Can't build docker image with kubernetes-plugin for Jenkins - docker

I'm using kubernetes-plugin and I have some issue to build docker images on top of K8S pod:
I'm creating POD with:
podTemplate(containers: [
containerTemplate(
name: 'docker-build',
image: 'docker',
command: 'cat',
ttyEnabled: true
)
],
volumes: [
hostPathVolume(mountPath: '/var/run/docker.sock', hostPath: '/var/run/docker.sock')
])
{
node(POD_LABEL) {
stage("Checkout") {
dir("${env.WORKSPACE}/code") {
script {
// Checkout - Works
}
}
}
stage ('Build docker images') {
container('docker-build') {
dir("${env.WORKSPACE}/code") {
sh """
./build-images
"""
}
}
}
}
}
But it fails on the docker build step:
Err:1 http://deb.debian.org/debian stretch InRelease
Temporary failure resolving 'deb.debian.org'
Err:2 http://security.debian.org/debian-security stretch/updates InRelease
Temporary failure resolving 'security.debian.org'
Err:3 http://deb.debian.org/debian stretch-updates InRelease
Temporary failure resolving 'deb.debian.org'
Reading package lists...
[91mW: Failed to fetch http://deb.debian.org/debian/dists/stretch/InRelease Temporary failure resolving 'deb.debian.org'
W: Failed to fetch http://security.debian.org/debian-security/dists/stretch/updates/InRelease Temporary failure resolving 'security.debian.org'
W: Failed to fetch http://deb.debian.org/debian/dists/stretch-updates/InRelease Temporary failure resolving 'deb.debian.org'
W: Some index files failed to download. They have been ignored, or old ones used instead.
[0mReading package lists...
Building dependency tree...
Reading state information...
[91mE: Unable to locate package libpam-dev
E: Unable to locate package libpcap0.8-dev
E: Couldn't find any package by glob 'libpcap0.8-dev'
E: Couldn't find any package by regex 'libpcap0.8-dev'
E: Unable to locate package libpq5[0m[91m
E: Unable to locate package libtins-dev
E: Unable to locate package openjdk-8-jdk-headless
E: Unable to locate package python3
When accessing the POD with kubectl exec and trying to build, it fails on the same error:
docker build -t my_test .
When trying to build the same with --network=host it works:
docker build --network=host -t my_test .
I'm trying to understand why it requires --network=host in order to work.
BTW - when I'm in the Jenkins slave pod and I'm trying to download any packages or access to the internet it all works just fine, it happens only when I'm trying to build docker image and trying to download packages during this process.
I suspect that the docker build is failing because of some network misconfiguration or maybe docker network is getting a bad state during this docker build on top of docker ..
So far I have tried:
Create the pod with hostNetwork: true and it didn't help.
Create the pod with privileged: true and it didn't help.
Many other hacks to make the pod running on different network and it did't help as well.
Please assist.

The latest versions of the AWS EKS-optimized AMI disable the docker bridge network by default. To enable it, add the bootstrap_extra_args parameter to your worker group template. Source.

Related

No connectivity to the dind container on OpenShift to build the docker images

I'm using an OpenShift Cluster provisioned on Azure (UPI) and running Jenkins instance to build Containers using dind. I have installed this plugin and it corectly Spin up the job container and everything works except the internet and dns inside the dind container.
Here is the sample pipeline I use
podTemplate(yaml: '''
apiVersion: v1
kind: Pod
spec:
volumes:
- name: docker-socket
emptyDir: {}
containers:
- name: docker-daemon
image: docker:19.03.1-dind
securityContext:
privileged: true
volumeMounts:
- name: docker-socket
mountPath: /var/run
- name: docker
image: docker:19.03.1
securityContext:
privileged: true
command:
- sleep
args:
- 99d
volumeMounts:
- name: docker-socket
mountPath: /var/run
''') {
node(POD_LABEL) {
stage('Get the project') {
git 'https://github.com/repo/Dockerfile-repo.git'
container('docker') {
stage('Build a docker image') {
sh 'docker version && docker ps'
sh 'docker image build -t repo/image-name:version .'
}
}
}
}
}
The strange thing is I have some commands in the Dockerfile to update and install using apt-get. Those are not working due to the connectivity. Giving the below erros
---> Running in f8eb2b386fc9
Err:1 http://archive.ubuntu.com/ubuntu bionic InRelease
Connection failed [IP: 91.189.88.152 80]
Err:2 http://security.ubuntu.com/ubuntu bionic-security InRelease
Connection failed [IP: 91.189.91.38 80]
Err:3 http://archive.ubuntu.com/ubuntu bionic-updates InRelease
Connection failed [IP: 91.189.88.152 80]
Err:4 http://archive.ubuntu.com/ubuntu bionic-backports InRelease
Connection failed [IP: 91.189.88.152 80]
Reading package lists...
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic/InRelease Connection failed [IP: 91.189.88.152 80]
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic-updates/InRelease Connection failed [IP: 91.189.88.152 80]
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic-backports/InRelease Connection failed [IP: 91.189.88.152 80]
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/bionic-security/InRelease Connection failed [IP: 91.189.91.38 80]
W: Some index files failed to download. They have been ignored, or old ones used instead.
Reading package lists...
Building dependency tree...
Reading state information...
Package ca-certificates is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Unable to locate package wget
E: Unable to locate package iproute2
E: Unable to locate package vim
E: Unable to locate package unzip
E: Unable to locate package curl
Anybody has similar experience or faced this issue before? If so please assist me to fix it with your valuable thoughts.
Please note that I need to fix this and alternative solutions are not required.
Appreciate your valuable thoughts and suggestions. Thanks.

[microk8s][gitlab-runner][helm] slow connection / connection failed on apt-get update in docker build

