Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    Kyle Quest
    @kcq
    The enhancement for this is almost there... Sorry for the delay
    I mean, the extra extra enhancements to run without using local mounts, which will make things easier in gitlab-ci
    Kyle Quest
    @kcq
    What's your setup? How is configured? Where do you have docker-slim? What are the parameters when you run it?
    hrushikesh ramesh potbhare
    @hrushikeshpotbhare
    what work is done in background of docker slim ? how it works ?
    Tom Mason
    @mrmason
    Hi, I've reported docker-slim/docker-slim#90 - happy to chat about it here if anyone wants to help debug
    I'm seeing the same thing in my gitlab-CI process as well, although if I run the command directly on the host it seems to work fine
    ( on the gitlab-ci runner host that is )
    so feels like a permissions problem
    Tom Mason
    @mrmason
    i tried the stuff in the above issue ( 34 ) but I'm not using DIND on this pipeline, so it shouldn't matter, and indeed moving stuff to /builds made no difference
    Tom Mason
    @mrmason
    $ /builds/docker-slim --state-path '/builds/docker-slim-state/' build --tag $CI_COMMIT_SHA-slim --http-probe=false $CI_COMMIT_SHA-fat
    <snip>
    time="2019-10-01T11:37:27Z" level=fatal msg="docker-slim: failure" error="API error (400): {"message":"OCI runtime create failed: container_linux.go:348: starting container process caused \"exec: \\\"/opt/dockerslim/bin/sensor\\\": permission denied\": unknown"}
    Kyle Quest
    @kcq
    @mrmason can you check the permissions on the docker-slim-sensor executable in your environment
    added a few more comments in the ticket too
    Tom Mason
    @mrmason
    Thanks, I've replied - it looks like /opt/dockerslim/bin/sensor is a folder in the slim image, when it should be an executable
    Tom Mason
    @mrmason
    btw, I'm aware ubuntu base isn't the ideal candidate for slimming, I want to run it on our real containers, but I used that as an example to show it wasn't working on something nice and simple :)
    It's doing the same thing on our gitlab runners, which are hosted on Ubuntu
    Tom Mason
    @mrmason
    oh sorry, the host machine is ubuntu, but it will be running inside docker:latest
    is alpine
    Malys
    @malys

    Hi,
    I have the same probleme

    $ /builds/docker-slim --state-path '/builds/docker-slim-state/' build --tag $CI_COMMIT_SHA-slim --http-probe=false $CI_COMMIT_SHA-fat
    <snip>
    time="2019-10-01T11:37:27Z" level=fatal msg="docker-slim: failure" error="API error (400): {"message":"OCI runtime create failed: container_linux.go:348: starting container process caused \"exec: \\\"/opt/dockerslim/bin/sensor\\\": permission denied\": unknown"}

    I use docker for windows and docker in docker.
    My dockerfile:
    FROM docker as builder

    RUN apk add --no-cache curl
    RUN curl -kL https://github.com/docker-slim/docker-slim/releases/download/1.25.3/dist_linux.tar.gz | tar xvz

    FROM alpine:3.7
    COPY --from=builder /dist_linux/docker-slim /usr/local/bin/
    COPY --from=builder /dist_linux/docker-slim-sensor /usr/local/bin/
    COPY --from=builder /usr/local/bin/docker /usr/local/bin/
    COPY --from=builder /usr/local/bin/docker-entrypoint.sh /usr/local/bin/
    ENTRYPOINT ["docker-entrypoint.sh"]

    Kyle Quest
    @kcq
    @mrmason thanks for the base ubuntu image clarification... sounds like it'll be good to have a very simple hello world ubuntu sample image (i'll add it to the examples repo)
    Kyle Quest
    @kcq
    @mrmason the Github issue snippets have Fedora in them... Are you seeing the same with both host machines... Ubuntu and Fedora?
    Kyle Quest
    @kcq
    @malys the dind use cases are not officially supported yet because the current version relies on mounting a local volume, which isn't always possible with dind. The dind and the docker-based CI support is coming soon in 1.26, which will use another option to add and get container components that doesn't related on volume mounts.
    Tom Mason
    @mrmason
    Yes @kcq - the same problem on Ubuntu, PopOS and Fedora ( and Centos )
    Malys
    @malys

    @malys the dind use cases are not officially supported yet because the current version relies on mounting a local volume, which isn't always possible with dind. The dind and the docker-based CI support is coming soon in 1.26, which will use another option to add and get container components that doesn't related on volume mounts.

    Thx @kcq

    Malys
    @malys
    @kcq I found a workaround:
    docker run --net=host --ipc=host --uts=host --pid=host -it --security-opt=seccomp=unconfined --privileged --rm -v //var/run/docker.sock:/var/run/docker.sock -v d:\:/D --name dslim alpine /bin/sh -> full rights on my "docker for windows" host and dind enabled
    you have to put docker-slim and sensor on shared folder (in my case, a child of d:) and launch docker-slim command in previous container from shared folder.
    => mounting and slim process work fine
    Tom Mason
    @mrmason
    windows :o
    have you managed to reproduce the problem @kcq ? Anything else you need, or anything more I can help with ?
    Kyle Quest
    @kcq
    @malys yes, the trick there is to leverage already shared folders, but it makes it more complex than it should be
    @mrmason i'll have more to share soon, sorry about the delay Tom
    Kyle Quest
    @kcq
    Tom, can you check if you have 'docker-slim-sensor' in the '/usr/local/bin' directory on your host machine