Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] docker compose build fails to find a local image used in FROM #12130

Open
elipp opened this issue Sep 16, 2024 · 1 comment
Open

[BUG] docker compose build fails to find a local image used in FROM #12130

elipp opened this issue Sep 16, 2024 · 1 comment
Labels
kind/bug status/0-triage

Comments

@elipp
Copy link

elipp commented Sep 16, 2024
edited
Loading

Description

Using a present, locally docker run:able image as the FROM stage in a Dockerfile results in docker compose trying to pull the image and failing. See Steps to Reproduce.

Steps To Reproduce

docker.compose.yml:

services:
  someimage:
    image: someimage:sometag
    build:
      dockerfile: Dockerfile.someimage
  service1:
    build:
      dockerfile: Dockerfile.service1
      args:
        IMAGE_NAME: someimage:sometag

Dockerfile.someimage:

FROM alpine
RUN echo "lorem ipsum" > /lipsum.txt

Dockerfile.service1:

ARG IMAGE_NAME
FROM ${IMAGE_NAME:?} AS stage1

FROM alpine
COPY --from=stage1 /lipsum.txt /lipsum.txt
CMD ["cat", "/lipsum.txt"]

Running docker compose build someimage && docker compose build service1 results in:

=> ERROR [service1 internal] load metadata for docker.io/library/someimage:sometag                 0.8s
------
 > [service1 internal] load metadata for docker.io/library/someimage:sometag:
------
failed to solve: someimage:sometag: failed to resolve source metadata for docker.io/library/someimage:sometag: pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed

docker buildx container logs:

time="2024-09-16T21:05:27Z" level=info msg="running server on /run/buildkit/buildkitd.sock"
time="2024-09-16T21:06:46Z" level=info msg="trying next host" error="pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed" host=registry-1.docker.io
time="2024-09-16T21:06:46Z" level=error msg="/moby.buildkit.v1.frontend.LLBBridge/Solve returned error: rpc error: code = Unknown desc = someimage:sometag: failed to resolve source metadata for docker.io/library/someimage:sometag: pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed"
time="2024-09-16T21:06:46Z" level=error msg="/moby.buildkit.v1.Control/Solve returned error: rpc error: code = Unknown desc = someimage:sometag: failed to resolve source metadata for docker.io/library/someimage:sometag: pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed"

Using DOCKER_BUILDKIT=0 docker compose build builds the image just fine, same goes for:

docker build . -f Dockerfile.someimage -t someimage:sometag
docker build . -f Dockerfile.service1 --build-arg IMAGE_NAME=someimage:sometag -t service1
docker run --rm service1

lorem ipsum

This also happens if the image name is hard-coded (not passed as an ARG).

Compose Version

Docker Compose version 2.29.3 (also 2.29.4)

Docker Environment

Client:
 Version:    27.2.1
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  0.17.1
    Path:     /usr/lib/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  2.29.4
    Path:     /usr/lib/docker/cli-plugins/docker-compose

Server:
 Containers: 1
  Running: 1
  Paused: 0
  Stopped: 0
 Images: 4
 Server Version: 27.2.1
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: true
  Native Overlay Diff: false
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 7f7fdf5fed64eb6a7caf99b3e12efcf9d60e311c.m
 runc version:
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.10.10-arch1-1
 Operating System: Arch Linux
 OSType: linux
 Architecture: x86_64
 CPUs: 20
 Total Memory: 62.33GiB
 Name: tooo
 ID: 6ed50486-207f-4523-9ee7-7372aae95dac
 Docker Root Dir: /home/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

Anything else?

Could be a BuildKit issue since DOCKER_BUILDKIT=0 works...?

UPDATE: this actually works if I use the "default" docker buildx driver/endpoint (and fails with the docker-container) one.
@ndeloof
Copy link
Contributor

ndeloof commented Sep 17, 2024

This is indeed related to buildkit being used to run the build. Buildkit is not aware of dependencies between those two service image and want to build those in parallel, which causes this failure.
As a workaround, you can declare a dependency between services using depends_on. While this might not be relevant at runtime, Docker Compose will then build images in sequence

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug status/0-triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ndeloof @elipp