Docker 随机构建无法解析远程主机

tag-icon tag-icon ubuntu docker
Docker 随机构建无法解析远程主机

我有一个 Dockerfile,我正尝试从中构建容器,但在尝试curl在容器中运行时遇到未解决的主机问题。Dockerfile 如下所示:

FROM apache/airflow:2.2.3

ENV AIRFLOW_HOME=/opt/airflow

USER root
RUN apt-get update -qq
RUN apt-get install vim -qqq

# install some of out required python packages
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

# Install gcloud tool from Ref: https://airflow.apache.org/docs/docker-stack/recipes.html

SHELL ["/bin/bash", "-o", "pipefail", "-e", "-u", "-x", "-c"]

ARG CLOUD_SDK_VERSION=322.0.0
ENV GCLOUD_HOME=/home/google-cloud-sdk

ENV PATH="${GCLOUD_HOME}/bin/:${PATH}"

ENV DOWNLOAD_URL="https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-${CLOUD_SDK_VERSION}-linux-x86_64.tar.gz" 
ENV TMP_DIR="$(mktemp -d)"
RUN curl -fL "${DOWNLOAD_URL}" --output "${TMP_DIR}/google-cloud-sdk.tar.gz" 
RUN mkdir -p "${GCLOUD_HOME}" 
RUN tar xzf "${TMP_DIR}/google-cloud-sdk.tar.gz" -C "${GCLOUD_HOME}" --strip-components=1 
RUN "${GCLOUD_HOME}/install.sh" \
       --bash-completion=false \
       --path-update=false \
       --usage-reporting=false \
       --quiet
RUN rm -rf "${TMP_DIR}"
RUN gcloud --version

WORKDIR $AIRFLOW_HOME

COPY scripts scripts
RUN chmod +x scripts

USER $AIRFLOW_UID

在构建运行期间,我不断收到类似的错误

docker build .
.
.
.
Step 15/24 : RUN curl -fL "${DOWNLOAD_URL}" --output "${TMP_DIR}/google-cloud-sdk.tar.gz"
 ---> Running in 7dd92979e46b
+ curl -fL https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-322.0.0-linux-x86_64.tar.gz --output '$(mktemp -d)/google-cloud-sdk.tar.gz'
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:00:19 --:--:--     0curl: (6) Could not resolve host: dl.google.com
The command '/bin/bash -o pipefail -e -u -x -c curl -fL "${DOWNLOAD_URL}" --output "${TMP_DIR}/google-cloud-sdk.tar.gz"' returned a non-zero code: 6

curl(在我的本地电脑上运行该命令没有问题)。

操作系统是 Ubuntu 18.04.6。请注意,我的 docker 版本是通过以下方式安装的折断(因为通过 Ubuntu 官方文档安装 docker 后遇到了其他问题):

sudo snap install docker

apt-get另请注意,我在运行Dockerfile 中的命令时也遇到了问题,因此必须重新安装 docker(根据 SO 答案这里) 来传递这些指令,我不得不多次这样做(但该过程绝大多数时间在 curl 指令处失败(我不知道是否与命令本身有关,或者只是它稍后被调用,并且有一些时间问题)。很明显这是一个与 docker 有关的网络问题,但我不知道如何调试它。

如果有什么关系的话,我在容器构建过程中看到的一件事是我的桌面显示一条弹出消息,提示“有线网络,已建立连接”,然后稍后会弹出另一个关于我的计算机与我的实际 WiFi 建立连接的弹出消息。

Docker 版本:

➜ docker version
Client:
 Version:           20.10.14
 API version:       1.41
 Go version:        go1.16.15
 Git commit:        a224086349
 Built:             Thu Mar 24 17:14:32 2022
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server:
 Engine:
  Version:          20.10.14
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.16.15
  Git commit:       87a90dc
  Built:            Thu Mar 24 17:15:03 2022
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v1.5.11
  GitCommit:        3df54a852345ae127d1fa3092b95168e4a88e2f8
 runc:
  Version:          1.0.3
  GitCommit:        
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

IPTables 规则:

➜  airflow git:(main) ✗ sudo iptables --list              
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy DROP)
target     prot opt source               destination         
DOCKER-USER  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain DOCKER (1 references)
target     prot opt source               destination         

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination         
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-USER (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere

尝试nslookup通过在 Dockerfile 中添加一行来检查容器上的连接性,例如

RUN apt-get install dnsutils -qqq
RUN nslookup dl.google.com

我在构建过程中收到如下错误:

Step 13/25 : RUN nslookup dl.google.com
 ---> Running in cdc6ae412569
+ nslookup dl.google.com
;; connection timed out; no servers could be reached

The command '/bin/bash -o pipefail -e -u -x -c nslookup dl.google.com' returned a non-zero code: 1

有人知道这里可能发生什么事或我可以添加哪些其他调试信息来补充这个问题吗?

相关内容