I'm trying to build a docker image and running the following commands before "apt update" command in my Dockerfile
RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 9D6D8F6BC857C906
RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys AA8E81B4331F7F50
RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8B48AD6246925553
RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CBF8D6FD518E17E1
But, getting this gpg error:
keyserver failed: No route to host
and also getting this warning:
apt-key output should not be parsed (stdout is not a terminal)
Related
I need to execute on GPU hardware so I have to create a self-hosted runner for github actions to execute my code. The self-hosted runner is hosted on my local machine (ubuntu 20.04).
I'm running the self hosted runner container locally with -v and binding the socks using: docker run -it --rm -v /var/run/docker.sock:/var/run/docker.sock -e GITHUB_OWNER=<xxx> -e GITHUB_REPOSITORY=<xxxx>-e GITHUB_PAT=<xxxx>
This local self-hosted runner executes successfully until I try to build the second "project" container I need for my project code. I get a permission issue with the docker sock when I try to build the container not run the container. I'm about 70% certain that with the -v binding when running the self-hosted runner locally this enables sibling containers versus Docker in Docker (which I've read isn't cool anymore).
Permission error:
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/build?buildargs=%7B%7D&cachefrom=%5B%5D&cgroupparent=&cpuperiod=0&cpuquota=0&cpusetcpus=&cpusetmems=&cpushares=0&dockerfile=Dockerfile&labels=%7B%7D&memory=0&memswap=0&networkmode=default&rm=1&shmsize=0&target=&ulimits=null&version=1": dial unix /var/run/docker.sock: connect: permission denied
I've tried building the project container with -v /var/run/docker.sock:/var/run/docker.sock in the docker build command but it doesn't like the -v and I've also tried the following approaches in the "project" docker container:
Approach 1.
useradd -m cnncontainer && \
usermod -aG sudo cnncontainer && \
echo "%sudo ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
curl -sSL https://get.docker.com/ | sh
usermod -aG docker cnncontainer
Approach 2.
sudo groupadd docker && \
sudo usermod -aG docker "$USER" &&\
newgrp docker
docker run hello-world
Approach 3.
sudo usermod -aG docker $USER
sudo setfacl --modify user:$USER:rw /var/run/docker.sock
docker run hello-world
GitHub actions self-hosted runner Dockerfile:
FROM debian:buster
#tensorflow/tensorflow:2.3.4-gpu - this image doesn't work either
ARG RUNNER_VERSION="2.298.2"
ENV GITHUB_PERSONAL_TOKEN ""
ENV GITHUB_OWNER ""
ENV GITHUB_REPOSITORY ""
RUN apt-get update \
&& apt-get install -y \
curl \
sudo \
git \
jq \
tar \
gnupg2 \
apt-transport-https \
ca-certificates \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
RUN useradd -m github && \
usermod -aG sudo github && \
echo "%sudo ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
#setup docker runner
RUN curl -sSL https://get.docker.com/ | sh
RUN usermod -aG docker github
USER github
WORKDIR /home/github
#install github actions cli
RUN curl -O -L https://github.com/actions/runner/releases/download/v$RUNNER_VERSION/actions-runner-linux-x64-$RUNNER_VERSION.tar.gz
RUN tar xzf ./actions-runner-linux-x64-$RUNNER_VERSION.tar.gz
RUN sudo ./bin/installdependencies.sh
COPY --chown=github:github entrypoint.sh ./entrypoint.sh
RUN sudo chmod u+x ./entrypoint.sh
ENTRYPOINT ["/home/github/entrypoint.sh"]```
Self-hosted runner entrypoint.sh:
#!/bin/sh
registration_url="https://api.github.com/repos/${GITHUB_OWNER}/${GITHUB_REPOSITORY}/actions/runners/registration-token"
echo "Requesting registration URL at '${registration_url}'"
payload=$(curl -sX POST -H "Authorization: token ${GITHUB_PAT}" ${registration_url})
export RUNNER_TOKEN=$(echo $payload | jq .token --raw-output)
./config.sh \
--name $(hostname) \
--token ${RUNNER_TOKEN} \
--url https://github.com/${GITHUB_OWNER}/${GITHUB_REPOSITORY} \
--work ${RUNNER_WORKDIR} \
--unattended \
--replace
remove() {
./config.sh remove --unattended --token "${RUNNER_TOKEN}"
}
trap 'remove; exit 130' INT
trap 'remove; exit 143' TERM
./run.sh "$*" & #changed from run.sh
### BEGIN
sudo systemctl start docker
sudo systemctl enable docker
export RUNNER_ALLOW_RUNASROOT=true
export AGENT_TOOLSDIRECTORY=/opt/hostedtoolcache
mkdir actions-runner
sudo mkdir /opt/hostedtoolcache
cd actions-runner
# Make /actions-runner/_work
mkdir _work
# Link /opt/hostedtoolcache as /actions-runner/_work/_tool
ln -s /opt/hostedtoolcache _work/_tool
### END
wait $!
