Closed fins2 closed 3 years ago
Do you have an example Dockerfile you used to build the container image with?
I use a bash script to build my container image. You can find the script bellow:
#!/bin/bash
#
# Generate minimal container image (~57MB) from RHEL7/OL7/CentOS7 repo using buildah (https://github.com/projectatomic/buildah)
#
set -ex
# start new container from scratch
newcontainer=$(buildah from scratch)
scratchmnt=$(buildah mount ${newcontainer})
# install the packages
yum install --nogpgcheck --installroot ${scratchmnt} rpm bash coreutils ansible python2-pyvmomi python-requests shadow-utils --releasever 7 --setopt=tsflags=nodocs --setopt=override_install_langs=en_US.utf8 -y
# Clean up yum cache
if [ -d "${scratchmnt}" ]; then
rm -rf "${scratchmnt}"/var/cache/yum
fi
#create user and group
buildah run ${newcontainer} groupadd -g 10002 testgroup
buildah run ${newcontainer} useradd -u 10109 -g testgroup testuser
# configure container label, entrypoint, default user and default working directory
buildah config --label name=el7-ansible ${newcontainer}
buildah config --cmd /bin/bash ${newcontainer}
buildah config --user testuser ${newcontainer}
buildah config --workingdir /etc/ansible ${newcontainer}
# commit the image
buildah unmount ${newcontainer}
buildah commit --format docker ${newcontainer} el7-ansible
#some cleanup
buildah rm ${newcontainer}
@TomSweeneyRedHat PTAL
I'm running into the same problem with the image in the quay repo:
docker run --privileged quay.io/buildah/stable -v mywkdir:/tmp buildah bud -f /tmp/Dockerfile
Error:
docker: Error response from daemon: OCI runtime create failed: container_linux.go:346: starting container process caused "exec: \"-v\": executable file not found in $PATH": unknown.
Does the container work with podman?
This looks like the docker parser is getting confused?
I just tried to run the buildah container locally and I had no issues
# docker run -ti quay.io/buildah/stable sh
# id
uid=0(root) gid=0(root) groups=0(root)
# exit
Actually try docker run --privileged -v mywkdir:/tmp quay.io/buildah/stable buildah bud -f /tmp/Dockerfile
Ok, I can run the container locally (your first question) no problem. The command above:
docker run --privileged -v mywkdir:/tmp quay.io/buildah/stable buildah bud -f /tmp/Dockerfile
Gets me closer. Volume error is gone but the problem is the contents of the /tmp folder when mapped:
Mywkdir on the host is this: ls -la mywkdir total 16 drwxr-xr-x 4 vincentguaglione staff 128 Dec 3 15:04 . drwxr-xr-x 10 vincentguaglione staff 320 Dec 3 15:04 .. -rw-r--r-- 1 vincentguaglione staff 1443 Dec 3 15:04 Dockerfile -rw-r--r-- 1 vincentguaglione staff 261 Dec 3 15:04 entrypoint.sh
The error I receive is: error reading info about "/tmp/Dockerfile": stat /tmp/Dockerfile: no such file or directory
So I run this command and list the directory: docker run --privileged -v mywkdir:/tmp quay.io/buildah/stable sh sh-5.0# ls -la /tmp total 12 drwxrwxrwt 2 root root 4096 Dec 3 19:46 . drwxr-xr-x 1 root root 4096 Dec 3 20:02 .. -rwx------ 1 root root 1379 Oct 28 05:48 ks-script-h2x0hr
You can see that the volume mapping either is not working, or, there's something about the container that's causing it to overlay the mapping with some specific file. At least this is what appears to be happening. This is confusing as I've never seen this type of behavior before.
????
Try
docker run --privileged -v ${PWD}/mywkdir:/tmp quay.io/buildah/stable buildah bud -f /tmp/Dockerfile or docker run --privileged -v ./mywkdir:/tmp quay.io/buildah/stable buildah bud -f /tmp/Dockerfile
Not sure if the second one works with Docker.
If you just specify -v mywkdir:/tmp Docker will generate an empty volume with this name and use that as the mount point not the path that you expected.
Of course I would prefer to get rid of Docker altogether and just use podman
pdoman run --privileged -v ./mywkdir:/tmp quay.io/buildah/stable buildah bud -f /tmp/Dockerfile
Yes sir, that fixed it. -v ${PWD}/mywkdir is what I needed to do to get to recognize the mapping. Thanks for the help.
