sentry-cli: sentry-cli >= 2.21.3 does not work with rootless docker
Environment
sentry-cli >= 2.21.3 + rootless docker
Steps to Reproduce
- Install Docker in rootless mode
- Pull some image (eg:
python:3.12) and start new container (docker run --rm -it python:3.12 bash) - Install sentry-cli >= 2.21.3 (
curl -sL https://sentry.io/get-cli/ | SENTRY_CLI_VERSION=2.21.3 bash) - Run
sentry-cli info
Expected Result
No error
Actual Result
(failure on authentication: API request failed)
Logs
$ docker version
Client:
Version: 25.0.2
API version: 1.44
Go version: go1.21.6
Git commit: 29cf629
Built: Thu Feb 1 00:22:06 2024
OS/Arch: linux/amd64
Context: rootless
$ docker pull python:3.12
$ docker run --rm -it python:3.12 bash
# curl -sL https://sentry.io/get-cli/ | SENTRY_CLI_VERSION=2.21.3 bash
(snipped)
Installed sentry-cli 2.21.3
Done!
# sentry-cli --version
sentry-cli 2.21.3
# SENTRY_LOG_LEVEL=debug sentry-cli info
DEBUG 2024-02-06 --:--:-- sentry-cli version: 2.21.3, platform: "linux", architecture: "x86_64"
INFO 2024-02-06 --:--:-- sentry-cli was invoked with the following command line: "sentry-cli" "info"
DEBUG 2024-02-06 --:--:-- request GET https://sentry.io/api/0/
DEBUG 2024-02-06 --:--:-- retry number 0, max retries: 0
Sentry Server: https://sentry.io
Default Organization: -
Default Project: -
Authentication Info:
Method: Unauthorized
(failure on authentication: API request failed)
INFO 2024-02-06 --:--:-- Running update nagger update check
DEBUG 2024-02-06 --:--:-- request GET https://release-registry.services.sentry.io/apps/sentry-cli/latest
DEBUG 2024-02-06 --:--:-- retry number 0, max retries: 0
- Related with: #1843
While updating our nuxt web app’s sentry module(@nuxtjs/sentry), we’ve also updated @sentry/webpack-plugin from 1.x.x to 2.x.x.
After this change, we started to see our CI/CD pipeline failing to publish releases and sourcemaps. The only error message we could see was error: API request failed caused by: [6] Couldn't resolve host name (Could not resolve host: sentry.io).
Few hours of tests and bisection narrowed down to combination of rootless docker (used in our Actions runner) and sentry-cli >= 2.21.3. Standard docker installation works just fine, and older version of sentry-cli also has no problem – which is the fix we chose.
We tested multiple configurations of OS and architectures, which all had same result:
- Ubuntu 22.04 on AWS EC2 t3 (x86_64)
- Ubuntu 22.04 on AWS EC2 t4g (arm64)
- Amazon Linux 2023 on AWS EC2 t3 (x86_64)
- Ubuntu 22.04 on local VM (x86_64)
- (plus Docker 23.x, 24.x, 25.x)
I think some low level change made between 2.21.2 and 2.21.3 affected how DNS resolution works and created some kind of incompatibility.
It could be an issue of docker, it could be both, I don’t know at this point. I hope this information is helpful.
About this issue
- Original URL
- State: open
- Created 5 months ago
- Comments: 16 (8 by maintainers)
I switched upstream images and the problem seems to have gone away. In summary:
Using
FROM balenalib/raspberrypi4-64-node:18-bookworm-run, I’d get intermittentCould not resolve host: sentry.io.I haven’t seen it since switching to
FROM node:20-bookworm-slim.I had never seen network problems with other services, and I never saw it when running the docker build locally. So I think there’s something particular about the combination of 1) upstream image, 2) the hosted docker environment, and 3) sentry-cli’s network access.
Since it seems to be resolved for us, I’m going to let this go. If you have a similar problem, try experimenting with your upstream image/layers.
Thanks @Snack-X for debugging and linking to issue https://github.com/getsentry/sentry-cli/issues/1843, I can confirm my issue is the same 😃 The error message for me is thrown in a Gitlab pipeline, using the docker:dind-rootless image to build my docker image. I have pinned my sentry-cli version to
2.21.2currently.