Dockerfile fails to build - docker

Till few days back the Dockerfile was working fine and when i tried to build it again today it is giving following error in the terminal. I tried with multiple docker base images but still giving the same error. Can any one help me with this? I dont think i missed out anything. If i had missed it should have given me the error earlier itself but why now?
Err:1 http://security.ubuntu.com/ubuntu xenial-security InRelease
Temporary failure resolving 'security.ubuntu.com'
Err:2 http://archive.ubuntu.com/ubuntu xenial InRelease
Temporary failure resolving 'archive.ubuntu.com'
Err:3 http://archive.ubuntu.com/ubuntu xenial-updates InRelease
Temporary failure resolving 'archive.ubuntu.com'
Err:4 http://archive.ubuntu.com/ubuntu xenial-backports InRelease
Temporary failure resolving 'archive.ubuntu.com'
Reading package lists...
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/xenial/InRelease Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/xenial-updates/InRelease Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/xenial-backports/InRelease Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/xenial-security/InRelease Temporary failure resolving 'security.ubuntu.com'
W: Some index files failed to download. They have been ignored, or old ones used instead.
Reading package lists...
Building dependency tree...
Reading state information...
E: Unable to locate package software-properties-common
and my docker version is
Docker version 17.03.2-ce, build f5ec1e2
And here is my Dockerfile
FROM ubuntu:16.04
ARG DEBIAN_FRONTEND=noninteractive
RUN apt-get update -y && \
apt-get install -y software-properties-common && \
apt-add-repository ppa:webupd8team/java && \
apt-get update -y && \
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EEA14886 && \
echo oracle-java8-installer shared/accepted-oracle-license-v1-1 select true | /usr/bin/debconf-set-selections && \
apt-get install -y oracle-java8-installer && \
apt-get install -y oracle-java8-unlimited-jce-policy && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* && \
rm -rf /var/cache/oracle-jdk8-installer
ENV JAVA_HOME /usr/lib/jvm/java-8-oracle

If your host is an Ubuntu VM, it could be an invalid /etc/resolve.conf. Look at the /etc/resolv.conf on the host Ubuntu VM. If it contains nameserver 127.0.1.1, that is wrong.
Run these commands on the host Ubuntu VM to fix it:
sudo vi /etc/NetworkManager/NetworkManager.conf
# Comment out the line `dns=dnsmasq` with a `#`
# restart the network manager service
sudo systemctl restart network-manager
cat /etc/resolv.conf
Now /etc/resolv.conf should have a valid value for nameserver, which will be copied by the docker containers.

Looks like you have a connection error in your RUN instruction.
Try doing the same commands in an Ubuntu Container.
docker run -it ubuntu bash
And then inside the container do your RUN command.
On my machine, your script does work.

Solution that worked for me was to
check my host machine /etc/resolv.conf - looking for nameserver x.x.x.x
copy the nameserver that was there into my host machine's /etc/docker/daemon.json
this may require you to sudo su in order cd /etc/docker
you may not have that file, so just created it: nano daemon.json
add the following:
{
"dns": ["x.x.x.x", "z.z.z.z", "8.8.8.8"]
}
x.x.x.x and z.z.z.z could be your nameservers
8.8.8.8 is google's, which you can try.
Need to restart the docker daemon - sudo service docker restart
Over time my nameserver (at my house) changed, so I have a few, or I have to add to this file every now and then. It could also change if you are using the internet in different places - so this is not always the best solution.

I just changed my VM players network setting. Changed Network Connection from bridged mode to NAT.
Now its working

In my case bridge network was disabled in daemon.json.
After fixing as below it worked.
root#pc:/etc/docker# cat daemon.json
{
"iptables": true,
"bridge": "docker0"
}
And dont forget to restart:
sudo service docker restart
Also I used following useful commands to investigate the issue:
# List networks (it should have 3 lines bridge, host, none)
docker network ls
# Check the logs, it will have docker log
journalctl -xe
# This one showed me at the end that bridge was missing iptables config like below
# WARNING: bridge-nf-call-iptables is disabled
# WARNING: bridge-nf-call-ip6tables is disabled
docker info

A simple method could be write the nslookup archive.ubuntu.com IP to the /etc/hosts, then restart docker.
Of course it needs your docker 's /etc/docker/daemon.json use host machine 's IP.

