-
Notifications
You must be signed in to change notification settings - Fork 598
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dockerd fails to start - RULE_APPEND failed (No such file or directory): rule in chain DOCKER-ISOLATION-STAGE-1 #463
Comments
Hi everyone, As a quick workaround we had to switch back from dind image docker:24.0.7-dind to docker:23.0.6-dind. |
|
We (GitLab.com) have a similar issue (https://gitlab.com/gitlab-com/gl-infra/production/-/issues/17283) with As we can see with Alpine 3.19 changed the We've also tried multiple Google Container Optmized OS versions and all of them seem to fail 👉 https://gitlab.com/gitlab-com/gl-infra/production/-/issues/17283#note_1696008058 and also tried some fixes in https://gitlab.com/gitlab-com/gl-infra/production/-/issues/17283#note_1696085805 which didn't work. The only thing that worked for us is changing the host image to At the moment I'm not sure what our (GitLab.com) next steps are since Alpine 3.19 seems to be incompatible with Google Container Optimized OS, and it also seems like other users are having the same problem. cc @tianon |
@stevexuereb for us using 24.0.7 with alpine 3.18 fixed the issue. But of course this is just a temporary workaround. |
I've tried to use the legacy package instead in the Dockerfile, but still didn't have any luck 👉 https://gitlab.com/gitlab-com/gl-infra/production/-/issues/17283#note_1696330857 |
This is also happening for us when using ARC for GitHub runners. Since it used We will try to force a previous version as mentioned above and will give feedback back asap. EDIT (27/12/2023): We added this to our helm chart: image:
repository: "summerwind/actions-runner-controller"
actionsRunnerRepositoryAndTag: "summerwind/actions-runner:latest"
dindSidecarRepositoryAndTag: "docker:24.0.7-dind-alpine3.18" |
Not exactly sure on all the moving bits involved here, but given the changeset in #461, you might want to revert the change to the |
@stevexuereb I'm not sure why your change doesn't fail to build (since that RUN command starts with I'm gonna open a PR. |
PR docker-library#461 updated Alpine to 3.19 and made a change to load the nf_tables kernel module if needed. However, as demonstrated by docker-library#463 and docker-library#464 this might break when the host system doesn't have the nf_tables module available. In that case, we should still try to load the ip_tables module and symlink /sbin/iptables to xtables-legacy-multi. Signed-off-by: Albin Kerouanton <[email protected]>
@akerouanton interesting, it doesn't seem to have existing links, I wasn't installing the I've tested your PR and it seems to be working:
|
Ok, fix should be mostly deployed now. 👍 |
@stevexuereb would you be able to test or help coordinate a test of #468 on GitLab to make sure I don't cause a regression again? 😅 ( |
@tianon certainly, I left my testing results in #468 (comment) let me know if you needed something different 🙇 @tianon I'd be curious would it be possible to set up a test in GitHub Actions that builds the image in a PR, publishes it to some Registry (GitHub, DockerHub) and possibly trigger a pipeline on GitLab with that image (so there is no infra cost for you) so that we validate each PR going forward instead of running #468 (comment) manually? We could also keep it vendor agnostic, and trigger jobs in GitHub actions as well since I'd be happy to to see if I can try and coordinate with the Runner team to see if they can contribute this to the project, but was curious to think if this was a good idea for this project or not. |
This comment was marked as resolved.
This comment was marked as resolved.
We do test on GitHub Actions already, so it's odd that someone saw a failure there, but in general figuring out a good way to automate testing on GitLab's infrastructure is a great idea and one I'm personally very open to. 😅 Edit: ah, "Kubernetes controller for GitHub Actions self-hosted runners" -- that probably failed because it's not GitHub's runners (so more similar to #466 / #467) |
See github.com/docker-library/docker/issues/463 for details
See github.com/docker-library/docker/issues/463 for details
I'm still running into the same issue with I've temporarily moved us back to 24.0.6-dind, which does work. Any other debugging info I can help provide? |
The change in #468 isn't actually pushed all the way to the published images yet: docker-library/official-images#16009 According to #468 (comment), COS 105 will probably need |
For documentation only because the internet search leads to this issue. It is not an issue with COS 105 in general but with build ID 17412.226.68 and below. It already includes the kernel module As a result, our GKE 1.26.6-gke.1700 (uses cos-101-17162-210-48) was working before the automatic update in the REGULAR release channel but was not after the upgrade to 1.27.8-gke.1067004 (uses cos-105-17412-226-62). |
After the merge of #461, the
docker
containers we run as part of our CI jobs stopped working.The container fails to start with the following error:
The affected image is
docker.io/library/docker@sha256:ae63bb7c7d3ae23884a2c5d206939640279f6d15730618192b58662a0619f182
, whiledocker.io/library/docker@sha256:c90e58d30700470fc59bdaaf802340fd25c1db628756d7bf74e100c566ba9589
works fine. Both images are tagged as24.0.7-dind
The environment is GKE 1.27 with Container-Optimized OS.
Workaround
Use
docker:24.0.7-dind-alpine3.18
, as it points at the previous version of the image that was overwrittenThe text was updated successfully, but these errors were encountered: