Ability to override ubuntu:18.04 #527
Conversation
|
Thanks for your neat contribution! A lot of these changes seem like they will hamper usability of the image. I'm not sure we can merge this as-is, but don't let that deter you – I like the idea of making the upstream base pluggable. I'd also like to preserve the capability of users with only Some of the other changes you've contributed mostly without comment, I'm wondering why they are needed. Again don't let any critical feedback deter you. I appreciate the effort you've put in and thanks for sharing! I'll come back to this and see if I can suggest changes that might make it less confusing, say for example adding some documentation about the BUILD_ARG. We could have used that strategy for multiarch support, which is another feature that has been explored but hasn't been merged, mostly because it makes things more complicated. I'm not sure I'm ready to say "let's not use a BUILD_ARG", but it maybe needs some more thought put into it. |
|
I found another project using build ARGs and I think I'm making this out to be harder than it needs https://github.com/ms-ati/docker-rvm In the example I link above, the arg is specified like: ARG RVM_RUBY_VERSIONS="2.3.7 2.5.1 ruby-head"
FROM msati/docker-rvmWould you consider adjusting your PR so that it specifies the default version in the Dockerfile, like docker-rvm does here, in their README? Then you could also revert your change to the I don't know about polymorphic tasks in Make, maybe there's a way you can still infer this from an environment variable. I just want to preserve the capability to build on Windows, with nothing but a Docker engine. The operator should not need to run "make build" or discover a build_arg to get the default behavior. (And changing the default in this case would definitely be a Major Version bump) edit: I am not sure I've correctly understood the purpose of the ARG keyword here... sorry |
|
Sure, I can define a default image in the Dockerfile. The reason I went with the Makefile approach was the same reason you've mentioned, to not have it duplicated. - Admittedly I missed the use case of just running pure docker. Wrt. the |
| @@ -9,7 +9,7 @@ rm -rf /tmp/* /var/tmp/* | |||
| rm -rf /var/lib/apt/lists/* | |||
|
|
|||
| # clean up python bytecode | |||
| find / -name *.pyc -delete | |||
There was a problem hiding this comment.
I remember getting plenty of "permission denied" errors here as find was trying to traverse into /proc and /sysfolders.
| if test "$$ID" = ""; then echo "Container is not running."; exit 1; fi && \ | ||
| IP=$$(docker inspect $$ID | grep IPAddr | sed 's/.*: "//; s/".*//') && \ |
There was a problem hiding this comment.
Probably docker version dependent, but the sed substitution wasn't giving the expected output, so I've found out how the do the same with docker itself.
| @@ -29,14 +27,14 @@ fi | |||
| trap cleanup EXIT | |||
|
|
|||
| echo " --> Enabling SSH in the container" | |||
| docker exec -t -i $ID /etc/my_init.d/00_regen_ssh_host_keys.sh -f | |||
There was a problem hiding this comment.
Neither of these commands need input, so in that sense they don't need to be interactive nor should they expect their input to be a terminal. I wouldn't bother, but I was getting an error on this lines, suggesting to remove at least one of -i or '-t'. I've googled around and found a pretty good explanation: https://stackoverflow.com/a/54254380 and realised both could be removed.
| sleep 1 # Give container some more time to start up. | ||
| ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /tmp/insecure_key -p $SSHPORT [email protected] \ |
There was a problem hiding this comment.
I could not connect using localhost, only with the containers' IP. I wanted to remove duplication between these lines and the ssh target in Makefile. Apparently, I've "reverted" someone's contribution though: 2f0e1ad#diff-2c0426df66e885ae0431057d1c516e62
There was a problem hiding this comment.
I'm actually more interested in line 38 and 39, what effect will result when insecure_key isn't copied into the container, or if it will have any effect on the tests.
It looks like there is a new error raised during the make test:
Warning: Permanently added '[127.0.0.1]:32768' (ECDSA) to the list of known hosts.
mesg: ttyname failed: Inappropriate ioctl for device
This is the only strange thing I found that looks wrong. I wonder if it's related to removing -t -i setting.
|
I've added comments to this PR for the changes not related to the |
…-build-arg to build target if BASE_IMAGE is defined, document the use of BASE_IMAGE in README
…container via SSH, fix SSH connection by IP issue on Mac-OS
|
Thank you for the updates! I have some other stuff to do first this weekend, then I intend to swing back around and test this. It seems like a big enough change to warrant multiple reviews. I appreciate you marking up the changes that I didn't understand with explanations. If the default behavior of the build hasn't changed now that Ubuntu is specified as the default arg for BASE_IMAGE, then I think this can be merged, if another contributor agrees. Thanks for adding documentation about BASE_IMAGE and NAME as well! |
There was a problem hiding this comment.
It's a little disturbing that when I start the build using:
$ make build BASE_IMAGE=debian:stretch NAME=kingdonb/stretch
I'm greeted with
docker build -t kingdonb/stretch:0.11 --build-arg BASE_IMAGE=debian:stretch --rm image
Sending build context to Docker daemon 64.51kB
Step 1/7 : ARG BASE_IMAGE=ubuntu:18.04
Step 2/7 : FROM $BASE_IMAGE
stretch: Pulling from library/debian
e79bb959ec00: Pull complete
Digest: sha256:724b0fbbda7fda6372ffed586670573c59e07a48c86d606bab05db118abe0ef5
Status: Downloaded newer image for debian:stretch
---> 2d337f242f07
...which appears to indicate the BASE_IMAGE that will be used is from ARG BASE_IMAGE=ubuntu:18.04, but reading more carefully I can see the right thing is happening.
This looks good to me, there's only one part I'm not sure about and you called it out below, I'll comment there.
|
Sorry for the update after your approval, I just wanted to have a fix for that The issue was that apparently the default remote command of ssh produces this warning. The default remote command was executed due to the |
|
Thank you for the attention to my comments @matyasmarkovics, I think this looks good. Still needs to be rebased now before it can merge. Maybe if you do that, then we can call someone who can override the CI failure, since it's unfortunately not in my power to merge stuff when CI is failing... |
|
I've just checked no rebase is needed as the master branches are up-to-date. The CI fails at the time of waiting for credentials to docker-hub. |
|
It looks like I have had my privilege escalated, I can merge it now! Is there anything else you think this needs before it goes into master branch? |
|
Hey @kingdonb thanks for taking the time reviewing these changes. It's good to go from my end. |
|
I am mistaken, I don't have the ability to override the failing build and merge this on my own (failed build which appears to be simply due to outdated docker hub credentials.) @Theaxiom Do you have time to review this and approve/merge? |
|
I'm going to work on this for a while at yebyen/baseimage-docker and try building it against debian:sid, and using it. If you're interested to submit more PRs against it before we merge this in, I'd suggest posting them against This might be something we want to spend some more time reviewing before it merges anyway. |
|
@kingdonb would you mind ensuring docs are up to date with these changes? |
|
I will review everything 👍 |
|
Thank you @kingdonb |
My objective was to be able to build based off of
debian:stretch. Given the similarities of this was just a matter of introducing abuild-argto the Dockerfile.I've fixed some minor issues as well, while I trying to run tests.
I hope you'll find these improvements helpful.