operator-registry
operator-registry copied to clipboard
operator-framework
opm using docker errors out with permission denied
Creating a bundle index with docker has started in the last 24 hours throwing a permission denied error.
This same error is referred to in #339 and both workarounds, ie. using -c podman and using sudo, work. However, it would be helpful to get a fix for docker, if that's possible.
export LOCAL_IMAGE_BUNDLE=quay.io/phantomjinx/camel-k-bundle:1.8.0-SNAPSHOT
export LOCAL_IIB=quay.io/phantomjinx/camel-k-iib:1.8.0-SNAPSHOT
opm index add \
-c docker --skip-tls \
--bundles ${LOCAL_IMAGE_BUNDLE} \
--from-index quay.io/operatorhubio/catalog:latest \
--tag ${LOCAL_IIB}
WARN[0000] DEPRECATION NOTICE:
Sqlite-based catalogs and their related subcommands are deprecated. Support for
them will be removed in a future release. Please migrate your catalog workflows
to the new file-based catalog format.
WARN[0000] --skip-tls flag is set: this mode is insecure and meant for development purposes only.
INFO[0000] building the index bundles="[quay.io/phantomjinx/camel-k-bundle:1.8.0-SNAPSHOT]"
INFO[0000] Pulling previous image quay.io/operatorhubio/catalog:latest to get metadata bundles="[quay.io/phantomjinx/camel-k-bundle:1.8.0-SNAPSHOT]"
INFO[0000] running /usr/bin/docker pull quay.io/operatorhubio/catalog:latest bundles="[quay.io/phantomjinx/camel-k-bundle:1.8.0-SNAPSHOT]"
INFO[0001] running /usr/bin/docker pull quay.io/operatorhubio/catalog:latest bundles="[quay.io/phantomjinx/camel-k-bundle:1.8.0-SNAPSHOT]"
INFO[0003] Getting label data from previous image bundles="[quay.io/phantomjinx/camel-k-bundle:1.8.0-SNAPSHOT]"
INFO[0003] running docker inspect bundles="[quay.io/phantomjinx/camel-k-bundle:1.8.0-SNAPSHOT]"
INFO[0004] running docker create bundles="[quay.io/phantomjinx/camel-k-bundle:1.8.0-SNAPSHOT]"
INFO[0004] running docker cp bundles="[quay.io/phantomjinx/camel-k-bundle:1.8.0-SNAPSHOT]"
ERRO[0004] open /home/phantomjinx/programming/go/src/github.com/apache/camel-k/index_tmp_491770158/root/.bash_logout: permission denied bundles="[quay.io/phantomjinx/camel-k-bundle:1.8.0-SNAPSHOT]"
Error: error copying container directory open /home/phantomjinx/programming/go/src/github.com/apache/camel-k/index_tmp_491770158/root/.bash_logout: permission denied
: exit status 1
opm version
Version: version.Version{OpmVersion:"v1.19.1", GitCommit:"c426f78", BuildDate:"2021-10-11T15:26:03Z", GoOs:"linux", GoArch:"amd64"}
@phantomjinx I worked around the need for sudo with docker by using the single architecture quay.io/operatorhubio/catalog_sa image instead.
I am running into this issue as well - seems this is an issue with the quay.io/operatorhubio/catalog:latest image.
Use case that failed:
$ export CATALOG_INDEX_IMG = quay.io/operatorhubio/catalog:latest
$ export VERSION = 0.0.1-SNAPSHOT
$ export BUNDLE_IMAGE = my-bundle:latest
$ opm index add --container-tool podman --mode semver --tag $VERSION --bundles $BUNDLE_IMAGE --from-index $CATALOG_INDEX_IMG
It succeeds when I switch to using quay.io/operatorhubio/catalog_sa:latest
Hi there,
Docker is just a third-party tool that we use with opm so we simply don't have a control over it. If there is a permission problem with the file inside the bundle, then the permission needs to be fixed. Otherwise, I recommend you to use podman or you can use containerd option -c none and generate the DB file and Dockerfile instead. Then, you can build the index via docker run with the Dockfile later.
Docker is just a third-party tool that we use with opm so we simply don't have a control over it. If there is a permission problem with the file inside the bundle, then the permission needs to be fixed.
@dinhxuanvu please note that I was able to reproduce this issue with rootless podman as well, so this isn't just a docker problem.
Running into this issue with rootless opm, customizing the index image with opm is the only step in my mirroring needing root. OpmVersion:"3cd421db3" podman: 3.4.4
