search

boson-project / functions

A directory of information and resources for the Boson Project.
Apache License 2.0
6 stars 5 forks source link

[bug] Permission denied #9

Closed matzew closed 3 years ago

matzew commented 3 years ago

Describe the bug

Running:

➜  myfunc kn faas build --builder jvm

Gives me this error:

Error: executing lifecycle. This may be the result of using an untrusted builder: failed with status code: 1
output: 2020/10/29 10:55:03.837055 DEBUG:  Pulling image quay.io/boson/faas-quarkus-jvm-builder:latest
latest: Pulling from boson/faas-quarkus-jvm-builder
Digest: sha256:0e679564e76dd8372d7f9eb1eee32c122488a60e9ce96a10c1a9c717d248ea29
Status: Image is up to date for quay.io/boson/faas-quarkus-jvm-builder:latest
2020/10/29 10:55:06.585786 DEBUG:  Selected run image quay.io/boson/faas-stack-run:quarkus-jvm-v0.4.0
2020/10/29 10:55:08.462691 DEBUG:  Pulling image quay.io/boson/faas-stack-run:quarkus-jvm-v0.4.0
quarkus-jvm-v0.4.0: Pulling from boson/faas-stack-run
Digest: sha256:daf9aad634f3890f15e10d65e9a79d4570f77f9bf39dd99d3ecdf95e7cdca249
Status: Image is up to date for quay.io/boson/faas-stack-run:quarkus-jvm-v0.4.0
2020/10/29 10:55:11.183190 DEBUG:  Creating builder with the following buildpacks:
2020/10/29 10:55:11.183197 DEBUG:  -> com.redhat.faas.quarkus-jvm@0.0.1
2020/10/29 10:55:14.598319 DEBUG:  Pulling image buildpacksio/lifecycle:0.9.1
0.9.1: Pulling from buildpacksio/lifecycle
Digest: sha256:53bf0e18a734e0c4071aa39b950ed8841f82936e53fb2a0df56c6aa07f9c5023
Status: Image is up to date for buildpacksio/lifecycle:0.9.1
2020/10/29 10:55:18.299632 DEBUG:  Using build cache volume pack-cache-304bfe1a6217.build
2020/10/29 10:55:18.299651 INFO:   ===> DETECTING
[detector] com.redhat.faas.quarkus-jvm 0.0.1
2020/10/29 10:55:18.918341 INFO:   ===> ANALYZING
[analyzer] ERROR: failed to initialize docker client: failed to connect to docker socket: dial unix /var/run/docker.sock: connect: permission denied

Yes, I did docker login ..... before

slinkydeveloper commented 3 years ago

Same issue here:

% kn faas build
Building image: docker.io/slinkydeveloper/http-func:latest
Error: executing lifecycle. This may be the result of using an untrusted builder: failed with status code: 1
output: 2020/10/29 11:32:06.675473 DEBUG:  Pulling image quay.io/boson/faas-quarkus-jvm-builder:latest
latest: Pulling from boson/faas-quarkus-jvm-builder
ec1681b6a383: Pulling fs layer
c4d668e229cd: Pulling fs layer
50d3b6608eb2: Pulling fs layer
d1f2c5e79b83: Pulling fs layer
edcbf064146a: Pulling fs layer
cb0ba8718831: Pulling fs layer
8a1df4ac84fa: Pulling fs layer
9455ceca0c4c: Pulling fs layer
93f2dfa281b3: Pulling fs layer
271787a64a46: Pulling fs layer
4f4fb700ef54: Pulling fs layer
8a1df4ac84fa: Waiting
9455ceca0c4c: Waiting
edcbf064146a: Waiting
cb0ba8718831: Waiting
d1f2c5e79b83: Waiting
93f2dfa281b3: Waiting
4f4fb700ef54: Waiting
271787a64a46: Waiting
c4d668e229cd: Verifying Checksum
c4d668e229cd: Download complete
d1f2c5e79b83: Verifying Checksum
d1f2c5e79b83: Download complete
cb0ba8718831: Download complete
ec1681b6a383: Verifying Checksum
ec1681b6a383: Download complete
9455ceca0c4c: Download complete
8a1df4ac84fa: Verifying Checksum
8a1df4ac84fa: Download complete
ec1681b6a383: Pull complete
c4d668e229cd: Pull complete
50d3b6608eb2: Pull complete
d1f2c5e79b83: Pull complete
93f2dfa281b3: Verifying Checksum
edcbf064146a: Download complete
edcbf064146a: Pull complete
cb0ba8718831: Pull complete
8a1df4ac84fa: Pull complete
4f4fb700ef54: Verifying Checksum
4f4fb700ef54: Download complete
9455ceca0c4c: Pull complete
271787a64a46: Verifying Checksum
271787a64a46: Download complete
93f2dfa281b3: Pull complete
271787a64a46: Pull complete
4f4fb700ef54: Pull complete
Digest: sha256:0e679564e76dd8372d7f9eb1eee32c122488a60e9ce96a10c1a9c717d248ea29
Status: Downloaded newer image for quay.io/boson/faas-quarkus-jvm-builder:latest
2020/10/29 11:32:22.996591 DEBUG:  Selected run image quay.io/boson/faas-stack-run:quarkus-jvm-v0.4.0
2020/10/29 11:32:24.033912 DEBUG:  Pulling image quay.io/boson/faas-stack-run:quarkus-jvm-v0.4.0
quarkus-jvm-v0.4.0: Pulling from boson/faas-stack-run
0fd3b5213a9b: Pulling fs layer
aebb8c556853: Pulling fs layer
a3d9b8084a6a: Pulling fs layer
c79ff029a263: Pulling fs layer
98c1376b59d7: Pulling fs layer
000794123b20: Pulling fs layer
c79ff029a263: Waiting
98c1376b59d7: Waiting
aebb8c556853: Verifying Checksum
aebb8c556853: Download complete
c79ff029a263: Verifying Checksum
c79ff029a263: Download complete
a3d9b8084a6a: Verifying Checksum
a3d9b8084a6a: Download complete
0fd3b5213a9b: Verifying Checksum
0fd3b5213a9b: Download complete
98c1376b59d7: Verifying Checksum
98c1376b59d7: Download complete
0fd3b5213a9b: Pull complete
aebb8c556853: Pull complete
a3d9b8084a6a: Pull complete
c79ff029a263: Pull complete
98c1376b59d7: Pull complete
000794123b20: Verifying Checksum
000794123b20: Download complete
000794123b20: Pull complete
Digest: sha256:daf9aad634f3890f15e10d65e9a79d4570f77f9bf39dd99d3ecdf95e7cdca249
Status: Downloaded newer image for quay.io/boson/faas-stack-run:quarkus-jvm-v0.4.0
2020/10/29 11:32:33.221337 DEBUG:  Creating builder with the following buildpacks:
2020/10/29 11:32:33.221342 DEBUG:  -> com.redhat.faas.quarkus-jvm@0.0.1
2020/10/29 11:32:35.480975 DEBUG:  Pulling image buildpacksio/lifecycle:0.9.1
0.9.1: Pulling from buildpacksio/lifecycle
4000adbbc3eb: Pulling fs layer
474f7dcb012d: Pulling fs layer
4000adbbc3eb: Download complete
4000adbbc3eb: Pull complete
474f7dcb012d: Download complete
474f7dcb012d: Pull complete
Digest: sha256:53bf0e18a734e0c4071aa39b950ed8841f82936e53fb2a0df56c6aa07f9c5023
Status: Downloaded newer image for buildpacksio/lifecycle:0.9.1
2020/10/29 11:32:38.809113 DEBUG:  Using build cache volume pack-cache-25384840759b.build
2020/10/29 11:32:38.809118 INFO:   ===> DETECTING
[detector] com.redhat.faas.quarkus-jvm 0.0.1
2020/10/29 11:32:39.237322 INFO:   ===> ANALYZING
[analyzer] ERROR: failed to initialize docker client: failed to connect to docker socket: dial unix /var/run/docker.sock: connect: permission denied

