dockerbuild: stop container before committing it #8780
Conversation
|
@smarterclayton ptal |
| @@ -19,6 +19,9 @@ import ( | |||
| "github.com/golang/glog" | |||
| ) | |||
|
|
|||
| // stopTimeoutSeconds is the timeout for stopping the running container | |||
| const stopTimeoutSeconds = 2 | |||
There was a problem hiding this comment.
Should have zero timeout - not sure why we would need it to be graceful.
|
Before this merges, be sure to fix the conformance_test to remove the "Red Hat secrets injection" workaround and verify it still runs. |
csrwng
force-pushed
the
fix_dockerbuilder
branch
2 times, most recently
from
8e150bc
to
fa943f4
Compare
|
fixed code and updated conformance test. However, the conformance test is failing for me, but I don't think it's due to this change: taking a closer look |
|
I reverted to master and I still get the failure above so yes it doesn't look like it's related to this. |
|
Internal conformance and external conformance have a mismatch right now. Can you comment out that test and run the other ones? |
|
Commented out the test. Other tests pass. |
|
Lgtm [merge] |
|
continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/merge_pull_requests_origin/5844/) (Image: devenv-rhel7_4133) |
|
Evaluated for origin merge up to 10980dc |
|
[Test]ing while waiting on the merge queue |
|
Evaluated for origin test up to 10980dc |
|
continuous-integration/openshift-jenkins/test SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/3660/) |
The problem:
Images built with the new dockerbuild command get the wrong permisisons (0700 instead of 0755) in the /run/secrets (or /var/run/secrets) directory when running on non-RedHat docker hosts. This breaks loading secrets in containers created from those images.
The fix:
I found that this happens only when the container is committed while still running. If I the container is stopped before committing, the permissions for that directory come out right.