Overview
There are two parts to your question:
1. fixing temporary resolve messages
2. fixing the package management issues
Temporary resolve
It is likely that this issue is either:
1. temporary due to your Internet Service Provider not correctly forwarding internet naming (DNS) to either its or external DNS servers, or
2. due to a change in your network has similarly blocked this naming - for example, new router/modem, reconfiguring a switch with a new configuration.
Let's look at the possible DNS resolving issues.
First, temporarily add a known DNS server to your system.
echo "nameserver 8.8.8.8" | sudo tee /etc/resolv.conf > /dev/null
Then run sudo apt update.
If this fixes your temporary resolving messages then either wait for 24 hours to see if your ISP fixes the issue for you (or just contact your ISP) - or you can permanently add a DNS server to your system:
echo "nameserver 8.8.8.8" | sudo tee /etc/resolvconf/resolv.conf.d/base > /dev/null
8.8.8.8 is Google's own DNS server.
source
Another example DNS server you could use is OpenDNS- for example:
echo "nameserver 208.67.222.222" | sudo tee /etc/resolvconf/resolv.conf.d/base > /dev/null
package-management issues
In addition to the temporary resolve issues - you have a few package management issues that need to be corrected.
Open a terminal and type:-
sudo nano /etc/apt/sources.list
and look if you are downloading from right source package.
OR
if you are behind proxy use -E.for example:-
sudo -E apt-get update

Related

Rootless docker-compose cannot build timescale image

I have installed docker rootless on an ubuntu host machine. I have a Dockerfile for building timescaledb with the most important part looking like that:
# Install the tools we need for installation
RUN apt-get update && apt-get -y install gnupg2 lsb-release wget
# Add Postgres and Timescale package repository
RUN echo "deb http://apt.postgresql.org/pub/repos/apt/ $(lsb_release -c -s)-pgdg main" | tee /etc/apt/sources.list.d/pgdg.list
RUN wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
RUN sh -c "echo 'deb https://packagecloud.io/timescale/timescaledb/debian/ `lsb_release -c -s` main' > /etc/apt/sources.list.d/timescaledb.list"
RUN wget --quiet -O - https://packagecloud.io/timescale/timescaledb/gpgkey | apt-key add -
# Install Timescale
RUN apt-get update && apt-get -y install timescaledb-2-postgresql-12=2.0.0-zz~debian10
the corresponding docker-compose file looks like this:
timescale:
tty: true
volumes:
- timescale-volume:/var/lib/postgresql/data:rw
build:
context: ./timescale
dockerfile: Dockerfile
command:
- /bin/bash
depends_on:
- cert-mounter
When I run docker-compose up with sudo it works fine, the image is built and the container is running. If I execute it rootless I get the following error:
dpkg: error processing package postgresql-12 (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of timescaledb-2-postgresql-12:
timescaledb-2-postgresql-12 depends on postgresql-12; however:
Package postgresql-12 is not configured yet.
dpkg: error processing package timescaledb-2-postgresql-12 (--configure):
dependency problems - leaving unconfigured
Setting up exim4-daemon-light (4.92-8+deb10u5) ...
debconf: unable to initialize frontend: Dialog
debconf: (TERM is not set, so the dialog frontend is not usable.)
debconf: falling back to frontend: Readline
invoke-rc.d: could not determine current runlevel
invoke-rc.d: policy-rc.d denied execution of start.
Initializing GnuTLS DH parameter file
Setting up libmailutils5:amd64 (1:3.5-4) ...
Setting up mailutils (1:3.5-4) ...
update-alternatives: using /usr/bin/frm.mailutils to provide /usr/bin/frm (frm) in auto mode
update-alternatives: using /usr/bin/from.mailutils to provide /usr/bin/from (from) in auto mode
update-alternatives: using /usr/bin/messages.mailutils to provide /usr/bin/messages (messages) in auto mode
update-alternatives: using /usr/bin/movemail.mailutils to provide /usr/bin/movemail (movemail) in auto mode
update-alternatives: using /usr/bin/readmsg.mailutils to provide /usr/bin/readmsg (readmsg) in auto mode
update-alternatives: using /usr/bin/dotlock.mailutils to provide /usr/bin/dotlock (dotlock) in auto mode
update-alternatives: using /usr/bin/mail.mailutils to provide /usr/bin/mailx (mailx) in auto mode
dpkg: dependency problems prevent configuration of timescaledb-2-loader-postgresql-12:
timescaledb-2-loader-postgresql-12 depends on postgresql-12; however:
Package postgresql-12 is not configured yet.
dpkg: error processing package timescaledb-2-loader-postgresql-12 (--configure):
dependency problems - leaving unconfigured
Processing triggers for libc-bin (2.28-10) ...
Processing triggers for mime-support (3.62) ...
Errors were encountered while processing:
postgresql-common
postgresql-12
timescaledb-2-postgresql-12
timescaledb-2-loader-postgresql-12
E: Sub-process /usr/bin/dpkg returned an error code (1)
The command '/bin/sh -c apt-get update && apt-get -y install timescaledb-2-postgresql-12=2.0.0-zz~debian10' returned a non-zero code: 100
ERROR: Service 'timescale' failed to build
What could be the problem? Other containers are somehow built and run rootless without problems...
So I managed to make it work. In my Dockerfile I also set the uid of a user because I share some volumes and want the UIDs of users be consistent between the containers. So on top of my Dockerfile I had the following:
RUN useradd --uid 80000 postgres
replacing the uid with the lower value solved the issue
RUN useradd --uid 18000 postgres

