Command Failed 'oc get -n test builds | grep -i complete'

[0xmichalis]

[INFO] Waiting for test namespace build to complete
[INFO] Waiting for command to finish: 'oc get -n test builds | grep -i complete'...
ruby-sample-build-1   Source    Git       Failed    13 seconds ago   13s
[FAIL] Returning early. Command Failed 'oc get -n test builds | grep -i complete'
[ERROR] PID 31350: hack/util.sh:98: `return 1` exited with status 1.
[INFO]      Stack Trace: 
[INFO]        1: hack/util.sh:98: `return 1`
[INFO]        2: test/end-to-end/core.sh:395: os::build:wait_for_end
[INFO]   Exiting with code 1.
[ERROR] PID 30493: hack/test-end-to-end-docker.sh:94: `${OS_ROOT}/test/end-to-end/core.sh` exited with status 1.
[INFO]      Stack Trace: 
[INFO]        1: hack/test-end-to-end-docker.sh:94: `${OS_ROOT}/test/end-to-end/core.sh`
[INFO]   Exiting with code 1.

https://ci.openshift.redhat.com/jenkins/job/test_pull_requests_origin_integration/7464/consoleFull

[bparees]

Error from server: pods "ruby-sample-build-1-build" is forbidden: unable to validate against any security context constraint: [spec.containers[0].securityContext.privileged: Invalid value: true: Privileged containers are not allowed spec.containers[0].securityContext.volumes[0]: Invalid value: "hostPath": hostPath volumes are not allowed to be used]

did something change about our SCC settings? I'm assuming this is the build pod trying to mount the docker socket...

@deads2k @liggitt

[bparees]

the message actually says the pod is in the privileged SCC yet was denied permission to do a hostvolume:

Privileged containers are not allowed spec.containers[0].securityContext.volumes[0]: Invalid value: "hostPath": hostPath volumes are not allowed to be used

(???)

assigning to security.

[liggitt]

Is this when creating the pod, or is something trying to annotate the pod after it's been created

[bparees]

i don't think anything should be annotating the pod, but there is a log from the build pod which contains:

Cloning "https://github.com/openshift/ruby-hello-world.git" ...
error: build error: fatal: unable to access 'https://github.com/openshift/ruby-hello-world.git/': Could not resolve host: github.com; Unknown error

which would imply the pod got created and actually ran to completion(failed completion). So at a minimum the pod would have been having its status updated to failed.

(also worth noting that presumably the github failure was due to the ddos issues and would have resulted in this test run failing anyway)

i'm going to try to intentionally fail a build locally and see what happens.

[bparees]

on further investigation the SCC message is coming from the prior rsh command which is expected to fail.

the build failed because of the DNS message i noted above, for which I don't think we can do anything about, short of solving the world's DDoS problems. closing.

[bparees]

as @liggitt noted, we may want to clean up the rsh error reporting though. this is what it looks like now:

$ oc rsh ruby-sample-build-1-build
Error from server: pods "ruby-sample-build-1-build" is forbidden: unable to validate against any security context constraint: [spec.containers[0].securityContext.privileged: Invalid value: true: Privileged containers are not allowed spec.containers[0].securityContext.volumes[0]: Invalid value: "hostPath": hostPath volumes are not allowed to be used]