我们在Dockerfiles 中使用了 buildkit 的一些实验性功能,最值得注意的是缓存挂载。今天,所有构建都停止工作,并显示以下消息:
requested experimental feature exec.meta.security is not supported by build server, please update
以下是的相关输出journalctl -u docker:
Apr 27 12:50:42 laptop systemd[1]: Started Docker Application Container Engine.
Apr 27 13:05:07 laptop dockerd[17029]: time="2019-04-27T13:05:07.302466366+02:00" level=info msg="parsed scheme: \"\"" module=grpc
Apr 27 13:05:07 laptop dockerd[17029]: time="2019-04-27T13:05:07.302489224+02:00" level=info msg="scheme \"\" not registered, fallback to default scheme" module=grpc
Apr 27 13:05:07 laptop dockerd[17029]: time="2019-04-27T13:05:07.302545282+02:00" level=info msg="ccResolverWrapper: sending new addresses to cc: [{ 0 <nil>}]" module=grpc
Apr 27 13:05:07 laptop dockerd[17029]: time="2019-04-27T13:05:07.302556961+02:00" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
Apr 27 13:05:07 laptop dockerd[17029]: time="2019-04-27T13:05:07.302595944+02:00" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc420d068e0, CONNECTING" module=grpc
Apr 27 13:05:07 laptop dockerd[17029]: time="2019-04-27T13:05:07.302697663+02:00" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc420d068e0, READY" module=grpc
Apr 27 13:05:08 laptop dockerd[17029]: time="2019-04-27T13:05:08.096360518+02:00" level=info msg="No non-localhost DNS nameservers are left in resolv.conf. Using default external servers: [nameserv
Apr 27 13:05:08 laptop dockerd[17029]: time="2019-04-27T13:05:08.096425639+02:00" level=info msg="IPv6 enabled; Adding default IPv6 external servers: [nameserver 2001:4860:4860::8888 nameserver 200
Apr 27 13:05:09 laptop dockerd[17029]: time="2019-04-27T13:05:09.164531606+02:00" level=info msg="ignoring event" module=libcontainerd namespace=moby topic=/tasks/delete type="*events.TaskDelete"
Apr 27 13:05:10 laptop dockerd[17029]: time="2019-04-27T13:05:10.134327397+02:00" level=info msg="Layer sha256:c5436d94671d3b039ae327cbd70bcc7247156b1db1a94c6b5c96d20eb5306fe0 cleaned up"
Apr 27 13:05:10 laptop dockerd[17029]: time="2019-04-27T13:05:10.264799407+02:00" level=warning msg="grpc: addrConn.createTransport failed to connect to { 0 <nil>}. Err :connection error: desc = \
Apr 27 13:05:10 laptop dockerd[17029]: time="2019-04-27T13:05:10.264831645+02:00" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc420d068e0, TRANSIENT_FAILURE" module=grpc
Apr 27 13:05:10 laptop dockerd[17029]: time="2019-04-27T13:05:10.264898501+02:00" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc420d068e0, CONNECTING" module=grpc
Apr 27 13:05:10 laptop dockerd[17029]: time="2019-04-27T13:05:10.264926781+02:00" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc420d068e0, TRANSIENT_FAILURE" module=grpc
Apr 27 13:05:10 laptop dockerd[17029]: time="2019-04-27T13:05:10.302876165+02:00" level=warning msg="grpc: addrConn.transportMonitor exits due to: context canceled" module=grpc
Apr 27 13:06:00 laptop dockerd[17029]: time="2019-04-27T13:06:00.415336758+02:00" level=info msg="parsed scheme: \"\"" module=grpc
Apr 27 13:06:00 laptop dockerd[17029]: time="2019-04-27T13:06:00.415358861+02:00" level=info msg="scheme \"\" not registered, fallback to default scheme" module=grpc
