Depending on your Openshift 4.x cluster you may not have the necessary licences and or subscriptions to pull certain repositories that are needed for your Rhel based builds. One thing you can do is try to migrate your Rhel based images to Universal Base Images or UBI for short.
Source your flavor of UBI image from the RedHat Container Catalog
Take a look at the
jenkins-basic image that is used in the 3.11 cluster.
FROM registry.access.redhat.com/rhel7/rhel-atomic ... RUN set -x && microdnf -h && \ curl -so /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat-stable/jenkins.repo && \ rpm --import https://jenkins-ci.org/redhat/jenkins-ci.org.key && \ microdnf --enablerepo=rhel-7-server-rpms --enablerepo=rhel-server-rhscl-7-rpms --enablerepo=jenkins install which gpg java-1.8.0-openjdk-devel shadow-utils "jenkins-$JENKINS_VERSION" zip unzip bzip2 rsync elfutils rh-git29 --nodocs && \ microdnf clean all && \ echo "unset BASH_ENV PROMPT_COMMAND ENV" > /usr/local/bin/scl_enable && \ echo "source scl_source enable rh-git29" >> /usr/local/bin/scl_enable && \ chgrp -R 0 /usr/local/bin && \ chmod -R g+rx /usr/local/bin && \ microdnf clean all && \ rpm -qa
There are a few key things here that may not work if you attempt to build this image in a different Cluster.
- Firstly you may not have access to pull the
rhel7/rhel-atomic:latestimage from the RedHat Registry. This is easily addressed by creating a Redhat Container Catalog Service Account and setting up a Pull Secret.
Even if your images are working, you may not have the proper subscriptions to be able to pull repos stated in the
in this case the
-enablerepo=rhel-7-server-rpms --enablerepo=rhel-server-rhscl-7-rpmsrepos require subscriptions and do not work in ARO.
As stated from Redhat, UBI images come in 3 flavours: Standard, Minimal, and Init.
If you are using UBI Standard, you will be using
yum to manage packages.
If you are using UBI Minimal, you will be using
mirodnf to manage packages.
Checkout this great article on available repositories for Rhel and UBI images https://access.redhat.com/articles/4238681.
You can also (in a UBI Standard Image) reference available repos by running
yum list all.
Armed with what we know is available to our UBI base images we can now translate the
jenkins-basic rhel-based image to UBI Standard or Minimal. For this example UBI Standard is used.
- The repos
rhel-server-rhscl-7-rpmsare not available to UBI8 images. Instead use
ubi-8-appstreamas discovered by reading through that article or listing it in yum.
- Run the image and see what fails!
- You will find that it will complain that the package
rh-git29does not exist. Of course! this is a Rhel git package.
- As described in the article above, you can sift through the actual repo to see what packages are available. https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/x86_64/appstream/os. Find the git package available to UBI8 images. In this case it is
This is a higher version of git. Usually a good thing, be mindful if you are version locked to certain packages.
- Lastly, we update the Dockerfile to reference the UBI 8 Standard image and update our package declarations from
yumincluding the correct repositories and packages
FROM registry.redhat.io/ubi8/ubi:8.2 ... RUN set -x && yum -h && \ curl -so /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat-stable/jenkins.repo && \ rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io.key && \ yum -y --disableplugin=subscription-manager --enablerepo=ubi-8-appstream --enablerepo=jenkins install which gpg java-1.8.0-openjdk-devel shadow-utils "jenkins-$JENKINS_VERSION" zip unzip bzip2 rsync elfutils git-2.18.4-2.el8_2.x86_64 --nodocs && \ yum clean all && \ echo "unset BASH_ENV PROMPT_COMMAND ENV" > /usr/local/bin/scl_enable && \ echo "source scl_source enable rh-git29" >> /usr/local/bin/scl_enable && \ chgrp -R 0 /usr/local/bin && \ chmod -R g+rx /usr/local/bin && \ yum clean all && \ rpm -qa