如何检查失败的“docker build"的文件系统? [英] How can I inspect the file system of a failed `docker build`?

问题描述

我正在尝试为我们的开发过程构建一个新的 Docker 镜像，使用 cpanm 安装一堆 Perl 模块作为各种项目的基础镜像.

I'm trying to build a new Docker image for our development process, using cpanm to install a bunch of Perl modules as a base image for various projects.

在开发 Dockerfile 时，cpanm 返回失败代码，因为某些模块没有安装干净.

While developing the Dockerfile, cpanm returns a failure code because some of the modules did not install cleanly.

我很确定我需要让 apt 安装更多东西.

I'm fairly sure I need to get apt to install some more things.

我的问题是，我在哪里可以找到输出中引用的 /.cpanm/work 目录，以便检查日志?在一般情况下，如何检查失败的 docker build 命令的文件系统?

My question is, where can I find the /.cpanm/work directory quoted in the output, in order to inspect the logs? In the general case, how can I inspect the file system of a failed docker build command?

早间编辑在咬紧牙关运行find之后我发现了

Morning edit After biting the bullet and running a find I discovered

/var/lib/docker/aufs/diff/3afa404e[...]/.cpanm

这是可靠的，还是我最好构建一个裸"容器并手动运行东西直到我拥有我需要的所有东西?

Is this reliable, or am I better off building a "bare" container and running stuff manually until I have all the things I need?

推荐答案

每当 docker 从 Dockerfile 成功执行 RUN 命令时，图像文件系统中的一个新层已提交.您可以方便地将这些层 ID 用作图像来启动新容器.

Everytime docker successfully executes a RUN command from a Dockerfile, a new layer in the image filesystem is committed. Conveniently you can use those layers ids as images to start a new container.

采用以下 Dockerfile:

Take the following Dockerfile:

FROM busybox
RUN echo 'foo' > /tmp/foo.txt
RUN echo 'bar' >> /tmp/foo.txt

并构建它:

$ docker build -t so-26220957 .
Sending build context to Docker daemon 47.62 kB
Step 1/3 : FROM busybox
 ---> 00f017a8c2a6
Step 2/3 : RUN echo 'foo' > /tmp/foo.txt
 ---> Running in 4dbd01ebf27f
 ---> 044e1532c690
Removing intermediate container 4dbd01ebf27f
Step 3/3 : RUN echo 'bar' >> /tmp/foo.txt
 ---> Running in 74d81cb9d2b1
 ---> 5bd8172529c1
Removing intermediate container 74d81cb9d2b1
Successfully built 5bd8172529c1

您现在可以从 00f017a8c2a6、044e1532c690 和 5bd8172529c1 启动一个新容器:

You can now start a new container from 00f017a8c2a6, 044e1532c690 and 5bd8172529c1:

$ docker run --rm 00f017a8c2a6 cat /tmp/foo.txt
cat: /tmp/foo.txt: No such file or directory

$ docker run --rm 044e1532c690 cat /tmp/foo.txt
foo

$ docker run --rm 5bd8172529c1 cat /tmp/foo.txt
foo
bar

当然，您可能想要启动一个 shell 来探索文件系统并尝试命令:

of course you might want to start a shell to explore the filesystem and try out commands:

$ docker run --rm -it 044e1532c690 sh      
/ # ls -l /tmp
total 4
-rw-r--r--    1 root     root             4 Mar  9 19:09 foo.txt
/ # cat /tmp/foo.txt 
foo

---

当其中一个 Dockerfile 命令失败时，您需要做的是查找 上一层的 id 并在根据该 id 创建的容器中运行 shell:

---

When one of the Dockerfile command fails, what you need to do is to look for the id of the preceding layer and run a shell in a container created from that id:

docker run --rm -it <id_last_working_layer> bash -il

一旦进入容器:

• 尝试失败的命令，并重现问题
• 然后修复命令并测试它
• 最后使用固定命令更新您的 Dockerfile

如果您确实需要在失败的实际层中进行实验，而不是从最后一个工作层开始工作，请参阅Drew 的回答.

If you really need to experiment in the actual layer that failed instead of working from the last working layer, see Drew's answer.

这篇关于如何检查失败的“docker build"的文件系统?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！