container impossible to generate local image from a file if it requires install some pkgs
Closed, ResolvedPublicBUG
Actions

Assigned To

Authored By

	Viacheslav
	Dec 8 2022, 3:10 PM

Description

Report from the forum
Impossible to generate a local container image from a file if it requires installing some pkgs
Example of Dockerfile:

vyos@r14:~$ cat /config/containers/pod/Dockerfile 
FROM alpine:3.16.2
RUN apk update
RUN apk add --no-cache bind
USER named
EXPOSE 53/udp
CMD ["named", "-c", "/etc/bind/named.conf", "-g"]

generate container image

vyos@r14:~$ generate container image mypod path /config/containers/pod/
STEP 1/6: FROM alpine:3.16.2
STEP 2/6: RUN apk update
--> Using cache fe3e9fc5c30556739989ca4282c7f993cf9e88844e406bad0e18813a7f8b2df1
--> fe3e9fc5c30
STEP 3/6: RUN apk add --no-cache bind
WARN[0000] Failed to load cached network config: network podman not found in CNI cache, falling back to loading network podman from disk 
WARN[0000] 1 error occurred:
	* plugin type="bridge" failed (delete): cni plugin bridge failed: running [/usr/sbin/iptables -t nat -D POSTROUTING -s 10.88.0.4 -j CNI-d2d33c68415e4ec6d487f30b -m comment --comment name: "podman" id: "buildah-buildah1319940755" --wait]: exit status 2: iptables v1.8.7 (nf_tables): Chain 'CNI-d2d33c68415e4ec6d487f30b' does not exist
Try `iptables -h' or 'iptables --help' for more information.

 
2022-12-08T15:05:53.000699081Z: the container `buildah-buildah1319940755` is not in 'stopped' state
error running container: did not get container start message from parent: EOF
Error: error building at STEP "RUN apk add --no-cache bind": plugin type="bridge" failed (add): cni plugin bridge failed: failed to list chains: running [/usr/sbin/iptables -t nat -S --wait]: exit status 1: iptables v1.8.7 (nf_tables): table `nat' is incompatible, use 'nft' tool.


vyos@r14:~$

Because podman is not compatible with internal nat rules T3499 as we don't use iptables

as a workaround, we can use --net host during build and generate a local image
sudo podman build --net host --layers --force-rm --tag mypod /config/containers/pod/

vyos@r14:~$ sudo podman build --net host --layers --force-rm --tag mypod /config/containers/pod/
STEP 1/6: FROM alpine:3.16.2
STEP 2/6: RUN apk update
--> Using cache fe3e9fc5c30556739989ca4282c7f993cf9e88844e406bad0e18813a7f8b2df1
--> fe3e9fc5c30
STEP 3/6: RUN apk add --no-cache bind
fetch https://dl-cdn.alpinelinux.org/alpine/v3.16/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.16/community/x86_64/APKINDEX.tar.gz
(1/35) Installing ca-certificates (20220614-r0)
(2/35) Installing brotli-libs (1.0.9-r6)
(3/35) Installing nghttp2-libs (1.47.0-r0)
(4/35) Installing libcurl (7.83.1-r4)
(5/35) Installing curl (7.83.1-r4)
(6/35) Installing libgpg-error (1.45-r0)
(7/35) Installing libassuan (2.5.5-r0)
(8/35) Installing libcap (2.64-r0)
(9/35) Installing ncurses-terminfo-base (6.3_p20220521-r0)
(10/35) Installing ncurses-libs (6.3_p20220521-r0)
(11/35) Installing pinentry (1.2.0-r0)
Executing pinentry-1.2.0-r0.post-install
(12/35) Installing libgcrypt (1.10.1-r0)
(13/35) Installing gnupg-gpgconf (2.2.35-r4)
(14/35) Installing libbz2 (1.0.8-r1)
(15/35) Installing sqlite-libs (3.38.5-r0)
(16/35) Installing gpg (2.2.35-r4)
(17/35) Installing dns-root-hints (2019073000-r3)
(18/35) Installing fstrm (0.6.1-r0)
(19/35) Installing krb5-conf (1.0-r2)
(20/35) Installing libcom_err (1.46.5-r0)
(21/35) Installing keyutils-libs (1.6.3-r1)
(22/35) Installing libverto (0.3.2-r0)
(23/35) Installing krb5-libs (1.19.4-r0)
(24/35) Installing json-c (0.16-r0)
(25/35) Installing protobuf-c (1.4.1-r0)
(26/35) Installing libuv (1.44.1-r0)
(27/35) Installing xz-libs (5.2.5-r1)
(28/35) Installing libxml2 (2.9.14-r2)
(29/35) Installing bind-libs (9.16.33-r0)
(30/35) Installing bind-tools (9.16.33-r0)
(31/35) Installing bind-dnssec-root (9.16.33-r0)
(32/35) Installing gdbm (1.23-r0)
(33/35) Installing libsasl (2.1.28-r1)
(34/35) Installing libldap (2.6.3-r3)
(35/35) Installing bind (9.16.33-r0)
Executing bind-9.16.33-r0.pre-install
Executing bind-9.16.33-r0.post-install
wrote key file "/etc/bind/rndc.key"
Executing busybox-1.35.0-r17.trigger
Executing ca-certificates-20220614-r0.trigger
OK: 21 MiB in 49 packages
--> 7f541348f95
STEP 4/6: USER named
--> e88eceaf830
STEP 5/6: EXPOSE 53/udp
--> 457fe92db91
STEP 6/6: CMD ["named", "-c", "/etc/bind/named.conf", "-g"]
COMMIT mypod
--> 8bdafff1d97
Successfully tagged localhost/mypod:latest
8bdafff1d979ae0105b4e82a8f8c3a99e3645306749745d752791db77ee33d1b
vyos@r14:~$

show images:

vyos@r14:~$ show container image 
REPOSITORY                     TAG         IMAGE ID      CREATED        SIZE
localhost/mypod                latest      8bdafff1d979  3 minutes ago  23.9 MB
docker.io/library/alpine       3.16.2      9c6f07244728  4 months ago   5.83 MB

Details

Difficulty level: Easy (less than an hour)
Version: VyOS 1.4-rolling-202211200318
Why the issue appeared?: Will be filled on close
Is it a breaking change?: Unspecified (possibly destroys the router)
Issue type: Bug (incorrect behavior)

Related Objects
Search...

		Status	Subtype	Assigned	Task
		Resolved	FEATURE REQUEST	higebu	T578 Support Linux Container
		Resolved	BUG	Viacheslav	T4865 container impossible to generate local image from a file if it requires install some pkgs