我有这个 Dockerfile
FROM alpine/git as clone
WORKDIR /keycloak
RUN git clone https://github.com/maturbet-volta/nexus3-keycloak-plugin.git
WORKDIR /cargo
RUN git clone https://github.com/sonatype-nexus-community/nexus-repository-cargo.git
FROM maven:3.5-jdk-8-alpine as build
WORKDIR /keycloak
COPY --from=clone /keycloak/nexus3-keycloak-plugin /keycloak
RUN mvn -PbuildKar package -Dmaven.test.skip=true
WORKDIR /cargo
COPY --from=clone /cargo/nexus-repository-cargo /cargo
RUN mvn -PbuildKar package
FROM sonatype/nexus3:latest
COPY --from=build /keycloak/target/*.kar /cargo/target/*.kar /opt/sonatype/nexus/deploy/
使用 docker build 或 docker-compose (v1.29.2) build 构建此 Dockerfile 没有任何问题
但是当使用 docker compose 版本 2.16.0 时,它在 mvn package 步骤中失败
library initialization failed - unable to allocate file descriptor table - out of memory
所以我猜这是达到了某种限制,但我不知道如何更改 docker compose build 的 ulimits
那么有人知道如何配置 docker compose v2 吗?
谢谢。
以下是 docker info 和 docker compose version 的输出
$ docker compose version
Docker Compose version v2.16.0
$ docker info
Client:
Context: default
Debug Mode: false
Plugins:
compose: Docker Compose (Docker Inc., v2.16.0)
Server:
Containers: 8
Running: 3
Paused: 0
Stopped: 5
Images: 251
Server Version: 20.10.23
Storage Driver: btrfs
Build Version: Btrfs v6.1.3
Library Version: 102
Logging Driver: journald
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: /usr/libexec/docker/docker-init
containerd version:
runc version:
init version:
Security Options:
seccomp
Profile: default
selinux
cgroupns
Kernel Version: 6.1.18-200.fc37.x86_64
Operating System: Fedora Linux 37 (Workstation Edition)
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 31.06GiB
Name: fedora
ID: JJM4:AEWX:KYZS:3X54:B3GH:3ACD:JK7S:AK4R:CDT2:MT4C:BVHT:CNYK
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Registry Mirrors:
https://registry.e.securiton.int/
Live Restore Enabled: true
答案1
因此,实际上问题在于使用docker compose build,继承的 NOFILE 限制太大(无穷大),这导致旧的 jdk-8 尝试保留过多的内存(参见https://stackoverflow.com/a/56895801/1737363)。
不幸的docker compose build是不支持该--ulimit参数,所以需要编辑docker systemd单元
cat /etc/systemd/system/docker.service.d/10-limits.conf
[Service]
LimitNOFILE=65536
然后重新加载并重新启动 systemd 单元
systemctl daemon-reload
systemctl restart docker
如果你想检查 docker build 期间的 ulimits,你可以使用这个 Dockerfile
FROM alpine
RUN ulimit -a
和这些命令
$ docker build . --no-cache --progress plain
$ docker-compose build --no-cache --progress plain
$ docker compose build --no-cache --progress plain
$ DOCKER_BUILDKIT=0 docker compose build --no-cache --progress plain