slimtoolkit / slim

Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
Apache License 2.0
19.78k stars 739 forks source link

GitLab CI DIND: timeout error #195

Open ProfessorManhattan opened 3 years ago

ProfessorManhattan commented 3 years ago

Expected Behavior

docker-slim should run without error when run in a GitLab CI environment


Actual Behavior

docker-slim fails with timeout error.


Steps to Reproduce the Problem

  1. Create a GitLab CI project with a Dockerfile in it and the following .gitlab-ci.yml file:
---
gitlab_registry:
  stage: test
  image: megabytelabs/dockerslim:latest
  needs: []
  services:
    - docker:dind
  tags:
    - docker
  variables:
    DOCKER_HOST: tcp://docker:2376
    DOCKER_TLS_CERTDIR: /certs
    DOCKER_CERT_PATH: "$DOCKER_TLS_CERTDIR/client"
    DOCKER_TLS_VERIFY: 1
    GIT_DEPTH: 1
  script:
    - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" "${CI_REGISTRY}"
    - docker build -t "${CI_COMMIT_REF_SLUG}:latest" .
    - docker-slim --debug --tls-verify=false build --http-probe=false --exec 'echo hey' "${CI_COMMIT_REF_SLUG}:latest"
  1. Trigger the CI build. Docker commands are working as expected but the docker-slim build fails with the following output:
Running with gitlab-runner 13.12.0-rc1 (b21d5c5b)
  on docker-auto-scale 0277ea0f
  feature flags: FF_GITLAB_REGISTRY_HELPER_IMAGE:true, FF_SKIP_DOCKER_MACHINE_PROVISION_ON_CREATION_FAILURE:true
Resolving secrets
00:00
Preparing the "docker+machine" executor
Using Docker executor with image megabytelabs/dockerslim:latest ...
Starting service docker:dind ...
Pulling docker image docker:dind ...
Using docker image sha256:dc8c389414c80f3c6510d3690cd03c29fc99d66f58955f138248499a34186bfa for docker:dind with digest docker@sha256:87ed8e3a7b251eef42c2e4251f95ae3c5f8c4c0a64900f19cc532d0a42aa7107 ...
Waiting for services to be up and running...
Pulling docker image megabytelabs/dockerslim:latest ...
Using docker image sha256:383b8ff911c08e8a29b6cc8a75d8069fec480f71d9c773ed3f96a4a8486b46ec for megabytelabs/dockerslim:latest with digest megabytelabs/dockerslim@sha256:c21249ab64d840452d81e796952341649ed8774665b1285ae92a4f47998c0022 ...
Preparing environment
00:00
Running on runner-0277ea0f-project-25813727-concurrent-0 via runner-0277ea0f-srm-1621013830-ed04e4e1...
Getting source from Git repository
00:02
$ eval "$CI_PRE_CLONE_SCRIPT"
Fetching changes with git depth set to 1...
Initialized empty Git repository in /builds/megabyte-labs/dockerfile/ci-pipeline/yamllint/.git/
Created fresh repository.
Checking out 417f788b as master...
Skipping Git submodules setup
Executing "step_script" stage of the job script
Using docker image sha256:383b8ff911c08e8a29b6cc8a75d8069fec480f71d9c773ed3f96a4a8486b46ec for megabytelabs/dockerslim:latest with digest megabytelabs/dockerslim@sha256:c21249ab64d840452d81e796952341649ed8774665b1285ae92a4f47998c0022 ...
$ docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" "${CI_REGISTRY}"
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
$ docker build -t "${CI_COMMIT_REF_SLUG}:latest" .
Step 1/20 : FROM alpine:3
3: Pulling from library/alpine
540db60ca938: Pulling fs layer
540db60ca938: Verifying Checksum
540db60ca938: Download complete
540db60ca938: Pull complete
Digest: sha256:69e70a79f2d41ab5d637de98c1e0b055206ba40a8145e7bddb55ccc04e13cf8f
Status: Downloaded newer image for alpine:3
 ---> 6dbb9cc54074
Step 2/20 : ENV container docker
 ---> Running in 5633d9ac9aab
Removing intermediate container 5633d9ac9aab
 ---> b177e9721c4f
Step 3/20 : RUN apk --no-cache add --virtual build-dependencies       py3-pip=20.3.4-r0   && apk --no-cache add       python3=3.8.10-r0   && pip3 install --no-cache-dir       yamllint==1.26.1   && apk del build-dependencies   && rm -Rf /var/cache/apk/*
 ---> Running in 35b9887db817
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/community/x86_64/APKINDEX.tar.gz
(1/36) Installing libbz2 (1.0.8-r1)
(2/36) Installing expat (2.2.10-r1)
(3/36) Installing libffi (3.3-r2)
(4/36) Installing gdbm (1.19-r0)
(5/36) Installing xz-libs (5.2.5-r0)
(6/36) Installing ncurses-terminfo-base (6.2_p20210109-r0)
(7/36) Installing ncurses-libs (6.2_p20210109-r0)
(8/36) Installing readline (8.1.0-r0)
(9/36) Installing sqlite-libs (3.34.1-r0)
(10/36) Installing python3 (3.8.10-r0)
(11/36) Installing py3-appdirs (1.4.4-r1)
