Fatal编程技术网
  • docker/
  • Docker 启动容器进程导致“错误”;执行官:\"/tmp/installer.sh\";:“拒绝许可”;

Docker 启动容器进程导致“错误”;执行官:\"/tmp/installer.sh\";:“拒绝许可”;

docker bazel

Docker 启动容器进程导致“错误”;执行官:\"/tmp/installer.sh\";:“拒绝许可”;,docker,bazel,docker-in-docker,Docker,Bazel,Docker In Docker,我有一个基本映像(名为@release\u docker//image),我正在尝试在其上安装一些apt软件包(以及我构建的二进制文件)。下面是它的外观: load("@io_bazel_rules_docker//docker/package_managers:download_pkgs.bzl", "download_pkgs") load("@io_bazel_rules_docker//docker/package_managers:install_pkgs.bzl", "install

我有一个基本映像(名为
@release\u docker//image
),我正在尝试在其上安装一些apt软件包(以及我构建的二进制文件)。下面是它的外观:

load("@io_bazel_rules_docker//docker/package_managers:download_pkgs.bzl", "download_pkgs")
load("@io_bazel_rules_docker//docker/package_managers:install_pkgs.bzl", "install_pkgs")

download_pkgs(
    name = "downloaded-packages",
    image_tar = "@release_docker//image",
    packages = [
        "numactl",
        "pciutils",
        "python",
    ],
)

install_pkgs(
    name = "installed-packages",
    image_tar = "@release_docker//image",
    installables_tar = ":downloaded-packages.tar",
    output_image_name = "release_docker_with_packages"
)

cc_image(
    name = "my-image",
    base = ":installed-packages",
    binary = ":built-binary",
)
但是在build docker(build命令运行的docker映像)内部,当我运行
bazel build:my image--action_env docker_HOST时=tcp://192.168.1.2:2375
,it错误:

+ DOCKER=/usr/bin/docker
+ [[ -z /usr/bin/docker ]]
+ TO_JSON_TOOL=bazel-out/host/bin/external/io_bazel_rules_docker/docker/util/to_json
+ source external/io_bazel_rules_docker/docker/util/image_util.sh
++ bazel-out/host/bin/external/io_bazel_rules_docker/contrib/extract_image_id bazel-out/k8-fastbuild/bin/external/release_docker/image/image.tar
+ image_id=b55375fc9c651e1eff0428490d01b4883de0fca62b5b18e8ede9f3d812b3fc10
+ /usr/bin/docker load -i bazel-out/k8-fastbuild/bin/external/release_docker/image/image.tar
+++ pwd
+++ pwd
++ /usr/bin/docker run -d -v /opt/bazel-root-directory/...[path-to].../downloaded-packages.tar:/tmp/bazel-out/k8-fastbuild/bin/marzban/downloaded-packages.tar -v /opt/bazel-root-directory/...[path-to].../installed-packages.install:/tmp/installer.sh --privileged b55375fc9c651e1eff0428490d01b4883de0fca62b5b18e8ede9f3d812b3fc10 /tmp/installer.sh
/usr/bin/docker: Error response from daemon: OCI runtime create failed: container_linux.go:345: starting container process caused "exec: \"/tmp/installer.sh\": permission denied": unknown.
+ cid=ce62e444aefe1f32a20575750a6ee1cc9c2f79d46f2f60187a8bc23f87b5aa25
我遇到了和你完全一样的问题。如果将“@release\u docker//image”更改为“@release\u docker//image:image.tar”,应该可以正常工作

该规则需要一个.tar文件(与docker save imageName的格式相同)。我没有研究该规则背后的代码,但我假设该图像也需要访问apt

下面是一个工作示例

生成文件

load(
    "@io_bazel_rules_docker//docker/package_managers:download_pkgs.bzl",
    "download_pkgs",
)
load(
    "@io_bazel_rules_docker//docker/package_managers:install_pkgs.bzl",
    "install_pkgs",
)

install_pkgs(
    name = "postgresPythonImage",
    image_tar = "@py3_image_base//image:image.tar",
    installables_tar = ":postgresql_pkgs.tar",
    output_image_name = "postgres_python_base"
)

