fedora-cloud / docker-brew-fedora Goto Github PK
View Code? Open in Web Editor NEWLicense: MIT License
License: MIT License
Guys,
After reading this entry: http://www.ansible.com/blog/official-ansible-content-on-docker-hub I thought that it would be awesome to build Docker images with Ansible.
What do you think? Example is here: https://github.com/ansible/ansible-docker-base/blob/master/examples/webserver-simple/Dockerfile
We could create Fedora image with the Ansible installed so it could be used directly with "FROM" in Dockerfile (e.g. FROM fedora-ansible or whatever)
Cheers
Thanks to docker-library/official-images#3176, we now have support for Fedora on several arches including ppc64le
. ๐
IBM's pretty keen on adding s390x
there too -- anything in particular stopping that from happening? Anything we can do to help make it happen? ๐ โค๏ธ
Running this command on F23-x86_64 hangs:
docker run --rm -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro fedora:22 /usr/sbin/init
But this might be bug 1192081.
Running with '-v /run'
results in a lot of failures:
systemd 219 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN)
Detected virtualization docker.
Detected architecture x86-64.
Running with unpopulated /etc.
Welcome to Fedora 22 (Twenty Two)!
Set hostname to <205478ac7173>.
Initializing machine ID from random generator.
Populated /etc with preset unit settings.
Running in a container, ignoring fstab device entry for /dev/disk/by-uuid/872ae83d-8ae9-488f-8927-0266665410ef.
Cannot add dependency job for unit dev-hugepages.mount, ignoring: Unit dev-hugepages.mount is masked.
Cannot add dependency job for unit systemd-remount-fs.service, ignoring: Unit systemd-remount-fs.service is masked.
Cannot add dependency job for unit sys-fs-fuse-connections.mount, ignoring: Unit sys-fs-fuse-connections.mount is masked.
Cannot add dependency job for unit systemd-logind.service, ignoring: Unit systemd-logind.service is masked.
Cannot add dependency job for unit getty.target, ignoring: Unit getty.target is masked.
Cannot add dependency job for unit display-manager.service, ignoring: Unit display-manager.service failed to load: No such file or directory.
[ OK ] Reached target Remote File Systems.
[ OK ] Created slice Root Slice.
systemd-journald-audit.socket failed to listen on sockets: Operation not permitted
[FAILED] Failed to listen on Journal Audit Socket.
See "systemctl status systemd-journald-audit.socket" for details.
Unit systemd-journald-audit.socket entered failed state.
[ OK ] Listening on Journal Socket (/dev/log).
[ OK ] Listening on /dev/initctl Compatibility Named Pipe.
[ OK ] Listening on Journal Socket.
[ OK ] Created slice System Slice.
[ OK ] Reached target Slices.
tmp.mount: Directory /tmp to mount over is not empty, mounting anyway.
Mounting Temporary Directory...
Starting Rebuild Dynamic Linker Cache...
Starting First Boot Wizard...
Starting Load/Save Random Seed...
[ OK ] Listening on Delayed Shutdown Socket.
[ OK ] Reached target Encrypted Volumes.
Starting Journal Service...
[ OK ] Reached target Paths.
Starting Rebuild Hardware Database...
[ OK ] Reached target Swap.
tmp.mount mount process exited, code=exited status=32
[FAILED] Failed to mount Temporary Directory.
See "systemctl status tmp.mount" for details.
Unit tmp.mount entered failed state.
[ OK ] Started First Boot Wizard.
[ OK ] Started Load/Save Random Seed.
Starting Create System Users...
[ OK ] Reached target Local File Systems.
Starting Rebuild Journal Catalog...
systemd-journald.service: main process exited, code=exited, status=1/FAILURE
[FAILED] Failed to start Journal Service.
See "systemctl status systemd-journald.service" for details.
[DEPEND] Dependency failed for Flush Journal to Persistent Storage.
Job systemd-journal-flush.service/start failed with result 'dependency'.
Unit systemd-journald.service entered failed state.
systemd-journald.service failed.
[ OK ] Started Create System Users.
systemd-journald.service has no holdoff time, scheduling restart.
[ OK ] Stopped Flush Journal to Persistent Storage.
[ OK ] Stopped Journal Service.
systemd-journald-audit.socket failed to listen on sockets: Operation not permitted
[FAILED] Failed to listen on Journal Audit Socket.
See "systemctl status systemd-journald-audit.socket" for details.
Starting Journal Service...
systemd-journald.service: main process exited, code=exited, status=1/FAILURE
[FAILED] Failed to start Journal Service.
See "systemctl status systemd-journald.service" for details.
[DEPEND] Dependency failed for Flush Journal to Persistent Storage.
Job systemd-journal-flush.service/start failed with result 'dependency'.
Unit systemd-journald.service entered failed state.
systemd-journald.service failed.
systemd-journald.service has no holdoff time, scheduling restart.
[ OK ] Stopped Flush Journal to Persistent Storage.
[ OK ] Stopped Journal Service.
systemd-journald-audit.socket failed to listen on sockets: Operation not permitted
[FAILED] Failed to listen on Journal Audit Socket.
See "systemctl status systemd-journald-audit.socket" for details.
Starting Journal Service...
[ OK ] Started Rebuild Journal Catalog.
systemd-journald.service: main process exited, code=exited, status=1/FAILURE
[FAILED] Failed to start Journal Service.
See "systemctl status systemd-journald.service" for details.
[DEPEND] Dependency failed for Flush Journal to Persistent Storage.
Job systemd-journal-flush.service/start failed with result 'dependency'.
Unit systemd-journald.service entered failed state.
systemd-journald.service failed.
systemd-journald.service has no holdoff time, scheduling restart.
[ OK ] Started Rebuild Dynamic Linker Cache.
[ OK ] Stopped Flush Journal to Persistent Storage.
[ OK ] Stopped Journal Service.
systemd-journald-audit.socket failed to listen on sockets: Operation not permitted
[FAILED] Failed to listen on Journal Audit Socket.
See "systemctl status systemd-journald-audit.socket" for details.
Starting Journal Service...
systemd-journald.service: main process exited, code=exited, status=1/FAILURE
[FAILED] Failed to start Journal Service.
See "systemctl status systemd-journald.service" for details.
[DEPEND] Dependency failed for Flush Journal to Persistent Storage.
Job systemd-journal-flush.service/start failed with result 'dependency'.
Unit systemd-journald.service entered failed state.
systemd-journald.service failed.
systemd-journald.service has no holdoff time, scheduling restart.
[ OK ] Stopped Flush Journal to Persistent Storage.
[ OK ] Stopped Journal Service.
systemd-journald-audit.socket failed to listen on sockets: Operation not permitted
[FAILED] Failed to listen on Journal Audit Socket.
See "systemctl status systemd-journald-audit.socket" for details.
Starting Journal Service...
systemd-journald.service: main process exited, code=exited, status=1/FAILURE
[FAILED] Failed to start Journal Service.
See "systemctl status systemd-journald.service" for details.
[DEPEND] Dependency failed for Flush Journal to Persistent Storage.
Job systemd-journal-flush.service/start failed with result 'dependency'.
Unit systemd-journald.service entered failed state.
systemd-journald.service failed.
systemd-journald.service has no holdoff time, scheduling restart.
[ OK ] Stopped Flush Journal to Persistent Storage.