(12/36) Installing py3-ordered-set (4.0.2-r0)
(13/36) Installing py3-parsing (2.4.7-r1)
(14/36) Installing py3-six (1.15.0-r0)
(15/36) Installing py3-packaging (20.9-r0)
(16/36) Installing py3-setuptools (51.3.3-r0)
(17/36) Installing py3-chardet (4.0.0-r0)
(18/36) Installing py3-idna (3.1-r0)
(19/36) Installing py3-urllib3 (1.26.2-r1)
(20/36) Installing py3-requests (2.25.1-r1)
(21/36) Installing py3-msgpack (1.0.2-r0)
(22/36) Installing py3-lockfile (0.12.2-r3)
(23/36) Installing py3-cachecontrol (0.12.6-r0)
(24/36) Installing py3-colorama (0.4.4-r0)
(25/36) Installing py3-contextlib2 (0.6.0-r0)
(26/36) Installing py3-distlib (0.3.1-r1)
(27/36) Installing py3-distro (1.5.0-r1)
(28/36) Installing py3-webencodings (0.5.1-r3)
(29/36) Installing py3-html5lib (1.1-r0)
(30/36) Installing py3-pytoml (0.1.21-r0)
(31/36) Installing py3-pep517 (0.9.1-r0)
(32/36) Installing py3-progress (1.5-r0)
(33/36) Installing py3-retrying (1.3.3-r0)
(34/36) Installing py3-toml (0.10.2-r0)
(35/36) Installing py3-pip (20.3.4-r0)
(36/36) Installing build-dependencies (20210514.173827)
Executing busybox-1.32.1-r6.trigger
OK: 75 MiB in 50 packages
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/community/x86_64/APKINDEX.tar.gz
OK: 75 MiB in 50 packages
Collecting yamllint==1.26.1
  Downloading yamllint-1.26.1.tar.gz (126 kB)
Collecting pathspec>=0.5.3
  Downloading pathspec-0.8.1-py2.py3-none-any.whl (28 kB)
Collecting pyyaml
  Downloading PyYAML-5.4.1.tar.gz (175 kB)
  Installing build dependencies: started
  Installing build dependencies: finished with status 'done'
  Getting requirements to build wheel: started
  Getting requirements to build wheel: finished with status 'done'
    Preparing wheel metadata: started
    Preparing wheel metadata: finished with status 'done'
Using legacy 'setup.py install' for yamllint, since package 'wheel' is not installed.
Building wheels for collected packages: pyyaml
  Building wheel for pyyaml (PEP 517): started
  Building wheel for pyyaml (PEP 517): finished with status 'done'
  Created wheel for pyyaml: filename=PyYAML-5.4.1-cp38-cp38-linux_x86_64.whl size=45641 sha256=877f5c66f7f4841b24843d0d0f0fb94e7de2f892a282030f82208f393289c172
  Stored in directory: /tmp/pip-ephem-wheel-cache-63w9bcle/wheels/dd/c5/1d/5d7436173d3efd4a14dcb510eb0b29525ecb6b0e41489e716e
Successfully built pyyaml
Installing collected packages: pyyaml, pathspec, yamllint
    Running setup.py install for yamllint: started
    Running setup.py install for yamllint: finished with status 'done'
Successfully installed pathspec-0.8.1 pyyaml-5.4.1 yamllint-1.26.1
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.13/main: No such file or directory
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.13/community: No such file or directory
(1/26) Purging build-dependencies (20210514.173827)
(2/26) Purging py3-pip (20.3.4-r0)
(3/26) Purging py3-cachecontrol (0.12.6-r0)
(4/26) Purging py3-lockfile (0.12.2-r3)
(5/26) Purging py3-colorama (0.4.4-r0)
(6/26) Purging py3-contextlib2 (0.6.0-r0)
(7/26) Purging py3-distlib (0.3.1-r1)
(8/26) Purging py3-distro (1.5.0-r1)
(9/26) Purging py3-html5lib (1.1-r0)
(10/26) Purging py3-msgpack (1.0.2-r0)
(11/26) Purging py3-pep517 (0.9.1-r0)
(12/26) Purging py3-pytoml (0.1.21-r0)
(13/26) Purging py3-progress (1.5-r0)
(14/26) Purging py3-requests (2.25.1-r1)
(15/26) Purging py3-chardet (4.0.0-r0)
(16/26) Purging py3-idna (3.1-r0)
(17/26) Purging py3-urllib3 (1.26.2-r1)
(18/26) Purging py3-retrying (1.3.3-r0)
(19/26) Purging py3-setuptools (51.3.3-r0)
(20/26) Purging py3-ordered-set (4.0.2-r0)
(21/26) Purging py3-appdirs (1.4.4-r1)
(22/26) Purging py3-packaging (20.9-r0)
(23/26) Purging py3-parsing (2.4.7-r1)
(24/26) Purging py3-six (1.15.0-r0)
(25/26) Purging py3-toml (0.10.2-r0)
(26/26) Purging py3-webencodings (0.5.1-r3)
Executing busybox-1.32.1-r6.trigger
OK: 53 MiB in 24 packages
Removing intermediate container 35b9887db817
 ---> 42fbfd532903
Step 4/20 : WORKDIR /work
 ---> Running in 6021fb838d36
Removing intermediate container 6021fb838d36
 ---> e577bd51ef96
Step 5/20 : CMD ["yamllint", "--version"]
 ---> Running in 5fd4acde5fcb
Removing intermediate container 5fd4acde5fcb
 ---> 707a4e31146c
Step 6/20 : ARG BUILD_DATE
 ---> Running in 2d05149992d0
Removing intermediate container 2d05149992d0
