not be able to open a terminal but apparently you can (maybe in your case it has used another default login shell?)
  2. entrypoint.sh should still be executed but it looks like it's not (maybe it failed and return before completing?)

@ibuziuk ibuziuk mentioned this issue Jul 23, 2019
Closed
@l0rd l0rd added severity/P2 Has a minor but important impact to the usage or development of the system. and removed severity/P1 Has a major impact to usage or development of the system. labels Jul 23, 2019
@rhopp
Copy link
Contributor

rhopp commented Jul 23, 2019

@l0rd We've found the reason for my failure - I was using old devfile, which has "command" for the container defined -> thus the pod has "command" defined meaning openshift overriden entrypoint with this command.

@ibuziuk ibuziuk added the status/in-progress This issue has been taken by an engineer and is under active development. label Jul 23, 2019
@ibuziuk
Copy link
Member Author

ibuziuk commented Jul 23, 2019

Have tested with the following devfiles form the registry against OCP v4 and was not able to spot any issues:

Basically, all the workspaces started from those devfiles have a dedicated /etc/passwd entry and whoami return user, witt id like uid=1000820000(user) gid=0(root) groups=0(root),1000820000

@rhopp @l0rd I believe we can close this issue as done.

@l0rd
Copy link
Contributor

l0rd commented Jul 23, 2019

@ibuziuk cool!

@l0rd l0rd closed this as completed Jul 23, 2019
@ibuziuk ibuziuk mentioned this issue Jul 26, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ibuziuk ibuziuk

Labels
kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P2 Has a minor but important impact to the usage or development of the system. status/in-progress This issue has been taken by an engineer and is under active development.
Projects
None yet
Milestone
7.0.0
Development

No branches or pull requests
4 participants
@l0rd @rhopp @ibuziuk @amisevsk