download_pkgs(
    name = "postgresql_pkgs",
    image_tar = "@ubuntu1604//image:image.tar",
    packages = [
        "postgresql"
    ],
)
工作空间

http_archive(
    name = "layer_definitions",
    strip_prefix = "layer-definitions-ade30bae7cb1a8c1fed70e18040936fad75de8a3",
    urls = ["https://github.com/GoogleCloudPlatform/layer-definitions/archive/ade30bae7cb1a8c1fed70e18040936fad75de8a3.tar.gz"],
    sha256 = "af72a1a804934ba154c97c43429ec556eeaadac70336f614ac123b7f5a5db299"
)

load("@layer_definitions//layers/ubuntu1604/base:deps.bzl", ubuntu1604_base_deps = "deps")
ubuntu1604_base_deps()
我遇到了与您完全相同的问题。如果您将“@release\u docker//image”更改为“@release\u docker//image:image.tar”,应该可以正常工作

该规则需要一个.tar文件(与docker save imageName的格式相同)。我没有研究规则背后的代码,但我认为图像也需要访问apt

下面是一个工作示例

生成文件

load(
    "@io_bazel_rules_docker//docker/package_managers:download_pkgs.bzl",
    "download_pkgs",
)
load(
    "@io_bazel_rules_docker//docker/package_managers:install_pkgs.bzl",
    "install_pkgs",
)

install_pkgs(
    name = "postgresPythonImage",
    image_tar = "@py3_image_base//image:image.tar",
    installables_tar = ":postgresql_pkgs.tar",
    output_image_name = "postgres_python_base"
)

download_pkgs(
    name = "postgresql_pkgs",
    image_tar = "@ubuntu1604//image:image.tar",
    packages = [
        "postgresql"
    ],
)
工作空间

http_archive(
    name = "layer_definitions",
    strip_prefix = "layer-definitions-ade30bae7cb1a8c1fed70e18040936fad75de8a3",
    urls = ["https://github.com/GoogleCloudPlatform/layer-definitions/archive/ade30bae7cb1a8c1fed70e18040936fad75de8a3.tar.gz"],
    sha256 = "af72a1a804934ba154c97c43429ec556eeaadac70336f614ac123b7f5a5db299"
)

load("@layer_definitions//layers/ubuntu1604/base:deps.bzl", ubuntu1604_base_deps = "deps")
ubuntu1604_base_deps()
我遇到了同样的问题,我花了一些时间才找到真正的原因

正如您所猜测的,您的
rules\u docker
repo版本中存在一个bug。实际问题是假设本地文件夹可以直接装入目标映像中。显然,在DIND(Docker中的Docker)的情况下,这个假设是失败的

幸运的是,这个bug已经作为的一部分被修复了。正如标题所示,解决方案是使用命名卷而不是short
-v src:dst

因此,解决方案是升级到v0.13.0或更高版本。

rules_docker$git标记--包含32f12766248bef88358fc1646a3e0a66efd0e502 |头-1
v0.13.0
我遇到了同样的问题,我花了一些时间才找到真正的原因

正如您所猜测的,您的
rules\u docker
repo版本中存在一个bug。实际问题是假设本地文件夹可以直接装入目标映像中。显然,在DIND(Docker中的Docker)的情况下,这个假设是失败的

幸运的是,这个bug已经作为的一部分被修复了。正如标题所示,解决方案是使用命名卷而不是short
-v src:dst

因此,解决方案是升级到v0.13.0或更高版本。

rules_docker$git标记--包含32f12766248bef88358fc1646a3e0a66efd0e502 |头-1
v0.13.0
我想知道答案。但是,不幸的是,这没有帮助。当使用远程docker守护程序(即docker\u主机操作\u env)运行
install\u pkgs
规则时,这似乎是一个错误;因为它装载了
installer.sh
文件,并假设它应该可以在主机上找到答案。但是,不幸的是,这没有帮助。当使用远程docker守护程序(即docker\u主机操作\u env)运行
install\u pkgs
规则时,这似乎是一个错误;因为它装载了
installer.sh
文件,并假设它应该在主机上可用。。。