Apr 27 13:06:00 laptop dockerd[17029]: time="2019-04-27T13:06:00.415401731+02:00" level=info msg="ccResolverWrapper: sending new addresses to cc: [{ 0 <nil>}]" module=grpc
Apr 27 13:06:00 laptop dockerd[17029]: time="2019-04-27T13:06:00.415420573+02:00" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
Apr 27 13:06:00 laptop dockerd[17029]: time="2019-04-27T13:06:00.415455123+02:00" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc42075b950, CONNECTING" module=grpc
Apr 27 13:06:00 laptop dockerd[17029]: time="2019-04-27T13:06:00.415512072+02:00" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc42075b950, READY" module=grpc
Apr 27 13:06:03 laptop dockerd[17029]: time="2019-04-27T13:06:03.557274713+02:00" level=info msg="No non-localhost DNS nameservers are left in resolv.conf. Using default external servers: [nameserv
Apr 27 13:06:03 laptop dockerd[17029]: time="2019-04-27T13:06:03.557342307+02:00" level=info msg="IPv6 enabled; Adding default IPv6 external servers: [nameserver 2001:4860:4860::8888 nameserver 200
Apr 27 13:06:05 laptop dockerd[17029]: time="2019-04-27T11:06:05Z" level=error msg="fatal error: requested experimental feature exec.meta.security is not supported by build server, please update \
Apr 27 13:06:05 laptop dockerd[17029]: panic: requested experimental feature exec.meta.security is not supported by build server, please update
Apr 27 13:06:05 laptop dockerd[17029]: goroutine 1 [running]:
Apr 27 13:06:05 laptop dockerd[17029]: main.main()
Apr 27 13:06:05 laptop dockerd[17029]: /src/frontend/dockerfile/cmd/dockerfile-frontend/main.go:26 +0x34f
Apr 27 13:06:05 laptop dockerd[17029]: time="2019-04-27T13:06:05.835385263+02:00" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc42075b950, TRANSIENT_FAILURE" module=grpc
Apr 27 13:06:05 laptop dockerd[17029]: time="2019-04-27T13:06:05.835517263+02:00" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc42075b950, CONNECTING" module=grpc
Apr 27 13:06:05 laptop dockerd[17029]: time="2019-04-27T13:06:05.835541307+02:00" level=warning msg="grpc: addrConn.createTransport failed to connect to { 0 <nil>}. Err :connection error: desc = \
Apr 27 13:06:05 laptop dockerd[17029]: time="2019-04-27T13:06:05.835658016+02:00" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc42075b950, TRANSIENT_FAILURE" module=grpc
Apr 27 13:06:06 laptop dockerd[17029]: time="2019-04-27T13:06:06.415833044+02:00" level=warning msg="grpc: addrConn.transportMonitor exits due to: context canceled" module=grpc
除此之外,我在系统日志中没有看到任何有趣的东西,syslog也没有dmesg。
Docker CE 安装使用此程序(来自官方 docker repos)并且是最新的。系统信息:
me@laptop:/tmp/test$ docker --version
Docker version 18.09.5, build e8ff056
me@laptop:/tmp/test$ uname -a
Linux laptop 4.4.0-146-generic #172-Ubuntu SMP Wed Apr 3 09:00:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
除例行系统升级外,近期没有发生任何系统变化。可能据我回忆,昨天已经进行了内核升级。
我尝试过的事情:
- 将docker升级和降级到多个版本;
- 构建一个简单的
Dockerfile(DOCKER_BUILDKIT=1 docker build .给出上述错误):
# syntax=docker/dockerfile:experimental
FROM ubuntu:16.04
RUN \
--mount=type=cache,target=/data \
echo hello
- 从中删除该
--mount行Dockerfile并构建DOCKER_BUILDKIT=1 docker build .(出现上述错误); - 构建(显然没有
--mount),使用docker build .(这有效)。
所以问题只出在 buildkit 上。还有人看到这个问题和/或有建议吗?
答案1
这可能与 docker hub 漏洞有关: https://news.ycombinator.com/item?id=19763413
我也开始遇到这种情况,通过在实验语法行上设置版本来修复:
# syntax=docker/dockerfile:1.0.0-experimental