 ---> 3dc1350b9cc6
Step 7/20 : ARG REVISION
 ---> Running in a1378959cdc8
Removing intermediate container a1378959cdc8
 ---> 157cff7ac860
Step 8/20 : ARG VERSION
 ---> Running in 91cfaa6c36f0
Removing intermediate container 91cfaa6c36f0
 ---> c82f2a79a67f
Step 9/20 : LABEL maintainer="Megabyte Labs <help@megabyte.space"
 ---> Running in 6b299b749337
Removing intermediate container 6b299b749337
 ---> a23b0e61c651
Step 10/20 : LABEL org.opencontainers.image.authors="Brian Zalewski <brian@megabyte.space>"
 ---> Running in aaa702f8739b
Removing intermediate container aaa702f8739b
 ---> 179294040d60
Step 11/20 : LABEL org.opencontainers.image.created=$BUILD_DATE
 ---> Running in 28cf86ff3b43
Removing intermediate container 28cf86ff3b43
 ---> d57eb219f866
Step 12/20 : LABEL org.opencontainers.image.description="An incredibly compact YAML Lint container that you can use in CI environments as well as from the command-line as a one-liner (only 3.21997 MB compressed!)"
 ---> Running in dd58c6e68c5b
Removing intermediate container dd58c6e68c5b
 ---> 70241d26333c
Step 13/20 : LABEL org.opencontainers.image.documentation="https://gitlab.com/megabyte-labs/dockerfile/ci-pipeline/yamllint/-/blob/master/README.md"
 ---> Running in 942a0b796677
Removing intermediate container 942a0b796677
 ---> 8b58f5ca076e
Step 14/20 : LABEL org.opencontainers.image.licenses="MIT"
 ---> Running in f4720da47785
Removing intermediate container f4720da47785
 ---> 8badffc09f5e
Step 15/20 : LABEL org.opencontainers.image.revision=$REVISION
 ---> Running in 21e020722a88
Removing intermediate container 21e020722a88
 ---> 6ee378250f76
Step 16/20 : LABEL org.opencontainers.image.source="https://gitlab.com/megabyte-labs/dockerfile/ci-pipeline/yamllint.git"
 ---> Running in 3a86e3acfb62
Removing intermediate container 3a86e3acfb62
 ---> 36ee118325a8
Step 17/20 : LABEL org.opencontainers.image.url="https://megabyte.space"
 ---> Running in 6902612d6ea8
Removing intermediate container 6902612d6ea8
 ---> 7856ce7d7760
Step 18/20 : LABEL org.opencontainers.image.vendor="Megabyte Labs"
 ---> Running in 4692e2e96213
Removing intermediate container 4692e2e96213
 ---> 65c98cefaf27
Step 19/20 : LABEL org.opencontainers.image.version=$VERSION
 ---> Running in 6395eaaa7b24
Removing intermediate container 6395eaaa7b24
 ---> 009f738fe80e
Step 20/20 : LABEL space.megabyte.type="ci-pipeline"
 ---> Running in 557e14a54a04
Removing intermediate container 557e14a54a04
 ---> 6db846ce739a
Successfully built 6db846ce739a
Successfully tagged master:latest
$ docker-slim --debug --tls-verify=false build --http-probe=false --exec 'yamllint .' "${CI_COMMIT_REF_SLUG}:latest"
time="2021-05-14T17:38:44Z" level=debug msg="sysinfo => system.SystemInfo{Sysname:\"Linux\", Nodename:\"runner-0277ea0f-project-25813727-concurrent-0\", Release:\"4.19.78-coreos\", Version:\"#1 SMP Mon Oct 14 22:56:39 -00 2019\", Machine:\"x86_64\", Domainname:\"(none)\", OsBuild:\"\", Distro:system.DistroInfo{Name:\"Alpine Linux\", Version:\"3.13.5\", DisplayName:\"Alpine Linux v3.13\"}}"
docker-slim: message='join the Gitter channel to ask questions or to share your feedback' info='https://gitter.im/docker-slim/community'
docker-slim: message='join the Discord server to ask questions or to share your feedback' info='https://discord.gg/9tDyxYS'
docker-slim: message='Github discussions' info='https://github.com/docker-slim/docker-slim/discussions'
cmd=build info=exec message='changing continue-after mode to exec' 
time="2021-05-14T17:38:44Z" level=debug msg="docker-slim: new Docker client (TLS,no verify) [4]"
cmd=build state=started
cmd=build info=params target='master:latest' continue.mode='exec' rt.as.user='true' keep.perms='true' 
time="2021-05-14T17:38:44Z" level=info msg="image=master:latest http-probe=false remove-file-artifacts=false image-overrides=map[] entrypoint=[] (false) cmd=[] (false) workdir='' env=[] expose=map[]" app=docker-slim command=build
cmd=build info=app version='linux|Transformer|1.35.1|89ddd87f009dd1e7cbd66a5494e5956c3c093edc|2021-04-27_07:10:07PM' container=true dsimage=false
cmd=build info=app location='/usr/local/bin'
cmd=build info=host osname='Alpine Linux v3.13'
cmd=build info=host osbuild=
cmd=build info=host version='#1 SMP Mon Oct 14 22:56:39 -00 2019'
cmd=build info=host release=4.19.78-coreos