Chart.yaml
- name: gitlab-runner
version: 0.21.1
repository: https://charts.gitlab.io/
values.yaml
gitlab-runner:
gitlabUrl: 'xxx'
runnerRegistrationToken: 'xxx'
runners:
privileged: true
env:
DOCKER_HOST: tcp://localhost:2375
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: ""
NO_PROXY: "docker,localhost,127.0.0.1,.local" <!-- tried with and without this line
unregisterRunners: true
metrics:
enabled: false
rbac:
create: true
Microk8s:
microk8s is running
high-availability: no
datastore master nodes: 127.0.0.1:19001
datastore standby nodes: none
addons:
enabled:
dns # CoreDNS
ha-cluster # Configure high availability on the current node
helm3 # Helm 3 - Kubernetes package manager
rbac # Role-Based Access Control for authorisation
storage # Storage class; allocates storage from host directory
Kubernetes:
Client Version: version.Info{Major:"1", Minor:"19+", GitVersion:"v1.19.2-34+1b3fa60b402c1c", GitCommit:"1b3fa60b402c1c4cb0df8a99b733ad41141a2eb7", GitTreeState:"clean", BuildDate:"2020-09-16T21:34:17Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"19+", GitVersion:"v1.19.2-34+1b3fa60b402c1c", GitCommit:"1b3fa60b402c1c4cb0df8a99b733ad41141a2eb7", GitTreeState:"clean", BuildDate:"2020-09-16T21:36:35Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}
First few job lines
Running with gitlab-runner 13.4.1 (e95f89a0)
on local-gitlab-runner-859c8c448f-x99fc SKURUyFs
Preparing the "kubernetes" executor
00:00
Using Kubernetes namespace: default
Using Kubernetes executor with image docker:19.03 ...
Preparing environment
Waiting for pod default/runner-skuruyfs-project-12604088-concurrent-0dz9cn to be running, status is Pending
Running on runner-skuruyfs-project-12604088-concurrent-0dz9cn via local-gitlab-runner-859c8c448f-x99fc...
Getting source from Git repository
default images gitlab-ci.yaml
image: docker:19.03
services:
- docker:19.03-dind
Problem:
I've installed this chart on my local microk8s cluster. I'm using docker dind to build images from my code. I'm currently building two images, which are based on FROM php:7.4.11-fpm and FROM node:lts-alpine. (Using older images does not fix my issue). When I run apk add for the node image, the process is stuck here indefinitely (until a timeout occurs):
Step 3/27 : RUN apk add --no-cache git && apk add --no-cache --virtual .build-deps-yarn curl && curl -fSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ && ln -snf /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn && ln -snf /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg && rm yarn-v$YARN_VERSION.tar.gz && apk del .build-deps-yarn
---> Running in 45465897f01c
fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/community/x86_64/APKINDEX.tar.gz
(1/6) Installing ca-certificates (20191127-r2)
(2/6) Installing nghttp2-libs (1.40.0-r1)
(3/6) Installing libcurl (7.67.0-r1)
(4/6) Installing expat (2.2.9-r1)
(5/6) Installing pcre2 (10.34-r1)
(6/6) Installing git (2.24.3-r0)
Executing busybox-1.31.1-r9.trigger
Executing ca-certificates-20191127-r2.trigger
OK: 23 MiB in 22 packages
fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/main/x86_64/APKINDEX.tar.gz
With the php image, I get Connection failed errors. The moment these errors occur is different every time.
Err:1 http://deb.debian.org/debian buster/main amd64 python3-lib2to3 all 3.7.3-1
Connection failed [IP: 151.101.36.204 80]
Or:
+ apt-get update
Get:1 http://apt.postgresql.org/pub/repos/apt buster-pgdg InRelease [103 kB]
Get:2 http://apt.postgresql.org/pub/repos/apt buster-pgdg/main amd64 Packages [203 kB]
Err:3 http://security.debian.org/debian-security buster/updates InRelease
Connection failed [IP: 151.101.36.204 80]
Err:4 http://deb.debian.org/debian buster InRelease
Connection failed [IP: 151.101.36.204 80]
Err:5 http://deb.debian.org/debian buster-updates InRelease
Connection failed [IP: 151.101.36.204 80]
Fetched 307 kB in 2min 0s (2550 B/s)
Reading package lists...
W: Failed to fetch http://deb.debian.org/debian/dists/buster/InRelease Connection failed [IP: 151.101.36.204 80]
W: Failed to fetch http://security.debian.org/debian-security/dists/buster/updates/InRelease Connection failed [IP: 151.101.36.204 80]
W: Failed to fetch http://deb.debian.org/debian/dists/buster-updates/InRelease Connection failed [IP: 151.101.36.204 80]
W: Some index files failed to download. They have been ignored, or old ones used instead.
Googling for these kind of issues, I get results which are always related to the NO_PROXY, HTTP_PROXY and HTTPS_PROXY settings. I'm not running behind a proxy, so I tried fixing this with the NO_PROXY env variable but this unfortunately didnt help. Building these images on Win10 2004 + Docker Desktop 2.4.0.0 (on the same network) is working without any issue.
Am I using the correct values for the NO_PROXY env var? Should I even be using it / is it related? The result without the NO_PROXY env var is the same. Is there maybe something else im missing?
Before I went to microk8s, I was running the Docker executor on Portainer; then this issue did not occur.

Install docker on CentOS 8

I installed docker on CentOS 8. CentOS doesn't Docker anymore. When I type docker build -t project . than I get this error message:
Err:1 http://deb.debian.org/debian testing InRelease
Temporary failure resolving 'deb.debian.org'
Err:2 http://http.debian.net/debian sid InRelease
Temporary failure resolving 'http.debian.net'
Reading package lists...
W: Failed to fetch http://deb.debian.org/debian/dists/testing/InRelease Temporary failure resolving 'deb.debian.org'
W: Failed to fetch http://http.debian.net/debian/dists/sid/InRelease Temporary failure resolving 'http.debian.net'
W: Some index files failed to download. They have been ignored, or old ones used instead.
Reading package lists...
E: The value 'testing' is invalid for APT::Default-Release as such a release is not available in the sources
The command '/bin/sh -c apt-get update && apt-get install -yq --no-install-recommends groff && rm -rf /var/lib/apt/lists/*' returned a non-zero code: 100
I tried in /etc/resolv.conf nameserver 8.8.8.8
In fact, when you do docker build, docker internal will set up temp build container for you, so it still related to container's dns.
By default, docker will use dns locally defined in your /etc/resolv.conf file, but if not found, you may also have chance to override it.
You should create next file with the following contents to set DNS:
/etc/docker/daemon.json:
{
"dns": ["your_dns_ip"]
}
Finally, restart your docker to make it take effect. Detail refers to Fix Docker's networking DNS config.
Additionally, make sure you use a workable dns, also make sure 8.8.8.8 really could work in your country if you use this.

