Description docker build for master succeeds on arm64 on Ubuntu 16.04 (Packet c1.large.arm) but fails on Ubuntu 18.04 (AWS a1.medium). Steps to reproduce the issue: 1. Check out master at ad1354ffb423620c1a86de0c531c9d7a0f640365 on those machines 2. Make fails on a1.medium Describe the results you received: Log output follows. How do I increase my storage size for overlay2 storage so I don’t run out of space on this build I’m doing? Bird.conf build build.sh conf createbinaries.sh docker-image INSTALL Makefile.calico nest proto RELEASING.md TODO root@ip-172-31-87-56:/home/ubuntu/evolute/bird#.
Build uname -m BUILDARCH=x8664 ARCH=x8664 case $BUILDARCH in BUILDARCH=amd64 case $ARCH in TARGETARCH=x8664 DOCKERFILE=Dockerfile IMAGE=birdbuild-x8664 ' amd64 '!=' x8664 ' DOCKERFILE=Dockerfile-cross IMAGE=birdbuild-amd64-cross DIST=dist/ OBJ=obj/ docker build -t birdbuild-amd64-cross -f builder-images/Dockerfile-cross.
For more information about reporting issues, see GENERAL SUPPORT INFORMATION The GitHub issue tracker is for bug reports and feature requests. Signed-off-by: John Howard This fixes an issue which was reported internally. I think the cause of it is more my mis-understanding of the VOLUME statement in a dockerfile from some 3+ years ago.
While it mostly worked, there was a bug (obviously). The issue was something such as the following was causing an error starting a Windows container using this image: FROM microsoft/windowsservercore RUN mkdir c: source VOLUME c:/source The error was 'docker: Error response from daemon: Unrecognised volume spec: file 'c:/source' cannot be mapped. Only directories can be mapped on this platform.' It was root caused that on the Windows path, it was erroneously attempting to parse the spec as a volume spec, not as a destination. In that scenario, the parse looked at the spec as it if were local (host) rather than a container path. Now in the case (such as above) that c:/source (c: source) exists, and is a file rather than a directory, the above error would be seen. The fix is to treat (as Linux does) the spec as a destination.
And manual verification: First WCOW: PS E: docker build volume docker build -t wcowvolume. Fixes The docker system prune command has an until filter; filters on the system prune command should be common to all object-types, however, build-cache pruning does not support the until filter. As a result, attempting to use the until filter on docker system prune caused an error message to be printed, and further pruning to be aborted; docker system prune –filter “until=24h” –force Error response from daemon: failed to prune build cache: Invalid filter ‘until’ To resolve this, we should either;. ignore the until filter for “build cache” and print a warning.
similar to “volumes” not supporting this option; produce an error if pruning build cache is enabled. map the until filter to another filter for the build cache that matches the behavior. Looking at those options; option 2. Is not possible, because enabling/disablign pruning of the build cache is done automatically, based on which build is selected. Would be a good solution, with the downside that if the -force flag is used, the user cannot be informed about the filter being ignored until the pruning is already started. Looking at option 3.; the build-cache has a unused-for filter, which seems to be a close match to until, and purges the cache if it hasn’t been used for the specified duration. This patch implements option 3., and maps the until filter to unused-for.
Before this patch; DOCKERBUILDKIT=1 docker system prune -filter until=24h -force Error response from daemon: failed to prune build cache: Invalid filter 'until' With this patch applied; DOCKERBUILDKIT=1 docker system prune -filter until=24h -force. Deleted: sha256:a4d4a0273aaeab2067405bcf062c6ffa18126f337e4aed306f2cc7 deleted: sha256:6dd6c244a3e8aa455575e1b9c16a5dda4ab8db1a1bdf350721c87b deleted: sha256:920f387943a029b0bb2146e2162d096d031b4e371e3cf6116f0f4cf15546b0fb Total reclaimed space: 458.6MB. Description Typically in multistage build the build stage linter/test. Reports will be lost with the options currently available. Tagging the intermediate stages would be a nice way to save the build reports. We will not be pushing the images to a registry but will be using the images to extract the reports and publish them to Jenkins.
Article with full description and workaround https://medium.com/@cyril.delmas/how-to-keep-the-build-reports-with-a-docker-multi-stage-build-on-jenkins-5f. Related Issue: Currently I am using a base image that requires me to overwrite one of the files it uses for configuration. The problem is that the base image runs as user 1001, this can be fixed by using the following: COPY -chown=1001 Is there a way to make the Dockerfile I am using to change the file permissions to the last set user (In this case 1001)? Right now the only way seems to be to go look into the base images Dockerfile to find the UID they are using.
This also now makes it so that if the user in the base image changes, any image we built won’t work due to permission issues, namely in the case where some base iamges are in the process from switching over from root user to non-root user. Another behavior that seems unintentionally affected by this is the suggested best practice: && rm -rf /var/lib/apt/lists/. This can easily be fixed by setting the user to root prior to running this, but also now requires you to explicitly change the user back to what the base image is expecting.
Is your feature request related to a problem? Please describe. I can’t easily set secrets to variables within service containers from Docker Compose. The only viable solution I’ve found is modifying the image for the containers, but this is a lack-luster solution. The documentation for Compose environment: Environment variables with only a key are resolved to their values on the machine Compose is running on, which can be helpful for secret or host-specific values. The word secret in the above context seems to mean information that is to be hidden as opposed to the Docker Term secret meaning a value encrypted to be used with Docker containers.
It should probably be reworded. Describe the solution you’d like The ability to assign secrets to environment variables within Docker Compose, like so: environment: - password secrets: - password This should assign $password the contents of /run/secrets/password. This was my original expectation after reading the above quoted documentation until I realized it meant the generic secret. Describe alternatives you’ve considered Creating custom entrypoint scripts and having them set the variables to the values then run the image’s original entrypoint script, but the only way to supply the custom entrypoint script is to put it inside a persistent volume and attach it to the container, or modify the image to include the custom entrypoint script. This doesn’t work because the container doesn’t mount the volume until after the entrypoint script runs.
Creating a CMD override to do what is needed, but this is convoluted & ugly. Plus it doesn’t work as desired. Modifying the original image. Not desired for the reasons to follow. Additional context Modifying the image to support using the /run/secrets contents is not a good solution to this problem for a few reasons.
It defeats the point of using a Compose file. A Compose file is as much documentation for an environment as it is a script much like Dockerfiles are for images. Secrets should be obfuscated by nature, but changes to support those secrets should not be. Changing an image to move away from a standard like using environment variables to support something Docker Compose cannot do is also creating unnecessary work. I would even go on to say changing images to use /run/secrets contents is an anti-pattern, and modifying them to assign the contents of /run/secrets to variables is just something Compose should do itself. In most cases, official images such as mariadb, phpmyadmin, etc aren’t built to use secrets and instead use environment variables. Utilizing those official sources for updates is preferred over sourcing their images then making modifications to them.
It adds an unnecessary step of work to automate, or to make changes when updates result in a need to change the customized image further. I’d like to propose eventually adding a new Engine REST API which exposes buildkit’s Solve more directly than /build which is focused around the dockerfile frontend specific use case and has some quirks due to that (and for legacy/historical reasons). I’ve prototyped running a custom frontend via the /build API but it’s a bit hacky and not terribly satisfactory (injecting a stub Dockerfile with a syntax directive in it, passing options by mapping to various Dockerfile-ish options etc).
Other potentially interesting things to expose are local exporter, debugger, shared session, multiple local sources and the ability to run a frontend client side (cf Build rather than Solve in the buildkit control API). It’s possible we could just extend on the current /build API to cover more underlying functionality (e.g.
Add a Frontend field to it), enhance the format of the returned body to remove the legacy framing etc. Or we could perhaps expose a new endpoint mapping the underlying Solve call a little more directly that the /build endpoint, with most of the options passed through or lightly adjusted/filtered (e.g maybe the full set of Exporter/ ExporterAttrs flexibility shouldn’t be exposed?).
The Session side would be the same as with /build (an upgraded conn to /session). The body returned would be the Status stream, I guess as a direct JSON stream of StatusResponse rather than wrapping in a JSONMessage like /build had to do (for compat reasons I suppose). I’m not entirely sure about SolveResponse, so I guess maybe there needs to be a little more structure to the body stream, but ideally not JSONMessage, just a simple union type map. A possibly simple (but IMHO not at all ideal) would be a simple API end point which opens the entire control API gRPC via a /session-like endpoint. I don’t think that is really what we want though (control API is not considered stable, might be too much low level power being exposed). /cc @tonistiigi @tiborvass.
You can ensure this by searching the issue list for this repository. If there is a duplicate, please close your issue and add a comment to the existing issue instead. If you suspect your issue is a bug, please edit your issue description to include the BUG REPORT INFORMATION shown below. If you fail to provide this information within 7 days, we cannot debug your issue and will close it. We will, however, reopen it if you later provide the information. For more information about reporting issues, see GENERAL SUPPORT INFORMATION The GitHub issue tracker is for bug reports and feature requests. Our build server builds projects out of source control and dumps the output on a network share.
We then run docker build pointing to the network share for the build context. In one particularly case we’re getting the following error: PS C: docker build server deployment Builds Main 22 -pull -tag dkr.reg/main/app:22 ERRO0000 Can't add file? UNC server Deployment Builds Main 22 bin Consul.dll to tar: readlink?
UNC server Deployment Builds Main 22 bin Consul.dll: The system cannot find the file specified. Sending build context to Docker daemon 380.4kB Step 1/10: FROM dkr.reg/tools/service-base:TC89 TC89: Pulling from tools/service-base Digest: sha256:d90105095d20a7a71197a4dc27343ca651ba4ba3887deee531b62c Status: Image is up to date for dkr.reg/tools/service-base:TC89 - d6bf8daf6e79 I suspect there’s something wrong with the files themselves since if I copy the “22” folder and run the build again on the copy then it works fine. However, the error itself, while odd, is not my main concern. Why is Docker continuing the build when it has errored sending the context to the docker engine? I would expect the process to terminate with an error at that point. It makes it hard to know if the build has succeeded or not when viewed from Teamcity. Is there a way to make it behave in this way?
Docker Version: Client: Version: 18.06.1-ce API version: 1.38 Go version: go1.10.3 Git commit: e68fc7a Built: Tue Aug 21 17: OS/Arch: windows/amd64 Experimental: false Server: Engine: Version: 18.06.1-ce API version: 1.38 (minimum version 1.24) Go version: go1.10.3 Git commit: e68fc7a Built: Tue Aug 21 17: OS/Arch: windows/amd64 Experimental: false.
For more information about reporting issues, see GENERAL SUPPORT INFORMATION The GitHub issue tracker is for bug reports and feature requests. Description I am building images with docker build -squash. One of my image inherits from another, and tries to COPY over a file that was previously copied in the parent. It appears that sometimes when I build with -squash, this file is not overwritten in the child and has the contents set by the parent. However, if I build afterwards without squash, it correctly copies the child’s file. Vwoo@ubuntu:/shared/execute/docker$ docker build -squash -t us.gcr.io/coderpad-1189/coderpad:vb vb Sending build context to Docker daemon 3.584kB Step 1/5: FROM us.gcr.io/coderpad-1189/coderpad:csharp - 2bd6abaee988 Step 2/5: RUN rm.csproj - Using cache - ea Step 3/5: RUN su - coderpad -c 'dotnet new console -name solution -output. This is a bit of the opposite request from #34151 and #34513 because currently we have to explicitly tag the early stages so that docker image prune doesn’t clean them up and blow away build cache that should still be valid.
The current workaround is to run the following: docker build -target build -t myimagebuild myimage docker build -t myimage myimage This is inefficient because the build for the build stage has to happen twice. The second time it’s all cached, but it means that the context has to be reloaded and this explicit tagging is required when it shouldn’t be necessary because the image isn’t dangling and is part of a tagged build. Description Docker stuck while download and ran a corrupted image after rebuild. I thought the problem was coming for my script, while it was a corrupted image. Steps to reproduce the issue: 1.
Ran a docker build, with an image I don’t have: “microsoft/dotnet:2.1-sdk-bionic” 2. Download got stuck while downloading.
(Could be network failure, but no resume/failing/error after reconnecting to the network, just stuck) 3. Stopped download and relaunched the build. Describe the results you received: The build didn’t attempt to re download(or i didn’t seen it, odd because i got a slow network) the image that it failed to download previously. The build failed later because dotnet core crashed because of an empty file in dotnet install. Re ran the same script on another machine: Build without problem, the empty file causing issue was not empty. Describe the results you expected: Docker don’t start the corrupted image, re-download it, or warn the user about the corrupted image.
For questions, and getting help on using docker:. Docker documentation -. Docker Forums -. Docker community Slack - (register here:. Post a question on StackOverflow, using the Docker tag –. x This is a bug report. This is a feature request.
x I searched existing issues before opening this one
Furthermore even the previous “good” container eventually gets killed, resulting in a complete service outage. Steps to reproduce the issue: 1. Use the following two dockerfiles to create two images: FROM alpine:3.8 RUN echo -e '#!/bin/sh nexit 0' /healthcheck.sh && chmod +x /healthcheck.sh CMD sleep 10000 Build using docker build -t service:good.
FROM alpine:3.8 RUN echo -e '#!/bin/sh nexit 1' /healthcheck.sh && chmod +x /healthcheck.sh CMD sleep 10000 Build using docker build -t service:bad. Run service using this service.yml: version: '3.7' services: main: image: 'service:good' #image: 'service:bad' healthcheck: test: 'CMD', 'sh', '/healthcheck.sh' startperiod: 0s interval: 5s retries: 1 timeout: 5s deploy: mode: global updateconfig: parallelism: 1 delay: 5s order: start-first failureaction: rollback rollbackconfig: order: start-first using docker stack deploy -compose-file service.yml service. Switch image to “bad” in yml file and run command again Describe the results you received: At first, everything seems to be alright. Swarm will start a container using the bad image.
After the healthcheck fails, the container gets deleted. The service show this sequence as desired state “Running” and current state “Starting” followed by “Shutdown” and “Failed”. Afterwards another “bad” container pops up and after the failing health check, gets deleted again. Now, the “good” container is flagged with a desired state of “Shutdown” and gets removed.
The “bad” container keeps popping up. Since the “good” container is gone, the service is gone as well. Describe the results you expected: Since the bad container can not be started, the service should rollback to the good container.
Since I specified start first, the good container should be kept running - so basically a rollback would just be stopping to try to start the bad container. Additional information you deem important (e.g. Description Multistage build fails when a specific sequence of COPY commands are given.
This happens in every version of dockerd 17.06 (i.e. 17.06 is not affected, while all the later versions are). The combination of COPY commands is:. COPY -from a parent stage of a file or directory which is already present in the current stage.
COPY from the host (or any stage other than the one used in step 1) of any other file.
Describe the results you received: Error: Step 5/5: COPY 1 /2 failed to export image: failed to create image: failed to get layer sha256:a8ed3836d2a5cbb8365c6e054ac8146b6e47991e48ed3e7331b832: layer does not exist Full log: sh + touch 1 + cat + docker build -no-cache. Sending build context to Docker daemon 5.12kB Step 1/5: FROM scratch AS base - Step 2/5: COPY 1 /1 - 3ad67d379696 Step 3/5: FROM base - 3ad67d379696 Step 4/5: COPY -from=base /1 /1 - dddb0549688c Step 5/5: COPY 1 /2 failed to export image: failed to create image: failed to get layer sha256:a8ed3836d2a5cbb8365c6e054ac8146b6e47991e48ed3e7331b832: layer does not exist Describe the results you expected: Successfully built xxxxx Additional information: Reproducible 100% on any docker 17.06 and any graphdriver. Can’t reproduce if DOCKERBUILDKIT is set (for versions that support buildkit, of course). This is a continuation of issues and The bug described here first appeared after merging PR and is not fixed by PRs and https://github.com/moby/moby/pull/35579.
If you suspect your issue is a bug, please edit your issue description to include the BUG REPORT INFORMATION shown below. If you fail to provide this information within 7 days, we cannot debug your issue and will close it. We will, however, reopen it if you later provide the information. For more information about reporting issues, see GENERAL SUPPORT INFORMATION The GitHub issue tracker is for bug reports and feature requests. (Report based on moby/moby master @ 9267f34f6da44afa7d92c039fe92b3e3ed61abce - 2nd Oct 2018) If the graphdrivers ApplyDiff function fails and we’re using tarsplit, then the daemon will usually panic rather than return the error. It is a race condition, but I am able to hit it 50:50, probably slightly higher in testing.
This is what you’ll see from the client as an example Step 4/13: ENV GOPATH=/go PATH=$PATH:/go/bin SRC=/go/src/github.com/Microsoft/opengcs - Running in d07950d0f9d8 Removing intermediate container d07950d0f9d8 unexpected EOF And this is the stack-trace from the daemon log.