cmd=build info=host sysname=Linux
cmd=build info=docker name=32fd90fcb8bb
cmd=build info=docker kernel_version=4.19.78-coreos
cmd=build info=docker operating_system=Alpine Linux v3.13 (containerized)
cmd=build info=docker ostype=linux
cmd=build info=docker server_version=20.10.6
cmd=build info=docker architecture=x86_64
cmd=build info=dclient api_version=1.41
cmd=build info=dclient min_api_version=1.12
cmd=build info=dclient build_time=2021-04-09T22:46:14.000000000+00:00
cmd=build info=dclient git_commit=8728dd2
cmd=build state=image.inspection.start
time="2021-05-14T17:38:44Z" level=info msg="inspecting 'fat' image metadata..." app=docker-slim command=build
time="2021-05-14T17:38:44Z" level=debug msg="PrepareImageStateDirs(,sha256:6db846ce739a8656ce1ae8a922d7de63663fd01740cdf5864b78b08a32257530)"
time="2021-05-14T17:38:44Z" level=debug msg="PrepareImageStateDirs - statePrefix=/usr/local/bin appDir=/usr/local/bin badPath=/usr/local/bin"
time="2021-05-14T17:38:44Z" level=debug msg="PrepareImageStateDirs - overriding state path to /tmp/docker-slim-state"
time="2021-05-14T17:38:44Z" level=debug msg="PrepareImageStateDirs - statePrefix=/tmp/docker-slim-state appDir=/usr/local/bin badPath=/usr/local/bin"
time="2021-05-14T17:38:44Z" level=debug msg="PrepareImageStateDirs - copying sensor to state path (to /tmp/docker-slim-state)"
time="2021-05-14T17:38:44Z" level=debug msg="CopyRegularFile(false,/usr/local/bin/docker-slim-sensor,/tmp/docker-slim-state/docker-slim-sensor,true)"
time="2021-05-14T17:38:44Z" level=debug msg="PrepareImageStateDirs - will create new state location: /tmp/docker-slim-state/.docker-slim-state/images/6db846ce739a8656ce1ae8a922d7de63663fd01740cdf5864b78b08a32257530/artifacts"
time="2021-05-14T17:38:44Z" level=debug msg="PrepareImageStateDirs - created new image state location: /tmp/docker-slim-state/.docker-slim-state/images/6db846ce739a8656ce1ae8a922d7de63663fd01740cdf5864b78b08a32257530/artifacts"
time="2021-05-14T17:38:44Z" level=debug msg="localVolumePath=/tmp/docker-slim-state/.docker-slim-state/images/6db846ce739a8656ce1ae8a922d7de63663fd01740cdf5864b78b08a32257530, artifactLocation=/tmp/docker-slim-state/.docker-slim-state/images/6db846ce739a8656ce1ae8a922d7de63663fd01740cdf5864b78b08a32257530/artifacts, statePath=/tmp/docker-slim-state, stateKey=6db846ce739a8656ce1ae8a922d7de63663fd01740cdf5864b78b08a32257530" app=docker-slim command=build
cmd=build info=image size.human='52 MB' id='sha256:6db846ce739a8656ce1ae8a922d7de63663fd01740cdf5864b78b08a32257530' size.bytes='52089452' 
time="2021-05-14T17:38:44Z" level=info msg="processing 'fat' image info..." app=docker-slim command=build
time="2021-05-14T17:38:44Z" level=debug msg="\n\nIMAGE HISTORY =>\n[]docker.ImageHistory{docker.ImageHistory{ID:\"sha256:6db846ce739a8656ce1ae8a922d7de63663fd01740cdf5864b78b08a32257530\", Tags:[]string{\"master:latest\"}, Created:1621013924, CreatedBy:\"/bin/sh -c #(nop)  LABEL space.megabyte.type=ci-pipeline\", Size:0, Comment:\"\"}, docker.ImageHistory{ID:\"sha256:009f738fe80edb4066f1d400b215b89a31049e747bfb9991d63cacd268e750b6\", Tags:[]string(nil), Created:1621013924, CreatedBy:\"/bin/sh -c #(nop)  LABEL org.opencontainers.image.version=\", Size:0, Comment:\"\"}, docker.ImageHistory{ID:\"sha256:65c98cefaf2782b17c566b065db0b7f105443bda51c466a3b00489c195207745\", Tags:[]string(nil), Created:1621013924, CreatedBy:\"/bin/sh -c #(nop)  LABEL org.opencontainers.image.vendor=Megabyte Labs\", Size:0, Comment:\"\"}, docker.ImageHistory{ID:\"sha256:7856ce7d776034950aa6a000faf9a820e52688c48c48ea23fc11aa9da3cc0624\", Tags:[]string(nil), Created:1621013923, CreatedBy:\"/bin/sh -c #(nop)  LABEL org.opencontainers.image.url=https://megabyte.space\", Size:0, Comment:\"\"}, docker.ImageHistory{ID:\"sha256:36ee118325a8d7b8ab8c95df5f44fb043b2eae1673521c799dfd89cf1b9db392\", Tags:[]string(nil), Created:1621013923, CreatedBy:\"/bin/sh -c #(nop)  LABEL org.opencontainers.image.source=https://gitlab.com/megabyte-labs/dockerfile/ci-pipeline/yamllint.git\", Size:0, Comment:\"\"}, docker.ImageHistory{ID:\"sha256:6ee378250f76a3595fb2fae2d9ddbc9386a1fad4708c8204dbe96058c6cd9c5e\", Tags:[]string(nil), Created:1621013923, CreatedBy:\"/bin/sh -c #(nop)  LABEL