Comments (27)
Yeah, I think I'll go that route. For CentOS 6 and 7, I always ran a general yum -y update
on the image no matter what, but I'm okay just relying on upstream image to be up to date for prepackaged things.
Just pushed up a commit that may fix it, but it will be 20-30 min before it's built on Docker Hub.
from docker-centos8-ansible.
@geerlingguy Just pulled the image seems to work fine now!
from docker-centos8-ansible.
This doesn't seem like an issue with the upstream container.
$ docker run -it --rm centos:8 dnf -y install openssh-clients
CentOS-8 - AppStream 2.6 MB/s | 7.0 MB 00:02
CentOS-8 - Base 919 kB/s | 2.2 MB 00:02
CentOS-8 - Extras 5.2 kB/s | 5.9 kB 00:01
Dependencies resolved.
========================================================================================================================
Package Architecture Version Repository Size
========================================================================================================================
Installing:
openssh-clients x86_64 8.0p1-4.el8_1 BaseOS 704 k
Installing dependencies:
fipscheck x86_64 1.5.0-4.el8 BaseOS 28 k
fipscheck-lib x86_64 1.5.0-4.el8 BaseOS 16 k
libedit x86_64 3.1-23.20170329cvs.el8 BaseOS 102 k
openssh x86_64 8.0p1-4.el8_1 BaseOS 496 k
Transaction Summary
========================================================================================================================
Install 5 Packages
Total download size: 1.3 M
Installed size: 5.8 M
Downloading Packages:
(1/5): fipscheck-lib-1.5.0-4.el8.x86_64.rpm 47 kB/s | 16 kB 00:00
(2/5): fipscheck-1.5.0-4.el8.x86_64.rpm 79 kB/s | 28 kB 00:00
(3/5): libedit-3.1-23.20170329cvs.el8.x86_64.rpm 180 kB/s | 102 kB 00:00
(4/5): openssh-8.0p1-4.el8_1.x86_64.rpm 593 kB/s | 496 kB 00:00
(5/5): openssh-clients-8.0p1-4.el8_1.x86_64.rpm 667 kB/s | 704 kB 00:01
------------------------------------------------------------------------------------------------------------------------
Total 745 kB/s | 1.3 MB 00:01
warning: /var/cache/dnf/BaseOS-f6a80ba95cf937f2/packages/fipscheck-1.5.0-4.el8.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 8483c65d: NOKEY
CentOS-8 - Base 1.6 MB/s | 1.6 kB 00:00
Importing GPG key 0x8483C65D:
Userid : "CentOS (CentOS Official Signing Key) <[email protected]>"
Fingerprint: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : fipscheck-lib-1.5.0-4.el8.x86_64 1/5
Running scriptlet: fipscheck-lib-1.5.0-4.el8.x86_64 1/5
Installing : fipscheck-1.5.0-4.el8.x86_64 2/5
Running scriptlet: openssh-8.0p1-4.el8_1.x86_64 3/5
Installing : openssh-8.0p1-4.el8_1.x86_64 3/5
Installing : libedit-3.1-23.20170329cvs.el8.x86_64 4/5
Installing : openssh-clients-8.0p1-4.el8_1.x86_64 5/5
Running scriptlet: openssh-clients-8.0p1-4.el8_1.x86_64 5/5
Verifying : fipscheck-1.5.0-4.el8.x86_64 1/5
Verifying : fipscheck-lib-1.5.0-4.el8.x86_64 2/5
Verifying : libedit-3.1-23.20170329cvs.el8.x86_64 3/5
Verifying : openssh-8.0p1-4.el8_1.x86_64 4/5
Verifying : openssh-clients-8.0p1-4.el8_1.x86_64 5/5
Installed:
openssh-clients-8.0p1-4.el8_1.x86_64 fipscheck-1.5.0-4.el8.x86_64 fipscheck-lib-1.5.0-4.el8.x86_64
libedit-3.1-23.20170329cvs.el8.x86_64 openssh-8.0p1-4.el8_1.x86_64
Complete!
from docker-centos8-ansible.