[ OK ] Stopped Journal Service.
systemd-journald-audit.socket failed to listen on sockets: Operation not permitted
[FAILED] Failed to listen on Journal Audit Socket.
See "systemctl status systemd-journald-audit.socket" for details.
start request repeated too quickly for systemd-journald.service
[FAILED] Failed to start Journal Service.
See "systemctl status systemd-journald.service" for details.
[DEPEND] Dependency failed for Flush Journal to Persistent Storage.
Job systemd-journal-flush.service/start failed with result 'dependency'.
Unit systemd-journald.service entered failed state.
systemd-journald.service failed.
Starting Create Volatile Files and Directories...
systemd-journald-audit.socket failed to listen on sockets: Operation not permitted
[FAILED] Failed to listen on Journal Audit Socket.
See "systemctl status systemd-journald-audit.socket" for details.
start request repeated too quickly for systemd-journald.service
[FAILED] Failed to start Journal Service.
See "systemctl status systemd-journald.service" for details.
Unit systemd-journald.socket entered failed state.
systemd-journald.service failed.
[ OK ] Started Create Volatile Files and Directories.
Starting Update UTMP about System Boot/Shutdown...
[ OK ] Started Update UTMP about System Boot/Shutdown.
[ OK ] Started Rebuild Hardware Database.
Starting Update is Completed...
[ OK ] Started Update is Completed.
[ OK ] Reached target System Initialization.
[ OK ] Listening on D-Bus System Message Bus Socket.
[ OK ] Reached target Sockets.
[ OK ] Reached target Timers.
[ OK ] Reached target Basic System.
Starting Permit User Sessions...
[ OK ] Reached target Containers.
[ OK ] Started D-Bus System Message Bus.
Starting D-Bus System Message Bus...
[ OK ] Started Permit User Sessions.
Cannot add dependency job for unit dev-hugepages.mount, ignoring: Unit dev-hugepages.mount is masked.
Cannot add dependency job for unit systemd-remount-fs.service, ignoring: Unit systemd-remount-fs.service is masked.
Cannot add dependency job for unit sys-fs-fuse-connections.mount, ignoring: Unit sys-fs-fuse-connections.mount is masked.
Starting dnf makecache...
Starting Cleanup of Temporary Directories...
[ OK ] Reached target Multi-User System.
[ OK ] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
[ OK ] Started Cleanup of Temporary Directories.
[ OK ] Started Update UTMP about System Runlevel Changes.
I'm from https://hub.docker.com/_/fedora/ to here, for an occasional case, I want to give fedora base docker image a try, instead of the default debian / ubuntu image, first I don't see a default CMD setup, have to run the image with /bin/bash, then from the shell I want to tell what's current ip addr allocated, but either ip or ifconfig is missing, I found more basic tools are missing, the usability is very poor
if you're arguing for small image size, then I found iptables is available from the container, since it's unprivileged by default, it doesn't work because some capabilities dropped, even it can work from a privileged container, but who needs iptables tool inside the container?
[root@4b814453157b /]# iptables -nvL
iptables v1.4.21: can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
[root@4b814453157b /]#
what's the meaning of you guys maintaining this base image? if not trying to make it useful?
$ sudo docker run -it fedora:rawhide dnf update
Config error: Can not read configuration: /etc/dnf/dnf.conf
ping @maxamillion, do we need a rel-eng ticket for this, or is it ok to just file issues here? :)
Is it possible to get a signature of the rootfs committed alongside it and the Dockerfile? Or sign the commit as it is done?
We are working on trying to establish trust for containers, and for that to be possible there needs to be a signature.
Pulling the image fedora
with the fedora version of docker and the official version does result in different images.
There should be link here to the more up to date registry.fedoraproject.org images.
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.fedoraproject.org/fedora 26 ba857ff07853 2 weeks ago 231MB
fedora 26 b0b140824a48 6 weeks ago 231MB
When trying to install any environment group through dnf I get the following error;
[root@fc6dee214c03 /]# dnf upgrade -y
...
[root@fc6dee214c03 /]# dnf install '@Web Server'
Last metadata expiration check: 0:02:06 ago on Wed 31 Oct 2018 01:53:07 AM UTC.
No match for group package "powerpc-utils"
No match for group package "lsvpd"
Error:
Problem: problem with installed package coreutils-single-8.30-5.fc29.x86_64
- package coreutils-8.30-4.fc29.x86_64 conflicts with coreutils-single provided by coreutils-single-8.30-5.fc29.x86_64
- package coreutils-8.30-4.fc29.x86_64 conflicts with coreutils-single provided by coreutils-single-8.30-4.fc29.x86_64
- conflicting requests
(try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages)
Before I do dnf upgrade
coreutils-single is installed at 8.30-4.fc29
and the upgrade will install 8.30-5.fc29
but the issue really seems to be a conflict between coreutils-single
and coreutils
that @Web Server
expects. This occurs for all other environment groups, @Web Server
is just an example.
For some background to this, Ansible run's it integration tests for Fedora on Docker containers and the test that is failing is one that tests the dnf module against an environment group install. Currently we only test against F24 and F25 due to other issues but we are trying to upgrade to F28 and F29. Technically I can install this on the F28 container but it does display a message around the coreutils conflicts (even without a dnf upgrade), it just allows me to continue.
Happy to supply whatever you need to debug this further.
Hi,
I've created this jenkins issue regarding fedora docker image usage over in the Jenkins bug tracker:
https://issues.jenkins-ci.org/browse/JENKINS-39307
Jenkins pipeline scripts will spin up the fedora docker image to do some shell scripts. In the bug report this was reduced to the very minimal:
cat /etc/issue; while /bin/true; do echo 'x'; sleep 1; done
which for sure will work in an interactive shell with the docker container, but will abort after the 1st iteration when run via jenkins. To get more facts I've tried older fedora images (yes, they're not supported anymore...) to find out that this miss behavior was introduced from fedora 21->22
Since the docker library only points out to some tarballs, where do I get them? And whats the best way to find out what could be the reason for this behavior?
Hi,
when I use the following Dockerfile
with Fedora 21, everything works fine and the output of the date
command is perfectly using the previous set locale:
from fedora:21
run echo "LANG=de_DE.UTF-8" > /etc/locale.conf
run echo "LC_MESSAGES=C" >> /etc/locale.conf
env LANG de_DE.UTF-8
run date
Outputs:
Step 4 : RUN date
---> Running in 07e5b6c9beab
Fr 29. Mai 20:44:23 UTC 2015
Using the same with Fedora 22 won't set the locale to de_DE.UTF-8
correctly - the output is:
Step 4 : RUN date
---> Running in aad73e404dfe
Fri May 29 20:50:06 UTC 2015
When running RUN dnf --version
an error message occurs:
Failed to set locale, defaulting to C
When using some git
commands another error messages are like:
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "de_DE.UTF-8"
are supported and installed on your system.
In the offical Fedora 22 Administrator Guide I found the localectl
command, which I used in my Dockerfile
:
run localectl set-locale LANG=de_DE.utf8
The error message is then:
Step 4 : RUN localectl set-locale LANG=de_DE.utf8
---> Running in 9f2585861602
Failed to create bus connection: No such file or directory
What is the right way to use an utf-8 locale?
