Bug #18867
closed
Must upgrade Docker to support containers with libc 2.33
100%
Description
The effect is
2022-03-15T15:07:57.132119688Z stderr ERROR: R_HOME ('/usr/lib/R') not found
This appears to be due to the bug reported here:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005906
The gist is:
- Container has glibc 2.33
- When checking if a file or directory is executable, the new glibc uses a different system call than it used to
- This system call is not on the list of permitted system calls inside Docker containers, so it gets a "operation not permitted" error
- Because it returns an error, it thinks the directory doesn't exist (although it does)
- As a result, R refuses to start, with a very misleading error message
This is reportedly fixed since Docker 20.10
This means we will need to upgrade to Docker 20.10 or later everywhere.
Updated by Peter Amstutz almost 3 years ago
- Status changed from New to In Progress
Updated by Peter Amstutz almost 3 years ago
- Subject changed from Upgrade Docker to support containers with libc 2.33 to Must upgrade Docker to support containers with libc 2.33
Updated by Peter Amstutz almost 3 years ago
- Target version changed from 2022-03-16 sprint to 2022-03-30 Sprint
Updated by Ward Vandewege almost 3 years ago
Ready for review at 0059c1f8145f14432c464929c67f0cc2bee89e10 on branch 18867-compute-image-new-minimum-docker-version
I built images for ce8i5 and tordo. I tested the tordo image by running the CWL hasher against it, cf. https://workbench.tordo.arvadosapi.com/container_requests/tordo-xvhdp-fzp65jk7mjq2vw6
Updated by Peter Amstutz almost 3 years ago
Ward Vandewege wrote:
Ready for review at 0059c1f8145f14432c464929c67f0cc2bee89e10 on branch 18867-compute-image-new-minimum-docker-version
I built images for ce8i5 and tordo. I tested the tordo image by running the CWL hasher against it, cf. https://workbench.tordo.arvadosapi.com/container_requests/tordo-xvhdp-fzp65jk7mjq2vw6
I suggest parameterizing the docker version, something like
dockerversion=5:20.10.13~3-0
$SUDO apt-get yq --no-install-recommends install docker-ce=${dockerversion}~$family$distro
The rest LGTM!
Updated by Ward Vandewege almost 3 years ago
Peter Amstutz wrote:
Ward Vandewege wrote:
Ready for review at 0059c1f8145f14432c464929c67f0cc2bee89e10 on branch 18867-compute-image-new-minimum-docker-version
I built images for ce8i5 and tordo. I tested the tordo image by running the CWL hasher against it, cf. https://workbench.tordo.arvadosapi.com/container_requests/tordo-xvhdp-fzp65jk7mjq2vw6
I suggest parameterizing the docker version, something like
dockerversion=5:20.10.13~3-0
$SUDO apt-getyq --no-install-recommends install docker-ce=${dockerversion}~$family$distroThe rest LGTM!
Thanks, merged with that change.
Updated by Ward Vandewege almost 3 years ago
- Status changed from In Progress to Resolved
Applied in changeset arvados|8d797490d2975aa0bf0473469ce76c3717efc261.