Dockerfile I want to run in/with the self-hosted runner
FROM tensorflow/tensorflow:2.3.4-gpu
RUN mkdir -p /app
COPY . main.py /app/
WORKDIR /app
RUN sudo apt install -y make && sudo apt-get install python3-pip -y
RUN pip install -r requirements.txt
RUN sudo usermod -aG docker $USER
RUN sudo setfacl --modify user:$USER:rw /var/run/docker.sock
RUN docker run hello-world
CMD [ "main.py" ]
ENTRYPOINT [ "python" ]
I can build this Dockerfile normally, but when i run the container, the python
application crashes. After a while, I got into the container to debug and realized that happened because somehow the mariadb service was down, even after I turned it on in this line :RUN service mariadb start && sleep 3 && \ . I already fixed this by creating another Dockerfile with different commands, but do someone know why the mariadb service suddently got down ?
FROM debian
RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt install python3 python3-venv debconf-utils -y && \
echo mariadb-server mysql-server/root_password password r00tp#ssw0rd | debconf-set-selections && \
echo mariadb-server mysql-server/root_password_again password r00tp#ssw0rd | debconf-set-selections && \
DEBIAN_FRONTEND=noninteractive apt-get install -y \
mariadb-server \
&& \
apt-get clean && rm -rf /var/lib/apt/lists/*
WORKDIR /app
RUN python3 -m venv venv
COPY requirements.txt .
RUN /app/venv/bin/pip3 install -r requirements.txt
COPY . .
RUN useradd -ms /bin/bash app
RUN chown app:app -R /app
RUN service mariadb start && sleep 3 && \
mysql -uroot -pr00tp#ssw0rd -e "CREATE USER app#localhost IDENTIFIED BY 'sup3r#ppp#ssw0rd';CREATE DATABASE my_lab_1; GRANT ALL PRIVILEGES ON my_lab_1.* TO 'app'#'localhost';" && \
mysql -uroot -pr00tp#ssw0rd -D "my_lab_1" < makedb.sql
EXPOSE 8000
CMD ["/app/venv/bin/python3","/app/run.py"]
I am building my dockerfile using Redhat UBI image, and when I build the image I get the wget: unable to resolve host address'github.com'.
I have tried adding a different URL that does not start with GitHub and that works. Not sure what the problem is.
Below are the errors logs i get when i build the docker file with : wget: unable to resolve host address 'github.com'
Step 11/25 : RUN set -ex; apk update; apk add -f acl dirmngr gpg lsof procps wget netcat gosu tini; rm -rf /var/lib/apt/lists/*; cd /usr/local/bin; wget -nv https://github.com/apangin/jattach/releases/download/v1.5/jattach; chmod 755 jattach; echo >jattach.sha512 "d8eedbb3e192a8596c08efedff99b9acf1075331e1747107c07cdb1718db2abe259ef168109e46bd4cf80d47d43028ff469f95e6ddcbdda4d7ffa73a20e852f9 jattach"; sha512sum -c jattach.sha512; rm jattach.sha512
---> Running in 3ad58c40b25a
+ apk update
fetch https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz
v20200917-1125-g7274a98dfc [https://dl-cdn.alpinelinux.org/alpine/edge/main]
v20200917-1124-g01e8cb93ff [https://dl-cdn.alpinelinux.org/alpine/edge/community]
OK: 13174 distinct packages available
+ apk add -f acl dirmngr gpg lsof procps wget netcat gosu tini
(1/12) Installing libacl (2.2.53-r0)
(2/12) Installing acl (2.2.53-r0)
(3/12) Installing lsof (4.93.2-r0)
(4/12) Installing libintl (0.20.2-r0)
(5/12) Installing ncurses-terminfo-base (6.2_p20200918-r1)
(6/12) Installing ncurses-libs (6.2_p20200918-r1)
(7/12) Installing libproc (3.3.16-r0)
(8/12) Installing procps (3.3.16-r0)
(9/12) Installing tini (0.19.0-r0)
(10/12) Installing libunistring (0.9.10-r0)
(11/12) Installing libidn2 (2.3.0-r0)
(12/12) Installing wget (1.20.3-r1)
Executing busybox-1.32.0-r3.trigger
OK: 9 MiB in 26 packages
+ rm -rf '/var/lib/apt/lists/*'
+ cd /usr/local/bin
+ wget -nv https://github.com/apangin/jattach/releases/download/v1.5/jattach
wget: unable to resolve host address 'github.com'
The command '/bin/sh -c set -ex; apk update; apk add -f acl dirmngr gpg lsof procps wget netcat gosu tini; rm -rf /var/lib/apt/lists/*; cd /usr/local/bin; wget -nv https://github.com/apangin/jattach/releases/download/v1.5/jattach; chmod 755 jattach; echo >jattach.sha512 "d8eedbb3e192a8596c08efedff99b9acf1075331e1747107c07cdb1718db2abe259ef168109e46bd4cf80d47d43028ff469f95e6ddcbdda4d7ffa73a20e852f9 jattach"; sha512sum -c jattach.sha512; rm jattach.sha512' returned a non-zero code: 4
Here is my docker file that I have which I build to create the image
FROM alpine: edge as BUILD
LABEL maintainer="Project Ranger team <mbyousaf#deloitte.co.uk>"
LABEL repository="https://github.com/docker-solr/docker-solr"
ARG SOLR_VERSION="8.6.2"
ARG SOLR_SHA512="0a43401ecf7946b2724da2d43896cd505386a8f9b07ddc60256cb586873e7e58610d2c34b1cf797323bf06c7613b109527a15105dc2a11be6f866531a1f2cef6"
