Контейнеры Docker не могут apt-get update или Yum-update - PullRequest
Новая
       70

Контейнеры Docker не могут apt-get update или Yum-update

0 голосов
/ 28 декабря 2018

У меня установлен докер на сервере jenkins.Сервер Jenkin может успешно подключаться к Интернету, а resolv.conf одинаков как для хоста, так и для создаваемых контейнеров.У меня уже есть много изображений, загруженных на сервер jenkins (centos, ubuntu), которые используются для разных задач.Все эти работы Дженкинса, которые были сделаны для создания контейнеров, работали нормально.Теперь неожиданно некоторые задания перестали работать со следующей ошибкой. 

Step 3/21 : RUN yum update -y && yum install epel-release  initscripts policycoreutils selinux-policy-targeted -y --skip-broken
 ---> Running in 5e61a8b671ad
Loaded plugins: fastestmirror, ovl
Determining fastest mirrors
[91m

 One of the configured repositories failed (Unknown),
 and yum doesn't have enough cached data to continue. At this point the only
 safe thing yum can do is fail. There are a few ways to work "fix" this:

     1. Contact the upstream for the repository and get them to fix the problem.

     2. Reconfigure the baseurl/etc. for the repository, to point to a working
        upstream. This is most often useful if you are using a newer
        distribution release than is supported by the repository (and the
        packages for the previous distribution release still work).

     3. Run the command with the repository temporarily disabled
            yum --disablerepo=<repoid> ...

     4. Disable the repository permanently, so yum won't use it by default. Yum
        will then just ignore the repository until you permanently enable it
        again or use --enablerepo for temporary usage:

            yum-config-manager --disable <repoid>
        or
            subscription-manager repos --disable=<repoid>

     5. Configure the failing repository to be skipped, if it is unavailable.
        Note that yum will try to contact the repo. when it runs most commands,
        so will have to try and fail each time (and thus. yum will be be much
        slower). If it is a very temporary problem though, this is often a nice
        compromise:

            yum-config-manager --save --setopt=<repoid>.skip_if_unavailable=true

Cannot find a valid baseurl for repo: base/7/x86_64
[0mCould not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=container error was
14: HTTP Error 403 - Forbidden
The command '/bin/sh -c yum update -y && yum install epel-release  initscripts policycoreutils selinux-policy-targeted -y --skip-broken' returned a non-zero code: 1

Поэтому я попытался получить доступ к серверу jenkis напрямую и создать новый и другой контейнер вручную из другого образа, который был ubuntu вместо centos (один из заданиячто не удалось), а также получил следующее: 