org.opencontainers.image.revision=\", Size:0, Comment:\"\"}, docker.ImageHistory{ID:\"sha256:8badffc09f5ec3edf83665febef736697b7b19984500a637623bcb2f2d7075f5\", Tags:[]string(nil), Created:1621013923, CreatedBy:\"/bin/sh -c #(nop)  LABEL org.opencontainers.image.licenses=MIT\", Size:0, Comment:\"\"}, docker.ImageHistory{ID:\"sha256:8b58f5ca076ee77f0b27208126abbb5bb12d81b43f2eec96dc5f6e32e638d5f7\", Tags:[]string(nil), Created:1621013923, CreatedBy:\"/bin/sh -c #(nop)  LABEL org.opencontainers.image.documentation=https://gitlab.com/megabyte-labs/dockerfile/ci-pipeline/yamllint/-/blob/master/README.md\", Size:0, Comment:\"\"}, docker.ImageHistory{ID:\"sha256:70241d26333cc48ef20772aefc7394a458c22d94b6f3e75b25230f4ce2c01d79\", Tags:[]string(nil), Created:1621013923, CreatedBy:\"/bin/sh -c #(nop)  LABEL org.opencontainers.image.description=An incredibly compact YAML Lint container that you can use in CI environments as well as from the command-line as a one-liner (only 3.21997 MB compressed!)\", Size:0, Comment:\"\"}, docker.ImageHistory{ID:\"sha256:d57eb219f866f188bb5724396bf25f1f921706cb342dfe0bcb14f199924f5c67\", Tags:[]string(nil), Created:1621013923, CreatedBy:\"/bin/sh -c #(nop)  LABEL org.opencontainers.image.created=\", Size:0, Comment:\"\"}, docker.ImageHistory{ID:\"sha256:179294040d6010d4a7c09b2169d985a9427407959de4a981a36d6aacd4e248b3\", Tags:[]string(nil), Created:1621013923, CreatedBy:\"/bin/sh -c #(nop)  LABEL org.opencontainers.image.authors=Brian Zalewski <brian@megabyte.space>\", Size:0, Comment:\"\"}, docker.ImageHistory{ID:\"sha256:a23b0e61c6513695b06cfcd06cf8e7cb8c0810612b701f871bff8adbb75c4c19\", Tags:[]string(nil), Created:1621013923, CreatedBy:\"/bin/sh -c #(nop)  LABEL maintainer=Megabyte Labs <help@megabyte.space\", Size:0, Comment:\"\"}, docker.ImageHistory{ID:\"sha256:c82f2a79a67fca3e57ef5283255ac45cd0769479d2c901e459602048082b26d1\", Tags:[]string(nil), Created:1621013923, CreatedBy:\"/bin/sh -c #(nop)  ARG VERSION\", Size:0, Comment:\"\"}, docker.ImageHistory{ID:\"sha256:157cff7ac8604e75bf2ba52ba3e1e60ded5dd127701a3ada6f5f26b69cf9c5ae\", Tags:[]string(nil), Created:1621013922, CreatedBy:\"/bin/sh -c #(nop)  ARG REVISION\", Size:0, Comment:\"\"}, docker.ImageHistory{ID:\"sha256:3dc1350b9cc6a7621e35229e6773af3868e56f607ae04156d20c33694bbf03a4\", Tags:[]string(nil), Created:1621013922, CreatedBy:\"/bin/sh -c #(nop)  ARG BUILD_DATE\", Size:0, Comment:\"\"}, docker.ImageHistory{ID:\"sha256:707a4e31146cc4f53204c658e7392b97944ff0b9630eaa350f8e3a8eee948b3f\", Tags:[]string(nil), Created:1621013922, CreatedBy:\"/bin/sh -c #(nop)  CMD [\\\"yamllint\\\" \\\"--version\\\"]\", Size:0, Comment:\"\"}, docker.ImageHistory{ID:\"sha256:e577bd51ef96d43ebe3f3e64ce80783810c9c87bc9e3691a418f66d7b6e36982\", Tags:[]string(nil), Created:1621013922, CreatedBy:\"/bin/sh -c #(nop) WORKDIR /work\", Size:0, Comment:\"\"}, docker.ImageHistory{ID:\"sha256:42fbfd532903bf42c288e015eab2d6c505f5b097dc756ffd39994d6f105e35f5\", Tags:[]string(nil), Created:1621013922, CreatedBy:\"/bin/sh -c apk --no-cache add --virtual build-dependencies       py3-pip=20.3.4-r0   && apk --no-cache add       python3=3.8.10-r0   && pip3 install --no-cache-dir       yamllint==1.26.1   && apk del build-dependencies   && rm -Rf /var/cache/apk/*\", Size:46476294, Comment:\"\"}, docker.ImageHistory{ID:\"sha256:b177e9721c4fbe30d8b5b5be2ea7784f47b70a7a82f43ef3b5914804324e311b\", Tags:[]string(nil), Created:1621013906, CreatedBy:\"/bin/sh -c #(nop)  ENV container=docker\", Size:0, Comment:\"\"}, docker.ImageHistory{ID:\"sha256:6dbb9cc54074106d46d4ccb330f2a40a682d49dda5f4844962b7dce9fe44aaec\", Tags:[]string{\"alpine:3\"}, Created:1618427979, CreatedBy:\"/bin/sh -c #(nop)  CMD [\\\"/bin/sh\\\"]\", Size:0, Comment:\"\"}, docker.ImageHistory{ID:\"<missing>\", Tags:[]string(nil), Created:1618427979, CreatedBy:\"/bin/sh -c #(nop) ADD file:8ec69d882e7f29f0652d537557160e638168550f738d0d49f90a7ef96bf31787 in / \", Size:5613158, Comment:\"\"}}\n\n"
time="2021-05-14T17:38:44Z" level=debug msg="IMAGE INSTRUCTIONS:"
time="2021-05-14T17:38:44Z" level=debug msg="FROM scratch"
time="2021-05-14T17:38:44Z" level=debug msg="# new image"
time="2021-05-14T17:38:44Z" level=debug msg="ADD file:8ec69d882e7f29f0652d537557160e638168550f738d0d49f90a7ef96bf31787 /"
time="2021-05-14T17:38:44Z" level=debug msg="CMD [\"/bin/sh\"]"
time="2021-05-14T17:38:44Z" level=debug msg="# end of image: alpine:3 (id:  tags: alpine:3)"
