docker build fails on a cloud VM

Question

I have an Ubuntu 16.04 (Xenial) running inside an Azure VM. I have followed the instructions to install Docker and all seems fine and dandy.

One of the things that I need to do when I trigger docker run is to pass --net=host, which allows me to run apt-get update and other internet-dependent commands within the container.

The problem comes in when I try to trigger docker build based on an existing Ubuntu image. It fails:

The problem here is that there is no way to pass --net=host to the build command. I see that there are issues open on the Docker GitHub (#20987, #10324) but no clear resolution.

There is an existing answer on Stack Overflow that covers the scenario I want, but that doesn't work within a cloud VM.

Any thoughts on what might be happening?

UPDATE 1:

Here is the docker version output:

Client:
 Version:      1.12.0
 API version:  1.24
 Go version:   go1.6.3
 Git commit:   8eab29e
 Built:        Thu Jul 28 22:11:10 2016
 OS/Arch:      linux/amd64

Server:
 Version:      1.12.0
 API version:  1.24
 Go version:   go1.6.3
 Git commit:   8eab29e
 Built:        Thu Jul 28 22:11:10 2016
 OS/Arch:      linux/amd64

UPDATE 2:

Here is the output from docker network ls:

NETWORK ID          NAME                DRIVER              SCOPE
aa69fa066700        bridge              bridge              local               
1bd082a62ab3        host                host                local               
629eacc3b77e        none                null                local

apt-get should still work using the default bridged network unless your network requires use of a proxy server or has firewall rules preventing NATed traffic. What happens if you try to run ping or curl in a container using the bridged network? — Greg Bray, Aug 17 '16 at 16:58
Both `ping` and `curl` work directly on the VM. `docker build` still fails. — Den, Aug 17 '16 at 17:00
Do they work in the container? The VM is using the host network, but containers use the bridged network. — Greg Bray, Aug 17 '16 at 17:02
Here is the trick, like described above - when I do `docker run`, I can pass `--net=host` and then `ping`, `apt-get` and `curl` will work. There is no way to pass `--net=host` to `docker build` which results in failure. — Den, Aug 17 '16 at 17:05
What I'm saying is by default using the bridged network those should still work. Finding out why those don't work may help you find a way to fix the issue. — Greg Bray, Aug 17 '16 at 17:06
docker run -it --rm busybox (or ubuntu) should create a container with an interactive shell — Greg Bray, Aug 17 '16 at 17:09
Under azure, you created a ubunut VM and inside that, you are running a docker-machine setup, right? Use `docker run -i -t ubuntu bash` and then check what `cat /etc/resolv.conf` gives you. What happens on `nslookup google` and what happens on `ping 8.8.8.8` ? — Eugen Mayer, Aug 21 '16 at 15:39

Greg Bray · Answer 1 · 2016-08-17T19:18:17.883

Another approach would be to try letting docker-machine provision the VM for you and see if that works. There is a provider for Azure, so you should be able to set your subscription id on a local Docker client (Windows or Linux) and follow the instructions to get a new VM provisioned with Docker and it will also setup your local environment variables to communicate with the Docker VM instance remotely. After it is setup running docker ps or docker run locally would run the commands as if you were running them on the VM. Example:

#Name at end should be all lower case or it will fail.
docker-machine create --driver azure --azure-subscription-id <omitted> --azure-image canonical:ubuntuserver:16.04.0-LTS:16.04.201608150 --azure-size Standard_A0 azureubuntu
#Partial output, see docker-machine resource group in Azure portal
Running pre-create checks...
(azureubuntu) Completed machine pre-create checks.
Creating machine...
(azureubuntu) Querying existing resource group.  name="docker-machine"
(azureubuntu) Resource group "docker-machine" already exists.
(azureubuntu) Configuring availability set.  name="docker-machine"
(azureubuntu) Configuring network security group.  location="westus" name="azureubuntu-firewall"
(azureubuntu) Querying if virtual network already exists.  name="docker-machine-vnet" location="westus"
(azureubuntu) Configuring subnet.  vnet="docker-machine-vnet" cidr="192.168.0.0/16" name="docker-machine"
(azureubuntu) Creating public IP address.  name="azureubuntu-ip" static=false
(azureubuntu) Creating network interface.  name="azureubuntu-nic"
(azureubuntu) Creating virtual machine.  osImage="canonical:ubuntuserver:16.04.0-LTS:16.04.201608150" name="azureubuntu" location="westus" size="Standard_A0" username="docker-user"
Waiting for machine to be running, this may take a few minutes...
Detecting operating system of created instance...
Waiting for SSH to be available...
Detecting the provisioner...
Provisioning with ubuntu(systemd)...
Installing Docker...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...
Checking connection to Docker...
Docker is up and running!
To see how to connect your Docker Client to the Docker Engine running on this virtual machine, run: docker-machine env azureubuntu

#Set environment using PowerShell (or login to the new VM) and see containers on remote host
docker-machine env azureubuntu | Invoke-Expression
docker info
docker network inspect bridge

#Build a local docker project using the remote VM
docker build MyProject
docker images

#To clean up the Azure resources for a machine (you can create multiple, also check docker-machine resource group in Azure portal)
docker-machine rm azureubuntu

Best I can tell that is working fine. I was able to build a debian:wheezy DockerFile that uses apt-get on the Azure VM without any issues. This should allow the containers to run using the default bridged network as well instead of the host network.

I will try doing that and see what results it will output. I configured the DNS settings according to VM configuration, so not sure what might be causing failures. — Den, Aug 17 '16 at 17:55

score 0 · Answer 2 · edited May 23 '17 at 12:18

0

According to I can't get Docker containers to access the internet? using sudo systemctl restart docker might help, or enable net.ipv4.ip_forward = 1 or disable the firewall.

Also you may need to update the dns servers in /etc/resolv.conf on the VM

edited May 23 '17 at 12:18

Community

1
1

answered Aug 17 '16 at 17:16

Greg Bray

14,929
12
80
104

1

Just like the original poster for that question, already all of these items are tackled and unfortunately have no effect. `--net=host` works when I do `docker run` so that's awesome, would work for me. It's `docker build` that fails. – Den Aug 17 '16 at 17:29
2

The issue you are seeing indicates that your bridge network can't reach the outside world, which will probably cause other issues in the future. If you don't plan on using the bridge network in docker you could try deleting it with `docker network rm`, but network isolation is a big part of why people usually use docker containers. Hence the reason why the --net=host parameter may not be available for all docker commands. – Greg Bray Aug 17 '16 at 17:33
For diagnostic purposes, updated the main post with the output of `docker network ls`. – Den Aug 17 '16 at 17:37
yeah... that is all pretty vanilla. The issue is likely somewhere in sysctl or the VM's DNS setup. I'll try spinning up an Azure VM using docker-machine and see if it works there. – Greg Bray Aug 17 '16 at 17:39
Stupid question, but can you reach anything in internet with desired protocols from this VM? My expirience with Azure Firewalls was that is not always working like one may asume it.. – aholbreich Aug 18 '16 at 08:43

docker build fails on a cloud VM

2 Answers2