Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    Kyle Quest
    @kcq
    I mean, the extra extra enhancements to run without using local mounts, which will make things easier in gitlab-ci
    Kyle Quest
    @kcq
    What's your setup? How is configured? Where do you have docker-slim? What are the parameters when you run it?
    hrushikesh ramesh potbhare
    @hrushikeshpotbhare
    what work is done in background of docker slim ? how it works ?
    Tom Mason
    @mrmason
    Hi, I've reported docker-slim/docker-slim#90 - happy to chat about it here if anyone wants to help debug
    I'm seeing the same thing in my gitlab-CI process as well, although if I run the command directly on the host it seems to work fine
    ( on the gitlab-ci runner host that is )
    so feels like a permissions problem
    Tom Mason
    @mrmason
    i tried the stuff in the above issue ( 34 ) but I'm not using DIND on this pipeline, so it shouldn't matter, and indeed moving stuff to /builds made no difference
    Tom Mason
    @mrmason
    $ /builds/docker-slim --state-path '/builds/docker-slim-state/' build --tag $CI_COMMIT_SHA-slim --http-probe=false $CI_COMMIT_SHA-fat
    <snip>
    time="2019-10-01T11:37:27Z" level=fatal msg="docker-slim: failure" error="API error (400): {"message":"OCI runtime create failed: container_linux.go:348: starting container process caused \"exec: \\\"/opt/dockerslim/bin/sensor\\\": permission denied\": unknown"}
    Kyle Quest
    @kcq
    @mrmason can you check the permissions on the docker-slim-sensor executable in your environment
    added a few more comments in the ticket too
    Tom Mason
    @mrmason
    Thanks, I've replied - it looks like /opt/dockerslim/bin/sensor is a folder in the slim image, when it should be an executable
    Tom Mason
    @mrmason
    btw, I'm aware ubuntu base isn't the ideal candidate for slimming, I want to run it on our real containers, but I used that as an example to show it wasn't working on something nice and simple :)
    It's doing the same thing on our gitlab runners, which are hosted on Ubuntu
    Tom Mason
    @mrmason
    oh sorry, the host machine is ubuntu, but it will be running inside docker:latest
    is alpine
    Malys
    @malys

    Hi,
    I have the same probleme

    $ /builds/docker-slim --state-path '/builds/docker-slim-state/' build --tag $CI_COMMIT_SHA-slim --http-probe=false $CI_COMMIT_SHA-fat
    <snip>
    time="2019-10-01T11:37:27Z" level=fatal msg="docker-slim: failure" error="API error (400): {"message":"OCI runtime create failed: container_linux.go:348: starting container process caused \"exec: \\\"/opt/dockerslim/bin/sensor\\\": permission denied\": unknown"}

    I use docker for windows and docker in docker.
    My dockerfile:
    FROM docker as builder

    RUN apk add --no-cache curl
    RUN curl -kL https://github.com/docker-slim/docker-slim/releases/download/1.25.3/dist_linux.tar.gz | tar xvz

    FROM alpine:3.7
    COPY --from=builder /dist_linux/docker-slim /usr/local/bin/
    COPY --from=builder /dist_linux/docker-slim-sensor /usr/local/bin/
    COPY --from=builder /usr/local/bin/docker /usr/local/bin/
    COPY --from=builder /usr/local/bin/docker-entrypoint.sh /usr/local/bin/
    ENTRYPOINT ["docker-entrypoint.sh"]

    Kyle Quest
    @kcq
    @mrmason thanks for the base ubuntu image clarification... sounds like it'll be good to have a very simple hello world ubuntu sample image (i'll add it to the examples repo)
    Kyle Quest
    @kcq
    @mrmason the Github issue snippets have Fedora in them... Are you seeing the same with both host machines... Ubuntu and Fedora?
    Kyle Quest
    @kcq
    @malys the dind use cases are not officially supported yet because the current version relies on mounting a local volume, which isn't always possible with dind. The dind and the docker-based CI support is coming soon in 1.26, which will use another option to add and get container components that doesn't related on volume mounts.
    Tom Mason
    @mrmason
    Yes @kcq - the same problem on Ubuntu, PopOS and Fedora ( and Centos )
    Malys
    @malys

    @malys the dind use cases are not officially supported yet because the current version relies on mounting a local volume, which isn't always possible with dind. The dind and the docker-based CI support is coming soon in 1.26, which will use another option to add and get container components that doesn't related on volume mounts.