The Docker image I used is:
22: Pulling from fedora
48ecf305d2cf: Already exists
ded7cd95e059: Already exists
Digest: sha256:cc47966101aeba8015c933f9c3854811a27363f93fa4e0e52e6c55181c56c66c
Status: Image is up to date for fedora:22
Thanks many in advance,
Stefan
Fedora:28 aarch64 works. Fedora:29 fails. Example docker file:
FROM fedora:29
RUN dnf update -y
Result:
Traceback (most recent call last):
File "/usr/bin/dnf", line 58, in
main.user_main(sys.argv[1:], exit_code=True)
File "/usr/lib/python3.7/site-packages/dnf/cli/main.py", line 179, in user_main
errcode = main(args)
File "/usr/lib/python3.7/site-packages/dnf/cli/main.py", line 64, in main
return _main(base, args, cli_class, option_parser_class)
File "/usr/lib/python3.7/site-packages/dnf/cli/main.py", line 99, in _main
return cli_run(cli, base)
File "/usr/lib/python3.7/site-packages/dnf/cli/main.py", line 123, in cli_run
ret = resolving(cli, base)
File "/usr/lib/python3.7/site-packages/dnf/cli/main.py", line 154, in resolving
base.do_transaction(display=displays)
File "/usr/lib/python3.7/site-packages/dnf/cli/cli.py", line 239, in do_transaction
tid = super(BaseCli, self).do_transaction(display)
File "/usr/lib/python3.7/site-packages/dnf/base.py", line 905, in do_transaction
tid = self._run_transaction(cb=cb)
File "/usr/lib/python3.7/site-packages/dnf/base.py", line 978, in _run_transaction
tid = self.history.beg(rpmdbv, using_pkgs, [], cmdline)
File "/usr/lib/python3.7/site-packages/dnf/db/history.py", line 448, in beg
int(misc.getloginuid())
TypeError: int() argument must be a string, a bytes-like object or a number, not 'NoneType'
F24 image contains only the following locales:
[root@a1f27e8300c4 workdir]# locale -a
C
C.utf8
POSIX
This comes from the base cloud image.
There is a typo on this line: https://github.com/fedora-cloud/docker-brew-fedora/blob/24/koji-f24-build-15263133-base.ks#L35
It should say %_install_langs $LANG
according to https://fedoraproject.org/wiki/Changes/Glibc_locale_subpackaging
It would be nice, however, to enable all locales.
With Dockerfile
FROM fedora:22
ENV container docker
# to workaround https://github.com/fedora-cloud/docker-brew-fedora/issues/21
RUN dnf upgrade -y && dnf clean all
RUN systemctl mask systemd-remount-fs.service dev-hugepages.mount sys-fs- fuse-connections.mount systemd-logind.service getty.target console-getty.service dnf-makecache.service
RUN dnf install -y nfs-utils
VOLUME [ "/tmp", "/run" ]
CMD [ "/usr/sbin/init" ]
LABEL RUN "docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro ${NAME}"
running the container with
docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro fedora-22-systemd
shows errors
[ OK ] Started Load/Save Random Seed.
[ OK ] Started Create System Users.
proc-fs-nfsd.mount mount process exited, code=exited status=32
[FAILED] Failed to mount NFSD configuration filesystem.
See "systemctl status proc-fs-nfsd.mount" for details.
[DEPEND] Dependency failed for GSSAPI Proxy Daemon.
Job gssproxy.service/start failed with result 'dependency'.
Unit proc-fs-nfsd.mount entered failed state.
[ OK ] Started Rebuild Journal Catalog.
[ OK ] Started Preprocess NFS configuration.
and
[ OK ] Started Create Volatile Files and Directories.
Mounting RPC Pipe File System...
Starting Update UTMP about System Boot/Shutdown...
[FAILED] Failed to mount RPC Pipe File System.
See "systemctl status var-lib-nfs-rpc_pipefs.mount" for details.
[DEPEND] Dependency failed for RPC security service for NFS client and server.
[DEPEND] Dependency failed for RPC security service for NFS server.
[ OK ] Reached target NFS client services.
[ OK ] Reached target Remote File Systems (Pre).
Running systemctl status ...
shows
# systemctl status proc-fs-nfsd.mount -l
โ proc-fs-nfsd.mount - NFSD configuration filesystem
Loaded: loaded (/usr/lib/systemd/system/proc-fs-nfsd.mount; static; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2015-10-21 08:27:12 UTC; 29s ago
Where: /proc/fs/nfsd
What: nfsd
Process: 27 ExecMount=/bin/mount nfsd /proc/fs/nfsd -n -t nfsd (code=exited, status=32)
Oct 21 08:27:13 17a4321fc06f mount[27]: mount: nfsd is write-protected, mounting read-only
Oct 21 08:27:13 17a4321fc06f mount[27]: mount: cannot mount nfsd read-only
and
# systemctl status var-lib-nfs-rpc_pipefs.mount -l
โ var-lib-nfs-rpc_pipefs.mount - RPC Pipe File System
Loaded: loaded (/usr/lib/systemd/system/var-lib-nfs-rpc_pipefs.mount; static; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2015-10-21 08:29:50 UTC; 28s ago
Where: /var/lib/nfs/rpc_pipefs
What: sunrpc
Process: 29 ExecMount=/bin/mount sunrpc /var/lib/nfs/rpc_pipefs -n -t rpc_pipefs (code=exited, status=32)
Oct 21 08:29:50 00dba0989871 systemd[1]: Mounting RPC Pipe File System...
Oct 21 08:29:50 00dba0989871 systemd[1]: var-lib-nfs-rpc_pipefs.mount mount process exited, code=exited status=32
Oct 21 08:29:50 00dba0989871 systemd[1]: Failed to mount RPC Pipe File System.
Oct 21 08:29:50 00dba0989871 systemd[1]: Unit var-lib-nfs-rpc_pipefs.mount entered failed state.
Oct 21 08:29:50 00dba0989871 mount[29]: mount: permission denied
[root@d0f1f115730d dnf]# dnf upgrade --verbose
DNF version: 2.7.5
cachedir: /var/cache/dnf
Cannot download 'https://mirrors.fedoraproject.org/metalink?repo=updates-released-f28&arch=arm': Cannot prepare internal mirrorlist: file "repomd.xml" was not found in metalink.
Error: Failed to synchronize cache for repo 'updates'
"Id": "sha256:422dc563ca3260ad9ef5c47a1c246f5065d7f177ce51f4dd208efd82967ff182",
"Created": "2017-11-14T21:07:08.475840838Z",
$ docker run fedora:latest bash -c 'yum install -y dnsmasq && dnsmasq --version'
Fedora 27 - x86_64 - Updates 1.6 MB/s | 16 MB 00:09
Fedora 27 - x86_64 2.7 MB/s | 58 MB 00:21
Last metadata expiration check: 0:00:10 ago on Wed Jan 17 04:52:17 2018.
Dependencies resolved.
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
dnsmasq x86_64 2.78-1.fc27 updates 306 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 306 k
Installed size: 626 k
Downloading Packages:
dnsmasq-2.78-1.fc27.x86_64.rpm 429 kB/s | 306 kB 00:00
--------------------------------------------------------------------------------
Total 258 kB/s | 306 kB 00:01
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : dnsmasq-2.78-1.fc27.x86_64 1/1
Running scriptlet: dnsmasq-2.78-1.fc27.x86_64 1/1Failed to connect to bus: No such file or directory
Verifying : dnsmasq-2.78-1.fc27.x86_64 1/1
Installed:
dnsmasq.x86_64 2.78-1.fc27
Complete!
dnsmasq: relocation error: dnsmasq: symbol nettle_get_hashes, version NETTLE_6 not defined in file libnettle.so.6 with link time reference
I'm using docker 17.12.0, verified on Docker for Mac Edge and an Ubuntu docker server.