Docker openedx make dev.provision fails

I was trying to deploy the docker based devstack on my local machine. I followed the official installation guide found here: https://github.com/edx/devstack. I went through most of the processes without a glitch until I had to run make dev.provision
when i run the provisioning command I encounter the following failed task
TASK [server_utils : Install ubuntu system packages] ***************************
failed: [localhost] (item=[u'ack-grep', u'mosh', u'tree', u'screen', u'tmux', u'curl', u'vim', u'dnsutils', u'inetutils-telnet', u'netcat']) => {"failed": true, "item": ["ack-grep", "mosh", "tree", "screen", "tmux", "curl", "vim", "dnsutils", "inetutils-telnet", "netcat"], "msg": "Failed to update apt cache."}
to retry, use: --l/admin/theming/sitetheme/imit #/edx/app/edx_ansible/edx_ansible/playbooks/edxapp.retry
PLAY RECAP *********************************************************************
localhost : ok=2 changed=1 unreachable=0 failed=1
I accessed the lms container through bash using docker exec -it mycontainer bash and ran apt update manually because it seemed that the provisioner encountered an error when it was trying to "Install ubuntu system packages" and subsequently "Failed to update apt cache." the apt update command output was the following:
# apt update
Hit:1 http://security.ubuntu.com/ubuntu xenial-security InRelease
Hit:2 http://archive.ubuntu.com/ubuntu xenial InRelease
Hit:3 http://ppa.launchpad.net/git-core/ppa/ubuntu xenial InRelease
Hit:4 http://archive.ubuntu.com/ubuntu xenial-updates InRelease
Hit:5 http://archive.ubuntu.com/ubuntu xenial-backports InRelease
Ign:6 http://nginx.org/packages/ubuntu xenial InRelease
Hit:7 http://ppa.edx.org xenial InRelease
Err:8 http://nginx.org/packages/ubuntu xenial Release
Connection failed [IP: 206.251.255.63 80]
Reading package lists... Done
E: The repository 'http://nginx.org/packages/ubuntu xenial Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
What do I need to do to fix this error? Thank you in advance.
I also had a similar error in Fedora when running make dev.provision. It was caused because my docker version was the old one (when I ran docker version i got 1.13.1) and openedx required Docker CE, which is the new version of docker.
To solve the issue I uninstalled my docker version and installed Docker CE as described here and the command worked fine.

hyperledger-fabric 1.1 unable to install jq

I have been trying to add the third organization into already existing channel using ./eyfn.sh up script in first network .However Jq installation fails as follows :
Installing jq
Err:1 http://archive.ubuntu.com/ubuntu xenial InRelease
Temporary failure resolving 'archive.ubuntu.com'
Err:2 http://security.ubuntu.com/ubuntu xenial-security InRelease
Temporary failure resolving 'security.ubuntu.com'
Err:3 http://archive.ubuntu.com/ubuntu xenial-updates InRelease
Temporary failure resolving 'archive.ubuntu.com'
How do you resolve this error? Any help would be appreciated.
Finally found a solution.
Step 1:
Before you pull up docker-compose.yml add extra hosts in your cli container
(This will configure hosts in the container in addition to default)
extra_hosts:
- "proxy.xxx.com:ipAddress Of proxy"
Step 2 :
create an apt.conf file in your local directory mentioning your proxy in format :
Acquire::http::proxy "http://proxy.company.com:80/";
Acquire::https::proxy "http://proxy.company.com:80/";
Acquire::ftp::proxy "ftp://proxy.company.com:80/";
Acquire::socks::proxy "socks://proxy.company.com:80/";
copy this file from local directory to your cli using command :
docker cp apt.conf <containerId>:/etc/apt

Resources