unable to verify that docker engine is installed by reaching pull rate limit

I wanted to install docker on my laptop to test and run my web applications on it's containers instead of virtual environment (I am running ubuntu desktop version 20.04 LTS and using pipenv for virtual environment). After signing up at hub.docker I went to https://docs.docker.com/engine/install/ubuntu/(hub.docker manual to install docker on ubuntu), I decided to install using the repository and typed following commands in terminal
1.sudo apt-get update
2.sudo apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common
3.curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
4.apt-key fingerprint 0EBFCD88
after running last command I got desired result which was
" pub rsa4096 2017-02-22 [SCEA]
9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88
uid [ unknown] Docker Release (CE deb) docker#docker.com
sub rsa4096 2017-02-22 [S]"
As my system is amd64 I continued by
5.sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
6.sudo apt-get update
7.sudo apt-get install docker-ce docker-ce-cli containerd.io
8.sudo docker run hello-world
then at this point I got
"Unable to find image 'hello-world:latest' locally
docker: Error response from daemon: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit.
See 'docker run --help'."
Questions
Did I do anything wrong in installation process?
How can I run to pull rate limit when I have just installed it?
Have docker correctly installed on my laptop? (when I type docker --version in terminal I get "Docker version 20.10.2, build 2291f61"
What should I do now?
I just installed docker myself and encountered the same error.
I don't think you have installed it wrong (since I'm a newbie myself I cannot confirm it 100%), but I solved this error by creating an account in docker website and then logged-in from CLI.
to create an account go to: https://www.docker.com/pricing
and then use signup for free.
To login through CLI type:
docker login -u your-username
and then it asks for your password, and then you are good to go!