WORKAROUND: yum install -y dnsmasq-2.77
Steps to reproduce:
$ docker run -t -i fedora:21 bash # yum provides /usr/share/man/man1/ls.1.gz fedora/21/x86_64/filelists_db | 25 MB 00:00:01 updates/21/x86_64/filelists_db | 13 MB 00:00:00 coreutils-8.22-19.fc21.x86_64 : A set of basic GNU tools commonly used in shell scripts Repo : fedora Matched from: Filename : /usr/share/man/man1/ls.1.gz coreutils-8.22-19.fc21.x86_64 : A set of basic GNU tools commonly used in shell scripts Repo : @anaconda Matched from: Filename : /usr/share/man/man1/ls.1.gz # yum install coreutils Package coreutils-8.22-19.fc21.x86_64 already installed and latest version Nothing to do # ls -l /usr/share/man/man1/ls.1.gz ls: cannot access /usr/share/man/man1/ls.1.gz: No such file or directory # yum install man # man ls No manual entry for ls
(I would happily file a bugzilla bug instead but I got lost trying to see the list of bugs and at the moment I tried the server took about 5 seconds to display a single page)
Running:
cpupower frequency-set --governor performance
Output:
sh: modprobe: command not found
Setting cpu: 0
Error setting new values. Common errors:
- Do you have proper administration rights? (super-user?)
- Is the governor you requested available and modprobed?
- Trying to set an invalid policy?
- Trying to set a specific frequency, but userspace governor is not available,
for example because of hardware which cannot be set to a specific frequency
or because the userspace governor isn't loaded?
Governor performance is available, but utility is not able to set it.
https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/
https://weakdh.org/
https://bugzilla.redhat.com/show_bug.cgi?id=1224447
Reading that report it sounds like the fixes have dropped already, and might just be waiting on mirror propagation? Am I reading that right?
Once the fixes are available, updated rootfs tarballs would be ๐. โค๏ธ
Would like to build RPMs for the upcoming Fedora 25 release, currently scheduled for November 15, 2016. Could we get an official fedora docker image of the Fedora 25 beta?
Docker image name could be something like fedora:25-beta-1.1
Perhaps this image can be used? https://getfedora.org/en/cloud/prerelease/docker.html
# docker run -ti fedora:22 cat /etc/redhat-release
Fedora release 20 (Heisenbug)
# docker images fedora
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
docker.io/fedora 22 0d071bb732e1 4 weeks ago 290.6 MB
Things were sane yesterday when fedora:22 was pointing to ded7cd95e059.
Also reported as https://fedorahosted.org/cloud/ticket/137.
Unless I'm misunderstanding things, isn't it glibc-2.22-9.fc23 that has the CVE-2015-7547 fix?
The commit that purports to include the CVE-2015-7547 fix (c64d823) actually includes glibc-2.22-7.fc23.x86_64.
โ docker-brew-fedora git:(master) git checkout c64d823a85417499a3dc4ecdf3e9bd6e2623c02f
Note: checking out 'c64d823a85417499a3dc4ecdf3e9bd6e2623c02f'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:
git checkout -b <new-branch-name>
HEAD is now at c64d823... update 23 - 20160217 - glibc: CVE-2015-7547
โ docker-brew-fedora git:(c64d823) ls
Dockerfile koji-f23-build-13017352-base.ks
fedora-23-20160217.tar.xz
โ docker-brew-fedora git:(c64d823) eval $(docker-machine env machine)
โ docker-brew-fedora git:(c64d823) docker build -t myf23 .
Sending build context to Docker daemon 383.9 MB
Step 1 : FROM scratch
--->
Step 2 : MAINTAINER Adam Miller <[email protected]>
---> Using cache
---> 369aca82a5c0
Step 3 : ADD fedora-23-20160217.tar.xz /
---> 75c36f8bf34f
Removing intermediate container 2f6b9e710ee6
Successfully built 75c36f8bf34f
โ docker-brew-fedora git:(c64d823) docker run -it --rm myf23 rpm -aq | grep glibc
glibc-common-2.22-7.fc23.x86_64
glibc-2.22-7.fc23.x86_64
Can you provide a 32 bit docker image?
While tying to debug the script I found that it lacks any optimization for avoiding all images on each execution, even if they were downloaded few minutes ago.
I suspect that in CI context this is not important but for development is a readl PITA to download all these images again and again. They should be downloaded if changed.
I gues this is a side-effect of the decision to use mktemp -d
for the temp directory.
I wonder if it would not be better to use a predictable folder instead and use an optional clean flag for cleaning the directory before running?
ssia
Hello,
we are working on SSSD container for Atomic Host: https://lists.projectatomic.io/projectatomic-archives/atomic-devel/2015-September/msg00086.html
It allows SSSD (the daemon) plus the configuration tools (ipa-client-install, realm) to be in container but for other container to be able to use it for resolution of user identities or authentication, NSS and PAM libraries that would be able to talk to the SSSD container via Unix sockets are needed.
The libraries that I consider essential are
/usr/lib64/libnss_sss.so.2
/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so
/usr/lib64/security/pam_sss.so
The package that contains them is sssd-client and it has two dependencies, libsss_idmap and libsss_nss_idmap. The total size as reported by dnf in a fedora:22 container is
Total download size: 284 k
Installed size: 336 k
Could these packages be added to Fedora base image? It would make it much easier to deploy images built from the base image with SSSD's Unix socket directory bind-mounted and NSS and PAM would automatically be able to use remote user identities (from FreeIPA, Active Directory, or possibly other backends supported by SSSD), without any explicit changes needed in the layered images.
The SSSD container can also serve as plugin for sudo via /usr/lib64/libsss_sudo.so but dependencies of sssd-common where it is distributed would add 5.6 M when installed and I believe having out-of-box support for remote sudo rules is not that critical -- if the layered image uses sudo, it can add it explicitly.
This is a copy of https://bugzilla.redhat.com/show_bug.cgi?id=1248467:
Description of problem:
It seems fedora:20 image has openssl-libs from updates-testing, which is not enabled, preventing installation of openssl.
Version-Release number of selected component (if applicable):
fedora:20 image 1b48ab88a33e.
How reproducible:
Deterministic.