time="2021-05-14T17:38:44Z" level=debug
time="2021-05-14T17:38:44Z" level=debug msg="# new image"
time="2021-05-14T17:38:44Z" level=debug msg="ENV container=docker"
time="2021-05-14T17:38:44Z" level=debug msg="RUN apk --no-cache add --virtual build-dependencies       py3-pip=20.3.4-r0 && \\\n\tapk --no-cache add       python3=3.8.10-r0 && \\\n\tpip3 install --no-cache-dir       yamllint==1.26.1 && \\\n\tapk del build-dependencies && \\\n\trm -Rf /var/cache/apk/*"
time="2021-05-14T17:38:44Z" level=debug msg="WORKDIR /work"
time="2021-05-14T17:38:44Z" level=debug msg="CMD [\"yamllint\",\"--version\"]"
time="2021-05-14T17:38:44Z" level=debug msg="ARG BUILD_DATE"
time="2021-05-14T17:38:44Z" level=debug msg="ARG REVISION"
time="2021-05-14T17:38:44Z" level=debug msg="ARG VERSION"
time="2021-05-14T17:38:44Z" level=debug msg="LABEL maintainer=Megabyte Labs <help@megabyte.space"
time="2021-05-14T17:38:44Z" level=debug msg="LABEL org.opencontainers.image.authors=Brian Zalewski <brian@megabyte.space>"
time="2021-05-14T17:38:44Z" level=debug msg="LABEL org.opencontainers.image.created="
time="2021-05-14T17:38:44Z" level=debug msg="LABEL org.opencontainers.image.description=An incredibly compact YAML Lint container that you can use in CI environments as well as from the command-line as a one-liner (only 3.21997 MB compressed!)"
time="2021-05-14T17:38:44Z" level=debug msg="LABEL org.opencontainers.image.documentation=https://gitlab.com/megabyte-labs/dockerfile/ci-pipeline/yamllint/-/blob/master/README.md"
time="2021-05-14T17:38:44Z" level=debug msg="LABEL org.opencontainers.image.licenses=MIT"
time="2021-05-14T17:38:44Z" level=debug msg="LABEL org.opencontainers.image.revision="
time="2021-05-14T17:38:44Z" level=debug msg="LABEL org.opencontainers.image.source=https://gitlab.com/megabyte-labs/dockerfile/ci-pipeline/yamllint.git"
time="2021-05-14T17:38:44Z" level=debug msg="LABEL org.opencontainers.image.url=https://megabyte.space"
time="2021-05-14T17:38:44Z" level=debug msg="LABEL org.opencontainers.image.vendor=Megabyte Labs"
time="2021-05-14T17:38:44Z" level=debug msg="LABEL org.opencontainers.image.version="
time="2021-05-14T17:38:44Z" level=debug msg="LABEL space.megabyte.type=ci-pipeline"
time="2021-05-14T17:38:44Z" level=debug msg="# end of image: master:latest (id:  tags: master:latest)"
time="2021-05-14T17:38:44Z" level=debug
cmd=build info=image.stack index='0' name='alpine:3' id='sha256:6dbb9cc54074106d46d4ccb330f2a40a682d49dda5f4844962b7dce9fe44aaec' 
cmd=build info=image.stack name='master:latest' id='sha256:6db846ce739a8656ce1ae8a922d7de63663fd01740cdf5864b78b08a32257530' index='1' 
cmd=build state=image.inspection.done
cmd=build state=container.inspection.start
time="2021-05-14T17:38:44Z" level=debug msg="FatContainerCmd - [yamllint --version]" app=docker-slim command=build component=container.inspector
time="2021-05-14T17:38:44Z" level=info msg="starting instrumented 'fat' container..." app=docker-slim command=build
time="2021-05-14T17:38:44Z" level=debug msg="RunContainer: sensor (/usr/local/bin/docker-slim-sensor) perms => 0755" app=docker-slim command=build component=container.inspector
time="2021-05-14T17:38:44Z" level=debug msg="dockerutil.HasVolume: volume not found - docker-slim-sensor.1.35.1"
time="2021-05-14T17:38:44Z" level=debug msg="ensureSensorVolume: no volume yet = docker-slim-sensor.1.35.1" app=docker-slim command=build component=container.inspector
time="2021-05-14T17:38:44Z" level=debug msg="version.Check: http status = 200 OK" app=docker-slim
time="2021-05-14T17:38:44Z" level=debug msg="dockerutil.CreateVolumeWithData: volumeInfo = &{Name:docker-slim-sensor.1.35.1 Driver:local Mountpoint:/var/lib/docker/volumes/docker-slim-sensor.1.35.1/_data Labels:map[] Options:map[] CreatedAt:2021-05-14 17:38:44 +0000 UTC}"
time="2021-05-14T17:38:45Z" level=debug msg="dockerutil.CopyToVolume: containerID - 58348dcb61b326cabccadb9e03ba8623bc890843e1241d173f93c59075202438"
time="2021-05-14T17:38:45Z" level=debug msg="RunContainer: default exposed ports => map[docker.Port]struct {}{\"65501/tcp\":struct {}{}, \"65502/tcp\":struct {}{}}" app=docker-slim command=build component=container.inspector
cmd=build info=container status='created' name='dockerslimk_29_20210514173845' id='483c9963b9b34692828315003fc18880278fdaec0a02cfdb1d8359b63af3e461' 
