Merge ~ubuntu-docker-images/ubuntu-docker-images/+git/bind9:9.18-23.10 into ~ubuntu-docker-images/ubuntu-docker-images/+git/bind9:9.18-23.04

Proposed by Athos Ribeiro
Status: Merged
Merge reported by: Athos Ribeiro
Merged at revision: 080b1f4c9db904777ad12bfb2a854b89b7d70dcc
Proposed branch: ~ubuntu-docker-images/ubuntu-docker-images/+git/bind9:9.18-23.10
Merge into: ~ubuntu-docker-images/ubuntu-docker-images/+git/bind9:9.18-23.04
Diff against target: 9 lines (+1/-1)
1 file modified
Dockerfile (+1/-1)
Reviewer Review Type Date Requested Status
Sergio Durigan Junior Approve
Bryce Harrington Pending
Canonical Server Reporter Pending
Review via email: mp+454396@code.launchpad.net

Description of the change

Create mantic OCI image.

This is targets the 23.04 branch for review purposes only.

This was tested locally and passes all of our tests at https://github.com/canonical/server-test-scripts/tree/main/oci-unit-tests

To post a comment you must log in.
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :
Download full text (4.0 KiB)

Thanks, Athos.

The image built fine, but I'm seeing permission problems with this one as well:

Starting named...
exec /usr/sbin/named -u "bind" "-g" ""
24-Oct-2023 18:17:06.481 starting BIND 9.18.18-0ubuntu2-Ubuntu (Extended Support Version) <id:>
24-Oct-2023 18:17:06.481 running on Linux x86_64 5.15.0-78-generic #85-Ubuntu SMP Fri Jul 7 15:25:09 UTC 2023
24-Oct-2023 18:17:06.481 built with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--disable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=yes' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/bind9-UHPUkp/bind9-9.18.18=. -flto=auto -ffat-lto-objects -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -fdebug-prefix-map=/build/bind9-UHPUkp/bind9-9.18.18=/usr/src/bind9-1:9.18.18-0ubuntu2 -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
24-Oct-2023 18:17:06.481 running as: named -u bind -g
24-Oct-2023 18:17:06.481 compiled by GCC 13.2.0
24-Oct-2023 18:17:06.481 compiled with OpenSSL version: OpenSSL 3.0.10 1 Aug 2023
24-Oct-2023 18:17:06.481 linked to OpenSSL version: OpenSSL 3.0.10 1 Aug 2023
24-Oct-2023 18:17:06.481 compiled with libuv version: 1.44.2
24-Oct-2023 18:17:06.481 linked to libuv version: 1.44.2
24-Oct-2023 18:17:06.481 compiled with libxml2 version: 2.9.14
24-Oct-2023 18:17:06.481 linked to libxml2 version: 20914
24-Oct-2023 18:17:06.481 compiled with json-c version: 0.17
24-Oct-2023 18:17:06.481 linked to json-c version: 0.17
24-Oct-2023 18:17:06.481 compiled with zlib version: 1.2.13
24-Oct-2023 18:17:06.481 linked to zlib version: 1.2.13
24-Oct-2023 18:17:06.481 ----------------------------------------------------
24-Oct-2023 18:17:06.481 BIND 9 is maintained by Internet Systems Consortium,
24-Oct-2023 18:17:06.481 Inc. (ISC), a non-profit 501(c)(3) public-benefit
24-Oct-2023 18:17:06.481 corporation. Support and training for BIND 9 are
24-Oct-2023 18:17:06.481 available at https://www.isc.org/support
24-Oct-2023 18:17:06.481 ----------------------------------------------------
24-Oct-2023 18:17:06.481 found 16 CPUs, using 16 worker threads
24-Oct-2023 18:17:06.481 using 16 UDP listeners per interface
24-Oct-2023 18:17:06.485 DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
24-Oct-2023 18:17:06.485 DS a...

Read more...

review: Needs Information
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

I'm talking to Athos about this and it seems like it's a problem caused by ZFS (which is what backs my docker volumes). I ran the test on another machine and everything passes, so I'm approving the MP.

review: Approve
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Same comment from the squid MP applies here:

Now I'm not so sure this is only a problem with my system.

If I build the Lunar image locally, I can use it normally and tests pass.

If I build the Mantic image locally (from this MP), I see the error I mentioned above.

I also tried building the images and running the tests on diglett, which doesn't use ZFS on the root partition. There, I see everything succeed (including the Mantic image).

So there's really some strange interaction going on between docker, ZFS and the Mantic image, but I haven't had the time to dig more into this problem. Either way, I believe it's worth spending a bit more time investigating things just to make sure that we're not shipping broken images out there.

Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote :

Thanks, Sergio!

I will go ahead and request the builds for this image as well. We can keep investigating this further to fully understand the issue.

For the records, we have only seen it manifest when mounting ZFS volumes (and only for the mantic images).

I will try to come up with a minimal reproducer.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Athos built and tagged the images on Launchpad, and then pushed them to Dockerhub. These images *do* work locally for me, which means that the problem likely happens when they're built *and* used on a system that uses ZFS.

This makes me less concerned about the issue, because even if our users are deploying those images on top of ZFS, they will still work.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/Dockerfile b/Dockerfile
2index 5efae54..2cb8a0b 100644
3--- a/Dockerfile
4+++ b/Dockerfile
5@@ -1,4 +1,4 @@
6-FROM ubuntu:lunar
7+FROM ubuntu:mantic
8
9 ENV TZ UTC
10

Subscribers

People subscribed via source and target branches