search

docker / compose

Define and run multi-container applications with Docker
https://docs.docker.com/compose/
Apache License 2.0
33.64k stars 5.19k forks source link

[BUG] `docker compose build` fails to find a local image used in FROM #12130

Open elipp opened 6 days ago

elipp commented 6 days ago

Description

Using a present, locally docker run:able image as the FROM stage in a Dockerfile results in docker compose trying to pull the image and failing. See Steps to Reproduce.

Steps To Reproduce

docker.compose.yml:

services:
  someimage:
    image: someimage:sometag
    build:
      dockerfile: Dockerfile.someimage
  service1:
    build:
      dockerfile: Dockerfile.service1
      args:
        IMAGE_NAME: someimage:sometag

Dockerfile.someimage:

FROM alpine
RUN echo "lorem ipsum" > /lipsum.txt

Dockerfile.service1:

ARG IMAGE_NAME
FROM ${IMAGE_NAME:?} AS stage1

FROM alpine
COPY --from=stage1 /lipsum.txt /lipsum.txt
CMD ["cat", "/lipsum.txt"]

Running docker compose build someimage && docker compose build service1 results in:

=> ERROR [service1 internal] load metadata for docker.io/library/someimage:sometag                 0.8s
------
 > [service1 internal] load metadata for docker.io/library/someimage:sometag:
------
failed to solve: someimage:sometag: failed to resolve source metadata for docker.io/library/someimage:sometag: pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed

docker buildx container logs:

time="2024-09-16T21:05:27Z" level=info msg="running server on /run/buildkit/buildkitd.sock"
time="2024-09-16T21:06:46Z" level=info msg="trying next host" error="pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed" host=registry-1.docker.io
time="2024-09-16T21:06:46Z" level=error msg="/moby.buildkit.v1.frontend.LLBBridge/Solve returned error: rpc error: code = Unknown desc = someimage:sometag: failed to resolve source metadata for docker.io/library/someimage:sometag: pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed"
time="2024-09-16T21:06:46Z" level=error msg="/moby.buildkit.v1.Control/Solve returned error: rpc error: code = Unknown desc = someimage:sometag: failed to resolve source metadata for docker.io/library/someimage:sometag: pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed"

Using DOCKER_BUILDKIT=0 docker compose build builds the image just fine, same goes for:

docker build . -f Dockerfile.someimage -t someimage:sometag
docker build . -f Dockerfile.service1 --build-arg IMAGE_NAME=someimage:sometag -t service1
docker run --rm service1

lorem ipsum

This also happens if the image name is hard-coded (not passed as an ARG).

Compose Version

Docker Compose version 2.29.3 (also 2.29.4)

Docker Environment

Client:
 Version:    27.2.1
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  0.17.1
    Path:     /usr/lib/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  2.29.4
    Path:     /usr/lib/docker/cli-plugins/docker-compose

Server:
 Containers: 1
  Running: 1
  Paused: 0
  Stopped: 0
 Images: 4
 Server Version: 27.2.1
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: true
  Native Overlay Diff: false
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 7f7fdf5fed64eb6a7caf99b3e12efcf9d60e311c.m
 runc version:
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.10.10-arch1-1
 Operating System: Arch Linux
 OSType: linux
 Architecture: x86_64
 CPUs: 20
 Total Memory: 62.33GiB
 Name: tooo
 ID: 6ed50486-207f-4523-9ee7-7372aae95dac
 Docker Root Dir: /home/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

Anything else?

Could be a BuildKit issue since DOCKER_BUILDKIT=0 works...?

UPDATE: this actually works if I use the "default" docker buildx driver/endpoint (and fails with the docker-container) one.

ndeloof commented 5 days ago

This is indeed related to buildkit being used to run the build. Buildkit is not aware of dependencies between those two service image and want to build those in parallel, which causes this failure. As a workaround, you can declare a dependency between services using depends_on. While this might not be relevant at runtime, Docker Compose will then build images in sequence