time="2021-05-14T17:38:45Z" level=debug msg="RunContainer: container HostConfig.NetworkMode => default len(ports)=2" app=docker-slim command=build component=container.inspector
time="2021-05-14T17:38:45Z" level=debug msg="RunContainer: container NetworkSettings.Ports => map[docker.Port][]docker.PortBinding{\"65501/tcp\":[]docker.PortBinding{docker.PortBinding{HostIP:\"0.0.0.0\", HostPort:\"49154\"}, docker.PortBinding{HostIP:\"::\", HostPort:\"49154\"}}, \"65502/tcp\":[]docker.PortBinding{docker.PortBinding{HostIP:\"0.0.0.0\", HostPort:\"49153\"}, docker.PortBinding{HostIP:\"::\", HostPort:\"49153\"}}}" app=docker-slim command=build component=container.inspector
time="2021-05-14T17:38:45Z" level=debug msg="ipc.NewClient(172.18.0.2,65501,65502)"
time="2021-05-14T17:38:45Z" level=debug msg="channel.NewClient: connect wait timeout - 1m0s"
time="2021-05-14T17:38:45Z" level=debug msg="channel.NewClient: net.DialTimeout(tcp,172.18.0.2:65501,15s) [time=1621013925650110776]"
time="2021-05-14T17:39:00Z" level=debug msg="channel.NewClient: (dial time = 15.000319532s) - connect error = dial tcp 172.18.0.2:65501: i/o timeout"
time="2021-05-14T17:39:00Z" level=debug msg="channel.NewClient: waiting before trying to connect again..."
time="2021-05-14T17:39:02Z" level=debug msg="channel.NewClient: net.DialTimeout(tcp,172.18.0.2:65501,15s) [time=1621013942650946145]"
time="2021-05-14T17:39:17Z" level=debug msg="channel.NewClient: (dial time = 15.000454304s) - connect error = dial tcp 172.18.0.2:65501: i/o timeout"
time="2021-05-14T17:39:17Z" level=debug msg="channel.NewClient: waiting before trying to connect again..."
time="2021-05-14T17:39:19Z" level=debug msg="channel.NewClient: net.DialTimeout(tcp,172.18.0.2:65501,15s) [time=1621013959651850145]"
time="2021-05-14T17:39:34Z" level=debug msg="channel.NewClient: (dial time = 15.000622457s) - connect error = dial tcp 172.18.0.2:65501: i/o timeout"
time="2021-05-14T17:39:34Z" level=debug msg="channel.NewClient: waiting before trying to connect again..."
time="2021-05-14T17:39:36Z" level=debug msg="channel.NewClient: net.DialTimeout(tcp,172.18.0.2:65501,15s) [time=1621013976652942851]"
time="2021-05-14T17:39:51Z" level=debug msg="channel.NewClient: (dial time = 15.000435023s) - connect error = dial tcp 172.18.0.2:65501: i/o timeout"
time="2021-05-14T17:39:51Z" level=debug msg="channel.NewClient: waiting before trying to connect again..."
time="2021-05-14T17:39:53Z" level=debug msg="channel.NewClient: connect wait timeout (waited=1m8.003791712s)"
time="2021-05-14T17:39:53Z" level=error msg="channel.NewCommandClient: NewClient error = wait timeout"
time="2021-05-14T17:39:53Z" level=error msg="ipc.NewClient init error = wait timeout"
time="2021-05-14T17:39:53Z" level=fatal msg="docker-slim: failure" error="wait timeout" stack="goroutine 1 [running]:\nruntime/debug.Stack(0x74, 0x0, 0xc000078138)\n\truntime/debug/stack.go:24 +0x9f\ngithub.com/docker-slim/docker-slim/pkg/util/errutil.FailOn(0xeeb1e0, 0xc000170480)\n\tgithub.com/docker-slim/docker-slim/pkg/util/errutil/errutil.go:28 +0x54\ngithub.com/docker-slim/docker-slim/pkg/app/master/commands/build.OnCommand(0xc00000eeb8, 0xc0003a8690, 0x7fffbd716043, 0xd, 0x0, 0xc00017c630, 0xc0003d6e50, 0x0, 0x0, 0x0, ...)\n\tgithub.com/docker-slim/docker-slim/pkg/app/master/commands/build/handler.go:426 +0x1c87\ngithub.com/docker-slim/docker-slim/pkg/app/master/commands/build.glob..func1(0xc0003ca160, 0xc0003c6a00, 0xc0003c6fb0)\n\tgithub.com/docker-slim/docker-slim/pkg/app/master/commands/build/cli.go:518 +0x29c5\ngithub.com/urfave/cli.HandleAction(0xc97640, 0xe11d70, 0xc0003ca160, 0xc0003ca160, 0x0)\n\tgithub.com/urfave/cli@v1.22.4/app.go:526 +0xfd\ngithub.com/urfave/cli.Command.Run(0xdcf282, 0x5, 0x0, 0x0, 0x1441930, 0x1, 0x1, 0xe061cb, 0x6c, 0x0, ...)\n\tgithub.com/urfave/cli@v1.22.4/command.go:174 +0x58e\ngithub.com/urfave/cli.(*App).Run(0xc000380380, 0xc000030080, 0x8, 0x8, 0x0, 0x0)\n\tgithub.com/urfave/cli@v1.22.4/app.go:279 +0x7e8\ngithub.com/docker-slim/docker-slim/pkg/app/master.Run()\n\tgithub.com/docker-slim/docker-slim/pkg/app/master/app.go:15 +0x54\nmain.main()\n\tgithub.com/docker-slim/docker-slim/cmd/docker-slim/main.go:8 +0x25\n" version="linux|Transformer|1.35.1|89ddd87f009dd1e7cbd66a5494e5956c3c093edc|2021-04-27_07:10:07PM"

