cri-o: all CRI-O versions after commit fdc2cc372 fail to pull OCI formatted images while pulling Docker formatted images works fine

Description

Steps to reproduce the issue:

  1. Build CRI-O from sources after commit fdc2cc372
  2. Deploy to CentOS 7 machine
  3. Try to pull container image in OCI format (i.e. built with “buildah --format oci …)” via “crictl pull …”

Describe the results you received: Pull operation fails w/ RPC error about “unsupported docker v2s2 media type”

Describe the results you expected: Image pull operation succeeds, as with the same image and CRI-O versions up to / including commit fdc2cc372

Additional information you deem important (e.g. issue happens only occasionally): CRI-O was built w/ golang version 1.13 on CentOS 7 – trying to pull an image built from the very same buildah configuration, but commited by “buildah --format docker…” works fine

Output of crio --version: [this is for the last version working w/ OCI formatted images]

crio version 1.16.0-dev
commit: "fdc2cc372a49413bb89abaa9494beb24ab9e0ce3"

Additional environment details (AWS, VirtualBox, physical, etc.): CentOS 7.7.1908 provisioned in VMWare (test environment) / VirtualBox (CRI-O build environment)

Output from “grep -v -e ‘^#’ -e ‘^$’ /etc/crio/crio.conf”:

[crio]
log_dir = "/var/log/crio/pods"
version_file = "/var/lib/crio/version"
[crio.api]
listen = "/var/run/crio/crio.sock"
host_ip = ""
stream_address = "127.0.0.1"
stream_port = "0"
stream_enable_tls = false
stream_tls_cert = ""
stream_tls_key = ""
stream_tls_ca = ""
grpc_max_send_msg_size = 16777216
grpc_max_recv_msg_size = 16777216
[crio.runtime]
default_runtime = "runc"
no_pivot = false
conmon = "/usr/libexec/crio/conmon"
conmon_cgroup = "pod"
conmon_env = [
	"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
]
selinux = true
seccomp_profile = ""
apparmor_profile = "crio-default-1.16.0-dev"
cgroup_manager = "systemd"
default_capabilities = [
	"CHOWN", 
	"DAC_OVERRIDE", 
	"FSETID", 
	"FOWNER", 
	"NET_RAW", 
	"SETGID", 
	"SETUID", 
	"SETPCAP", 
	"NET_BIND_SERVICE", 
	"SYS_CHROOT", 
	"KILL", 
]
default_sysctls = [
]
additional_devices = [
]
hooks_dir = [
]
default_mounts = [
]
pids_limit = 1024
log_size_max = -1
log_to_journald = false
container_exits_dir = "/var/run/crio/exits"
container_attach_socket_dir = "/var/run/crio"
bind_mount_prefix = ""
read_only = false
log_level = "error"
uid_mappings = ""
gid_mappings = ""
ctr_stop_timeout = 0
manage_network_ns_lifecycle = false
[crio.runtime.runtimes.runc]
runtime_path = ""
runtime_type = "oci"
runtime_root = "/run/runc"
[crio.image]
default_transport = "docker://"
global_auth_file = ""
pause_image = "k8s.gcr.io/pause:3.1"
pause_image_auth_file = ""
pause_command = "/pause"
signature_policy = ""
image_volumes = "mkdir"
[crio.network]
network_dir = "/etc/cni/net.d/"
plugin_dirs = [
	"/opt/cni/bin/",
]
[crio.metrics]
enable_metrics = false
metrics_port = 9090

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 33 (18 by maintainers)

Most upvoted comments

NEXUS-21087 will be fixed in 3.23.0

+1
fragfutter on Apr 30, 2020
Read more comments on GitHub
← cri-o: 1.25 fedora modular repo missing
cri-o: CANNOT INSTALL PER DOCS on Ubuntu 20.04 →