Bug 1486809 – backport "docker build --network=..." support

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1486809 - backport "docker build --network=..." support

Summary:	backport "docker build --network=..." support

Status:	CLOSED ERRATA

Aliases:	None

Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Containers (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	Unspecified Unspecified

Priority	medium Severity medium
Target Milestone:	---
Target Release:	3.7.0
Assigned To:	Lokesh Mandvekar
QA Contact:	Wenjing Zheng
Docs Contact:

URL:
Whiteboard:
Keywords:

Duplicates:	1487652 (view as bug list)
Depends On:
Blocks:	1487652
	Show dependency tree / graph

Reported:	2017-08-30 10:59 EDT by Dan Winship
Modified:	2017-11-29 08:06 EST (History)
CC List:	13 users (show)

See Also:
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2017-11-28 17:08:20 EST
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2017:3188	normal	SHIPPED_LIVE	Moderate: Red Hat OpenShift Container Platform 3.7 security, bug, and enhancement update	2017-11-28 21:34:54 EST

Groups: None (edit)

Description Dan Winship 2017-08-30 10:59:53 EDT

https://github.com/openshift/origin/pull/13235 made origin pass networkmode to the docker build API, but that API only exists in docker 1.13, so this had no effect on OCP.

But the patch is quite small: https://github.com/moby/moby/pull/27702

Could we get this into our docker? (If I'm looking in the right place, it looks like we don't have that patch now.)

Comment 1 Antonio Murdaca 2017-08-31 14:18:04 EDT

Fixed here for 1.12.6: https://github.com/projectatomic/docker/commit/059451eff3725836f187ecb51a663487b27687f7

Comment 2 Dan Winship 2017-09-01 12:57:41 EDT

OK, so I don't know anything about the process for docker package updates... how long (at least roughly) will it take for this to be available to customers? Would this be done as part of an OCP 3.6.x release or would the new docker just get pushed to a yum repo that OCP hosts are subscribed to or what?

Comment 3 Eric Paris 2017-09-01 16:35:23 EDT

It would get pushed to rhel-extras. This means it would end up available for customers independent of OCP releases. any customer using docker 1.12 (aka about 3.4+) would potentially 'just get' this update.

Comment 7 Paul Bergene 2017-09-19 04:42:14 EDT

Which update of 1.12 is this fixed in?

Comment 8 Paul Bergene 2017-09-19 04:58:11 EDT

1.12.6. Got it.

Comment 9 Dan Winship 2017-09-19 11:41:11 EDT

The fix has not yet been released.

Comment 17 Dan Winship 2017-11-01 13:43:20 EDT

*** Bug 1487652 has been marked as a duplicate of this bug. ***

Comment 18 Wenjing Zheng 2017-11-01 23:31:05 EDT

I can see the error about cannot access service created in a different namespace as below (my env is with "multitenant" network plugin with docker 12.6 version):
Step 1 : FROM centos/ruby-22-centos7@sha256:2ceb8f738e0da65b0f371c1789bb48fc4f65796870354a31c6f57cd93ca9b8b6
 ---> a6ced72cd422
Step 2 : USER default
 ---> Running in cd95b746204e
 ---> 6398d842deea
Removing intermediate container cd95b746204e
Step 3 : RUN curl 172.30.13.160:8080
 ---> Running in aca776bfe881
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:02:07 --:--:--     0curl: (7) Failed connect to 172.30.13.160:8080; Connection timed out
error: build error: The command '/bin/sh -c curl 172.30.13.160:8080' returned a non-zero code: 7

So verifying this bug now.
]# docker version
Client:
 Version:         1.12.6
 API version:     1.24
 Package version: docker-1.12.6-61.git85d7426.el7.x86_64
 Go version:      go1.8.3
 Git commit:      85d7426/1.12.6
 Built:           Tue Sep 26 15:30:51 2017
 OS/Arch:         linux/amd64

Server:
 Version:         1.12.6
 API version:     1.24
 Package version: docker-1.12.6-61.git85d7426.el7.x86_64
 Go version:      go1.8.3
 Git commit:      85d7426/1.12.6
 Built:           Tue Sep 26 15:30:51 2017
 OS/Arch:         linux/amd64
# openshift version
openshift v3.7.0-0.189.0
kubernetes v1.7.6+a08f5eeb62
etcd 3.2.8

Comment 21 errata-xmlrpc 2017-11-28 17:08:20 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:3188

Note You need to log in before you can comment on or make changes to this bug.