Search code examples
dnscentosdockerlinux-containers

Dockerfile: Docker build can't download packages: centos->yum, debian/ubuntu->apt-get behind intranet

PROBLEM: Any build, with a Dockerfile depending on centos, ubuntu or debian fails to build.

ENVIRONMENT: I have a Mac OS X, running VMWare with a guest Ubuntu 14.04, running Docker:

mdesales@ubuntu ~ $ sudo docker version
Client version: 1.1.2
Client API version: 1.13
Go version (client): go1.2.1
Git commit (client): d84a070
Server version: 1.1.2
Server API version: 1.13
Go version (server): go1.2.1
Git commit (server): d84a070

BEHAVIOR: Using "docker build" fails to download packages. Here's an example of such Dockerfile: https://github.com/Krijger/docker-cookbooks/blob/master/jdk8-oracle/Dockerfile, https://github.com/ottenhoff/centos-java/blob/master/Dockerfile

I know that we can run a container with --dns, but this is during the build time.

  • CENTOS

    FROM centos RUN yum install a b c

  • UBUNTU

    FROM ubuntu RUN apt-get install a b c

Users have reported that it might be problems with DNS configuration, others and the configuration has the Google's DNS servers commented out.

Step 2 : RUN yum install -y curl; yum upgrade -y; yum update -y;  yum clean all
 ---> Running in 5f11b65c87b8
Loaded plugins: fastestmirror
Couldn't resolve host 'mirrorlist.centos.org

Still the problem persisted... So, most users on #docker@Freenode mentioned that it might be a problem with the DNS configuration... So here's my Ubuntu:

$ sudo cat /etc/resolv.conf 
nameserver 127.0.1.1
search localdomain

I tried changing that, same problem...

Solution

  • PROBLEM

    Talking to some developers at #docker@freenode, the problem was clear to everyone: DNS and the environment. The build works just fine at a regular Internet connection at home.

    SOLUTION:

    This problem occurs in an environment that has a private DNS server, or the network blocks the Google's DNS servers. Even if the docker container can ping 8.8.8.8, the build still needs to have access to the same private DNS server behind your firewall or Data Center.

    Start the Docker daemon with the --dns switch to point to your private DNS server, just like your host OS is configured. That was found by trial and error.

    Details

    My MAC OS X, host OS, had a different DNS configured on my /etc/resolv.conf:

    mdesales@Marcello-Work ~ (mac) $ cat /etc/resolv.conf
search corp.my-private-company.net
nameserver 172.18.20.13
nameserver 172.20.100.29

    My host might be dropping the packets to the Google's IP address 8.8.8.8 while building... I just took those 2 IP addresses and placed under the Ubuntu's docker daemon configuration:

    mdesales@ubuntu ~ $ cat /etc/default/docker
...
...
# Use DOCKER_OPTS to modify the daemon startup options.
DOCKER_OPTS="--dns 172.18.20.13 --dns 172.20.100.29 --dns 8.8.8.8"
...

    The build now works as expected!

    $ sudo ./build.sh 
Sending build context to Docker daemon 7.168 kB
Sending build context to Docker daemon 
Step 0 : FROM centos
 ---> b157b77b1a65
Step 1 : MAINTAINER Marcello_deSales@intuit.com
 ---> Running in 49bc6e233e4c
 ---> 2a380810ffda
Removing intermediate container 49bc6e233e4c
Step 2 : RUN yum install -y curl; yum upgrade -y; yum update -y;  yum clean all
 ---> Running in 5f11b65c87b8
Loaded plugins: fastestmirror
Determining fastest mirrors
 * base: mirror.supremebytes.com
 * extras: centos.mirror.ndchost.com
 * updates: mirrors.tummy.com
Resolving Dependencies
--> Running transaction check
---> Package systemd.x86_64 0:208-11.el7 will be updated
---> Package systemd.x86_64 0:208-11.el7_0.2 will be an update
---> Package systemd-libs.x86_64 0:208-11.el7 will be updated
---> Package systemd-libs.x86_64 0:208-11.el7_0.2 will be an update
--> Finished Dependency Resolution

    Thanks to @BrianF and others who helped in the IRC channel!

    Permanent VM Solution - UPDATE JULY 2, 2015

    We now have GitHub Enterprise and CoreOS Enterprise Docker Registry in the mix... So, it was important for me to add the corporate DNS servers from the HOST machine in order to get the VM also to work.

    Replacing the /etc/resolv.conf from the guest OS with the Host's /etc/resolv.conf also resolved the problem! Docker 1.7.0. I just created a new VM using Ubuntu 15.04 on VMWare Fusion and I had this problem again...

    /etc/resolv.conf BEFORE

    ~/dev/github/public/stackedit on ⭠ master ⌚ 20:31:02
$ cat /etc/resolv.conf 
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.1.1
search localdomain

    /etc/resolv.conf AFTER*

    ~/dev/github/public/stackedit on ⭠ master ⌚ 20:56:09
$ cat /etc/resolv.conf 
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
search corp.mycompany.net
nameserver 10.180.194.35
nameserver 10.180.194.36
nameserver 192.168.1.1