Yum update fails -Centos 7 - dockerbuild

Question

I have frequently built docker container using centos 7 as base image. But now I am getting error when I run,

RUN yum update add \
    bash \
    && rm -rfv /var/cache/apk/*

ERROR:
Loaded plugins: fastestmirror, ovl

One of the configured repositories failed (Unknown), and yum doesn't have enough cached data to continue. At this point the only safe thing yum can do is fail. There are a few ways to work "fix" this:

Contact the upstream for the repository and get them to fix the problem.
Reconfigure the baseurl/etc. for the repository, to point to a working upstream. This is most often useful if you are using a newer distribution release than is supported by the repository (and the packages for the previous distribution release still work).
Run the command with the repository temporarily disabled yum --disablerepo=<repoid> ...
Disable the repository permanently, so yum won't use it by default. Yum will then just ignore the repository until you permanently enable it again or use --enablerepo for temporary usage:
```
yum-config-manager --disable <repoid>
```
or
```
`subscription-manager repos --disable=<repoid>`
```
Configure the failing repository to be skipped, if it is unavailable. Note that yum will try to contact the repo. when it runs most commands, so will have to try and fail each time (and thus. yum will be be much slower). If it is a very temporary problem though, this is often a nice compromise:
```
yum-config-manager --save --setopt=<repoid>.skip_if_unavailable=true
```

Cannot find a valid baseurl for repo: base/7/x86_64 Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=container error was 14: curl#6 - "Could not resolve host: mirrorlist.centos.org; Name or service not known" The command '/bin/sh -c yum update add
bash && rm -rfv /var/cache/apk/*' returned a non-zero code: 1

I also saw few resolutions to use "dhclient" but this error happens when i do docker-compose build.

Does `yum` work normally or give the same error about the `base` repo? e.g if you do a `yum install ` or `yum update ` — user3788685, Apr 12 '18 at 18:52
sounds like the `base` repo is broken or missing. Take a look at my answer [here](https://stackoverflow.com/a/49698625/3788685) which may fix that part of the issue. — user3788685, Apr 13 '18 at 14:00

TheDudeAbides · Answer 1 · 2019-01-03T20:09:50.753

I ran into this problem attempting to run the same Dockerfile, which fetched several software packages using yum, on two different platforms; one macOS, the other an Ubuntu 16.04-based Linux OS (elementaryOS Loki), both using the official packages from docker.com.

My theory is that the Linux package is just more restrictive out of the box, security-wise, than the macOS one. Maybe this is configurable with some kind of /etc/something config file, but I don't have the expertise with Docker to say for sure. EDIT: See my comment below.

What I can say is there was no additional configuration required for me on macOS (10.11 El Capitan); just docker build . worked fine, and yum processes from the Dockerfile were able to reach all the remote repositories.

In the Ubuntu-derived Linux distro, however, it was necessary to use

docker build --network host .

followed by

docker run -it --network host <image> <command>

when I wanted to run a process inside that image which required internet access.

This may be the case for other Debian-derived systems as well.

There are, of course, security considerations which need to be taken into account when allowing a long-running Docker container to communicate through the host network adapter, unrestricted, and one would do well to review the appropriate documentation in that regard.

One potential long-term solution, which does _not_ require `--network host` for every `docker` command line, is mentioned in the official Docker documentation under "Post-installation steps for Linux": disable NetworkManager's `dnsmasq` integration as outlined [here](https://docs.docker.com/install/linux/linux-postinstall/#disable-dnsmasq) (see also [this SU thread](https://superuser.com/questions/681993/using-dnsmasq-with-networkmanager)). That's probably not optimal if your host OS is a server for multiple users on a LAN. — TheDudeAbides, Jan 03 '19 at 20:13

score 1 · Answer 2 · edited Jul 09 '19 at 05:54

1

My assumption is that for some reason network behavior in docker varies based on distribution.

Try to use:

docker run -d --net mybridge centos

or

docker network create -d bridge mybridge
docker run -d --net mybridge centos

It should start working. Or just edit /etc/hosts and add mirror address

Name:    mirrorlist.centos.org
Address: 67.219.148.138

edited Jul 09 '19 at 05:54

Uwe Keim

39,551
56
175
291

answered May 30 '18 at 11:30

lubowsky

11
1

Agreed. From my experience there _do_ seem to be differences between distros, or at least OSes. On macOS, there is no additional configuration required to communicate with internet hosts from processes running within Docker containers, using the host's network interface. It was a bit puzzling at first, but I think I prefer having to _manually_ establish a bridge to the host interface, rather than what appears to be an insecure-by-default configuration on Mac. – TheDudeAbides Jan 02 '19 at 17:56

score 0 · Answer 3 · answered Jul 09 '19 at 05:46

0

root cause of the issue is, container proxy settings were wrong. Just corrected the proxy settings at the below location and worked.

/root/.docker/config.json

answered Jul 09 '19 at 05:46

Ananda Reddy

21
1

Yum update fails -Centos 7 - dockerbuild

3 Answers3