Unfortunately, I'm now hitting a problem building the image from the dockerfile. Appears to be a problem with an apt-get update, similar to what I've seen with Kaniko container builds:
RUN apt-get update -y && apt-get install -y php7.0-mbstring php-mysqli libnss-wrapper process exited with error: fork/exec /bin/sh: no such file or directorysubprocess exited with status 1 error building at STEP "RUN apt-get update -y && apt-get install -y php7.0-mbstring php-mysqli libnss-wrapper": exit status 1
I can go ahead and create a separate issue for this problem, unless you can point me in the direction of a fix that's already in place?
Could you give me the actual Dockerfile and actual Podman/Docker command you are executing?
No problem.
Docker command:
docker run --privileged -v ${PWD}/mywkdir:/tmp quay.io/buildah/stable buildah bud -f /tmp/Dockerfile
Dockerfile:
FROM bitnami/php-fpm:latest EXPOSE 9000 WORKDIR /app
RUN apt-get update -y \ && apt-get install -y php7.0-mbstring php-mysqli libnss-wrapper
ENV APP_ROOT=/app \ USER_NAME=default \ USER_UID=10001 ENV APP_HOME=${APP_ROOT}/src PATH=$PATH:${APP_ROOT}/bin
RUN mkdir -p ${APP_HOME} ${APP_ROOT}/etc
COPY entrypoint.sh ${APP_ROOT}/bin/
RUN chmod -R ug+x ${APP_ROOT}/bin ${APP_ROOT}/etc && sync && \ useradd -l -u ${USER_UID} -r -g 0 -d ${APP_ROOT} -s /sbin/nologin -c "${USER_NAME} user" ${USER_NAME} && \ chown -R ${USER_UID}:0 ${APP_ROOT} && \ chmod -R g=u ${APP_ROOT}
RUN chmod g+rwx -R /opt/bitnami/php /opt/bitnami/php/logs RUN chgrp -R root /opt/bitnami
USER 10001
WORKDIR ${APP_ROOT}
RUN sed "s@${USER_NAME}:x:${USER_UID}:0@${USER_NAME}:x:\${USER_ID}:\${GROUP_ID}@g" /etc/passwd > ${APP_ROOT}/etc/passwd.template
ENTRYPOINT [ "entrypoint.sh" ]
CMD [ "php-fpm", "-F", "--pid", "/opt/bitnami/php/tmp/php-fpm.pid", "-y", "/opt/bitnami/php/etc/php-fpm.conf" ]
@giuseppe I think something might be going on with fuse-overlay on this one?
@giuseppe I think something might be going on with fuse-overlay on this one?
I don't see anything related to rootless in this issue. Was the image built with fuse-overlayfs (I doubt that would work on CentOS 7.6)?
We are fairly new to some of this alternate docker container build technologies, however, we have seen very similar problems building some images via kaniko, and these also manifest during apt-get updates/installs. Not sure if this helps but I thought to pass it on. Thank you for looking into this for us.
Buildah is using fuse-overlay for building inside of a container.
@fins2 Is this still an issue?
(Edited to touch up formatting issues) I am experiencing a issue building a dockerfile using buildah
i am using base image ubi8/buildah my dockerfile includes steps to addgroup and users on group add i encounter a issue saying
groupadd: /etc/group.241: lock file already used [build-docker-file] groupadd: cannot lock /etc/group; try again later. [build-docker-file] subprocess exited with status 10 [build-docker-file] subprocess exited with status 10
following are my env details
uname -a [build-docker-file] Linux docker-build-run-pod-jt9v6 4.18.0-147.8.1.el8_1.ppc64le #1 SMP Wed Feb 26 04:11:20 UTC 2020 ppc64le ppc64le ppc64le GNU/Linux
cat /etc/os-release [build-docker-file] NAME="Red Hat Enterprise Linux" [build-docker-file] VERSION="8.2 (Ootpa)" [build-docker-file] ID="rhel" [build-docker-file] ID_LIKE="fedora" [build-docker-file] VERSION_ID="8.2" [build-docker-file] PLATFORM_ID="platform:el8" [build-docker-file] PRETTY_NAME="Red Hat Enterprise Linux 8.2 (Ootpa)" [build-docker-file] ANSI_COLOR="0;31" [build-docker-file] CPE_NAME="cpe:/o:redhat:enterprise_linux:8.2:GA" [build-docker-file] HOME_URL="https://www.redhat.com/" [build-docker-file] BUG_REPORT_URL="https://bugzilla.redhat.com/" [build-docker-file] [build-docker-file] REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 8" [build-docker-file] REDHAT_BUGZILLA_PRODUCT_VERSION=8.2 [build-docker-file] REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux" [build-docker-file] REDHAT_SUPPORT_PRODUCT_VERSION="8.2"
