Warning: file_get_contents(/data/phpspider/zhask/data//catemap/0/docker/9.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Docker 在gitlab ci中运行buildah_Docker_Gitlab Ci_Podman_Buildah - Fatal编程技术网
Fatal编程技术网
  • docker/
  • Docker 在gitlab ci中运行buildah

Docker 在gitlab ci中运行buildah

docker

Docker 在gitlab ci中运行buildah,docker,gitlab-ci,podman,buildah,Docker,Gitlab Ci,Podman,Buildah,我想使用gitlab ci中的buildah来构建一个映像,从中运行一个容器,并对其进行一些测试 我当前的gitlab ci是: tests: tags: - docker image: quay.io/buildah/stable stage: test variables: STORAGE_DRIVER: "vfs" BUILDAH_FORMAT: "docker" BUILDAH_ISOLA

我想使用gitlab ci中的buildah来构建一个映像,从中运行一个容器,并对其进行一些测试

我当前的gitlab ci是:

tests:
  tags:
    - docker
  image: quay.io/buildah/stable
  stage: test
  variables:
      STORAGE_DRIVER: "vfs"
      BUILDAH_FORMAT: "docker"
      BUILDAH_ISOLATION: "rootless"
  only:
    refs:
      - merge_requests
    changes:
      - **/*
  script:
    - buildah info --debug
    - buildah unshare docker/test/run.sh
我的运行程序是私有的gitlab运行程序,我不想更改它的配置(不破坏其他CI)

run.sh的内容是:

#!/usr/bin/env bash
set -euo pipefail
container=$(buildah --ulimit nofile=8192 --name my-container from phusion/baseimage:bionic-1.0.0-amd64)
错误是:

level=warning msg="error reading allowed ID mappings: error reading subuid mappings for user \"root\" and subgid mappings for group \"root\": No subuid ranges found for user \"root\" in /etc/subuid" level=warning msg="Found no UID ranges set aside for user \"root\" in /etc/subuid." level=warning msg="Found no GID ranges set aside for user \"root\" in /etc/subgid." No buildah sali-container already exists... Package Sali Creating sali-container Completed short name "phusion/baseimage" with unqualified-search registries (origin: /etc/containers/registries.conf) Getting image source signatures Copying blob 
sha256:36505266dcc64eeb1010bd2112e6f73981e1a8246e4f6d4e287763b57f101b0b Copying blob 
sha256:1907967438a7f3c5ff54c8002847fe52ed596a9cc250c0987f1e2205a7005ff9 Copying blob 
sha256:23884877105a7ff84a910895cd044061a4561385ff6c36480ee080b76ec0e771 Copying blob 
sha256:2910811b6c4227c2f42aaea9a3dd5f53b1d469f67e2cf7e601f631b119b61ff7 Copying blob 
sha256:bc38caa0f5b94141276220daaf428892096e4afd24b05668cd188311e00a635f Copying blob 
sha256:53c90fd859186b7b770d65adcb6ae577d4c61133f033e628530b1fd8dc0af643 Copying blob 
sha256:d039079bb3a9bf1acf69e7c00db0e6559a86148c906ba5dab06b67c694bbe87c Copying config 
sha256:32c929dd2961004079c1e35f8eb5ef25b9dd23f32bc58ac7eccd72b4aa19f262 Writing manifest to image destination Storing signatures level=error msg="Error while applying layer: ApplyLayer
 exit status 1 stdout:  stderr: potentially insufficient UIDs or GIDs available in user namespace (requested 0:42 for /etc/gshadow): Check /etc/subuid and /etc/subgid: lchown /etc/gshadow: invalid argument" 4 errors occurred while pulling:  
* Error initializing source docker://registry.fedoraproject.org/phusion/baseimage:bionic-1.0.0-amd64: Error reading manifest bionic-1.0.0-amd64 in registry.fedoraproject.org/phusion/baseimage: manifest unknown: manifest unknown  
* Error initializing source docker://registry.access.redhat.com/phusion/baseimage:bionic-1.0.0-amd64: Error reading manifest bionic-1.0.0-amd64 in registry.access.redhat.com/phusion/baseimage: name unknown: Repo not found  
* Error initializing source docker://registry.centos.org/phusion/baseimage:bionic-1.0.0-amd64: Error reading manifest bionic-1.0.0-amd64 in registry.centos.org/phusion/baseimage: manifest unknown: manifest unknown  
* Error committing the finished image: error adding layer with blob "sha256:23884877105a7ff84a910895cd044061a4561385ff6c36480ee080b76ec0e771": ApplyLayer exit status 1 stdout:  stderr: potentially insufficient UIDs or GIDs available in user namespace (requested 0:42 for /etc/gshadow): Check /etc/subuid and /etc/subgid: lchown /etc/gshadow: invalid argument level=error msg="exit status 125" level=error msg="exit status 125"

buildah info--debug的结果:


{
    "debug": {
        "buildah version": "1.18.0",
        "compiler": "gc",
        "git commit": "",
        "go version": "go1.15.2"
    },
    "host": {
        "CgroupVersion": "v1",
        "Distribution": {
            "distribution": "fedora",
            "version": "33"
        },
        "MemFree": 9021378560,
        "MemTotal": 15768850432,
        "OCIRuntime": "runc",
        "SwapFree": 0,
        "SwapTotal": 0,
        "arch": "amd64",
        "cpus": 4,
        "hostname": "runner-cvBUQadt-project-2197143-concurrent-0",
        "kernel": "4.14.83+",
        "os": "linux",
        "rootless": false,
        "uptime": "6391h 28m 15.45s (Approximately 266.29 days)"
    },
    "store": {
        "ContainerStore": {
            "number": 0
        },
        "GraphDriverName": "vfs",
        "GraphOptions": [
            "vfs.imagestore=/var/lib/shared"
        ],
        "GraphRoot": "/var/lib/containers/storage",
        "GraphStatus": {},
        "ImageStore": {
            "number": 0
        },
        "RunRoot": "/var/run/containers/storage"
    }
}



我阅读了其他关于我所犯错误的帖子,并得出了这个配置,这是不够的。我选择buildah是因为我认为它很容易从CI中使用,因为它应该是无根运行的,但这真是一场噩梦。。。我是一个可怜的孤独开发者,不是系统管理员,我不知道如何为buildah设置linux。。。有人能帮我吗?
Buildah需要以root用户身份运行,或者在具有足够UID的用户命名空间中运行,以安装具有不同UID的文件


这看起来像是出于某种原因,buildah认为它应该在用户名称空间中运行,但没有在用户名称空间中找到列出的根。当您没有足够的权限运行时,通常会发生这种情况。
有没有办法让“具有足够UID的用户名称空间来安装具有不同UID的文件”?我从gitlab ci运行它,因此这是一个在container@rhatdan ... 我觉得那个评论令人费解。就我而言,我是无根的。我可以看到容器中的系统需要一个“根”代理。我只是尝试运行
bash
,使用:
podman-run--rm--interactive--tty-ubuntu-bash
。在vanilia podman安装上。显然,设置最基本的操作需要一些东西。