I have the following Dockerfile that uses the latest Ubuntu image pulled from dockerhub:
FROM ubuntu:latest
RUN apt-get update && apt-get install -y g++ llvm lcov
when I launch the docker build command, the following errors occur:
Err:2 http://archive.ubuntu.com/ubuntu bionic InRelease
At least one invalid signature was encountered.
Err:1 http://security.ubuntu.com/ubuntu bionic-security InRelease
At least one invalid signature was encountered.
Err:3 http://archive.ubuntu.com/ubuntu bionic-updates InRelease
At least one invalid signature was encountered.
Err:4 http://archive.ubuntu.com/ubuntu bionic-backports InRelease
At least one invalid signature was encountered.
Reading package lists...
W: GPG error: http://archive.ubuntu.com/ubuntu bionic InRelease: At least one invalid signature was encountered.
E: The repository 'http://archive.ubuntu.com/ubuntu bionic InRelease' is not signed.
W: GPG error: http://security.ubuntu.com/ubuntu bionic-security InRelease: At least one invalid signature was encountered.
E: The repository 'http://security.ubuntu.com/ubuntu bionic-security InRelease' is not signed.
W: GPG error: http://archive.ubuntu.com/ubuntu bionic-updates InRelease: At least one invalid signature was encountered.
E: The repository 'http://archive.ubuntu.com/ubuntu bionic-updates InRelease' is not signed.
W: GPG error: http://archive.ubuntu.com/ubuntu bionic-backports InRelease: At least one invalid signature was encountered.
E: The repository 'http://archive.ubuntu.com/ubuntu bionic-backports InRelease' is not signed.
I read here https://superuser.com/questions/1331936/how-can-i-get-past-a-repository-is-not-signed-message-when-attempting-to-upgr that you can pass this error using --allow-unauthenitcated or --allow-insecure-repositories but both seem to me workarounds that may compromize security of the container.
EDIT
Tried to pull ubuntu:18.04, ubuntu:19:04, ubuntu:19.10 same error with different distro name
Apparently my root partition was full (maybe I've tried too many times to download packages through apt), and running sudo apt clean solved the issue
In addition, the following commands should help clean up space:
docker system df # which can show disk usage and size of 'Build Cache'
docker image prune # add -f or --force to not prompt for confirmation
docker container prune # add -f or --force to not prompt for confirmation
Since Docker API v1.25+ ( released: Nov 18, 2019 )
Running the command below fixed the problem for me:
docker system prune --force
The --force flag stands for noninteractive prune.
Additionally, you may want to give a try to the prune volume commands:
docker volume prune --force
fixed by
docker image prune -f
looks like docker has a limit on maximum apt cache size on the host system
If you're using Docker Desktop, take care of the maximum disk image size you've specified in the settings. It can cause the issue if it gets full during the build (source).
For Raspbian, upgrade libseccomp manually on the host system by using:
curl http://ftp.us.debian.org/debian/pool/main/libs/libseccomp/libseccomp2_2.5.1-1_armhf.deb --output libseccomp2_2.5.1-1_armhf.deb
sudo dpkg -i libseccomp2_2.5.1-1_armhf.deb
This resolved my issue.
Original post is here.
As #Danila and #Andriy pointed out this issue can easily be fixed running:
docker image prune -f
docker container prune -f
but posting this answer, as running just one of them didn't work for me (on MacOS X) - running both however does.
This helps me:
docker volume prune
I had to run container with --security-opt seccomp:unconfined.
I had this problem on one of my two machines. Doing a ls -ld /tmp I got
drwxrwxrwt 3 root root 4096 May 15 20:46 /tmp
for the working one and
drwxr-xr-t 1 root root 4096 May 26 05:44 /tmp
for the failing one. After I did chmod 1777 /tmp, it worked!!
EDIT:
So, I dived a little deeper into this problem and realized there was something fundamentally wrong. I put my problems in another question and later found the answer that solved this myself: https://stackoverflow.com/a/62088961/7387935
The key point here is that on the machine that was working correctly I had aufs as storage driver and on the faulty one it was overlay2. After I changed that, all permissions were correct.
I tried again later and it worked.
From https://github.com/docker-library/php/issues/898#issuecomment-539234070:
That usually means the mirror is having issues (possibly partially out
of date; i.e. not completely synced from other mirrors) and often
clears itself up.
I added --network=host to the build command.
docker build --network=host -t REPOSITORY:TAG ./
this worked for me
docker system prune -af --volumes
and these other ones as well
docker image prune
docker container prune
docker builder prune
docker volume prune
This running docker system df and see if you need free space on one of your volumes
Related
I installed docker on CentOS 8. CentOS doesn't Docker anymore. When I type docker build -t project . than I get this error message:
Err:1 http://deb.debian.org/debian testing InRelease
Temporary failure resolving 'deb.debian.org'
Err:2 http://http.debian.net/debian sid InRelease
Temporary failure resolving 'http.debian.net'
Reading package lists...
W: Failed to fetch http://deb.debian.org/debian/dists/testing/InRelease Temporary failure resolving 'deb.debian.org'
W: Failed to fetch http://http.debian.net/debian/dists/sid/InRelease Temporary failure resolving 'http.debian.net'
W: Some index files failed to download. They have been ignored, or old ones used instead.
Reading package lists...
E: The value 'testing' is invalid for APT::Default-Release as such a release is not available in the sources
The command '/bin/sh -c apt-get update && apt-get install -yq --no-install-recommends groff && rm -rf /var/lib/apt/lists/*' returned a non-zero code: 100
I tried in /etc/resolv.conf nameserver 8.8.8.8
In fact, when you do docker build, docker internal will set up temp build container for you, so it still related to container's dns.
By default, docker will use dns locally defined in your /etc/resolv.conf file, but if not found, you may also have chance to override it.
You should create next file with the following contents to set DNS:
/etc/docker/daemon.json:
{
"dns": ["your_dns_ip"]
}
Finally, restart your docker to make it take effect. Detail refers to Fix Docker's networking DNS config.
Additionally, make sure you use a workable dns, also make sure 8.8.8.8 really could work in your country if you use this.
I was trying to deploy the docker based devstack on my local machine. I followed the official installation guide found here: https://github.com/edx/devstack. I went through most of the processes without a glitch until I had to run make dev.provision
when i run the provisioning command I encounter the following failed task
TASK [server_utils : Install ubuntu system packages] ***************************
failed: [localhost] (item=[u'ack-grep', u'mosh', u'tree', u'screen', u'tmux', u'curl', u'vim', u'dnsutils', u'inetutils-telnet', u'netcat']) => {"failed": true, "item": ["ack-grep", "mosh", "tree", "screen", "tmux", "curl", "vim", "dnsutils", "inetutils-telnet", "netcat"], "msg": "Failed to update apt cache."}
to retry, use: --l/admin/theming/sitetheme/imit #/edx/app/edx_ansible/edx_ansible/playbooks/edxapp.retry
PLAY RECAP *********************************************************************
localhost : ok=2 changed=1 unreachable=0 failed=1
I accessed the lms container through bash using docker exec -it mycontainer bash and ran apt update manually because it seemed that the provisioner encountered an error when it was trying to "Install ubuntu system packages" and subsequently "Failed to update apt cache." the apt update command output was the following:
# apt update
Hit:1 http://security.ubuntu.com/ubuntu xenial-security InRelease
Hit:2 http://archive.ubuntu.com/ubuntu xenial InRelease
Hit:3 http://ppa.launchpad.net/git-core/ppa/ubuntu xenial InRelease
Hit:4 http://archive.ubuntu.com/ubuntu xenial-updates InRelease
Hit:5 http://archive.ubuntu.com/ubuntu xenial-backports InRelease
Ign:6 http://nginx.org/packages/ubuntu xenial InRelease
Hit:7 http://ppa.edx.org xenial InRelease
Err:8 http://nginx.org/packages/ubuntu xenial Release
Connection failed [IP: 206.251.255.63 80]
Reading package lists... Done
E: The repository 'http://nginx.org/packages/ubuntu xenial Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
What do I need to do to fix this error? Thank you in advance.