sudo docker run -ti --name testt cont.azurecr.io/app-be-dev:nginx bash
root@5959696258a0:/# apt-get update
Ign:1 http://deb.debian.org/debian stretch InRelease
Ign:2 http://deb.debian.org/debian stretch-updates InRelease
Ign:3 http://deb.debian.org/debian stretch Release
Ign:4 http://deb.debian.org/debian stretch-updates Release
Ign:5 http://deb.debian.org/debian stretch/main amd64 Packages
Ign:6 http://deb.debian.org/debian stretch/main all Packages
Ign:7 http://deb.debian.org/debian stretch-updates/main all Packages
Ign:8 http://deb.debian.org/debian stretch-updates/main amd64 Packages
Ign:5 http://deb.debian.org/debian stretch/main amd64 Packages
Ign:6 http://deb.debian.org/debian stretch/main all Packages
Ign:7 http://deb.debian.org/debian stretch-updates/main all Packages
Ign:8 http://deb.debian.org/debian stretch-updates/main amd64 Packages
Ign:9 http://security.debian.org/debian-security stretch/updates InRelease
Ign:10 http://security.debian.org/debian-security stretch/updates Release
Ign:11 http://security.debian.org/debian-security stretch/updates/main all Packages
Ign:12 http://security.debian.org/debian-security stretch/updates/main amd64 Packages
Ign:11 http://security.debian.org/debian-security stretch/updates/main all Packages
Ign:5 http://deb.debian.org/debian stretch/main amd64 Packages
Ign:6 http://deb.debian.org/debian stretch/main all Packages
Ign:7 http://deb.debian.org/debian stretch-updates/main all Packages
Ign:8 http://deb.debian.org/debian stretch-updates/main amd64 Packages
Ign:12 http://security.debian.org/debian-security stretch/updates/main amd64 Packages
Ign:11 http://security.debian.org/debian-security stretch/updates/main all Packages
Ign:12 http://security.debian.org/debian-security stretch/updates/main amd64 Packages
Ign:11 http://security.debian.org/debian-security stretch/updates/main all Packages
Ign:12 http://security.debian.org/debian-security stretch/updates/main amd64 Packages
Ign:5 http://deb.debian.org/debian stretch/main amd64 Packages
Ign:6 http://deb.debian.org/debian stretch/main all Packages
Ign:7 http://deb.debian.org/debian stretch-updates/main all Packages
Ign:8 http://deb.debian.org/debian stretch-updates/main amd64 Packages
Ign:5 http://deb.debian.org/debian stretch/main amd64 Packages
Ign:11 http://security.debian.org/debian-security stretch/updates/main all Packages
Ign:12 http://security.debian.org/debian-security stretch/updates/main amd64 Packages
Ign:11 http://security.debian.org/debian-security stretch/updates/main all Packages
Err:12 http://security.debian.org/debian-security stretch/updates/main amd64 Packages
  403  Forbidden [IP: 128.101.240.215 80]
Ign:6 http://deb.debian.org/debian stretch/main all Packages
Ign:7 http://deb.debian.org/debian stretch-updates/main all Packages
Ign:8 http://deb.debian.org/debian stretch-updates/main amd64 Packages
Err:5 http://deb.debian.org/debian stretch/main amd64 Packages
  403  Forbidden [IP: 128.31.0.62 80]
Ign:6 http://deb.debian.org/debian stretch/main all Packages
Ign:7 http://deb.debian.org/debian stretch-updates/main all Packages
Err:8 http://deb.debian.org/debian stretch-updates/main amd64 Packages
  403  Forbidden [IP: 128.31.0.62 80]
Reading package lists... Done
W: The repository 'http://deb.debian.org/debian stretch Release' does not have a Release file.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: The repository 'http://deb.debian.org/debian stretch-updates Release' does not have a Release file.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: The repository 'http://security.debian.org/debian-security stretch/updates Release' does not have a Release file.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: Failed to fetch http://deb.debian.org/debian/dists/stretch/main/binary-amd64/Packages  403  Forbidden [IP: 128.31.0.62 80]
E: Failed to fetch http://deb.debian.org/debian/dists/stretch-updates/main/binary-amd64/Packages  403  Forbidden [IP: 128.31.0.62 80]
E: Failed to fetch http://security.debian.org/debian-security/dists/stretch/updates/main/binary-amd64/Packages  403  Forbidden [IP: 128.101.240.215 80]
E: Some index files failed to download. They have been ignored, or old ones used instead.
root@5959696258a0:/# apt-get update
Ign:1 http://security.debian.org/debian-security stretch/updates InRelease
Ign:2 http://security.debian.org/debian-security stretch/updates Release
Ign:3 http://security.debian.org/debian-security stretch/updates/main amd64 Packages
Ign:4 http://security.debian.org/debian-security stretch/updates/main all Packages
Ign:5 http://deb.debian.org/debian stretch InRelease
Ign:6 http://deb.debian.org/debian stretch-updates InRelease