Steps to Reproduce:
Actual results:
Resolving Dependencies
--> Running transaction check
---> Package openssl.x86_64 1:1.0.1e-42.fc20 will be installed
--> Processing Dependency: openssl-libs(x86-64) = 1:1.0.1e-42.fc20 for package: 1:openssl-1.0.1e-42.fc20.x86_64
--> Processing Dependency: make for package: 1:openssl-1.0.1e-42.fc20.x86_64
--> Running transaction check
---> Package make.x86_64 1:3.82-19.fc20 will be installed
---> Package openssl.x86_64 1:1.0.1e-42.fc20 will be installed
--> Processing Dependency: openssl-libs(x86-64) = 1:1.0.1e-42.fc20 for package: 1:openssl-1.0.1e-42.fc20.x86_64
--> Finished Dependency Resolution
Error: Package: 1:openssl-1.0.1e-42.fc20.x86_64 (updates)
Requires: openssl-libs(x86-64) = 1:1.0.1e-42.fc20
Installed: 1:openssl-libs-1.0.1e-45.fc20.x86_64 (@fedora-updates-testing/$releasever)
openssl-libs(x86-64) = 1:1.0.1e-45.fc20
Available: 1:openssl-libs-1.0.1e-30.fc20.x86_64 (fedora)
openssl-libs(x86-64) = 1:1.0.1e-30.fc20
Available: 1:openssl-libs-1.0.1e-42.fc20.x86_64 (updates)
openssl-libs(x86-64) = 1:1.0.1e-42.fc20
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
Expected results:
No error, installation of openssl passes.
Additional info:
While Fedora 20 EOL'ed on 2015-06-23, it seems something has rebuilt the image on or after that date because http://koji.fedoraproject.org/koji/buildinfo?buildID=664541 as built the same day.
It'd be nice to have reasonably working Fedora 20 image around, we use it for upgrade testing.
Please reference https://bugzilla.redhat.com/show_bug.cgi?id=1483553 and https://bugzilla.redhat.com/show_bug.cgi?id=1394862.
It appears the 2017-09-15 update to the fedora:26 image ends up hampering any "dnf install" commands either during a docker image build or during a docker run.
Is is possible to pick up https://bodhi.fedoraproject.org/updates/FEDORA-2017-9d9767cf8a ?
Attempting an SSH container build, get the following error:
"...
Step 3 : RUN yum -y install openssh-server passwd ; yum clean all
---> Running in 1b80ac51c10fOne of the configured repositories failed (Fedora 21 - x86_64),
and yum doesn't have enough cached data to continue. At this point the only
safe thing yum can do is fail. There are a few ways to work "fix" this:1. Contact the upstream for the repository and get them to fix the problem. 2. Reconfigure the baseurl/etc. for the repository, to point to a working upstream. This is most often useful if you are using a newer distribution release than is supported by the repository (and the packages for the previous distribution release still work). 3. Disable the repository, so yum won't use it by default. Yum will then just ignore the repository until you permanently enable it again or use --enablerepo for temporary usage: yum-config-manager --disable fedora 4. Configure the failing repository to be skipped, if it is unavailable. Note that yum will try to contact the repo. when it runs most commands, so will have to try and fail each time (and thus. yum will be be much slower). If it is a very temporary problem though, this is often a nice compromise: yum-config-manager --save --setopt=fedora.skip_if_unavailable=true
Cannot retrieve metalink for repository: fedora/21/x86_64. Please verify its path and try again"
The resulting container does not have ssh or passwd installed. I am attempting this build with fedora21 official on Fedora 22 Beta host. Docker version: 1.6.0. The Dockerfile was cloned from:
https://github.com/fedora-cloud/Fedora-Dockerfiles.git
I have no idea how to fix this. Any ideas?
I have searched using Google, and this has been observed with previous releases, but without any resolution that I could find.
How is the rootfs built? I see the ks file, but does that mean I have to have a full Fedora system running first?
I'm hoping to be able to do something for Fedora similar to https://github.com/jmtd/debian-docker
When building image with Dockerfile that starts with
FROM fedora:22
RUN dnf upgrade -y
there are numerous warnings:
/usr/share/man/man5/libaudit.conf.5.gz: No such file or directory
cannot reconstruct rpm from disk files
/usr/share/man/man8/ca-legacy.8.gz: No such file or directory
cannot reconstruct rpm from disk files
/usr/share/locale/cs/LC_MESSAGES/cryptsetup.mo: No such file or directory
cannot reconstruct rpm from disk files
/usr/share/doc/coreutils/ABOUT-NLS: No such file or directory
cannot reconstruct rpm from disk files
/usr/share/locale/cs/LC_MESSAGES/bash.mo: No such file or directory
cannot reconstruct rpm from disk files
/usr/share/doc/cyrus-sasl-lib/AUTHORS: No such file or directory
cannot reconstruct rpm from disk files
/usr/share/doc/file-libs/ChangeLog: No such file or directory
cannot reconstruct rpm from disk files
/usr/share/locale/ca/LC_MESSAGES/glib20.mo: No such file or directory
cannot reconstruct rpm from disk files
/usr/share/info/info-stnd.info.gz: No such file or directory
cannot reconstruct rpm from disk files
/usr/share/doc/bash-completion/AUTHORS: No such file or directory
cannot reconstruct rpm from disk files
/usr/share/doc/python-dnf/AUTHORS: No such file or directory
cannot reconstruct rpm from disk files
/usr/share/doc/libassuan/AUTHORS: No such file or directory
cannot reconstruct rpm from disk files
/usr/share/locale/fi/LC_MESSAGES/util-linux.mo: No such file or directory
cannot reconstruct rpm from disk files
/usr/share/doc/libpwquality/AUTHORS: No such file or directory
cannot reconstruct rpm from disk files
/usr/share/doc/krb5-libs/NOTICE: No such file or directory
cannot reconstruct rpm from disk files
/usr/share/doc/libxml2/AUTHORS: No such file or directory
cannot reconstruct rpm from disk files
/usr/share/doc/libsolv/BUGS: No such file or directory
cannot reconstruct rpm from disk files
/usr/share/doc/p11-kit/AUTHORS: No such file or directory
cannot reconstruct rpm from disk files
/usr/share/doc/pcre/AUTHORS: No such file or directory
cannot reconstruct rpm from disk files
/usr/share/man/man5/cert8.db.5.gz: No such file or directory
cannot reconstruct rpm from disk files
/usr/share/doc/pam/html/sag-pam_deny.html: No such file or directory
cannot reconstruct rpm from disk files
/usr/share/locale/de/LC_MESSAGES/rpm.mo: No such file or directory
cannot reconstruct rpm from disk files
/usr/share/doc/shared-mime-info/shared-mime-info-spec.xml: No such file or directory
cannot reconstruct rpm from disk files
/usr/share/man/man8/udevadm.8.gz: No such file or directory
cannot reconstruct rpm from disk files
/usr/share/doc/glibc/NEWS: No such file or directory
cannot reconstruct rpm from disk files
/usr/share/doc/python-libs/README: No such file or directory
cannot reconstruct rpm from disk files
file-libs-5.22-4.fc22.x86_64: Delta RPM rebuild failed
ca-certificates-2015.2.5-1.0.fc22.noarch: Delta RPM rebuild failed
libxml2-2.9.2-4.fc22.x86_64: Delta RPM rebuild failed
libassuan-2.3.0-1.fc22.x86_64: Delta RPM rebuild failed
python-dnf-1.1.2-4.fc22.noarch: Delta RPM rebuild failed
glibc-2.21-8.fc22.x86_64: Delta RPM rebuild failed
krb5-libs-1.13.2-7.fc22.x86_64: Delta RPM rebuild failed
bash-completion-1:2.1-7.20150513git1950590.fc22.noarch: Delta RPM rebuild failed
cyrus-sasl-lib-2.1.26-23.fc22.x86_64: Delta RPM rebuild failed
cryptsetup-libs-1.6.8-2.fc22.x86_64: Delta RPM rebuild failed
glib2-2.44.1-2.fc22.x86_64: Delta RPM rebuild failed
pam-1.1.8-19.fc22.x86_64: Delta RPM rebuild failed
nss-3.20.0-1.0.fc22.x86_64: Delta RPM rebuild failed
libpwquality-1.2.4-3.fc22.x86_64: Delta RPM rebuild failed
shared-mime-info-1.4-6.fc22.x86_64: Delta RPM rebuild failed
rpm-4.12.0.1-12.fc22.x86_64: Delta RPM rebuild failed
info-5.2-9.fc22.x86_64: Delta RPM rebuild failed
p11-kit-0.23.1-2.fc22.x86_64: Delta RPM rebuild failed
libsolv-0.6.11-2.fc22.x86_64: Delta RPM rebuild failed
python-libs-2.7.10-8.fc22.x86_64: Delta RPM rebuild failed
bash-4.3.42-1.fc22.x86_64: Delta RPM rebuild failed
util-linux-2.26.2-3.fc22.x86_64: Delta RPM rebuild failed
pcre-8.37-4.fc22.x86_64: Delta RPM rebuild failed
systemd-219-24.fc22.x86_64: Delta RPM rebuild failed
audit-libs-2.4.4-1.fc22.x86_64: Delta RPM rebuild failed
coreutils-8.23-11.fc22.x86_64: Delta RPM rebuild failed
--------------------------------------------------------------------------------
Total 5.1 MB/s | 62 MB 00:12
Delta RPMs reduced 56.1 MB of updates to 62.0 MB (-10.1% saved)
So with the default setup, more data is downloaded by dnf in an attempt to use drpms than if it was disabled, wasting bandwidth and CPU. Using --setopt=deltarpm=false
works but it really should be default.