I also had a similar error in Fedora when running make dev.provision. It was caused because my docker version was the old one (when I ran docker version i got 1.13.1) and openedx required Docker CE, which is the new version of docker.
To solve the issue I uninstalled my docker version and installed Docker CE as described here and the command worked fine.
I have frequently built docker container using centos 7 as base image. But now I am getting error when I run,
RUN yum update add \
bash \
&& rm -rfv /var/cache/apk/*
ERROR:
Loaded plugins: fastestmirror, ovl
One of the configured repositories failed (Unknown),
and yum doesn't have enough cached data to continue. At this point the only
safe thing yum can do is fail. There are a few ways to work "fix" this:
Contact the upstream for the repository and get them to fix the problem.
Reconfigure the baseurl/etc. for the repository, to point to a working
upstream. This is most often useful if you are using a newer
distribution release than is supported by the repository (and the
packages for the previous distribution release still work).
Run the command with the repository temporarily disabled
yum --disablerepo=<repoid> ...
Disable the repository permanently, so yum won't use it by default. Yum
will then just ignore the repository until you permanently enable it
again or use --enablerepo for temporary usage:
yum-config-manager --disable <repoid>
or
`subscription-manager repos --disable=<repoid>`
Configure the failing repository to be skipped, if it is unavailable.
Note that yum will try to contact the repo. when it runs most commands,
so will have to try and fail each time (and thus. yum will be be much
slower). If it is a very temporary problem though, this is often a nice
compromise:
yum-config-manager --save --setopt=<repoid>.skip_if_unavailable=true
Cannot find a valid baseurl for repo: base/7/x86_64 Could not retrieve
mirrorlist
http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=container
error was 14: curl#6 - "Could not resolve host: mirrorlist.centos.org;
Name or service not known" The command '/bin/sh -c yum update add
bash && rm -rfv /var/cache/apk/*' returned a non-zero code: 1
I also saw few resolutions to use "dhclient" but this error happens when i do docker-compose build.
I ran into this problem attempting to run the same Dockerfile, which fetched several software packages using yum, on two different platforms; one macOS, the other an Ubuntu 16.04-based Linux OS (elementaryOS Loki), both using the official packages from docker.com.
My theory is that the Linux package is just more restrictive out of the box, security-wise, than the macOS one. Maybe this is configurable with some kind of /etc/something config file, but I don't have the expertise with Docker to say for sure. EDIT: See my comment below.
What I can say is there was no additional configuration required for me on macOS (10.11 El Capitan); just docker build . worked fine, and yum processes from the Dockerfile were able to reach all the remote repositories.
In the Ubuntu-derived Linux distro, however, it was necessary to use
docker build --network host .
followed by
docker run -it --network host <image> <command>
when I wanted to run a process inside that image which required internet access.
This may be the case for other Debian-derived systems as well.
There are, of course, security considerations which need to be taken into account when allowing a long-running Docker container to communicate through the host network adapter, unrestricted, and one would do well to review the appropriate documentation in that regard.
My assumption is that for some reason network behavior in docker varies based on distribution.
Try to use:
docker run -d --net mybridge centos
or
docker network create -d bridge mybridge
docker run -d --net mybridge centos
It should start working. Or just edit /etc/hosts and add mirror address
Name: mirrorlist.centos.org
Address: 67.219.148.138
root cause of the issue is, container proxy settings were wrong. Just corrected the proxy settings at the below location and worked.
/root/.docker/config.json
Till few days back the Dockerfile was working fine and when i tried to build it again today it is giving following error in the terminal. I tried with multiple docker base images but still giving the same error. Can any one help me with this? I dont think i missed out anything. If i had missed it should have given me the error earlier itself but why now?
