Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    Kyle Quest
    @kcq
    the --exclude-pattern flag supports the Glob/Match syntax ( https://golang.org/pkg/path/filepath/#Match ) in Go plus the ** pattern
    Andrew Skelton
    @AndrewSkelton
    Hi, currently trying to narrow down the cause of this error:
    s6-mkfifo: fatal: unable to mkfifo /var/run/s6/services/s6-fdholderd/supervise/control: No such file or directory
    Reproducible example on this issue, any suggestions or insight welcome! - docker-slim/docker-slim#161
    Kyle Quest
    @kcq
    thanks for sharing the repro @AndrewSkelton ! let me check the docker image to see where it’s coming from
    Yash
    @yashbhutwala
    Hi guys, is there any guidance on how to figure out base image and add that to xray?
    Carmelo Sammarco
    @carmelosammarco
    Hello everybody. I am trying to docker-slim one my image created. when i do it and run the container i receive the following error: standard_init_linux.go:211: exec user process caused "no such file or directory"... i run the image like that: "docker run -d -v "/${PWD}/Notebook:/SRC/Notebook" --name "container" -p 8888:8888 --restart always --shm-size 2g user/container.slim" and it works for the not slimmed one. Thank you in advance for your help
    1 reply
    Carmelo Sammarco
    @carmelosammarco
    I forget to say that the command used to create the slim image is : "docker-slim build --http-probe user/container" I need to add more or modify it in some way?
    Kyle Quest
    @kcq

    Hi guys, is there any guidance on how to figure out base image and add that to xray?

    @yashbhutwala great to see that you looked at the code :-) there’s actually quite a bit of information related to the base image information when you run the xray command. For example, here’s what I got running docker-slim xray dslimexamples/server-node-hapi-alpine (server-node-haps-alpine is one of the sample app, so you can try it yourself):

    Dockerfile for the image starts with: FROM node:6.11.0-alpine

    The console output from the xray command has this line:

    docker-slim[xray]: info=image.stack index=0 name='node:6.11.0-alpine' id='sha256:b7535c8c7bee13ca6c082141f5416f2f5d9b8bf68a61cb9e6ce82d42773aa40d' instructions=8 message='see report file for details’

    Note how the name field value is node:6.11.0-alpine, which matches the FROM instruction value.

    The slim.report.json file (that gets generated when the command is done) includes node:6.11.0-alpine, node and 6.11.0-alpine in one of the image_stack sections.

    And the auto-generated Dockerfile.fat file has line: # end of image: node:6.11.0-alpine (id: tags: node:6.11.0-alpine)