Repository is not signed in docker build

I have the following Dockerfile that uses the latest Ubuntu image pulled from dockerhub:
FROM ubuntu:latest
RUN apt-get update && apt-get install -y g++ llvm lcov
when I launch the docker build command, the following errors occur:
Err:2 http://archive.ubuntu.com/ubuntu bionic InRelease
At least one invalid signature was encountered.
Err:1 http://security.ubuntu.com/ubuntu bionic-security InRelease
At least one invalid signature was encountered.
Err:3 http://archive.ubuntu.com/ubuntu bionic-updates InRelease
At least one invalid signature was encountered.
Err:4 http://archive.ubuntu.com/ubuntu bionic-backports InRelease
At least one invalid signature was encountered.
Reading package lists...
W: GPG error: http://archive.ubuntu.com/ubuntu bionic InRelease: At least one invalid signature was encountered.
E: The repository 'http://archive.ubuntu.com/ubuntu bionic InRelease' is not signed.
W: GPG error: http://security.ubuntu.com/ubuntu bionic-security InRelease: At least one invalid signature was encountered.
E: The repository 'http://security.ubuntu.com/ubuntu bionic-security InRelease' is not signed.
W: GPG error: http://archive.ubuntu.com/ubuntu bionic-updates InRelease: At least one invalid signature was encountered.
E: The repository 'http://archive.ubuntu.com/ubuntu bionic-updates InRelease' is not signed.
W: GPG error: http://archive.ubuntu.com/ubuntu bionic-backports InRelease: At least one invalid signature was encountered.
E: The repository 'http://archive.ubuntu.com/ubuntu bionic-backports InRelease' is not signed.
I read here https://superuser.com/questions/1331936/how-can-i-get-past-a-repository-is-not-signed-message-when-attempting-to-upgr that you can pass this error using --allow-unauthenitcated or --allow-insecure-repositories but both seem to me workarounds that may compromize security of the container.
EDIT
Tried to pull ubuntu:18.04, ubuntu:19:04, ubuntu:19.10 same error with different distro name
Apparently my root partition was full (maybe I've tried too many times to download packages through apt), and running sudo apt clean solved the issue
In addition, the following commands should help clean up space:
docker system df # which can show disk usage and size of 'Build Cache'
docker image prune # add -f or --force to not prompt for confirmation
docker container prune # add -f or --force to not prompt for confirmation
Since Docker API v1.25+ ( released: Nov 18, 2019 )
Running the command below fixed the problem for me:
docker system prune --force
The --force flag stands for noninteractive prune.
Additionally, you may want to give a try to the prune volume commands:
docker volume prune --force
fixed by
docker image prune -f
looks like docker has a limit on maximum apt cache size on the host system
If you're using Docker Desktop, take care of the maximum disk image size you've specified in the settings. It can cause the issue if it gets full during the build (source).
For Raspbian, upgrade libseccomp manually on the host system by using:
curl http://ftp.us.debian.org/debian/pool/main/libs/libseccomp/libseccomp2_2.5.1-1_armhf.deb --output libseccomp2_2.5.1-1_armhf.deb
sudo dpkg -i libseccomp2_2.5.1-1_armhf.deb
This resolved my issue.
Original post is here.
As #Danila and #Andriy pointed out this issue can easily be fixed running:
docker image prune -f
docker container prune -f
but posting this answer, as running just one of them didn't work for me (on MacOS X) - running both however does.
This helps me:
docker volume prune
I had to run container with --security-opt seccomp:unconfined.
I had this problem on one of my two machines. Doing a ls -ld /tmp I got
drwxrwxrwt 3 root root 4096 May 15 20:46 /tmp
for the working one and
drwxr-xr-t 1 root root 4096 May 26 05:44 /tmp
for the failing one. After I did chmod 1777 /tmp, it worked!!
EDIT:
So, I dived a little deeper into this problem and realized there was something fundamentally wrong. I put my problems in another question and later found the answer that solved this myself: https://stackoverflow.com/a/62088961/7387935
The key point here is that on the machine that was working correctly I had aufs as storage driver and on the faulty one it was overlay2. After I changed that, all permissions were correct.
I tried again later and it worked.
From https://github.com/docker-library/php/issues/898#issuecomment-539234070:
That usually means the mirror is having issues (possibly partially out
of date; i.e. not completely synced from other mirrors) and often
clears itself up.
I added --network=host to the build command.
docker build --network=host -t REPOSITORY:TAG ./
this worked for me
docker system prune -af --volumes
and these other ones as well
docker image prune
docker container prune
docker builder prune
docker volume prune
This running docker system df and see if you need free space on one of your volumes