Here's the image ID for my image anyway.
$ docker images | grep docker-centos
geerlingguy/docker-centos8-ansible latest f4fd87b872f0 4 hours ago 522MB
from docker-centos8-ansible.
Gah... this is probably related to #5
And I've been debugging the rpmdb issue quite a while over in geerlingguy/ansible-role-kubernetes#67
from docker-centos8-ansible.
I'm thinking the update pushing the new version of the rpm
package maybe an issue on some docker environments.
from docker-centos8-ansible.
Ah... and just found this:
Please reconsider this. For CI testing in Nmstate, we use stock base images that setup with yum/dnf to contain the requirements for the test environment. It seems that using yum/dnf in two layers corrupts the RPM db (when building the image on docker hub or quay). This then breaks installing test RPM packages during the CI run. Rebuilding the rpmddb would fix the DB. Ideally, the DB would not break in the first place but I guess this might be related. I re-opened this issue so this comment does not get lost.
From: https://bugzilla.redhat.com/show_bug.cgi?id=1680124
from docker-centos8-ansible.
My thought is to let CentOS manage the update of their base image. You just keep your image down to installing Python bits you need and ansible. And yes if you have to install packages and updates do it in one command.
RUN dnf -y update && dnf -y install stuff && dnf clean all
thoughts?
from docker-centos8-ansible.
@geerlingguy Thanks for the help, these images are really useful!
from docker-centos8-ansible.
@dmlb2000 - New image is up; can you see if it works for you now?
from docker-centos8-ansible.
@geerlingguy I'm able to install things, but we are having issues with GPG keys now... so an update doesn't seem to work for example and I refuse to think the GPG key for glibc-common
is not installed.
from docker-centos8-ansible.
Before:
# yum --version
4.2.7
error: rpmdbNextIterator: skipping h# 173 blob size(4836): BAD, 8 + 16 * il(70) + dl(3708)
Installed: dnf-0:4.2.7-7.el8_1.noarch at Mon 13 Jan 2020 09:49:19 PM GMT
Built : CentOS Buildsys <[email protected]> at Thu 19 Dec 2019 03:44:23 PM GMT
Installed: rpm-0:4.14.2-26.el8_1.x86_64 at Thu 07 May 2020 04:50:58 PM GMT
Built : CentOS Buildsys <[email protected]> at Thu 09 Apr 2020 06:59:01 PM GMT
After:
# yum --version
Failed to set locale, defaulting to C.UTF-8
4.2.7
Installed: dnf-0:4.2.7-7.el8_1.noarch at Mon Jan 13 21:49:19 2020
Built : CentOS Buildsys <[email protected]> at Thu Dec 19 15:44:23 2019
Installed: rpm-0:4.14.2-25.el8.x86_64 at Mon Jan 13 21:49:16 2020
Built : CentOS Buildsys <[email protected]> at Fri Nov 8 22:56:14 2019
So it seems it's not corrupt out of the box, at least.
And yeah, I'm seeing GPG key issues tooโover in geerlingguy/ansible-role-kubernetes#67 I re-ran the tests but it's still just adding GPG keys over and over and getting some errors there in CI :(
from docker-centos8-ansible.
I'm guessing there's some sort of package we are missing to install.
from docker-centos8-ansible.
Just testing a yum install -y wget
:
Total 1.3 MB/s | 852 kB 00:00
warning: /var/cache/dnf/AppStream-02e86d1c976ab532/packages/wget-1.19.5-8.el8_1.1.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 8483c65d: NOKEY
CentOS-8 - AppStream 1.6 MB/s | 1.6 kB 00:00
Importing GPG key 0x8483C65D:
Userid : "CentOS (CentOS Official Signing Key) <[email protected]>"
Fingerprint: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
Key imported successfully
Import of key(s) didn't help, wrong key(s)?
