Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

buildx create fails on rootless docker with ping_group_range: invalid argument: unknown #292

Closed
Frederik-Baetens opened this issue Feb 10, 2021 · 7 comments
Closed

buildx create fails on rootless docker with ping_group_range: invalid argument: unknown #292

Frederik-Baetens opened this issue Feb 10, 2021 · 7 comments
Labels
kind/upstream Changes need to be made on upstream project

Comments

@Frederik-Baetens
Copy link

Frederik-Baetens commented Feb 10, 2021
edited by tonistiigi

Troubleshooting

Before sumbitting a bug report please read the Troubleshooting doc.

Behaviour

Steps to reproduce this issue

  1. Install self hosted actions runner as directed here https://stackoverflow.com/questions/66137419/how-to-enable-non-docker-actions-to-access-docker-created-files-on-my-self-hoste & enable experimental features to enable buildx
  2. Run a github action that sets up buildx, then uses the login action, and then the buildx action
  3. observe the error
buildx call failed write sysctl key net.ipv4.ping_group_range: write /proc/sys/net/ipv4/ping_group_range: invalid argument: unknown

Expected behaviour

It builds correctly

Actual behaviour

I get an error

Configuration

on:
  push:
    branches:
      - '**'
name: UH Schedule CI

defaults:
  run:
    working-directory: 'uh/schedule'

jobs:
  test:
    name: Test
    runs-on: [self-hosted, linux, x64]
    container: node:14-slim
    steps:
      - uses: actions/checkout@v2
      - run: yarn install --frozen-lockfile --non-interactive
      - run: yarn build
        working-directory: sdk
      - run: yarn test
  test_with_redis:
    services:
      redis:
        image: redis:6-alpine
        ports:
          - 6379:6379
    name: Test with Redis
    runs-on: [self-hosted, linux, x64]
    container: node:14-slim
    env:
      REDIS_URL: redis://redis:6379
    steps:
      - uses: actions/checkout@v2
      - run: yarn install --frozen-lockfile --non-interactive
      - run: yarn build
        working-directory: sdk
      - run: yarn test
  lint:
    name: Lint
    runs-on: [self-hosted, linux, x64]
    container: node:14-slim
    steps:
      - uses: actions/checkout@v2
      - run: yarn install --frozen-lockfile --non-interactive
      - run: yarn build
        working-directory: sdk
      - run: yarn lint
  build_push_beta:
    name: Build and Push beta
    runs-on: [self-hosted, linux, x64]
    steps:
      - uses: actions/checkout@v2
      - uses: docker/setup-buildx-action@v1
      - uses: docker/login-action@v1
        with:
          registry: xxx
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      - name: Build and push Docker images
        uses: docker/build-push-action@v2
        with:
          context: .
          tags: xxx/xx:${{ github.sha }}
          push: true
          build-args: |
            workspace=uh/schedule
  build_push_prod:
    name: Build and Push prod
    needs:
      - test
      - test_with_redis
      - lint
    runs-on: [self-hosted, linux, x64]
    if: startsWith(github.ref, 'refs/tags/') && endsWith(github.ref, 'v*' )
    steps:
      - uses: actions/checkout@v2
      - uses: actions/github-script@v3
        with:
          id: tag
          script: |
            return context.payload.ref.replace(/\/refs\/tags\//, '');
          result-encoding: string
      - uses: docker/setup-buildx-action@v1
      - uses: docker/login-action@v1
        with:
          registry: xxx
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      - name: Build and push Docker images
        uses: docker/build-push-action@v2
        with:
          tags: xxx/xx:${{ steps.tag.outputs.result }}
          push: true
          build-args: |
            workspace=uh/schedule

Logs

logs_101.zip
@crazy-max
Copy link
Member

crazy-max commented Feb 10, 2021
edited

@Frederik-Baetens From what I see you're running the Docker daemon as a non-root user (rootless mode). In that case I think you should use the rootless buildkit image:

- uses: docker/setup-buildx-action@v1
  with:
    driver-opts: image=moby/buildkit:buildx-stable-1-rootless

cc @tonistiigi

@Frederik-Baetens
Copy link
Author

Frederik-Baetens commented Feb 10, 2021
edited

That doesn't seem to fix the error.

I have buildx installed & enabled on my runner, and building basic containers with them manually in the cli seems to work, so I don't know where buildx is going wrong in the action.

  build_push_beta:
    name: Build and Push beta
    runs-on: [self-hosted, linux, x64]
    #if: github.ref == 'refs/heads/master'
    steps:
      - uses: actions/checkout@v2
      - uses: docker/setup-buildx-action@v1
        with:
          driver-opts: image=moby/buildkit:buildx-stable-1-rootless
      - uses: docker/login-action@v1
        with:
          registry: xxx
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      - name: Build and push Docker images
        uses: docker/build-push-action@v2
        with:
          context: .
          tags: xxx/xx:${{ github.sha }}
          push: true
          build-args: |
            workspace=uh/schedule

@Frederik-Baetens
Copy link
Author

Frederik-Baetens commented Feb 10, 2021
edited

When I remove the docker/setup-buildx-action It works as expected. Something about the setup-buildx-action is breaking my buildx for the runner.

like so:

  build_push_beta:
    name: Build and Push beta
    runs-on: [self-hosted, linux, x64]
    #if: github.ref == 'refs/heads/master'
    steps:
      - uses: actions/checkout@v2
      - uses: docker/login-action@v1
        with:
          registry: quivr.azurecr.io
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      - name: Build and push Docker images
        uses: docker/build-push-action@v2
        with:
          context: .
          tags: quivr.azurecr.io/cps-uh:${{ github.sha }}
          push: true
          build-args: |
            workspace=uh/schedule

Is there a way to basically make that action not do anything when buildx is already installed? I would like to keep that step in order to maintain full compatibility between my self-hosted runner & github's managed runners.

This was referenced Feb 10, 2021
Closed
Open
@Frederik-Baetens
Copy link
Author

adding driver: docker fixes this.

      - uses: docker/setup-buildx-action@v1
        with:
          driver: docker

@tonistiigi tonistiigi changed the title buildx call failed write sysctl key net.ipv4.ping_group_range: write /proc/sys/net/ipv4/ping_group_range: invalid argument: unknown buildx create fails on rootless docker with ping_group_range: invalid argument: unknown Feb 11, 2021
@crazy-max crazy-max added the kind/upstream Changes need to be made on upstream project label Feb 14, 2021
@mmckane
Copy link

mmckane commented Aug 9, 2021

While adding driver: docker does fix the issue I would prefer retaining the ability to build using the docker-container driver which allows for caching. Has anyone looked at this this issue appears related: docker/buildx#561 is there a way to manipulate the user ns flag with the buildx create command that I am missing?

spotlightishere added a commit to Yuuki-Discord/Yuuki-Bot that referenced this issue Oct 3, 2021
@spotlightishere
Attempt to specify buildx image directly
a93454e 
See docker/build-push-action#292.
@eumoh1601
Copy link

  • uses: docker/setup-buildx-action@v1
    with:
    driver: docker

this fixed the issue for me

@crazy-max
Copy link
Member

docker-container requires a privileged container. So yes docker driver is the right move but features like multi-platform are not available in the docker engine. If you want to be able to build multi-platform images, you can consider switching to containerd snapshotter in your daemon config: https://docs.docker.com/storage/containerd/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/upstream Changes need to be made on upstream project
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@crazy-max @mmckane @Frederik-Baetens @eumoh1601