buildah: Cannot build images with podman build 1.8.0 in Docker containers

Description

podman build fails with:

error running container: error creating container for [/bin/sh -c sh /root/install_deps.sh]: cannot open sd-bus: No such file or directory

The container is not systemd-as-pid1, so enabling the journal doesn’t work. Passing --events-backend=file also doesn’t avoid the issue.

Full output (including dep resolution for podman itself): https://gitlab.kitware.com/ben.boeckel/cmb-superbuild/-/jobs/4816230

Steps to reproduce the issue:

Use gitlab-ci to run a container (fedora:31 in my case)
Try and use podman build

Describe the results you received:

Failure to connect to sd-bus.

Describe the results you expected:

A built image

Output of podman version if reporting a podman build issue:

Version:            1.8.0
RemoteAPI Version:  1
Go Version:         go1.13.6
OS/Arch:            linux/amd64

Output of cat /etc/*release:

Fedora release 31 (Thirty One)
NAME=Fedora
VERSION="31 (Thirty One)"
ID=fedora
VERSION_ID=31
VERSION_CODENAME=""
PLATFORM_ID="platform:f31"
PRETTY_NAME="Fedora 31 (Thirty One)"
ANSI_COLOR="0;34"
LOGO=fedora-logo-icon
CPE_NAME="cpe:/o:fedoraproject:fedora:31"
HOME_URL="https://fedoraproject.org/"
DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora/f31/system-administrators-guide/"
SUPPORT_URL="https://fedoraproject.org/wiki/Communicating_and_getting_help"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=31
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=31
PRIVACY_POLICY_URL="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
Fedora release 31 (Thirty One)
Fedora release 31 (Thirty One)

Output of uname -a:

Taken from the host of the builder in question.

Linux dovim 5.3.11-100.fc29.x86_64 #1 SMP Tue Nov 12 20:41:25 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

Output of cat /etc/containers/storage.conf:

Fedora default configuration.

About this issue

Original URL
State: closed
Created 4 years ago
Comments: 42 (14 by maintainers)

Links to this issue

Branches · Jairo Llopis / Raspberry Pi Cooler · GitLab

Commits related to this issue

Document needed tweaks for podman-in-docker I'm fulfilling my promise from https://github.com/ansible-community/molecule/issues/2714#issuecomment-643718078 by documenting specific stuff learned from ... — committed to yajo/molecule by yajo 4 years ago
Document needed tweaks for podman-in-docker (#2762) I'm fulfilling my promise from https://github.com/ansible-community/molecule/issues/2714#issuecomment-643718078 by documenting specific stuff learn... — committed to ansible/molecule by yajo 4 years ago

Most upvoted comments

🎉 🚀 Made it work, thanks!

➤ docker container run --rm --privileged -it registry.gitlab.com/yajoman/ci-tools/fedora podman --cgroup-manager cgroupfs --storage-opt overlay.mount_program=/usr/bin/fuse-overlayfs --storage-driver overlay container run --rm -it hello-world
Trying to pull registry.fedoraproject.org/hello-world...
  manifest unknown: manifest unknown
Trying to pull registry.access.redhat.com/hello-world...
  name unknown: Repo not found
Trying to pull registry.centos.org/hello-world...
  manifest unknown: manifest unknown
Trying to pull docker.io/library/hello-world...
Getting image source signatures
Copying blob 0e03bdcc26d7 done  
Copying config bf756fb1ae done  
Writing manifest to image destination
Storing signatures

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

I didn’t even need --device /dev/fuse.

I also modified --storage-opt overlay.mount_program=/usr/bin/fuse-overlayfs

It works on Gitlab CI too: https://gitlab.com/yajoman/rpi_cooler/-/jobs/582567308 ❤️

yajo on Jun 5, 2020

--cgroup-manager=cgroupfs worked for me (no need to mess with sssd settings). Thanks.

mathstuf on Mar 2, 2020

@mathstuf I think this is the same issue a: https://bugzilla.redhat.com/show_bug.cgi?id=1768954

From that, if you can, please try:

Add the --cgroup-manager=cgroupfs option to the podman command
Remove sss from /etc/nsswitch.conf file

@giuseppe any other thoughts?

TomSweeneyRedHat on Feb 20, 2020

@rhatdan can you link to the docs?

paleozogt on Aug 6, 2020

overlayfs->overlay overlayfs driver does not exists.

rhatdan on Jun 4, 2020

Hmm. I’m seeing it work within Docker images on a Fedora 31 host (executed via Docker due to needing the Docker socket for gitlab-runner).

mathstuf on Mar 3, 2020

There’s no 1.8.0 image available (due to this), but if I manually update podman inside the container to 1.8.0, it works!

➜  docker run --rm -it --privileged quay.io/podman/stable:latest
[root@bb2093099153 /]# podman version
Version:            1.6.2
RemoteAPI Version:  1
Go Version:         go1.13.1
OS/Arch:            linux/amd64
[root@bb2093099153 /]# yum update -y podman

...

[root@bb2093099153 /]# podman version
Version:            1.8.0
RemoteAPI Version:  1
Go Version:         go1.13.6
OS/Arch:            linux/amd64

[root@bb2093099153 /]# printf "FROM ubuntu\nRUN cat /etc/*release\n" > Dockerfile
[root@bb2093099153 /]# sed -e 's/sss//g' -i /etc/nsswitch.conf
[root@bb2093099153 /]# podman --cgroup-manager=cgroupfs build -t foo .
ERRO[0000] unable to write system event: "write unixgram @00bf1->/run/systemd/journal/socket: sendmsg: no such file or directory"
STEP 1: FROM ubuntu
Getting image source signatures
Copying blob b6b53be908de done
Copying blob f9a83bce3af0 done
Copying blob de83a2304fa1 done
Copying blob 423ae2b273f4 done
Copying config 72300a873c [======================================] 3.3KiB / 3.3KiB
Writing manifest to image destination
Storing signatures
STEP 2: RUN cat /etc/*release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=18.04
DISTRIB_CODENAME=bionic
DISTRIB_DESCRIPTION="Ubuntu 18.04.4 LTS"
NAME="Ubuntu"
VERSION="18.04.4 LTS (Bionic Beaver)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 18.04.4 LTS"
VERSION_ID="18.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=bionic
UBUNTU_CODENAME=bionic
STEP 3: COMMIT foo
237bb203dc815e0a9bc56209e6e822792829b15f148fb2c2eb6126d10f021cc6
237bb203dc815e0a9bc56209e6e822792829b15f148fb2c2eb6126d10f021cc6

[root@bb2093099153 /]# podman images
REPOSITORY                 TAG      IMAGE ID       CREATED          SIZE
localhost/foo              latest   237bb203dc81   13 seconds ago   66.6 MB
docker.io/library/ubuntu   latest   72300a873c2c   7 days ago       66.6 MB

paleozogt on Feb 28, 2020