any help will be appreciated i also referred to this https://github.com/containers/buildah/issues/2239
i tried using add '--storage-driver=overlay' -> still the same behaviour also tried using FROM : registry.access.redhat.com/ubi8/ubi:8.2-> same behaviour
Below is the sample dockerfile i am trying to build
------------------------------------------------------------------------------
FROM registry.access.redhat.com/ubi8/ubi:8.2
ENV CICD_GROUP=cicd
ENV CICD_ID=1500
ENV BUILD_USER=builder
ENV BUILD_ID=1084
ENV IBM_POWERAI_LICENSE_ACCEPT=yes
RUN export ARCH="$(uname -m)" && \
yum repolist && yum install -y \
sudo \
bzip2 \
git \
patch && \
# Create CICD Group
rm -rf /etc/*.lock && \
groupadd --gid ${CICD_ID} ${CICD_GROUP} && \
# Adduser Builder
useradd -b /home --create-home --gid ${CICD_GROUP} --groups wheel \
--uid ${BUILD_ID} --comment "User for Building" ${BUILD_USER}
-----------------------------------------------------------------------------------------
@ketank-new Couple quick things. Can you include your buildah bud
command that you used? Also, as a test, could you replace FROM registry.access.redhat.com/ubi8/ubi:8.2
in your Dockerfile with 'FROM quay.io/buildah/stable:latest` and try that? I've a suspicion some dependency is missing from the UBI8 image.
@fatherlinux FYI
@TomSweeneyRedHat : I tried using quay.io/buildah/stable:latestin my dockerfile .. i get a exec error i am executing this on a Power machine i think the image suggested by you is for amd64
my buildah command used is below, this is done using a tekton conatiner command: ['buildah', 'bud','--format=oci', '--tls-verify=true', '--layers', '-f', 'Dockerfile', '-t', 'kk:try']
I have also noted , spinning up a ppc64le container over base image registry.redhat.io/rhel8/buildah and trying to build a dockerfile i notice the below issue on doing a buildah bud -f dockerfile (container wass spinned in privilage=true and /var/lib/containers were mounted)
error mounting container "348e52048b351d57ecbf511d62b6f7c4e77b0df97988927aa767d03a6b969212": error mounting build container "348e52048b351d57ecbf511d62b6f7c4e77b0df97988927aa767d03a6b969212": failed to canonicalise path for "/var/lib/containers/storage/overlay/b9a7c3cb883564f20aa053c7aa85a2e9c68d2f2c72618c90e1bd1c120b41833b/merged": lstat /var/lib/containers/storage/overlay/b9a7c3cb883564f20aa053c7aa85a2e9c68d2f2c72618c90e1bd1c120b41833b/merged: invalid argument
@ketank-new thanks for the follow up. I've not tried running that image on a power machine, and didn't catch that in your op. I'm not too surprised it wasn't happy there. @fatherlinux any thoughts on the ubi image on a power machine?
We just got a Bugzilla reported too: https://bugzilla.redhat.com/show_bug.cgi?id=1873224, I believe it's the same beast, but the BZ is against Docker. I think it should instead be against UBI8
@fins2 Is this still an issue? Can I close this? I am not sure this is a buildah problem
Yes It's still an issue.
@jnovy @fatherlinux who do we point this at?
@TomSweeneyRedHat the bug 1873224 is irrelevant to this issue as somebody was using s390x Z12 machine which lacks required instruction set.
Not sure what we should do with this?
Not sure what we should do with this?
I don't think we can fix such kind of issues on CentOS 7 anymore. We expect users to move to RHEL/CentOS 8 at this point
Yes, I am going to close.
Description
Unable to start a container with docker from an image build with buildah.
Steps to reproduce the issue:
Describe the results you received:
The container start based on the same image with podman run.
Describe the results you expected:
Output of
rpm -q buildah
orapt list buildah
:Output of
buildah version
:Output of
podman version
if reporting apodman build
issue:Output of
docker version
:*Output of `cat /etc/release`:**
Output of
uname -a
:Output of
cat /etc/containers/storage.conf
: