GitLab pipeline Docker build gets stuck on apk - docker

Trying to make a simple GitLab pipeline that builds a Docker image for Alpine Linux + Openshift CLI.
This is the code:
FROM frolvlad/alpine-glibc:latest
MAINTAINER Daniel Widerin <daniel#widerin.net>
ENV OC_VERSION=v3.11.0 \
OC_TAG_SHA=0cbc58b \
BUILD_DEPS='tar gzip' \
RUN_DEPS='curl ca-certificates gettext'
RUN apk --no-cache add $BUILD_DEPS $RUN_DEPS && \
curl -sLo /tmp/oc.tar.gz https://github.com/openshift/origin/releases/download/${OC_VERSION}/openshift-origin-client-tools-${OC_VERSION}-${OC_TAG_SHA}-linux-64bit.tar.gz && \
tar xzvf /tmp/oc.tar.gz -C /tmp/ && \
mv /tmp/openshift-origin-client-tools-${OC_VERSION}-${OC_TAG_SHA}-linux-64bit/oc /usr/local/bin/ && \
rm -rf /tmp/oc.tar.gz /tmp/openshift-origin-client-tools-${OC_VERSION}-${OC_TAG_SHA}-linux-64bit && \
apk del $BUILD_DEPS
CMD ["/bin/sh"]
Now for some reason when running the pipeline it gets stuck on the curl part that downloads the openshift archive.
Status: Downloaded newer image for frolvlad/alpine-glibc:latest
---> 38dd85a430e8
Step 2/5 : MAINTAINER Daniel Widerin <daniel#widerin.net>
---> Running in bdacc7e92e79
Removing intermediate container bdacc7e92e79
---> c56da0a68f7f
Step 3/5 : ENV OC_VERSION=v3.11.0 OC_TAG_SHA=0cbc58b BUILD_DEPS='tar gzip' RUN_DEPS='curl ca-certificates gettext'
---> Running in cb1e6cdb39ca
Removing intermediate container cb1e6cdb39ca
---> 727952120e67
Step 4/5 : RUN apk --no-cache add $BUILD_DEPS $RUN_DEPS && curl -sLo /tmp/oc.tar.gz https://github.com/openshift/origin/releases/download/${OC_VERSION}/openshift-origin-client-tools-${OC_VERSION}-${OC_TAG_SHA}-linux-64bit.tar.gz && tar xzvf /tmp/oc.tar.gz -C /tmp/ && mv /tmp/openshift-origin-client-tools-${OC_VERSION}-${OC_TAG_SHA}-linux-64bit/oc /usr/local/bin/ && rm -rf /tmp/oc.tar.gz /tmp/openshift-origin-client-tools-${OC_VERSION}-${OC_TAG_SHA}-linux-64bit && apk del $BUILD_DEPS
---> Running in ef344ef4a96b
fetch http://dl-cdn.alpinelinux.org/alpine/v3.10/main/x86_64/APKINDEX.tar.gz
It stays like this for an hour until the pipeline times out.
Tried this same Dockerfile manually and it works fine.
How can I diagnose this issue? How can I find any logs for this?

Found that this issue is related to Alpine image having networking issues when run in Docker-in-Docker configuration on Kubernetes/OpenShift based runner. Adding --network host to Docker build helps to fix this issue.
Docker build --network host .
Related GitHub issue: github.com/gliderlabs/docker-alpine/issues/307

Related

connection refused when using dockerfile to pull git repository

Local setup for kubernetes: Mac OS
Docker for desktop >> kubernetes >> traefik >> Gitea
The gitea is installed in the cluster and exposed as clusterIP service ingresses through treafik which is accessible at http://gitea.local. Everything is butter smooth till here.
The pain:
Now i am creating a dockerfile and using a docker build to build an image. This dockerfile is trying to clone a repository from http://gitea.local. The problem is i am getting connection refused all the times.
RUN mkdir -p apps sites/assets/css \
&& cd apps \
&& git clone http://gitea.local/inviadmin/testing.git
Then i simply tried RUN curl http://gitea.local from inside dockerfile just to debug and got the same:
curl: (7) Failed to connect to gitea.local port 80: Connection refused
if i curl google.com from dockerfile its working. Any help is strongly appreciated.
Dockerfile:
# syntax = docker/dockerfile:1.0-experimental
FROM bitnami/python:3.7-prod
ENV NVM_DIR=/root/.nvm
ENV NODE_VERSION=12.18.3
ENV PATH="/root/.nvm/versions/node/v${NODE_VERSION}/bin/:${PATH}"
RUN install_packages wget \
&& wget https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.3/install.sh \
&& chmod +x install.sh \
&& ./install.sh \
&& . "$NVM_DIR/nvm.sh" && nvm install ${NODE_VERSION} \
&& nvm use v${NODE_VERSION} && npm install -g yarn
RUN install_packages \
# when using ssh
git openssh-client openssh-server iputils-ping
#git
ARG GIT_BRANCH=master
#RUN ping host.docker.internal
RUN mkdir -p apps sites/assets/css \
&& cd apps \
&& git clone http://gitea.local/inviadmin/test.git --branch $GIT_BRANCH
FROM nginx:latest
COPY --from=0 /home/test/sample/sites /var/www/html/
COPY --from=0 /var/www/error_pages /var/www/
COPY build/nginx/nginx-default.conf.template /etc/nginx/conf.d/default.conf.template
COPY build/entry/docker-entrypoint.sh /
RUN apt-get update && apt-get install -y rsync && apt-get clean \
&& echo "#!/bin/bash" > /rsync \
&& chmod +x /rsync
VOLUME [ "/assets" ]
ENTRYPOINT ["/docker-entrypoint.sh"]
CMD ["nginx", "-g", "daemon off;"]
I tested your dockerfile and here's the outcome
Since the only part you were having issue was the git pull, i chose to use the following lines only.
Notice from the build that how adding entry to the /etc/hosts took effect for the following commands.
If the issue still persists then i suggest you start looking into the gitea container's logs.

Setting up NSCA in Docker Alpine image for passive nagios check

In the Alpine linux package site https://pkgs.alpinelinux.org/packages
NSCA packages are yet to get added. Is there an alternative to setup NSCA in Alpine Linux for passive-check?
If there is no package for it, you can always build it yourself.
FROM alpine AS builder
ARG NSCA_VERSION=2.9.2
RUN apk update && apk add build-base build-base gcc wget git
RUN wget http://prdownloads.sourceforge.net/nagios/nsca-$NSCA_VERSION.tar.gz
RUN tar xzf nsca-$NSCA_VERSION.tar.gz
RUN cd nsca-$NSCA_VERSION&& ./configure && make all
RUN ls -lah nsca-$NSCA_VERSION/src
RUN mkdir -p /dist/bin && cp nsca-$NSCA_VERSION/src/nsca /dist/bin
RUN mkdir -p /dist/etc && cp nsca-$NSCA_VERSION/sample-config/nsca.cfg /dist/etc
FROM alpine
COPY --from=builder /dist/bin/nsca /bin/
COPY --from=builder /dist/etc/nsca.cfg /etc/
Since this is using multiple stages, your resulting image will not contain development files and will still be small.

Docker-entrypoint.sh results in "not found" for ARM image with golang

My problem is that I get an error when running my container on an ARM arch system(RaspberryPI with Raspbian). Image was built on that same Raspberry.
This is my dockerfile:
FROM arm32v7/golang
COPY qemu-arm-static /usr/bin
ENV STATUSOK_VERSION 0.1.1
RUN apt-get update \
&& apt-get install -y unzip \
&& wget https://github.com/sanathp/statusok/releases/download/$STATUSOK_VERSION/statusok_linux.zip \
&& unzip statusok_linux.zip \
&& mv ./statusok_linux/statusok /go/bin/StatusOk \
&& rm -rf ./statusok_linux* \
&& apt-get remove -y unzip git \
&& apt-get autoremove -y \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
VOLUME /config
COPY ./docker-entrypoint.sh /docker-entrypoint.sh
ENTRYPOINT /docker-entrypoint.sh
I'm able to succesfully build this on a RaspberryPI running Raspbian:
root#raspberrypi:~/armstatusok# docker build . -t armstatusok
Sending build context to Docker daemon 6.656kB
Step 1/7 : FROM arm32v7/golang
---> 8bbfdfd01a06
Step 2/7 : COPY qemu-arm-static /usr/bin
---> Using cache
---> 2572fd1e03a0
Step 3/7 : ENV STATUSOK_VERSION 0.1.1
---> Using cache
---> 25d39a4c6eb5
Step 4/7 : RUN apt-get update && apt-get install -y unzip && wget https://github.com/sanathp/statusok/releases/download/$STATUSOK_VERSION/statusok_linux.zip && unzip statusok_linux.zip && mv ./statusok_linux/statusok /go/bin/StatusOk && rm -rf ./statusok_linux* && apt-get remove -y unzip git && apt-get autoremove -y && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
---> Using cache
---> bfb1cfa9a985
Step 5/7 : VOLUME /config
---> Using cache
---> 3bfbce28329b
Step 6/7 : COPY ./docker-entrypoint.sh /docker-entrypoint.sh
---> Using cache
---> a1795ca4f40c
Step 7/7 : ENTRYPOINT /docker-entrypoint.sh
---> Using cache
---> d0ce74911ba3
Successfully built d0ce74911ba3
Successfully tagged armstatusok:latest
Next step is to run it, and where I get into trouble:
root#raspberrypi:~/armstatusok# docker run --name=armstatusok -v $PWD:/config armstatusok
/docker-entrypoint.sh: 1: /docker-entrypoint.sh: /go/bin/StatusOk: not found
I went into the container commenting line one of the docker-entrypoint.sh and checked if /go/bin/StatusOk was actually there, and it was.
My docker-entrypoint.sh:
root#raspberrypi:~/armstatusok# cat docker-entrypoint.sh
/go/bin/StatusOk --config /config/config.json
Now my question is, does anybody have a clue where to start? I also tested this dockerfile on x86 arch, and there it worked. I only changed the FROM line to the x86 flavour and removed the COPY qemu-arm-static /usr/bin since that line is there to make it work on ARM arch, according to documentation.
I copied this Dockerfile and start script verbatim and it builds and runs perfectly for me. I get
Config file not present at the given location: /config/config.json give correct file location using --config parameter
because I don't have access to the config file you're using. But the fact I get that message means that StatusOk is running. So I don't know what to suggest.
The only difference I made was to add a shebang #!/bin/sh to the start of the docker-entrypoint.sh file, and ensure it has execute permission, by running ls -al, and if it doesn't have x in the permissions, running chmod +rwx. Don't know if that made any difference as to how the script tried to access /go/bin/StatusOk.
Full docker-entrypoint.sh contents:
#!/bin/sh
/go/bin/StatusOk --config /config/config.json

Why do I get "unzip: short read" when I try to build an image from Dockerfile?

From Spring Microservices in Action book: I am trying to use the Docker Maven Plugin to build a docker image for deploy a Java microservice as Docker container to the cloud.
Dockerfile:
FROM openjdk:8-jdk-alpine
RUN mkdir -p /usr/local/configserver
ADD jce_policy-8.zip /tmp/
RUN unzip /tmp/jce_policy-8.zip && \
rm /tmp/jce_policy-8.zip && \
yes | cp -v /tmp/UnlimitedJCEPolicyJDK8/*.jar /usr/lib/jvm/java-1.8-openjdk/jre/lib/security/
ADD #project.build.finalName#.jar /usr/local/configserver/
ADD run.sh run.sh
RUN chmod +x run.sh
CMD ./run.sh
Output related to step 4 in Dockerfile:
...
---> Using cache
---> dd33d4c12d29
Step 4/8 : RUN unzip /tmp/jce_policy-8.zip && rm /tmp/jce_policy-8.zip && yes | cp -v /tmp/UnlimitedJCEPolicyJDK8/*.jar /usr/lib/jvm/java-1.8-openjdk/jre/lib/security/
---> Running in 1071273ceee5
Archive: /tmp/jce_policy-8.zip
unzip: short read
Why do I get unzip: short read when I try to build the image?
Somehow, curl on alpine linux distro can't set cookie headers correctly while downloading jce zip file. It seems it downloads a zip file but in fact it is an html error page. If you view the file you can see that it is an html file. I've used wget instead of curl and it successfully downloaded file. Then unzip operation worked as expected.
FROM openjdk:8-jdk-alpine
RUN apk update && apk upgrade && apk add netcat-openbsd
RUN mkdir -p /usr/local/configserver
RUN cd /tmp/ && \
wget 'http://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip' --header "Cookie: oraclelicense=accept-securebackup-cookie" && \
unzip jce_policy-8.zip && \
rm jce_policy-8.zip && \
yes |cp -v /tmp/UnlimitedJCEPolicyJDK8/*.jar /usr/lib/jvm/java-1.8-openjdk/jre/lib/security/
ADD #project.build.finalName#.jar /usr/local/configserver/
ADD run.sh run.sh
RUN chmod +x run.sh
CMD ./run.sh
It's possible your jce_policy-8.zip archive is being recognized as a compressed archive and expanded by the ADD instruction. If so, you can skip unzipping on the next line. Or, switch to the COPY instruction, which does no special processing of local archives.
In general, I recommend always using the COPY instruction to bring in files and directories from the build context. Only use ADD when you specifically want the extra unpacking behaviour.
I'm find solved link
FROM openjdk:8-jdk-alpine
RUN apk update && apk upgrade && apk add netcat-openbsd && apk add curl
RUN mkdir -p /usr/local/configserver
RUN cd /tmp/ && \
**curl -L -b "oraclelicense=a" http://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip -O** && \
unzip jce_policy-8.zip && \
rm jce_policy-8.zip && \
yes |cp -v /tmp/UnlimitedJCEPolicyJDK8/*.jar /usr/lib/jvm/java-1.8-openjdk/jre/lib/security/
ADD #project.build.finalName#.jar /usr/local/configserver/
ADD run.sh run.sh
RUN chmod +x run.sh
CMD ./run.sh
Maybe it is related to the fact that the unzip command in alpine is provided busybox and not the standard unzip tool.
Busybox do have bugs related to this error:
https://bugs.busybox.net/show_bug.cgi?id=8821
Here is a related issue with more details:
https://github.com/wahern/luaossl/issues/103
As a workaround installing the standard unzip command should work.

Folder missing inside docker container

I wrote this docker-compose project. The docker-compose.yml looks like this:
version: '3.1'
services:
db:
image: mysql
restart: always
environment:
- MYSQL_DATABASE=mgsv
- MYSQL_USER=mgsv_user
- MYSQL_PASSWORD=mgsvpass
- MYSQL_ROOT_PASSWORD=mysql123
volumes:
- ./mysql:/docker-entrypoint-initdb.d
www:
build: ./mGSV
restart: always
ports:
- 8080:8080
And the Dockerfile is based on a PHP container and looks like this.
FROM php:5-apache
RUN apt-get update && apt-get install -y --no-install-recommends \
openjdk-7-jdk \
maven \
git \
&& rm -rf /var/lib/apt/lists/*
RUN git clone https://github.com/qunfengdong/mGSV.git
# Move the folder 'mgsv' to DocumentRoot of Apache web server. By default, the DocumentRoot of Apache is /var/www/ (speak to the system administrator to know the exact DocumentRoot).
RUN cd /var/www/html/mGSV \
&& mkdir tmp \
&& chmod -R 777 tmp
RUN cd /var/www/html/mGSV && sed -i.bak "s|'gsv'|'mgsv_user'|" lib/settings.php \
&& sed -i.bak "s|$database_pass = ''|$database_pass = 'mgsvpass'|" lib/settings.php \
&& sed -i.bak "s|cas-qshare.cas.unt.edu|localhost|" lib/settings.php
RUN cp /var/www/html/mGSV/Arial.ttf /usr/share/fonts/truetype/
RUN cd /var/www/html/mGSV/ws \
&& tar -xzf mgsv-ws-server.tar.gz
RUN cd /var/www/html/mGSV/ws/mgsv-ws-server \
&& mvn package
RUN cp -f /var/www/html/mGSV/ws/mgsv-ws-server/target/ws-server-1.0RC1-jar-with-dependencies.jar /var/www/html/mGSV/ws/
RUN cd /var/www/html/mGSV/ws \
&& echo "mgsv_upload_url=http://localhost/mgsv" > config.properties \
&& echo "ws_publish_url=http\://localhost\:8081/MGSVService" >> config.properties \
&& java -jar ws-server-1.0RC1-jar-with-dependencies.jar &
This is the output which I got:
Step 1/11 : FROM php:5-apache
---> 8f4a38cf4542
Step 2/11 : RUN apt-get update && apt-get install -y --no-install-recommends openjdk-7-jdk maven git && rm -rf /var/lib/apt/lists/*
---> Using cache
---> f194797b9362
Step 3/11 : RUN git clone https://github.com/qunfengdong/mGSV.git
---> Using cache
---> 4acd066da444
Step 4/11 : RUN cd /var/www/html/mGSV && mkdir tmp && chmod -R 777 tmp
---> Using cache
---> f766f9ceb7d3
Step 5/11 : RUN cd /var/www/html/mGSV && sed -i.bak "s|'gsv'|'mgsv_user'|" lib/settings.php && sed -i.bak "s|$database_pass = ''|$database_pass = 'mgsvpass'|" lib/settings.php && sed -i.bak "s|cas-qshare.cas.unt.edu|localhost|" lib/settings.php
---> Using cache
---> 007dff8907f4
Step 6/11 : RUN cp /var/www/html/mGSV/Arial.ttf /usr/share/fonts/truetype/
---> Using cache
---> 026049ca32d8
Step 7/11 : RUN cd /var/www/html/mGSV/ws && tar -xzf mgsv-ws-server.tar.gz
---> Using cache
---> 92a0f85b27a0
Step 8/11 : RUN cd /var/www/html/mGSV/ws/mgsv-ws-server && mvn package
---> Using cache
---> 5aa1723f255f
Step 9/11 : RUN cp -f /var/www/html/mGSV/ws/mgsv-ws-server/target/ws-server-1.0RC1-jar-with-dependencies.jar /var/www/html/mGSV/ws/
---> Using cache
---> f0dbd0ac1ddb
Step 10/11 : RUN cd /var/www/html/mGSV/ws && echo "mgsv_upload_url=http://localhost/mgsv" > config.properties && echo "ws_publish_url=http\://localhost\:8081/MGSVService" >> config.properties && java -jar ws-server-1.0RC1-jar-with-dependencies.jar &
---> Using cache
---> 0c86c0adddd5
However, when I create an interactive session the /var/www/html/ is empty:
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
php 5-apache 8f4a38cf4542 7 days ago 374MB
$ sudo docker run --entrypoint /bin/bash -i -t 8f4a38cf4542
root#a3908e297bcf:/var/www/html# ls
Why can't I see the /var/www/html/mGSV folder inside the docker container?
Thank you in advance.
Michal
The 8f4a38cf4542 image is the php:5-apache base image you are building FROM before all your additions.
The docker-compose build output should include a line: Successfully built eccdcc9a9534 at the end, which is the image ID you need to copy from your output and use. You should be able to find this image in the complete output:
docker images -a
To make life easier, add an image name to the www service so compose tags the build and it's easily accessable:
www:
build: ./mGSV
image: user3523406/www
restart: always
Then
sudo docker run --entrypoint /bin/bash -it user3523406/www

Resources