Wednesday, November 8, 2017

Docker build encounters error "failed to unshare namespaces: Invalid argument"

Issue



_[91mnsenter: failed to unshare namespaces: Invalid argument
_[0m_[91mcontainer_linux.go:265: starting container process caused "process_linux.go:270: running exec setns process for init caused \"exit status 34\""
_[0moci runtime error: container_linux.go:265: starting container process caused "process_linux.go:270: running exec setns process for init caused \"exit status 34\""

Environment

  RHEL 7.2

Solution


Execute below commands as a root user and reboot system.

grubby --args="user_namespace.enable=1" --update-kernel="$(grubby --default-kernel)"
reboot

Root cause


usernamespace was enable at docker daemon level but same was not enabled in kernel level.

Docker daemon runs like this:

ExecStart=/usr/bin/dockerd --live-restore --userland-proxy=false --icc=false --disable-legacy-registry  --userns-remap=docker:docker --tlsverify --tlscacert=/var/SP/docker/certs/ca.pem --tlscert=/var/SP/docker/certs/cert.pem --tlskey=/var/SP/docker/certs/key.pem -g /var/SP/docker -H tcp://0.0.0.0:2376  -H unix://var/run/docker.sock --log-driver=syslog --log-opt syslog-address=tcp://localhost:514 --log-opt tag="DOCKER"


Posted by at No comments:

Docker build encounters "operation timed out"

Issue

while running docker build, we see following error.
fetch http://dl-4.alpinelinux.org/alpine/v3.4/main/x86_64/APKINDEX.tar.gz
WARNING: Ignoring http://dl-4.alpinelinux.org/alpine/v3.4/main/x86_64/APKINDEX.tar.gz: operation timed out
fetch http://dl-4.alpinelinux.org/alpine/v3.4/community/x86_64/APKINDEX.tar.gz
WARNING: Ignoring http://dl-4.alpinelinux.org/alpine/v3.4/community/x86_64/APKINDEX.tar.gz: operation timed out
ERROR: unsatisfiable constraints:

Solution 

Pass proxy as environment variable and unset at the end of Dockerfile file.
ENV http_proxy http://proxyhost.com:3128
ENV https_proxy http://proxyhost.com:3128
...
RUN unset http_proxy https_proxy

Root cause Analysis

  1. During docker build on a machine which is behind proxy server can encounter this issue. Requests do not go through  running Docker engine but go directly. hence, you need to mention proxy in Dockerfile and unset later.
  2. Second issue may happen that upstream server is not available. This is very rare. You can view with below command to see current repositories
RUN cat /etc/apk/repositories
Default values are
http://dl-cdn.alpinelinux.org/alpine/v3.4/main
http://dl-cdn.alpinelinux.org/alpine/v3.4/community

You can check through browser if you can see if domain is resolving or not. you can replace with actual domain like below
RUN sed -i 's/dl-cdn.alpinelinux.org/dl-4.alpinelinux.org/' /etc/apk/repositories




Posted by at No comments:
Subscribe to: Posts (Atom)