Err:1 http://security.ubuntu.com/ubuntu xenial-security InRelease
Temporary failure resolving 'security.ubuntu.com'
Err:2 http://archive.ubuntu.com/ubuntu xenial InRelease
Temporary failure resolving 'archive.ubuntu.com'
Err:3 http://archive.ubuntu.com/ubuntu xenial-updates InRelease
Temporary failure resolving 'archive.ubuntu.com'
Err:4 http://archive.ubuntu.com/ubuntu xenial-backports InRelease
Temporary failure resolving 'archive.ubuntu.com'
Reading package lists...
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/xenial/InRelease Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/xenial-updates/InRelease Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/xenial-backports/InRelease Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/xenial-security/InRelease Temporary failure resolving 'security.ubuntu.com'
W: Some index files failed to download. They have been ignored, or old ones used instead.
Reading package lists...
Building dependency tree...
Reading state information...
E: Unable to locate package software-properties-common
and my docker version is
Docker version 17.03.2-ce, build f5ec1e2
And here is my Dockerfile
FROM ubuntu:16.04
ARG DEBIAN_FRONTEND=noninteractive
RUN apt-get update -y && \
apt-get install -y software-properties-common && \
apt-add-repository ppa:webupd8team/java && \
apt-get update -y && \
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EEA14886 && \
echo oracle-java8-installer shared/accepted-oracle-license-v1-1 select true | /usr/bin/debconf-set-selections && \
apt-get install -y oracle-java8-installer && \
apt-get install -y oracle-java8-unlimited-jce-policy && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* && \
rm -rf /var/cache/oracle-jdk8-installer
ENV JAVA_HOME /usr/lib/jvm/java-8-oracle
If your host is an Ubuntu VM, it could be an invalid /etc/resolve.conf. Look at the /etc/resolv.conf on the host Ubuntu VM. If it contains nameserver 127.0.1.1, that is wrong.
Run these commands on the host Ubuntu VM to fix it:
sudo vi /etc/NetworkManager/NetworkManager.conf
# Comment out the line `dns=dnsmasq` with a `#`
# restart the network manager service
sudo systemctl restart network-manager
cat /etc/resolv.conf
Now /etc/resolv.conf should have a valid value for nameserver, which will be copied by the docker containers.
Looks like you have a connection error in your RUN instruction.
Try doing the same commands in an Ubuntu Container.
docker run -it ubuntu bash
And then inside the container do your RUN command.
On my machine, your script does work.
Solution that worked for me was to
check my host machine /etc/resolv.conf - looking for nameserver x.x.x.x
copy the nameserver that was there into my host machine's /etc/docker/daemon.json
this may require you to sudo su in order cd /etc/docker
you may not have that file, so just created it: nano daemon.json
add the following:
{
"dns": ["x.x.x.x", "z.z.z.z", "8.8.8.8"]
}
x.x.x.x and z.z.z.z could be your nameservers
8.8.8.8 is google's, which you can try.
Need to restart the docker daemon - sudo service docker restart
Over time my nameserver (at my house) changed, so I have a few, or I have to add to this file every now and then. It could also change if you are using the internet in different places - so this is not always the best solution.
I just changed my VM players network setting. Changed Network Connection from bridged mode to NAT.
Now its working
In my case bridge network was disabled in daemon.json.
After fixing as below it worked.
root#pc:/etc/docker# cat daemon.json
{
"iptables": true,
"bridge": "docker0"
}
And dont forget to restart:
sudo service docker restart
Also I used following useful commands to investigate the issue:
# List networks (it should have 3 lines bridge, host, none)
docker network ls
# Check the logs, it will have docker log
journalctl -xe
# This one showed me at the end that bridge was missing iptables config like below
# WARNING: bridge-nf-call-iptables is disabled
# WARNING: bridge-nf-call-ip6tables is disabled
docker info
A simple method could be write the nslookup archive.ubuntu.com IP to the /etc/hosts, then restart docker.
Of course it needs your docker 's /etc/docker/daemon.json use host machine 's IP.
Overview
There are two parts to your question:
1. fixing temporary resolve messages
2. fixing the package management issues
Temporary resolve
It is likely that this issue is either:
1. temporary due to your Internet Service Provider not correctly forwarding internet naming (DNS) to either its or external DNS servers, or
2. due to a change in your network has similarly blocked this naming - for example, new router/modem, reconfiguring a switch with a new configuration.