ARG SOLR_KEYS="E58A6F4D5B2B48AC66D5E53BD4F181881A42F9E6"
# If specified, this will override SOLR_DOWNLOAD_SERVER and all ASF mirrors. Typically used downstream for custom builds
ARG SOLR_DOWNLOAD_URL
# Override the solr download location with e.g.:
# docker build -t mine --build-arg SOLR_DOWNLOAD_SERVER=http://www-eu.apache.org/dist/lucene/solr .
ARG SOLR_DOWNLOAD_SERVER
RUN set -ex; \
apk add --update; \
apk add -f install acl dirmngr gpg lsof procps wget netcat gosu tini; \
rm -rf /var/lib/apt/lists/*; \
cd /usr/local/bin; wget -nv https://github.com/apangin/jattach/releases/download/v1.5/jattach; chmod 755 jattach; \
echo >jattach.sha512 "d8eedbb3e192a8596c08efedff99b9acf1075331e1747107c07cdb1718db2abe259ef168109e46bd4cf80d47d43028ff469f95e6ddcbdda4d7ffa73a20e852f9 jattach"; \
sha512sum -c jattach.sha512; rm jattach.sha512
I would check whether you can resolve github.com on your host where you're doing this build, and I would cat /etc/resolv.conf to see the resolvers of your host. If github.com resolves on your host (which you can see via nslookup github.com), then I would try to use the resolvers explicitly by either configuring the Docker daemon to use it as seen here and here or I would try to do it at a per command level as suggested in an answer here, which is kind of creative.
RUN echo "nameserver XX.XX.XX.XX" > /etc/resolv.conf && \
command_depending_on_dns_resolution
I am attempting to set up a 4 node Indy network but I'm getting an "Invalid library state" error when I try to connect. This is what I've tried:
# MACHINE 1:
sudo -E apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CE7709D068DB5E88
bash -c 'echo "deb https://repo.sovrin.org/deb xenial stable" >> /etc/apt/sources.list'
sudo -E apt-get update
sudo -E apt-get -y install indy-node
sudo vim /etc/indy/indy_config.py # update network name to 'indynet'
sudo init_indy_node Alpha 0.0.0.0 9701 0.0.0.0 9702
sudo init_indy_keys --name Alpha
sudo generate_indy_pool_transactions --nodes 4 --clients 5 --nodeNum 1 --ips '178.62.22.16,178.128.37.97,209.97.136.39,206.189.118.184' --network=indynet
sudo ufw allow 9701
sudo ufw allow 9702
sudo start_indy_node Alpha 0.0.0.0 9701 0.0.0.0 9702
===============================================================================================
# MACHINE 2:
sudo -E apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CE7709D068DB5E88
bash -c 'echo "deb https://repo.sovrin.org/deb xenial stable" >> /etc/apt/sources.list'
sudo -E apt-get update
sudo -E apt-get -y install indy-node
sudo vim /etc/indy/indy_config.py # update network name to 'indynet'
sudo init_indy_node Beta 0.0.0.0 9703 0.0.0.0 9704
sudo init_indy_keys --name Beta
sudo generate_indy_pool_transactions --nodes 4 --clients 5 --nodeNum 2 --ips '178.62.22.16,178.128.37.97,209.97.136.39,206.189.118.184' --network=indynet
sudo ufw allow 9703
sudo ufw allow 9704
sudo start_indy_node Beta 0.0.0.0 9703 0.0.0.0 9704
===============================================================================================
# MACHINE 3:
sudo -E apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CE7709D068DB5E88
bash -c 'echo "deb https://repo.sovrin.org/deb xenial stable" >> /etc/apt/sources.list'
sudo -E apt-get update
sudo -E apt-get -y install indy-node
sudo vim /etc/indy/indy_config.py # update network name to 'indynet'
sudo init_indy_node Gamma 0.0.0.0 9705 0.0.0.0 9706
sudo init_indy_keys --name Gamma
sudo generate_indy_pool_transactions --nodes 4 --clients 5 --nodeNum 3 --ips '178.62.22.16,178.128.37.97,209.97.136.39,206.189.118.184' --network=indynet
sudo ufw allow 9705
sudo ufw allow 9706
sudo start_indy_node Gamma 0.0.0.0 9705 0.0.0.0 9706
===============================================================================================
# MACHINE 4:
sudo -E apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CE7709D068DB5E88
bash -c 'echo "deb https://repo.sovrin.org/deb xenial stable" >> /etc/apt/sources.list'
sudo -E apt-get update
sudo -E apt-get -y install indy-node
sudo vim /etc/indy/indy_config.py # update network name to 'indynet'
sudo init_indy_node Theta 0.0.0.0 9707 0.0.0.0 9708
sudo init_indy_keys --name Theta
sudo generate_indy_pool_transactions --nodes 4 --clients 5 --nodeNum 4 --ips '178.62.22.16,178.128.37.97,209.97.136.39,206.189.118.184' --network=indynet
sudo ufw allow 9707
sudo ufw allow 9708
sudo start_indy_node Theta 0.0.0.0 9707 0.0.0.0 9708
The above commands were all carried out on four separate machines. When I started indy-node on each machine, there was no output or anything, so I'm not sure if it worked.