And here's the Dockerfile for the image being used in case that's helpful:

https://gitlab.com/megabyte-labs/dockerfile/ci-pipeline/dockerslim/-/blob/master/Dockerfile

kcq commented 3 years ago

Thanks for the repro details @ProfessorManhattan ! It's super useful. Looks like the main process can't connect to the temporary container it created. It's possible that the target container crashed. Do you mind adding the --show-clogs build command flag to see the logs from the temporary container that gets created. Also can you try using the 1.35.2 version of docker-slim.

ProfessorManhattan commented 3 years ago

Hey @kcq -- thanks for following up. I added --show-clogs and upgraded to 1.35.2 but that did not work.

Things I have tried:

Here's the build with TLS enabled:

https://gitlab.com/megabyte-labs/dockerfile/ci-pipeline/ansible-lint/-/jobs/1264169021

And here's the build with TLS disabled (basically the same thing):

https://gitlab.com/megabyte-labs/dockerfile/ci-pipeline/dockerslim/-/jobs/1284746324

Output using --show-clogs=true instead of just --show-clogs:

https://gitlab.com/megabyte-labs/dockerfile/ci-pipeline/dockerslim/-/jobs/1284791596

And here's the updated container I'm using:

FROM docker:20.10.6 as build

ENV container docker
ENV DOCKERSLIM_SHA256 d87d6c52ccc39f2823817cdd29951eb38237fe2220572558a9281bb37800155c
ENV DOCKERSLIM_URL https://downloads.dockerslim.com/releases/1.35.2/dist_linux.tar.gz

SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
RUN apk --no-cache add --virtual build-dependencies \
      upx=3.96-r1 \
      wget=1.21.1-r1 \
  && wget -nv $DOCKERSLIM_URL -O /tmp/dockerslim.tar.gz \
  && echo "$DOCKERSLIM_SHA256  /tmp/dockerslim.tar.gz" | sha256sum -c \
  && tar -xzvf /tmp/dockerslim.tar.gz \
  && cp -rf dist_linux/* /usr/local/bin \
  && rm -rf /tmp/* dist_linux \
  && upx /usr/local/bin/docker-slim \
  && upx /usr/local/bin/docker-slim-sensor

FROM docker:20.10.6

COPY --from=build /usr/local/bin/docker-slim /usr/local/bin/docker-slim
COPY --from=build /usr/local/bin/docker-slim-sensor /usr/local/bin/docker-slim-sensor

RUN apk --no-cache add \
      jq=1.6-r1 \
  && rm -Rf /var/cache/apk/*

WORKDIR /work

Thanks for looking at this. This is my favorite project on GitHub and I've looked through the top 10,000 projects sorted by stars.

This might be a GitLab CI specific issue. They require you to run two images at the same time and specify one as a service. I'm not sure why but maybe that has something to do with this issue.

ProfessorManhattan commented 3 years ago

Hey @kcq -- did the logs with --show-clogs output anything useful?

MShekow commented 2 years ago

Hi, I can confirm that docker-slim does not work in the GitLab SaaS runners, for the same reason as the OP indicated. See here. Pity.

kcq commented 2 years ago

@MShekow thanks a lot for providing the logs! Super helpful... and great that the app repo is available too https://gitlab.com/MShekow/docker-slim-example . We'll figure this out :)

MShekow commented 2 years ago

@kcq thanks for looking into it. The project (and docker-slim) does work in my organization's private GitLab instance, where we use self-hosted GitLab runners (with "docker" executor), which are configured to mount the host machine's Docker socket into the CI job containers (so we are not using Docker-in-Docker there, but socket mounting). This means that the problem somehow seems to be caused by using the DinD service.

kcq commented 2 years ago

@MShekow yes, mounting the docker socket with Gitlab's setup is not really an option. Need to use DOCKER_HOST instead. Double checking the exact configs...

kcq commented 2 years ago

Also looks like the main app is not picking up the right IP address when it's trying to talk to the temporary container

MShekow commented 2 years ago

Do you have any idea what causes this?

Nabsku commented 8 months ago

Is there anything I can do to help debug this? Currently facing this issue and don't want to mount sockets. Using DIND:Rootless.

kcq commented 8 months ago

Is there anything I can do to help debug this? Currently facing this issue and don't want to mount sockets. Using DIND:Rootless.

Not mounting the socket should be possible, but rootless hasn't been tested. I'd recommend trying a rootless setup locally if you want to double check if it works. The big question here is the use of fanotify and ptrace. Need to see if they'd work running rootless.

Nabsku commented 8 months ago

Is there anything I can do to help debug this? Currently facing this issue and don't want to mount sockets. Using DIND:Rootless.

Not mounting the socket should be possible, but rootless hasn't been tested. I'd recommend trying a rootless setup locally if you want to double check if it works. The big question here is the use of fanotify and ptrace. Need to see if they'd work running rootless.

Using sensor-ipc-mode proxy on dind:rootless I get this:

cmd=build info=container message='obtained IP address' ip='172.17.0.2' cmd=build info=cmd.startmonitor status='sent' cmd=build info=event.error status='received' data='SensorError{Op:sensor.fanotify.Run/fanapi.Initialize,Kind:call.error,Wrapped:{Type=syscall.Errno,Info=operation not permitted,Line:47,File:github.com/docker-slim/docker-slim/pkg/app/sensor/monitors/fanotify/monitor.go}}' cmd=build state=exited code=-124 component=container.inspector version=linux|Transformer|1.37.3-42-g768c393|768c3930f23c509b3f5b39da3940e7cc7a22efc3|2022-02-27_06:38:30PM

So I'd wager dind:rootless might be a no-go here.