Let's look at the possible DNS resolving issues.
First, temporarily add a known DNS server to your system.
echo "nameserver 8.8.8.8" | sudo tee /etc/resolv.conf > /dev/null
Then run sudo apt update.
If this fixes your temporary resolving messages then either wait for 24 hours to see if your ISP fixes the issue for you (or just contact your ISP) - or you can permanently add a DNS server to your system:
echo "nameserver 8.8.8.8" | sudo tee /etc/resolvconf/resolv.conf.d/base > /dev/null
8.8.8.8 is Google's own DNS server.
source
Another example DNS server you could use is OpenDNS- for example:
echo "nameserver 208.67.222.222" | sudo tee /etc/resolvconf/resolv.conf.d/base > /dev/null
package-management issues
In addition to the temporary resolve issues - you have a few package management issues that need to be corrected.
Open a terminal and type:-
sudo nano /etc/apt/sources.list
and look if you are downloading from right source package.
OR
if you are behind proxy use -E.for example:-
sudo -E apt-get update
When I try to install docker via:
curl -sSL https://get.docker.com/ | sh
I get the message:
Warning: current kernel is not supported by the linux-image-extra-virtual package. We have no AUFS support. Consider installing the packages linux-image-virtual kernel and linux-image-extra-virtual for AUFS support.
However, neither package seems to exist on Debian Jessie:
# apt-get install linux-image-virtual linux-image-extra-virtual
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package linux-image-virtual
E: Unable to locate package linux-image-extra-virtual
What am I missing here?
aufs is not supported by modern kernels, so you should skip to overlayfs from aufs. Just restart your docker daemon with the option:
--storage-driver=overlay2
(or add this option to /etc/default/docker)
In some systems you should add the processing of the file /etc/default/docker to start procedure by creating /etc/systemd/system/docker.service with content:
[Service]
EnvironmentFile=-/etc/default/docker
ExecStart=
ExecStart=/usr/bin/docker daemon -H fd:// $OPTIONS \
$DOCKER_STORAGE_OPTIONS \
$DOCKER_NETWORK_OPTIONS \
$BLOCK_REGISTRY \
$INSECURE_REGISTRY \
$DOCKER_OPTS
More info here
Execute
systemctl daemon-reload
for changes to take effect.
Caution! All your images become unreachable. If you want to keep them, just save and reload them. You can find the good description here
UPD. I've changed overlay to overlay2 because it solves a little bit more problem than described here
UDP. Not relevant, since overlay2 used by default in modern version of docker (18-06).
Actually installing a stock jessie gives you a kernel that comes with aufs support. My guess is you upgraded to a higher kernel version through jessie-backports which is not not the standard jessie setup.
This was tested with current Debian jessie 8.7.1 amd64 and kernel 3.16.0.4.
# cat /etc/debian_version
8.7
# dpkg --get-selections | grep linux-image
linux-image-3.16.0-4-amd64 install
linux-image-amd64 install
# dpkg -L linux-image-3.16.0-4-amd64 | grep aufs
/lib/modules/3.16.0-4-amd64/kernel/fs/aufs
/lib/modules/3.16.0-4-amd64/kernel/fs/aufs/aufs.ko
So to answer your question:
You could re-install Debian Jessie or down-grade to the default kernel and you have a jessie with aufs support.
For installing aufs on Debian 9 aka Debian stretch one just have to issue an apt-get install aufs-dkms. This is sadly not available for jessie-backports at this time.
At our company we are driving our docker hosts with an jessie aufs setup and everything is running flawlessly.
Update 08-2018
Even now I can not recommend overlay2 for production. We currently have an issue with containers where mysql is not able to create the /var/run/mysqld.sock when running in a container with the overlay2 storage.
This is addressed in this one year old issue as of August 2018.
You can try
sudo apt-get install linux-image-extra-$(uname -r)
to install an enhanced Kernel version which should contain AUFS support.