On the first machine I installed indy-cli like so:
sudo add-apt-repository "deb https://repo.sovrin.org/sdk/deb xenial stable"
sudo apt-get update
sudo apt-get install -y indy-cli
Then I booted up indy-cli and created a new wallet and new pool, and attempted to connect:
indy> wallet create mywallet key
indy> wallet open mywallet key
mywallet:indy> wallet list
+----------+---------+
| Name | Type |
+----------+---------+
| mywallet | default |
+----------+---------+
Current wallet "mywallet"
mywallet:indy> pool create indynet gen_txn_file=/var/lib/indy/indynet/domain_transactions_genesis
mywallet:indy> pool list
+---------+
| Pool |
+---------+
| indynet |
+---------+
mywallet:indy> pool connect indynet
Error: Invalid library state
Caused by: MerkleTree contains invalid item
Caused by: error while decoding value
Can anyone tell me where I'm going wrong?
I believe the pool create command should refer to pool_transactions_genesis, not domain_transactions_genesis. The DOMAIN subledger is for general ledger transactions while POOL is for the validator node information.
I have a Docker container with this Dockerfile:
FROM node:8.1
RUN rm -fR /var/lib/apt/lists/*
RUN echo "deb http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main" | tee /etc/apt/sources.list.d/webupd8team-java.list
RUN echo "deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main" | tee -a /etc/apt/sources.list.d/webupd8team-java.list
RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EEA14886
RUN apt-get update
RUN echo debconf shared/accepted-oracle-license-v1-1 select true | \
debconf-set-selections
RUN echo debconf shared/accepted-oracle-license-v1-1 seen true | \
debconf-set-selections
RUN apt-get install -y oracle-java8-installer
RUN apt-get install -y openssh-server
RUN mkdir /var/run/sshd
RUN mkdir -p /app
WORKDIR /app
# Install app dependencies
COPY package.json /app/
RUN npm install
# Bundle app source
COPY . /app
# Environment Variables
ENV PORT 8080
# start the SSH daemon service
RUN service ssh start
# create a non-root user & a home directory for them
RUN useradd --create-home --shell /bin/bash tunnel-user
# set their password
RUN echo 'tunnel-user:93wcBjsp' | chpasswd
# Copy the SSH key to authorized_keys
COPY tunnel.pub /app/
RUN mkdir -p /home/tunnel-user/.ssh
RUN cat tunnel.pub >> /home/tunnel-user/.ssh/authorized_keys
# Set permissions
RUN chown -R tunnel-user:tunnel-user /home/tunnel-user/.ssh
RUN chmod 0700 /home/tunnel-user/.ssh
RUN chmod 0600 /home/tunnel-user/.ssh/authorized_keys
# allow the tunnel-user to SSH into this machine
RUN echo 'AllowUsers tunnel-user' >> /etc/ssh/sshd_config
EXPOSE 8080
EXPOSE 22
CMD [ "npm", "start" ]
My ECS task has this definition. I'm using a role which has AmazonEC2ContainerServiceforEC2Role.
When I try to start it as a task in my ECS cluster I get this error:
CannotStartContainerError: API error (500): driver failed programming external connectivity on endpoint ecs-ssh-4-ssh-8cc68dbfaa8edbdc0500 (387e024a87752293f51e5b62de9e2b26102d735e8da500c8e7fa5e1b4b4f0983): Error starting userland proxy: listen tcp 0.0.0
How do I fix this?