Ign:7 http://deb.debian.org/debian stretch Release
Ign:3 http://security.debian.org/debian-security stretch/updates/main amd64 Packages
Ign:8 http://deb.debian.org/debian stretch-updates Release
Ign:4 http://security.debian.org/debian-security stretch/updates/main all Packages
Ign:3 http://security.debian.org/debian-security stretch/updates/main amd64 Packages
Ign:9 http://deb.debian.org/debian stretch/main amd64 Packages
Ign:10 http://deb.debian.org/debian stretch/main all Packages
Ign:11 http://deb.debian.org/debian stretch-updates/main all Packages
Ign:4 http://security.debian.org/debian-security stretch/updates/main all Packages
Ign:12 http://deb.debian.org/debian stretch-updates/main amd64 Packages
Ign:3 http://security.debian.org/debian-security stretch/updates/main amd64 Packages
Ign:9 http://deb.debian.org/debian stretch/main amd64 Packages
Ign:4 http://security.debian.org/debian-security stretch/updates/main all Packages
Ign:10 http://deb.debian.org/debian stretch/main all Packages
Ign:3 http://security.debian.org/debian-security stretch/updates/main amd64 Packages
Ign:11 http://deb.debian.org/debian stretch-updates/main all Packages
Ign:12 http://deb.debian.org/debian stretch-updates/main amd64 Packages
Ign:4 http://security.debian.org/debian-security stretch/updates/main all Packages
Ign:9 http://deb.debian.org/debian stretch/main amd64 Packages
Err:3 http://security.debian.org/debian-security stretch/updates/main amd64 Packages
  **403  Forbidden [IP: 128.31.0.63 80]**
Ign:4 http://security.debian.org/debian-security stretch/updates/main all Packages
Ign:10 http://deb.debian.org/debian stretch/main all Packages
Ign:11 http://deb.debian.org/debian stretch-updates/main all Packages
Ign:12 http://deb.debian.org/debian stretch-updates/main amd64 Packages
Ign:9 http://deb.debian.org/debian stretch/main amd64 Packages
Ign:10 http://deb.debian.org/debian stretch/main all Packages
Ign:11 http://deb.debian.org/debian stretch-updates/main all Packages
Ign:12 http://deb.debian.org/debian stretch-updates/main amd64 Packages
Ign:9 http://deb.debian.org/debian stretch/main amd64 Packages
Ign:10 http://deb.debian.org/debian stretch/main all Packages
Ign:11 http://deb.debian.org/debian stretch-updates/main all Packages
Ign:12 http://deb.debian.org/debian stretch-updates/main amd64 Packages
Err:9 http://deb.debian.org/debian stretch/main amd64 Packages
  403  Forbidden [IP: 130.89.148.14 80]
Ign:10 http://deb.debian.org/debian stretch/main all Packages
Ign:11 http://deb.debian.org/debian stretch-updates/main all Packages
Err:12 http://deb.debian.org/debian stretch-updates/main amd64 Packages
  403  Forbidden [IP: 130.89.148.14 80]
Reading package lists... Done
W: The repository 'http://security.debian.org/debian-security stretch/updates Release' does not have a Release file.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: The repository 'http://deb.debian.org/debian stretch Release' does not have a Release file.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: The repository 'http://deb.debian.org/debian stretch-updates Release' does not have a Release file.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: Failed to fetch http://security.debian.org/debian-security/dists/stretch/updates/main/binary-amd64/Packages  403  Forbidden [IP: 128.31.0.63 80]
E: Failed to fetch http://deb.debian.org/debian/dists/stretch/main/binary-amd64/Packages  403  Forbidden [IP: 130.89.148.14 80]
E: Failed to fetch http://deb.debian.org/debian/dists/stretch-updates/main/binary-amd64/Packages  403  Forbidden [IP: 130.89.148.14 80]
E: Some index files failed to download. They have been ignored, or old ones used instead.

Как вы видите, ошибка 403 из другого изображения и вручную, а не из задания.Единственной вещью, которая была donde на сервере jenkins, была перезагрузка несколько дней назад из-за некоторой актуализации плагина.Я повторяю, resolv.conf в контейнере такой же, как хост (jenkins), я также пробовал запустить Docker -dns 8.8.8.8, который настроил Google DNS в контейнере, но также получил ту же проблему.

Что может бытьвызывая эту ошибку 403 ?.Я также попробовал apt-get update от самого Дженкинса, и обновление было сделано успешно.Это как на хосте все в порядке, но на контейнерах нет.Может ли быть так, что сетевой мост не работает?спасибо

ОБНОВЛЕНИЕ1 

root@4926b1da2bd1:/# cat /etc/hosts
127.0.0.1       localhost
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
192.168.1.1     4926b1da2bd1

ОБНОВЛЕНИЕ 2 Решено это перезапуск сетевого моста докера и сброс iptables: 

pkill docker
iptables -t nat -F
ifconfig docker0 down
brctl delbr docker0
docker -d
...