Update to 20.10.6 #25

tianon · 2021-02-03T01:36:17Z

This is an alternative/upgrade to #13 to see how bad the damage is. 😩 🙊

tianon · 2021-02-03T19:59:47Z

This error message is hilarious to read, knowing it's being read from journald:

2021-02-03T19:43:22Z docker.dockerd[12199]: time="2021-02-03T19:43:22.960766724Z" level=error msg="Handler for POST /v1.41/containers/943cf392d62f2c5ebcfd32909488f9265fd2a60bbbe9268e64bfce5add4af822/start returned error: failed to initialize logging driver: journald is not enabled on this host"

It comes from https://github.com/moby/moby/blob/v20.10.3/daemon/logger/journald/journald.go#L60, but the only substantive change to that file was updating from github.com/coreos/go-systemd/journal to github.com/coreos/go-systemd/v22/journal; looking at the diff in coreos/go-systemd@39ca1b0...2d78030#diff-724313773be2f14993c9b6e81803e33eb071b561d075f59bee32a5b2a09fa8f7, it seems the only real functional change there is net.Dial converted to net.ListenUnixgram. 😕

Edit: more specifically, that'd be coreos/go-systemd@728309f

tianon · 2021-02-03T20:37:04Z

Ooof, apparmor="DENIED" operation="ptrace" profile="snap.docker.dockerd" pid=12948 comm="ps" requested_mask="trace" denied_mask="trace" over and over and over and over (many, many times per second), but after filtering out all that noise, this looks relevant:

2021-02-03T20:18:38.0225521Z Feb 03 20:18:34 fv-az175-209 audit[12896]: AVC apparmor="DENIED" operation="bind" profile="snap.docker.dockerd" pid=12896 comm="exe" family="unix" sock_type="dgram" protocol=0 requested_mask="bind" denied_mask="bind" addr=none
2021-02-03T20:18:38.0227497Z Feb 03 20:18:34 fv-az175-209 kernel: audit: type=1400 audit(1612383514.377:425): apparmor="DENIED" operation="bind" profile="snap.docker.dockerd" pid=12896 comm="exe" family="unix" sock_type="dgram" protocol=0 requested_mask="bind" denied_mask="bind" addr=none
2021-02-03T20:18:38.0229429Z Feb 03 20:18:34 fv-az175-209 audit[12903]: AVC apparmor="DENIED" operation="bind" profile="snap.docker.dockerd" pid=12903 comm="exe" family="unix" sock_type="dgram" protocol=0 requested_mask="bind" denied_mask="bind" addr=none
2021-02-03T20:18:38.0231357Z Feb 03 20:18:34 fv-az175-209 kernel: audit: type=1400 audit(1612383514.645:426): apparmor="DENIED" operation="bind" profile="snap.docker.dockerd" pid=12903 comm="exe" family="unix" sock_type="dgram" protocol=0 requested_mask="bind" denied_mask="bind" addr=none
2021-02-03T20:18:38.0233250Z Feb 03 20:18:34 fv-az175-209 audit[12910]: AVC apparmor="DENIED" operation="bind" profile="snap.docker.dockerd" pid=12910 comm="exe" family="unix" sock_type="dgram" protocol=0 requested_mask="bind" denied_mask="bind" addr=none
2021-02-03T20:18:38.0235199Z Feb 03 20:18:34 fv-az175-209 kernel: audit: type=1400 audit(1612383514.829:427): apparmor="DENIED" operation="bind" profile="snap.docker.dockerd" pid=12910 comm="exe" family="unix" sock_type="dgram" protocol=0 requested_mask="bind" denied_mask="bind" addr=none

I bet I need to connect the interface before I try to use the journald logger, and possibly even restart the Docker daemon, but it is strange that it can't even detect whether or not journald is enabled anymore. 😞

Looks like coreos/go-systemd#331 is likely related and/or discussion of this very issue.

anonymouse64 · 2021-02-10T20:40:26Z

Regarding the go-systemd issue, I have filed another update to docker-support, just adding the same rule that we already provide to kubernetes-support for the same reason: canonical/snapd#9924, I hope to get that one into 2.50

tianon · 2021-04-27T19:09:49Z

Ugh, moby/buildkit#1533 breaks Git via BuildKit again...