    Thx @kcq

    Malys
    @malys
    @kcq I found a workaround:
    docker run --net=host --ipc=host --uts=host --pid=host -it --security-opt=seccomp=unconfined --privileged --rm -v //var/run/docker.sock:/var/run/docker.sock -v d:\:/D --name dslim alpine /bin/sh -> full rights on my "docker for windows" host and dind enabled
    you have to put docker-slim and sensor on shared folder (in my case, a child of d:) and launch docker-slim command in previous container from shared folder.
    => mounting and slim process work fine
    Tom Mason
    @mrmason
    windows :o
    have you managed to reproduce the problem @kcq ? Anything else you need, or anything more I can help with ?
    Kyle Quest
    @kcq
    @malys yes, the trick there is to leverage already shared folders, but it makes it more complex than it should be
    @mrmason i'll have more to share soon, sorry about the delay Tom
    Kyle Quest
    @kcq
    Tom, can you check if you have 'docker-slim-sensor' in the '/usr/local/bin' directory on your host machine
    Srikant
    @srikantpatnaik

    Great tool, guys!
    I just need a pointer on my output.
    My image contains custom headless chrome(CEF), docker-slim minifies it well, but I run my container it crashes after sometime when I access my container with the following error:

    [0100/000000.789662:ERROR:zygote_linux.cc(614)] Zygote could not fork: process_type renderer numfds 5 child_pid -1
    [0100/000000.791877:ERROR:zygote_linux.cc(646)] write: Broken pipe (32)
    /opt/distrib/init.sh: line 10: 10 Trace/breakpoint trap (core dumped) $PWD/my_browser --no-sandbox --disable-gpu --disable-gpu-compositing

    my build cmd:
    sudo ./docker-slim build --include-path=/tmp --include-path=/opt/distrib --include-bin=/bin/busybox --tag abc-slim:v1 --http-probe=false abc-fat:v1
    It seems the chrome couldn't create the forks
    Srikant
    @srikantpatnaik
    my docker run cmd:
    docker run --cap-add=SYS_NICE --shm-size=2048m --entrypoint=/bin/bash -e "ABC_SERVER=192.168.122.11" -e "ABC_PORT=80" --rm --cap-add=SYS_ADMIN -v /sys/fs/cgroup:/sys/fs/cgroup:ro --name abc -p 1200:1200 --device /dev/snd abc-slim:v1 /opt/distrib/init.sh
    Malys
    @malys
    @kcq Last version works like a charm in dind mode. Great job and thx you
    Kyle Quest
    @kcq
    @malys are you using it in a cloud CI environment or are you doing it locally?
    Malys
    @malys
    @kcq in GITLAB CI on premise, I don't use docker image. Currently, I download binaries in my container which is running my job and works fine.
    Kyle Quest
    @kcq
    @malys great to hear it works with your on prem Gitlab environment! got a chance to test it only with the standard Gitlab CI setup and that environment requires a bit of work to configure the DOCKER_HOST environment variable properly (i added the instructions to the readme, just in case)
    Kyle Quest
    @kcq
    @srikantpatnaik Thank you for sharing your use case! Haven't had a chance to explore a similar Docker image setup... Is there a Dockerfile you could share to see if I can repro the condition?
    @srikantpatnaik Also curious what you are doing with /dev/snd in your container
    Srikant
    @srikantpatnaik
    @kcq thanks for taking this up. I will share my dockerfile in sometime. The /dev/snd isn't needed anymore
    atiqtahir
    @atiqtahir
    Hi
    How to pass environment variable to docker-slim using --env flag?
    Kyle Quest
    @kcq
    @atiqtahir yes
    atiqtahir
    @atiqtahir
    Thanks
    Nischal
    @nischalhp
    Hello Team
    We are evaluating docker-slim with our containers and hope to add it to our CI/CD pipeline in case its successful.
    The question I have is, how to pass arguments to docker-slim command that is required to start the container. From my understanding, docker-slim brings up the docker image, runs a probe to understands how to minimize. When it does try to start the container, certain arguments are required for the container to startup and it would be great if one of you could shed light on it.
    @kcq