My environment:

% uname -a
Linux localhost.localdomain 5.8.16-200.fc32.x86_64 #1 SMP Mon Oct 19 14:17:16 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
% docker version
Client:
 Version:           19.03.11
 API version:       1.40
 Go version:        go1.14.3
 Git commit:        42e35e6
 Built:             Sun Jun  7 21:16:58 2020
 OS/Arch:           linux/amd64
 Experimental:      false

Server:
 Engine:
  Version:          19.03.11
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.14.3
  Git commit:       42e35e6
  Built:            Sun Jun  7 00:00:00 2020
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.2.13
  GitCommit:        7ad184331fa3e55e52b890ea95e65ba581ae3429
 runc:
  Version:          1.0.0-rc10
  GitCommit:        dc9208a3303feef5b3839f4323d9beb36df0a9dd
 docker-init:
  Version:          0.18.0
  GitCommit:

I see something in the journal, maybe this helps:

ott 29 11:36:08 localhost.localdomain 1822e066e970[40811]: com.redhat.faas.quarkus-jvm 0.0.1
ott 29 11:36:08 localhost.localdomain dockerd[40822]: time="2020-10-29T11:36:08.555545250+01:00" level=info msg="shim reaped" id=1822e066e9707522bea31f88ae799c524db7fa8137b32d1b6538af02dc3a90e5
ott 29 11:36:08 localhost.localdomain dockerd[40811]: time="2020-10-29T11:36:08.565537553+01:00" level=info msg="ignoring event" module=libcontainerd namespace=moby topic=/tasks/delete type="*events.TaskDelete"
ott 29 11:36:08 localhost.localdomain dockerd[40822]: time="2020-10-29T11:36:08.676015245+01:00" level=info msg="shim containerd-shim started" address="/containerd-shim/moby/6f27b7dc6bfc2fceda121e4e9fe867e1844d7ae98ed929b282cd79930e023486>
ott 29 11:36:08 localhost.localdomain 6f27b7dc6bfc[40811]: ERROR: failed to initialize docker client: failed to connect to docker socket: dial unix /var/run/docker.sock: connect: permission denied
ott 29 11:36:08 localhost.localdomain dockerd[40822]: time="2020-10-29T11:36:08.849968585+01:00" level=info msg="shim reaped" id=6f27b7dc6bfc2fceda121e4e9fe867e1844d7ae98ed929b282cd79930e023486
ott 29 11:36:08 localhost.localdomain dockerd[40811]: time="2020-10-29T11:36:08.859993554+01:00" level=info msg="ignoring event" module=libcontainerd namespace=moby topic=/tasks/delete type="*events.TaskDelete"
lance commented 3 years ago

@matzew @slinkydeveloper please see https://github.com/boson-project/faas/issues/178. Can you try setenforce 0 and see if it helps?

slinkydeveloper commented 3 years ago

It works, although disabling SELinux might not be always the right answer for our customers

lance commented 3 years ago

It works, although disabling SELinux might not be always the right answer for our customers

Of course. Our next task is eliminating the Docker daemon dependency (which will eliminate this problem).

matzew commented 3 years ago

FWIW I am on docker - NOT podman

lance commented 3 years ago

@matejvasek right - it's the fact that SELinux is blocking access to the Docker daemon that is causing this problem.

lance commented 3 years ago

Closing as a duplicate of https://github.com/boson-project/faas/issues/178