(specifically https://github.com/moby/buildkit/pull/1533/files#diff-9a3248027714dcbcf2647fa27b75ec4dd3d9639ae80c40bfd6a68abd7805bd4eR494-R498 clears git's environment and didn't previously, so we'll have to change how we make sure git gets our GIT_* variables now)

tianon · 2021-04-27T23:12:43Z

(Now that I've got #27 working, I've rebased this on that to see if that helps here.)

tianon · 2021-04-27T23:28:00Z

Ugh, we get bit by the same change because we lose Snappy's LD_LIBRARY_PATH.

tianon · 2021-04-28T17:23:00Z

(Was hoping I could solve this without a patch, but as seen by the recent force push history here, no dice hahaha)

.github/workflows/smoke-test.yml

tianon · 2021-05-13T22:17:21Z

Looks like we might finally be good??

anonymouse64 · 2021-05-17T19:00:40Z

2.50 is now in stable BTW

anonymouse64

lgtm

anonymouse64 · 2021-05-17T19:01:16Z

dockerd-patches/snappy-buildkit-git-environ.patch

+index 3d1bfe21f4..197c339c78 100644
+--- a/vendor/github.com/moby/buildkit/source/git/gitsource.go
+++ b/vendor/github.com/moby/buildkit/source/git/gitsource.go
+@@ -598,12 +598,11 @@ func git(ctx context.Context, dir, sshAuthSock, knownHosts string, args ...strin


nice catch here

tianon · 2021-05-17T19:38:54Z

Appreciate the review! ❤️

tianon force-pushed the 20.10 branch 8 times, most recently from d6cdf41 to 5e3f8d7 Compare February 3, 2021 17:27

tianon force-pushed the 20.10 branch from 5e3f8d7 to 51c90b0 Compare February 3, 2021 20:08

tianon force-pushed the 20.10 branch 4 times, most recently from d057064 to 634b051 Compare February 3, 2021 22:20

tianon force-pushed the 20.10 branch 2 times, most recently from 8a5930d to 3f78e75 Compare April 27, 2021 00:49

tianon changed the title ~~Update to 20.10.3~~ Update to 20.10.6 Apr 27, 2021

tianon force-pushed the 20.10 branch 4 times, most recently from a8010d2 to 38606a8 Compare April 27, 2021 18:06

tianon force-pushed the 20.10 branch 6 times, most recently from e22e401 to 3a0a072 Compare April 27, 2021 23:12

tianon force-pushed the 20.10 branch from 3a0a072 to c258db7 Compare April 28, 2021 17:01

tianon marked this pull request as ready for review April 28, 2021 17:22

tianon commented Apr 28, 2021

View reviewed changes

.github/workflows/smoke-test.yml Outdated Show resolved Hide resolved

Update to 20.10.6

d8da0ca

tianon force-pushed the 20.10 branch from c258db7 to d8da0ca Compare May 13, 2021 21:58

anonymouse64 approved these changes May 17, 2021

View reviewed changes

tianon merged commit 922bf39 into canonical:main May 17, 2021

tianon deleted the 20.10 branch May 17, 2021 19:38

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update to 20.10.6 #25

Update to 20.10.6 #25

tianon commented Feb 3, 2021

tianon commented Feb 3, 2021 •

edited

Loading

tianon commented Feb 3, 2021

anonymouse64 commented Feb 10, 2021

tianon commented Apr 27, 2021

tianon commented Apr 27, 2021

tianon commented Apr 27, 2021

tianon commented Apr 28, 2021

tianon commented May 13, 2021

anonymouse64 commented May 17, 2021

anonymouse64 left a comment

anonymouse64 May 17, 2021

tianon commented May 17, 2021

Update to 20.10.6 #25

Update to 20.10.6 #25

Conversation

tianon commented Feb 3, 2021

tianon commented Feb 3, 2021 • edited Loading

tianon commented Feb 3, 2021

anonymouse64 commented Feb 10, 2021

tianon commented Apr 27, 2021

tianon commented Apr 27, 2021

tianon commented Apr 27, 2021

tianon commented Apr 28, 2021

tianon commented May 13, 2021

anonymouse64 commented May 17, 2021

anonymouse64 left a comment

Choose a reason for hiding this comment

anonymouse64 May 17, 2021

Choose a reason for hiding this comment

tianon commented May 17, 2021

tianon commented Feb 3, 2021 •

edited

Loading