Install docker on CentOS 8

I installed docker on CentOS 8. CentOS doesn't Docker anymore. When I type docker build -t project . than I get this error message:
Err:1 http://deb.debian.org/debian testing InRelease
Temporary failure resolving 'deb.debian.org'
Err:2 http://http.debian.net/debian sid InRelease
Temporary failure resolving 'http.debian.net'
Reading package lists...
W: Failed to fetch http://deb.debian.org/debian/dists/testing/InRelease Temporary failure resolving 'deb.debian.org'
W: Failed to fetch http://http.debian.net/debian/dists/sid/InRelease Temporary failure resolving 'http.debian.net'
W: Some index files failed to download. They have been ignored, or old ones used instead.
Reading package lists...
E: The value 'testing' is invalid for APT::Default-Release as such a release is not available in the sources
The command '/bin/sh -c apt-get update && apt-get install -yq --no-install-recommends groff && rm -rf /var/lib/apt/lists/*' returned a non-zero code: 100
I tried in /etc/resolv.conf nameserver 8.8.8.8
In fact, when you do docker build, docker internal will set up temp build container for you, so it still related to container's dns.
By default, docker will use dns locally defined in your /etc/resolv.conf file, but if not found, you may also have chance to override it.
You should create next file with the following contents to set DNS:
/etc/docker/daemon.json:
{
"dns": ["your_dns_ip"]
}
Finally, restart your docker to make it take effect. Detail refers to Fix Docker's networking DNS config.
Additionally, make sure you use a workable dns, also make sure 8.8.8.8 really could work in your country if you use this.

How to enable AUFS on Debian?

When I try to install docker via:
curl -sSL https://get.docker.com/ | sh
I get the message:
Warning: current kernel is not supported by the linux-image-extra-virtual package. We have no AUFS support. Consider installing the packages linux-image-virtual kernel and linux-image-extra-virtual for AUFS support.
However, neither package seems to exist on Debian Jessie:
# apt-get install linux-image-virtual linux-image-extra-virtual
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package linux-image-virtual
E: Unable to locate package linux-image-extra-virtual
What am I missing here?
aufs is not supported by modern kernels, so you should skip to overlayfs from aufs. Just restart your docker daemon with the option:
--storage-driver=overlay2
(or add this option to /etc/default/docker)
In some systems you should add the processing of the file /etc/default/docker to start procedure by creating /etc/systemd/system/docker.service with content:
[Service]
EnvironmentFile=-/etc/default/docker
ExecStart=
ExecStart=/usr/bin/docker daemon -H fd:// $OPTIONS \
$DOCKER_STORAGE_OPTIONS \
$DOCKER_NETWORK_OPTIONS \
$BLOCK_REGISTRY \
$INSECURE_REGISTRY \
$DOCKER_OPTS
More info here
Execute
systemctl daemon-reload
for changes to take effect.
Caution! All your images become unreachable. If you want to keep them, just save and reload them. You can find the good description here
UPD. I've changed overlay to overlay2 because it solves a little bit more problem than described here
UDP. Not relevant, since overlay2 used by default in modern version of docker (18-06).
Actually installing a stock jessie gives you a kernel that comes with aufs support. My guess is you upgraded to a higher kernel version through jessie-backports which is not not the standard jessie setup.
This was tested with current Debian jessie 8.7.1 amd64 and kernel 3.16.0.4.
# cat /etc/debian_version
8.7
# dpkg --get-selections | grep linux-image
linux-image-3.16.0-4-amd64 install
linux-image-amd64 install
# dpkg -L linux-image-3.16.0-4-amd64 | grep aufs
/lib/modules/3.16.0-4-amd64/kernel/fs/aufs
/lib/modules/3.16.0-4-amd64/kernel/fs/aufs/aufs.ko
So to answer your question:
You could re-install Debian Jessie or down-grade to the default kernel and you have a jessie with aufs support.
For installing aufs on Debian 9 aka Debian stretch one just have to issue an apt-get install aufs-dkms. This is sadly not available for jessie-backports at this time.
At our company we are driving our docker hosts with an jessie aufs setup and everything is running flawlessly.
Update 08-2018
Even now I can not recommend overlay2 for production. We currently have an issue with containers where mysql is not able to create the /var/run/mysqld.sock when running in a container with the overlay2 storage.
This is addressed in this one year old issue as of August 2018.
You can try
sudo apt-get install linux-image-extra-$(uname -r)
to install an enhanced Kernel version which should contain AUFS support.

Resources