Questions about building docker images with bazel

[linux...@gmail.com]

Hi, all

I tried for a couple of hours about docker_build and got a few questions.

a) First of all, how is the base image tar created? I created one with the following command but not sure if it's a correct way:

$ docker save ubuntu > trusty.tar

docker_build(
name = "base",
tars = ["trusty.tar"],
)

and added my app layer on top of it with docker_build, but the image could not be started:

$ docker run -ti 1eebdfd3f3b4 /bin/sh
docker: Error response from daemon: Container command '/bin/sh'

The ubuntu image I used to "docker save" can be started without problem:

$ docker run -ti b72889fa879c /bin/sh
#

Is my way to use "docker save" to create the base tar correct?

b) The "bazel run" command on my app target failed:

$ bazel run myproj/backend:backend-img

INFO: Found 1 target...
Target //myproj/backend:myproj-backend up-to-date:
bazel-bin/myproj/backend/backend-layer.tar
INFO: Elapsed time: 0.089s, Critical Path: 0.00s

INFO: Running command line: bazel-bin/myproj/backend/backend
Loading b97ae675f65d3aa78147812903c9382897a1eae37e985b2e63f841900ef55d38...
Error response from daemon: invalid argument
ERROR: Non-zero return code '1' from command: Process exited with status 1.

I can load the generated target with docker load (although it doesn't run):

$ docker load -i bazel-bin/myproj/backend/backend.tar

b97ae675f65d: Loading layer 197.1 MB/197.1 MB
503df03abc80: Loading layer 10.24 kB/10.24 kB
5495411f6efd: Loading layer 20.55 MB/20.55 MB

c) The image generated by bazel has a wrong timestamp:

$ docker images

REPOSITORY TAG IMAGE ID CREATED SIZE
ago 188 MB
bazel/backend backend 939a84a78276 **292 years ago** 217.6 MB

It says "292 years ago".

d) The generated image is too big. Is there a way to utilize docker's stacked images so that when deploy it won't download the shared base layer?

Thanks a lot!

[linux...@gmail.com]

I figured out questions number 1 and 2: for ubuntu, download the core file from http://cdimage.ubuntu.com/ubuntu-core/releases/xenial/release/, gunzip it, the tar file will be a proper base tar. Now my app container worked fine.

Question 3 has been explained in the document of rules docker.

I guess the reason for question 4 is to reach reproducible image? How should we deal with the big image size?

[Kamal Marhubi]

Investigate the 'base' attribute on docker_build. You'd have a base image set up as you described with just 'tars'. To reuse the base layer, your other docker_build targets have their 'base' set to the base target.

I'm on my phone so can't paste an example. The 'basic example' in the docs for docker_build is along the right lines: http://bazel.io/docs/be/docker.html#basic-example

--
You received this message because you are subscribed to the Google Groups "bazel-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bazel-discus...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bazel-discuss/8f407163-90cd-4eea-9947-555f6bfd9abe%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[linux...@gmail.com]

Thanks a lot, Kamal, it worked that way!

But the "bazel run path:image.tar" command still fail:

INFO: Running command line: bazel-bin/demo/demo.tar
/home/johndoe/.cache/bazel/_bazel_johndoe/eedeac95b950221f7e2a454b8c435113/myproj/bazel-out/local-fastbuild/bin/demo/demo.tar: 2: /home/johndoe/.cache/bazel/_bazel_johndoe/eedeac95b950221f7e2a454b8c435113/myproj/bazel-out/local-fastbuild/bin/demo/demo.tar: Syntax error: newline unexpected
ERROR: Non-zero return code '2' from command: Process exited with status 2.

I think it's a bug. Docker load -i worked fine.

[Kamal Marhubi]

I think it's meant to be 'bazel run path:image' not 'bazel run path:image.tar'. The docker load script needs root, and running bazel as root isn't great. The script can be run from bazel-bin though.

To view this discussion on the web visit https://groups.google.com/d/msgid/bazel-discuss/fa00d960-2d33-48e0-ac8f-c56488f95771%40googlegroups.com.

[linux...@gmail.com]

> I think it's meant to be 'bazel run path:image' not 'bazel run path:image.tar'. The docker load script needs root, and running bazel as root isn't great. The script can be run from bazel-bin though.

Still not working. I added myself to docker group so I can run docker command directly.

[Kamal Marhubi]

Be aware that membership in the docker group is equivalent to running as root: https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface

I prefer to `bazel build //path/to/docker_build:target` and then run `sudo bazel-bin/path/to/docker_build/target` to load the image. This way I don't need to be in the docker group.

On Sun, Apr 24, 2016 at 1:47 AM <linux...@gmail.com> wrote:

> I think it's meant to be 'bazel run path:image' not 'bazel run path:image.tar'. The docker load script needs root, and running bazel as root isn't great. The script can be run from bazel-bin though.

Still not working. I added myself to docker group so I can run docker command directly.

--
You received this message because you are subscribed to the Google Groups "bazel-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bazel-discus...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/bazel-discuss/d10324d9-930d-4428-9885-e4586494ed65%40googlegroups.com.

[Damien Martin-guillerez]

a) you find the good solution, we are using a docker pull rules for our ci but it requires docker so we are not endorsing it (https://github.com/bazelbuild/continuous-integration/blob/master/base/docker_pull.bzl)

b) yes you need to be in the docker group

c) this is for reproducibility so we don't have different image with same input.

d) do you mean that the base image is too big? Because we don't repackage it. AFAICT it is not possible on docker either.

To view this discussion on the web visit https://groups.google.com/d/msgid/bazel-discuss/CAK-ZPek%2BtbRKR%2B7XOnD4Qm2acV53QPLJ55p%3DsuYRfmEchOjynw%40mail.gmail.com.

[linux...@gmail.com]

Thank you, Damien. I have no problem with a, c, d, now.

For b), I created this repo: https://github.com/linuxerwang/bazel-demo. With this simple example, I got the following errors:

$ bazel run demo:demo-img

INFO: Running command line: bazel-bin/demo/demo-img
Loading e8e55761f88bf736c947d1b0fce8ec6727c6dc050c3f042a4d5bdf60b70d9459...

Error response from daemon: invalid argument
ERROR: Non-zero return code '1' from command: Process exited with status 1.

$ bazel run demo:demo-img.tar

INFO: Running command line: bazel-bin/demo/demo-img.tar
/home/demo/.cache/bazel/_bazel_demo/bd23a867bfd67e56a93924869ef75ed6/bazel-demo/bazel-out/local-fastbuild/bin/demo/demo-img.tar: 2: /home/demo/.cache/bazel/_bazel_demo/bd23a867bfd67e56a93924869ef75ed6/bazel-demo/bazel-out/local-fastbuild/bin/demo/demo-img.tar: Syntax error: newline unexpected

ERROR: Non-zero return code '2' from command: Process exited with status 2.

With or without group "docker", I got the same output.

[Kamal Marhubi]

`bazel run demo:demo-img.tar` is not meant to work. Your first invocation of `bazel run demo:demo-img` should have loaded the image into Docker. What are you trying to do with the second invocation?

[linux...@gmail.com]

The first invocation failed so I tried the 2nd one.