"yum update -y" now fails for fedora 20 complaining that systemd cannot be updated.
this seems to be this bug that was found in CentOS resurfacing, so it may be an upstream issue?
http://bugs.centos.org/view.php?id=7480
Update: containers working as expected on CentOS & Fedora hosts, so this looks like a permissions issue with docker on ubuntu.
Hello,
It is maybe a little early but the alpha of Fedora 24 just released today so it would be great to add a Fedora 24 Docker image in the coming weeks.
Thanks in advance,
Pierre
This was initially reported on ansible/ansible#50951 as it was discovered while trying to test ansible-molecule on fedora sytems. With centos images it did work without any problem.
$ docker run -it fedora:28
docker: Error response from daemon: No command specified.
Running docker image inspect fedora:28
uncovered the fact that Cmd is null
and this is what caused the issue. On CentOS image Cmd is /bin/bash
.
Please fix this and rebuild images for fedora:28 and newer. Updating fedora:28 image is quite important as this is the base used by RHEL8/CentOS8 and the work being done for in preparation for these.
With Fedora 21 image (e26efd418c48), following the steps from http://vpavlin.eu/2015/02/fedora-docker-and-systemd/ with Dockerfile
FROM fedora:21
ENV container docker
RUN systemctl mask systemd-remount-fs.service dev-hugepages.mount sys-fs-fuse-connections.mount systemd-logind.service getty.target console-getty.service
RUN cp /usr/lib/systemd/system/dbus.service /etc/systemd/system/; sed -i 's/OOMScoreAdjust=-900//' /etc/systemd/system/dbus.service
VOLUME [ "/tmp", "/run" ]
CMD [ "/usr/sbin/init" ]
LABEL RUN "docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro ${NAME}"
and running it with
docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro fedora-21-systemd
makes the container start without any error. For the record, the processes left running are
1 ? Ss 0:00 /usr/sbin/init
22 ? Ss 0:00 /usr/lib/systemd/systemd-journald
28 ? Ss 0:00 /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
When I try to use the same Dockerfile for Fedora 22 (ded7cd95e059), I get multiple errors. The Dockerfile is
FROM fedora:22
ENV container docker
RUN systemctl mask systemd-remount-fs.service dev-hugepages.mount sys-fs-fuse-connections.mount systemd-logind.service getty.target console-getty.service
RUN cp /usr/lib/systemd/system/dbus.service /etc/systemd/system/; sed -i 's/OOMScoreAdjust=-900//' /etc/systemd/system/dbus.service
VOLUME [ "/tmp", "/run" ]
CMD [ "/usr/sbin/init" ]
LABEL RUN "docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro ${NAME}"
I run it as
docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro fedora-22-systemd
and the output is
systemd 219 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN)
Detected virtualization docker.
Detected architecture x86-64.
Running with unpopulated /etc.
Welcome to Fedora 22 (Twenty Two)!
Set hostname to <be4d5fd6bb84>.
Initializing machine ID from random generator.
Populated /etc with preset unit settings.
Running in a container, ignoring fstab device entry for /dev/disk/by-uuid/872ae83d-8ae9-488f-8927-0266665410ef.
Cannot add dependency job for unit systemd-remount-fs.service, ignoring: Unit systemd-remount-fs.service is masked.
Cannot add dependency job for unit sys-fs-fuse-connections.mount, ignoring: Unit sys-fs-fuse-connections.mount is masked.
Cannot add dependency job for unit dev-hugepages.mount, ignoring: Unit dev-hugepages.mount is masked.
Cannot add dependency job for unit systemd-logind.service, ignoring: Unit systemd-logind.service is masked.
Cannot add dependency job for unit getty.target, ignoring: Unit getty.target is masked.
Cannot add dependency job for unit display-manager.service, ignoring: Unit display-manager.service failed to load: No such file or directory.
[ OK ] Created slice Root Slice.
[ OK ] Listening on /dev/initctl Compatibility Named Pipe.
[ OK ] Reached target Swap.
[ OK ] Reached target Remote File Systems.
systemd-journald-audit.socket failed to listen on sockets: Operation not permitted
[FAILED] Failed to listen on Journal Audit Socket.
See "systemctl status systemd-journald-audit.socket" for details.
Unit systemd-journald-audit.socket entered failed state.
[ OK ] Reached target Local File Systems.
[ OK ] Created slice System Slice.
[ OK ] Reached target Slices.
[ OK ] Listening on Journal Socket.
Starting Rebuild Dynamic Linker Cache...
Starting Load/Save Random Seed...
[ OK ] Listening on Journal Socket (/dev/log).
Starting Journal Service...
Starting Rebuild Hardware Database...
Starting Rebuild Journal Catalog...
[ OK ] Listening on Delayed Shutdown Socket.
[ OK ] Reached target Paths.
[ OK ] Reached target Encrypted Volumes.
Starting First Boot Wizard...
[ OK ] Started Load/Save Random Seed.
systemd-journald.service: main process exited, code=exited, status=1/FAILURE
[FAILED] Failed to start Journal Service.
See "systemctl status systemd-journald.service" for details.
[DEPEND] Dependency failed for Flush Journal to Persistent Storage.
Job systemd-journal-flush.service/start failed with result 'dependency'.
Unit systemd-journald.service entered failed state.
systemd-journald.service failed.
[ OK ] Started Rebuild Journal Catalog.
[ OK ] Started First Boot Wizard.
systemd-journald.service has no holdoff time, scheduling restart.
[ OK ] Stopped Flush Journal to Persistent Storage.
[ OK ] Stopped Journal Service.
systemd-journald-audit.socket failed to listen on sockets: Operation not permitted
[FAILED] Failed to listen on Journal Audit Socket.
See "systemctl status systemd-journald-audit.socket" for details.
Starting Journal Service...
Starting Create System Users...
systemd-journald.service: main process exited, code=exited, status=1/FAILURE
[FAILED] Failed to start Journal Service.
See "systemctl status systemd-journald.service" for details.
[DEPEND] Dependency failed for Flush Journal to Persistent Storage.
Job systemd-journal-flush.service/start failed with result 'dependency'.
Unit systemd-journald.service entered failed state.
systemd-journald.service failed.
systemd-journald.service has no holdoff time, scheduling restart.
[ OK ] Stopped Flush Journal to Persistent Storage.
[ OK ] Stopped Journal Service.
systemd-journald-audit.socket failed to listen on sockets: Operation not permitted
[FAILED] Failed to listen on Journal Audit Socket.
See "systemctl status systemd-journald-audit.socket" for details.
Starting Journal Service...
systemd-journald.service: main process exited, code=exited, status=1/FAILURE
[FAILED] Failed to start Journal Service.
See "systemctl status systemd-journald.service" for details.
[DEPEND] Dependency failed for Flush Journal to Persistent Storage.
Job systemd-journal-flush.service/start failed with result 'dependency'.
Unit systemd-journald.service entered failed state.
systemd-journald.service failed.
systemd-journald.service has no holdoff time, scheduling restart.
[ OK ] Stopped Flush Journal to Persistent Storage.
[ OK ] Stopped Journal Service.
systemd-journald-audit.socket failed to listen on sockets: Operation not permitted
[FAILED] Failed to listen on Journal Audit Socket.
See "systemctl status systemd-journald-audit.socket" for details.
Starting Journal Service...
[ OK ] Started Create System Users.
systemd-journald.service: main process exited, code=exited, status=1/FAILURE
[FAILED] Failed to start Journal Service.
See "systemctl status systemd-journald.service" for details.
[DEPEND] Dependency failed for Flush Journal to Persistent Storage.
Job systemd-journal-flush.service/start failed with result 'dependency'.
Unit systemd-journald.service entered failed state.
systemd-journald.service failed.
systemd-journald.service has no holdoff time, scheduling restart.
[ OK ] Stopped Flush Journal to Persistent Storage.
[ OK ] Stopped Journal Service.
systemd-journald-audit.socket failed to listen on sockets: Operation not permitted
[FAILED] Failed to listen on Journal Audit Socket.
See "systemctl status systemd-journald-audit.socket" for details.
Starting Journal Service...
systemd-journald.service: main process exited, code=exited, status=1/FAILURE
[FAILED] Failed to start Journal Service.
See "systemctl status systemd-journald.service" for details.
[DEPEND] Dependency failed for Flush Journal to Persistent Storage.
Job systemd-journal-flush.service/start failed with result 'dependency'.
Unit systemd-journald.service entered failed state.
systemd-journald.service failed.
systemd-journald.service has no holdoff time, scheduling restart.
[ OK ] Stopped Flush Journal to Persistent Storage.
[ OK ] Stopped Journal Service.
systemd-journald-audit.socket failed to listen on sockets: Operation not permitted
[FAILED] Failed to listen on Journal Audit Socket.
See "systemctl status systemd-journald-audit.socket" for details.
start request repeated too quickly for systemd-journald.service
[FAILED] Failed to start Journal Service.
See "systemctl status systemd-journald.service" for details.
[DEPEND] Dependency failed for Flush Journal to Persistent Storage.
Job systemd-journal-flush.service/start failed with result 'dependency'.
Unit systemd-journald.service entered failed state.
systemd-journald.service failed.
Starting Create Volatile Files and Directories...
systemd-journald-audit.socket failed to listen on sockets: Operation not permitted
[FAILED] Failed to listen on Journal Audit Socket.
See "systemctl status systemd-journald-audit.socket" for details.
start request repeated too quickly for systemd-journald.service
[FAILED] Failed to start Journal Service.
See "systemctl status systemd-journald.service" for details.
Unit systemd-journald.socket entered failed state.
systemd-journald.service failed.
[ OK ] Started Create Volatile Files and Directories.
Starting Update UTMP about System Boot/Shutdown...
[ OK ] Started Rebuild Dynamic Linker Cache.
[ OK ] Started Update UTMP about System Boot/Shutdown.
[ OK ] Started Rebuild Hardware Database.
Starting Update is Completed...
[ OK ] Started Update is Completed.
[ OK ] Reached target System Initialization.
[ OK ] Listening on D-Bus System Message Bus Socket.
[ OK ] Reached target Sockets.
[ OK ] Reached target Basic System.
[ OK ] Reached target Containers.
[ OK ] Started D-Bus System Message Bus.
Starting D-Bus System Message Bus...
Starting Permit User Sessions...
[ OK ] Reached target Timers.
Cannot add dependency job for unit systemd-remount-fs.service, ignoring: Unit systemd-remount-fs.service is masked.
Cannot add dependency job for unit sys-fs-fuse-connections.mount, ignoring: Unit sys-fs-fuse-connections.mount is masked.
Cannot add dependency job for unit dev-hugepages.mount, ignoring: Unit dev-hugepages.mount is masked.
Starting dnf makecache...
Starting Cleanup of Temporary Directories...
[ OK ] Started Permit User Sessions.
[ OK ] Reached target Multi-User System.
[ OK ] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
[ OK ] Started Cleanup of Temporary Directories.
[ OK ] Started Update UTMP about System Runlevel Changes.
dnf-makecache.service: main process exited, code=exited, status=1/FAILURE
[FAILED] Failed to start dnf makecache.
See "systemctl status dnf-makecache.service" for details.
Startup finished in 4.305s.
Unit dnf-makecache.service entered failed state.
dnf-makecache.service failed.
The processes running are
root 1 0.1 0.1 43156 4888 ? Ss 09:43 0:00 /usr/sbin/init
dbus 32 0.0 0.1 52048 4032 ? Ss 09:43 0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile -
Note that the systemctl mask
and dbus.service
probably aren't needed with fedora:22
because the services are already masked and D-Bus starts with stock configuration fine. So the minimal Dockerfile that we'd probably like to see working without any ignoring and FAILED error messages is
FROM fedora:22
ENV container docker
VOLUME [ "/tmp", "/run" ]
CMD [ "/usr/sbin/init" ]
LABEL RUN "docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro ${NAME}"
The /etc/locale.conf
contains
LANG="en_US.UTF-8"
The value is then set for services started by systemd, leading to errors. For example
Dockerfile:
FROM fedora:21
ENV container docker
RUN systemctl mask systemd-remount-fs.service dev-hugepages.mount systemd-logind.service getty.target # dnf-makecache.service dnf-makecache.timer
RUN sed -i 's/OOMScoreAdjust=-900//' /usr/lib/systemd/system/dbus.service
ADD test-locale.service /etc/systemd/system/test-locale.service
RUN systemctl enable test-locale.service
VOLUME [ "/tmp", "/run" ]
CMD [ "/usr/sbin/init" ]
LABEL RUN "docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro ${NAME}"
test-locale.service:
[Unit]
Description=Test sort
[Service]
Type=oneshot
ExecStart=/usr/bin/python -c 'import locale; locale.setlocale(locale.LC_ALL, "");'
[Install]
WantedBy=multi-user.target
Running container built from the above will show error
[ OK ] Reached target Sockets.
[ OK ] Reached target Basic System.
Starting Test sort...
Starting Permit User Sessions...
Starting D-Bus System Message Bus...
[ OK ] Started D-Bus System Message Bus.
[FAILED] Failed to start Test sort.
See "systemctl status test-locale.service" for details.
[ OK ] Started Permit User Sessions.
Starting Cleanup of Temporary Directories...
[ OK ] Reached target Multi-User System.
and journalctl
will show
Oct 22 11:31:53 6d871a9aa693 systemd[1]: Reached target Timers.
Oct 22 11:31:53 6d871a9aa693 systemd[1]: Starting D-Bus System Message Bus Socket.
Oct 22 11:31:53 6d871a9aa693 python[28]: Traceback (most recent call last):
Oct 22 11:31:53 6d871a9aa693 python[28]: File "<string>", line 1, in <module>
Oct 22 11:31:53 6d871a9aa693 python[28]: File "/usr/lib64/python2.7/locale.py", line 579, in setlocale
Oct 22 11:31:53 6d871a9aa693 python[28]: return _setlocale(category, locale)
Oct 22 11:31:53 6d871a9aa693 python[28]: locale.Error: unsupported locale setting
Oct 22 11:31:53 6d871a9aa693 systemd[1]: test-locale.service: main process exited, code=exited, status=1/FAILURE
Oct 22 11:31:53 6d871a9aa693 systemd[1]: Failed to start Test sort.
Oct 22 11:31:53 6d871a9aa693 systemd[1]: Unit test-locale.service entered failed state.
Oct 22 11:31:53 6d871a9aa693 systemd[1]: test-locale.service failed.
Oct 22 11:31:53 6d871a9aa693 systemd[1]: Started Permit User Sessions.
The full description on Docker Hub contains links to the retired fedorahosted.org
service.
All links to the kickstart files do not work anymore.
dnf update is failing with "Error: Failed to synchronize cache for repo 'updates-modular'" and "Error: Failed to synchronize cache for repo 'updates'"
To reproduce:
root@ip:~# docker pull ppc64le/fedora:latest
latest: Pulling from ppc64le/fedora
Digest: sha256:3669a22957dba5452e5e550d0c47d172ccd63d80e0331fbd164d233331ea4e14
Status: Image is up to date for ppc64le/fedora:latest
root@ip:~# docker run -it ppc64le/fedora /bin/bash
[root@ca4d9d76f613 /]#
[root@ca4d9d76f613 /]# cat /etc/redhat-release
Fedora release 29 (Twenty Nine)
[root@ca4d9d76f613 /]#
[root@ca4d9d76f613 /]# dnf update
Fedora Modular 29 - ppc64le - Updates 166 B/s | 277 B 00:01
Error: Failed to synchronize cache for repo 'updates-modular'
[root@ca4d9d76f613 /]# dnf update --disablerepo=updates-modular
Fedora 29 - ppc64le - Updates 174 B/s | 280 B 00:01
Error: Failed to synchronize cache for repo 'updates'
[root@ca4d9d76f613 /]# dnf update --disablerepo=updates-modular --disablerepo=updates
Last metadata expiration check: 0:01:05 ago on Wed 14 Nov 2018 04:54:35 AM UTC.
Dependencies resolved.
Nothing to do.
Complete!
[root@ca4d9d76f613 /]#
Hi; rawhide changed to Fedora 27, Thanks :)
Not sure why the time zone is set to America/New_York by default at https://github.com/fedora-cloud/docker-brew-fedora/blob/master/fedora-docker-base-59e73c1.ks ?
I got caught by that which was totally unexpected.
Dear Lokesh,
I'm using the fedora:21 image and wanted to update + install packages via yum. It was not possible as version 21 is not really published on mirrors.
Here is a workaround:
from fedora:21
run sed -i 's%^#\(baseurl=\).*%\1http://dl.fedoraproject.org/pub/fedora/linux/development/$releasever/$basearch/os/%g' /etc/yum.repos.d/fedora.repo
run sed -i 's/^\(metalink.*\)/#\1/g' /etc/yum.repos.d/fedora.repo
run sed -i 's/^\(gpgcheck=\).*/\10/g' /etc/yum.repos.d/fedora.repo
run sed -i 's%^#\(baseurl=\).*%\1http://dl.fedoraproject.org/pub/fedora/linux/updates/$releasever/$basearch/%g' /etc/yum.repos.d/fedora-updates.repo
run sed -i 's/^\(metalink.*\)/#\1/g' /etc/yum.repos.d/fedora-updates.repo
run sed -i 's/^\(gpgcheck=\).*/\10/g' /etc/yum.repos.d/fedora-updates.repo
run sed -i 's%^#\(baseurl=\).*%\1http://dl.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/$basearch/%g' /etc/yum.repos.d/fedora-updates-testing.repo
run sed -i 's/^\(metalink.*\)/#\1/g' /etc/yum.repos.d/fedora-updates-testing.repo
run sed -i 's/^\(gpgcheck=\).*/\10/g' /etc/yum.repos.d/fedora-updates-testing.repo
run yum -y clean all
run yum -y update
Maybe the development baseurl
can be integrated directly in the fedora:21
image?
Btw: I found the development urls here - so hopefully I'm using the right ones ;) gpgcheck=0
is necessary, because of a rpm is not signed error message.
Thanks in advance + regards,
Stefan
passwd and sudo are missing and probably many more important commands.
When I try to run dnf check-update
in fedora:25, it silently fails.
Docker reports a 100 exit status, but other than that, I'm not sure what's going wrong.
FWIW, centos:7, centos:6, and fedora:25 all seem to be having package index updating issues at the moment.
sorry, I am new to docker, so I do not know what does "MAINTAINER Lokesh Mandvekar [email protected] - ./buildcontainers.sh" really do, it means before the next ADD commond, docker build executes buildcontainers.sh??
Since the switch to DNF tsflags=nodocs
is still only appended to /etc/yum.conf
(and not /etc/dnf/dnf.conf). So this affects the 22 and rawhide branches here:
awk '(NF==0&&!done){print "override_install_langs='$LANG'\ntsflags=nodocs";done=1}{print}' \
< /etc/yum.conf > /etc/yum.conf.new
mv /etc/yum.conf.new /etc/yum.conf
Hello,
a docker image is provided for both Fedora 22 and Fedora Rawhide (which is the future Fedora 24 AFAICU), but there seems to be no image for the current Fedora 23 Alpha/Beta/RC, something that would be very useful for testing on the next stable Fedora.
Would it be possible to add it?
Hi,
the description page on Docker Hub needs also to be updated e.g.:
Official Fedora 21 base image and semi-official Fedora 20 and rawhide images.
or:
This image serves as the official Fedora image for Fedora 21 and as a semi-official image for Fedora 20 (heisenbug) and rawhide.
Because of the Fedora 22 release :)
Thank you :)
According to the file names, the F27 images were created on 2017-11-10. There is a bug (also affects F25, F26, F28) that prevents dnf upgrade from completing. See Red Hat Bugzilla bug #1483553. This bug was fixed on 2017-11-15.
Can the cloud images be updated to include this and other patches?
Now that f27 has branched, the rawhide image needs to be updated to f28.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.