    Daniel Leite
    @revolutionsystem
    Hello.
    I'm running the docker-slim on a hundred, seven, java 8 and wildfly image.
    However, it erases everything inside the image.
    What am I doing wrong in executing the command?
    Daniel Leite
    @revolutionsystem
    Centos 7
    Kyle Quest
    @kcq
    @revolutionsystem are those base images or are they application images with your applications running in them?
    Kyle Quest
    @kcq
    if you are using the latest version of Docker released a few days ago (20.10) you should download the latest version of #DockerSlim (1.33.0) to address breaking changes https://dockersl.im/downloads.html
    Tom Mason
    @mrmason
    hi @kcq - I'm getting this error on pretty much everything i try in docker-slim on 20.10-2 on fedora 33
    level=fatal msg="docker-slim: failure" error="source is not a regular file"
    ( I'll move this to discord )
    Kyle Quest
    @kcq
    @mrmason do you mind using the —debug flag and sharing the console output like you did in Discord
    Andreas Hansson
    @andreas.hansson2_gitlab
    Hi in trying to use docker-slim in my gitlab pipeline. But get this ettor: make sure the target image already exists locally'
    I have built an image before running docker-slim
    Andreas Hansson
    @andreas.hansson2_gitlab
    Hi can i include all files in a directory?
    --include-path i have to specify whole path to file to make it work.
    But I need to include 100 of files in a directory
    Anyone who knows? @kcq
    Kyle Quest
    @kcq
    @andreas.hansson2_gitlab do you mind sharing the output of docker images (feel free to exclude the images that are not relevant). Also can you share the full command line when you run docker-slim? Ping me directly if you don't want to share it publicly.
    --include-path works with directories too, so no need to include each file individually
    toothedsword
    @toothedsword
    docker images
    REPOSITORY TAG IMAGE ID CREATED SIZE
    fogf.18.04.tar latest 088790bdafa6 3 days ago 1.85GB
    ./docker-slim build --http-probe ca88504b7e59
    docker-slim: message='join the Gitter channel to ask questions or to share your feedback' info='https://gitter.im/docker-slim/community'
    docker-slim: message='join the Discord server to ask questions or to share your feedback' info='https://discord.gg/9tDyxYS'
    docker-slim: message='Github discussions' info='https://github.com/docker-slim/docker-slim/discussions'
    docker-slim[build]: info=http.probe message='using default probe'
    cmd=build state=started
    cmd=build info=params target=ca88504b7e59 continue.mode=probe rt.as.user=true keep.perms=true
    cmd=build info=target.image.error status=not.found image='ca88504b7e59' message='make sure the target image already exists locally'
    cmd=build state=exited
    docker-slim: message='join the Gitter channel to ask questions or to share your feedback' info='https://gitter.im/docker-slim/community'
    docker-slim: message='join the Discord server to ask questions or to share your feedback' info='https://discord.gg/9tDyxYS'
    docker-slim: message='Github discussions' info='https://github.com/docker-slim/docker-slim/discussions'
    Do you know what's the problem of this? Thanks!
    ./docker-slim build --http-probe 088790bdafa6
    docker-slim: message='join the Gitter channel to ask questions or to share your feedback' info='https://gitter.im/docker-slim/community'
    docker-slim: message='join the Discord server to ask questions or to share your feedback' info='https://discord.gg/9tDyxYS'
    docker-slim: message='Github discussions' info='https://github.com/docker-slim/docker-slim/discussions'
    docker-slim[build]: info=http.probe message='using default probe'
    cmd=build state=started
    cmd=build info=params target=088790bdafa6 continue.mode=probe rt.as.user=true keep.perms=true
    cmd=build info=target.image.error status=not.found image='088790bdafa6' message='make sure the target image already exists locally'
    cmd=build state=exited
    docker-slim: message='join the Gitter channel to ask questions or to share your feedback' info='https://gitter.im/docker-slim/community'
    docker-slim: message='join the Discord server to ask questions or to share your feedback' info='https://discord.gg/9tDyxYS'
    docker-slim: message='Github discussions' info='https://github.com/docker-slim/docker-slim/discussions'
    Kyle Quest
    @kcq
    @toothedsword that was pretty helpful! thanks a lot!
    turns out this is a bug with accepting image IDs and i’ll fix it asap
    for now, try using the image name and tag instead of using images IDs (e.g., ./docker-slim build --http-probe fogf.18.04.tar:latest)
    Kyle Quest
    @kcq
    ability to reference the target images by their ID (full or partial) will be available in the next release, which would happen pretty soon (it’s already in master if you’d like to see it sooner)
    chris
    @csmizzle
    Hey all, quick question. It isn't clear to me in the docs which flag to use when I want to specify which files I do not want removed during slimming. Any help there would be great! thanks
    If I want to keep dirs relevant to pip/npm/dependencies that are being removed during the slimming process
    Kyle Quest
    @kcq
    @csmizzle you can use the —include-path parameter for it (to keep additional files or directories in your optimized image). another option is —include-path-file, which you can use if you have a lot of files or directories to keep.
    there’s a few extra —include-* parameters you can use too: —include-bin, —include-bin-file, —include-exe, —include-exe-file and —include-shell.
    —include-bin is a more intelligent version of include-path when it comes to keeping additional binary files in your optimized image. It will include the file you specify and it will also include any other files that binary references, so if you —include-bin a shared object (aka dynamic library) docker-slim will include that shared object and it will also include the shared libraries that shared object imports.
    Kyle Quest
    @kcq
    —include-exe is like —include-bin, but it also tries to locate the target executable in one of the paths where you have your executables (based on the usual executable path locations)
    —include-shell includes enough executables to give you a basic read-only shell experience
    Joe Tan
    @joetancy
    hello all, i need some help on this. As I have a entrypoint.sh for the docker image that replaces a string in some config file, when I use docker-slim to create a slim image, the entrypoint is triggered once, and its triggered again when running the container, therefore e.g I'm replacing "http {" with "http { config...", when it runs twice it becomes "http{ config... config...". is there a better way to do this?
    Kyle Quest
    @kcq
    @joetancy One potential hack there is to mount a fresh copy of that config file (as a volume using the -v docker run param) when you run your optimized container. Would it be possible to do? There’s a couple of extra capabilities I can add to docker-slim to streamline this use case. One is an ability to copy files within the container image when docker-slim is running it. This would make it possible to mount your clean config as a new file and then it would replace the modified config file. Another option is a capability to add extra files to the optimized image during the build step, so you’d be able to replace the modified config file with a fresh copy.
    Kyle Quest
    @kcq
    @joetancy there’s a new flag that should cover your use case (it’ll be available in the next release, but you can build the latest from the repo to get it if you’d like to try it sooner): --preserve-path. Set its value to your entrypoint’s file path something like this: docker-slim build --preserve-path /path/to/your/entrypoint.sh your-container-image-name
    Joe Tan
    @joetancy
    @kcq wow, thank you so much for this! will let you know how it works after its released!
    Kyle Quest
    @kcq
    should be available in the next couple of days
    Kyle Quest
    @kcq
    @joetancy the new release (1.35.0) has been out for a few days with this new -preserve-path flag and lots of other enhancements. Give it a try (linux: https://downloads.dockerslim.com/releases/1.35.0/dist_linux.tar.gz and macs: https://downloads.dockerslim.com/releases/1.35.0/dist_mac.zip )
    Kyle Quest
    @kcq
    Did you know that you can also use DockerSlim like grep for container images? For example, here we'll find and print all files that include 'Welcome to nginx': docker-slim xray --change-data 'dump:console::Welcome to nginx' nginx
    bt-nia
    @bt-nia
    hey everyone!
    I have a docker container that runs as a daemon, which means that it will not stop when running --exec. How can I let docker-slim know that the container analysis is done?
    Kyle Quest
    @kcq
    @bt-nia Is it a web server or something like that? The —continue-afterparameter to docker-slim defines how you want to decide when the analysis is done. The parameter defaults to probe, which means that docker-slim will wait until all (http) probes are done executing and then it moves on to the next phase. In addition to configuring custom http probe commands with --http-probe-cmd and --http-probe-cmd-file you can also invoke external apps during the probing phase. This can be done using the --http-probe-exec and --http-probe-exec-file parameters, which allows you to use those external apps to decide when the analysis is done.
    There are other —continue-after options you can use to decide when the analysis phase is done. enter tells docker-slim to wait for external console input. That way you can manually signal the end of the analysis phase.
    The signal --continue-after option lets you use unix signals to let docker-slim know when the analysis phase should be done.
    Kyle Quest
    @kcq
    The timeout —continue-after option gives you have a time-based approach to dedice when the analysis phase is done. You can specify a number to —continue-after to choose how many seconds you want to wait before the analysis phase is done.