Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

containerd: classic builder fails to preserve platform information correctly #47823

Open
tianon opened this issue May 10, 2024 · 1 comment
Open

containerd: classic builder fails to preserve platform information correctly #47823

tianon opened this issue May 10, 2024 · 1 comment
Labels
containerd-integration Issues and PRs related to containerd integration kind/bug Bugs are bugs. The cause may or may not be known at triage time so debugging may be needed. status/0-triage

Comments

@tianon
Copy link
Member

tianon commented May 10, 2024
edited

Description

While using the classic builder with the containerd snapshotter integration enabled, DOCKER_BUILDKIT=0 docker build --platform something-non-native ... fails, and the error message is referencing the native platform of the selected base image (which if it exists, is used and the wrong platform is used for the build 😬).

Reproduce

$ docker run -it --rm --name dind --privileged --pull=always tianon/docker-master:containerd dockerd
...

(the image I was testing here was built via https://github.com/tianon/dockerfiles/blob/fc8d0a8d84b3a8c90685181af21014077902cbb3/docker-master/Dockerfile + https://github.com/tianon/dockerfiles/blob/fc8d0a8d84b3a8c90685181af21014077902cbb3/docker-master/Dockerfile.containerd -> https://oci.dag.dev/?image=tianon/docker-master:containerd@sha256:0b27437d09e78b950c740966b00560ea7012a1261a6e90029030f68e328a9409)

$ docker exec -i -e DOCKER_BUILDKIT=0 dind docker build --pull --platform linux/arm64 - <<<$'FROM bash\nRUN apk --print-arch'
DEPRECATED: The legacy builder is deprecated and will be removed in a future release.
            BuildKit is currently disabled; enable it by removing the DOCKER_BUILDKIT=0
            environment-variable.

Sending build context to Docker daemon  2.048kB
Step 1/2 : FROM bash
latest: Pulling from library/bash
3f7f1892fc44: Pulling fs layer
a08a5a04fd53: Pulling fs layer
bca4290a9639: Pulling fs layer
a08a5a04fd53: Download complete
3f7f1892fc44: Download complete
bca4290a9639: Download complete
Digest: sha256:890897682a8025c1e178b5ec6126b3b532ad8535f1e81dbf60bc2b7300b1bcf8
Status: Downloaded newer image for bash:latest
 ---> 890897682a80
Step 2/2 : RUN apk --print-arch
content digest sha256:e7e9ae199eddeefb891d985c979e64ae97a8d335539b6085ee7df3a1a0398309: not found

Expected behavior

That RUN should print aarch64.

If I first docker pull bash (to get my local-arch amd64 image), it'll erroneously print x86_64, which IMO is actually even worse than erroring out because that's generating an incorrect build. 😭

docker version

$ docker exec -i dind docker version
Client:
 Version:           
 API version:       1.45
 Go version:        go1.21.10
 Git commit:        6c70360c7938f78918b941afebea01f4e0a11bfa
 Built:             Wed May  8 13:39:36 2024
 OS/Arch:           linux/amd64
 Context:           default

Server:
 Engine:
  Version:          dev
  API version:      1.46 (minimum version 1.24)
  Go version:       go1.21.10
  Git commit:       cd08d377c5e0348984d1f46d196337d895ec47ad
  Built:            Fri May 10 13:39:52 2024
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v1.7.15
  GitCommit:        926c9586fe4a6236699318391cd44976a98e31f1
 runc:
  Version:          1.1.12
  GitCommit:        v1.1.12-0-g51d5e946
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

docker info

$ docker exec -i dind docker info
Client:
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  HEAD
    Path:     /usr/local/libexec/docker/cli-plugins/docker-buildx

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 1
 Server Version: dev
 Storage Driver: overlayfs
  driver-type: io.containerd.snapshotter.v1
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: runc io.containerd.runc.v2
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 926c9586fe4a6236699318391cd44976a98e31f1
 runc version: v1.1.12-0-g51d5e946
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.1.0-20-amd64
 Operating System: Alpine Linux v3.19 (containerized)
 OSType: linux
 Architecture: x86_64
 CPUs: 16
 Total Memory: 62.43GiB
 Name: c9a0f43dc5a8
 ID: e50ff3b5-c7fd-4a84-88bb-4b2d2799dc95
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

Additional Info

No response
@tianon tianon added status/0-triage kind/bug Bugs are bugs. The cause may or may not be known at triage time so debugging may be needed. labels May 10, 2024
@tianon
Copy link
Member Author

tianon commented May 10, 2024

Just because I'm feeling paranoid and wanted to be absolutely certain this is scoped specifically to the containerd snapshotter integration, I ran it again with the non-containerd configuration and it works correctly and as expected:

$ docker run -it --rm --name dind --privileged --pull=always tianon/docker-master dockerd
...
$ docker exec -i -e DOCKER_BUILDKIT=0 dind docker build --pull --platform linux/arm64 - <<<$'FROM bash\nRUN apk --print-arch'
DEPRECATED: The legacy builder is deprecated and will be removed in a future release.
            BuildKit is currently disabled; enable it by removing the DOCKER_BUILDKIT=0
            environment-variable.

Sending build context to Docker daemon  2.048kB
Step 1/2 : FROM bash
latest: Pulling from library/bash
bca4290a9639: Pulling fs layer
3f7f1892fc44: Pulling fs layer
a08a5a04fd53: Pulling fs layer
a08a5a04fd53: Download complete
bca4290a9639: Verifying Checksum
bca4290a9639: Download complete
3f7f1892fc44: Verifying Checksum
3f7f1892fc44: Download complete
bca4290a9639: Pull complete
3f7f1892fc44: Pull complete
a08a5a04fd53: Pull complete
Digest: sha256:890897682a8025c1e178b5ec6126b3b532ad8535f1e81dbf60bc2b7300b1bcf8
Status: Downloaded newer image for bash:latest
 ---> 2b0b7c7c3e41
Step 2/2 : RUN apk --print-arch
 ---> [Warning] The requested image's platform (linux/arm64) does not match the detected host platform (linux/amd64/v3) and no specific platform was requested
 ---> Running in 5165e07f1493
aarch64
 ---> Removed intermediate container 5165e07f1493
 ---> d9ba09cc96db
Successfully built d9ba09cc96db

@rumpl rumpl added the containerd-integration Issues and PRs related to containerd integration label May 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
containerd-integration Issues and PRs related to containerd integration kind/bug Bugs are bugs. The cause may or may not be known at triage time so debugging may be needed. status/0-triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rumpl @tianon