So I found: https://bugs.centos.org/view.php?id=16655 โ which is pretty much the same issue.
I tried on the centos:8
container and it worked fine (docker run -it --rm centos:8 /bin/bash
).
from docker-centos8-ansible.
I just pushed another commit that basically strips the cache-related operations, and just does a yum install
in the container. Maybe that'll fix things? In any case, it seems like there's a very annoying bug in CentOS 8 in the container, that didn't exist prior to ~April 22, that causes DNF/YUM to explode whenever you do certain things... not sure exactly what, but it seems like every other related bug report I've found has the same condition:
- Someone running the centos8 docker image
- Someone doing something with yum / gpg / dnf / rpmdb
- And it blows up the rpmdb, and only clue is maybe it's related to the overlayfs in Docker...
from docker-centos8-ansible.
Yup seems like the base image without the cache manipulations works, you can run for example...
docker run -it --rm centos:8 /bin/bash -c 'dnf -y update && dnf -y install python3-pip'
But it doesn't work on your image, might be the cache issue.
from docker-centos8-ansible.
Weird. Image is built, I pulled it, and still getting the GPG issues. Now I wonder if one of the packages here is causing the issue:
# Install requirements.
RUN yum -y install \
epel-release \
initscripts \
sudo \
which \
hostname \
python3 \
python3-pip
from docker-centos8-ansible.
Try adding the dnf -y update &&
just before your install, same layer?
from docker-centos8-ansible.
The plot thickens... If I build the image on my local workstation (exact same Dockerfile
), and then run:
docker run --rm centos8-ansible bash -c "yum install -y wget"
It succeeds.
If I build the image on Travis CI or Docker Hub and do the same, I get the GPG key errors.
So something about the Docker installation/configuration on Travis CI and Docker Hub seems to be causing this issue. Grr.
from docker-centos8-ansible.
It's the Linux hosts they run to do the build? Do you run a Mac?
from docker-centos8-ansible.
Yeah I'm on macOS.
from docker-centos8-ansible.
Yup ran it on my CentOS 7 server and reproduced the GPG error locally
from docker-centos8-ansible.
# Install requirements.
RUN dnf -y install rpm centos-release && \
dnf -y update && \
dnf -y install \
epel-release \
initscripts \
sudo \
which \
hostname \
python3 \
python3-pip
Seems to not produce GPG errors on my CentOS 7 server
from docker-centos8-ansible.
Then I can run a dnf -y install wget
on the built image and it works without rpmdb errors.
from docker-centos8-ansible.
RUN dnf -y install rpm centos-release && \
dnf -y install \
epel-release \
initscripts \
sudo \
which \
hostname \
python3 \
python3-pip
Seems like removing the update also works.
from docker-centos8-ansible.
@dmlb2000 Testing that on Docker Hub... thanks for helping debug this!
from docker-centos8-ansible.
Yay! Confirmed here too.
from docker-centos8-ansible.
Related Issues (15)
- Build first revision on September 24 HOT 6
- libyaml support not being loaded when I install Ansible + pyyaml HOT 2
- Build for ARM64 as well HOT 1
- Molecule Testing for Snap Installs HOT 1
- Ansible Necessary? HOT 1
- dbus missing/not started HOT 3
- selinux dont apply
- Centos 8 Stream HOT 2
- Error using dnf. Getting "Error: Failed to download metadata for repo 'appstream': Cannot prepare internal mirrorlist: No URLs in mirrorlist" HOT 3
- Switch to official Docker library image for CentOS 8 base
- Perhaps deprecate this repo in favor of CentOS Stream?
- Test image build failing with errors on psutil setup.py HOT 1
- Adding a better selection of locale to make container behavior more uniform
- Image builds failing with 'Error: GPG check FAILED' HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-centos8-ansible.