(maint) Enable Docker builds with buildkit #2242
Conversation
azure-pipelines.yml
Outdated
| @@ -14,6 +14,7 @@ pool: | |||
| name: Default | |||
|
|
|||
| variables: | |||
| DOCKER_BUILDKIT: 1 | |||
There was a problem hiding this comment.
Looks like this might not be possible on Windows (at least not easily):
docker build --build-arg version=6.7.2 --build-arg vcs_ref=3c27f646dc61db97a94a8f6f73795b00f0fcdb77 --build-arg build_date=--file docker/puppetserver-base/Dockerfile --memory 4g --build-arg namespace=puppet --tag puppet/puppetserver-base:6.7.2 --pull docker/puppetserver-base
#1 [internal] load build definition from Dockerfile
#1 transferring dockerfile: 2.62kB done
#1 DONE 0.2s
#2 [internal] load .dockerignore
#2 transferring context: 2B done
#2 DONE 0.2s
failed to solve with frontend dockerfile.v0: failed to read dockerfile: failed to mount C:\ProgramData\docker\tmp\buildkit-mount519259336: [{Type:bind Source:C:\ProgramData\docker\windowsfilter\fvor99jmpaj39d3lp5ljauvuu Options:[rbind ro]}]: invalid windows mount type: 'bind'
##[error]PowerShell exited with code '1'.
##[section]Finishing: Build puppetserver-base Container
| @@ -1,3 +1,4 @@ | |||
| export DOCKER_BUILDKIT=1 | |||
There was a problem hiding this comment.
Travis docker version is super old, and buildkit isn't supported here either.
docker version
Client:
Version: 18.06.0-ce
API version: 1.38
Go version: go1.10.3
Git commit: 0ffa825
Built: Wed Jul 18 19:11:02 2018
OS/Arch: linux/amd64
Experimental: false
Server:
Engine:
Version: 18.06.0-ce
API version: 1.38 (minimum version 1.12)
Go version: go1.10.3
Git commit: 0ffa825
Built: Wed Jul 18 19:09:05 2018
OS/Arch: linux/amd64
Experimental: false
It's possible to upgrade with https://docs.travis-ci.com/user/docker/#installing-a-newer-docker-version
Iristyle
force-pushed
the
docker-build-with-buildkit
branch
2 times, most recently
from
28b54f9
to
5c7f0c5
Compare
.travis.yml
Outdated
|
|
||
| services: | ||
| - docker | ||
|
|
||
| before_install: | ||
| - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - |
There was a problem hiding this comment.
I think it's probably quicker to just pull the packages from https://download.docker.com/linux/ubuntu/dists/xenial/pool/stable/amd64/ and install that way rather than using the PPA. The Xenial PPA doesn't have the latest builds for some reasons anyway!
There was a problem hiding this comment.
Nope, not true. Verified that the time is about the same - except the code to install packages is a fair amount more complicated (especially when resolving dependencies).
Better to use the PPA
Iristyle
force-pushed
the
docker-build-with-buildkit
branch
11 times, most recently
from
8c95a34
to
cea8fe2
Compare
- Requires upgrading from Docker CE 18.06 to 19.03 for buildkit support - Ideally improves performance of multi-stage builds by executing in a concurrent pipeline model
Iristyle
force-pushed
the
docker-build-with-buildkit
branch
from
cea8fe2
to
a402a1c
Compare
|
Update timings (after a few successful runs through)... looks like there is some time to save on builds right now (30s?), even when the host appears slower for other steps. before_install 0.64s -> 26.36s / 43.62s |
Iristyle
force-pushed
the
docker-build-with-buildkit
branch
from
d0574a5
to
d2156a5
Compare
- Now that the file to create puppetserver-base is called base.Dockerfile, there are no real collisions to avoid. - This is the next step towards consolidating to a single Dockerfile with multiple build targets
Iristyle
force-pushed
the
docker-build-with-buildkit
branch
from
dad959d
to
d0f99d5
Compare
- WIP: still can't start buildkit container daemon
Iristyle
force-pushed
the
docker-build-with-buildkit
branch
from
029ce65
to
9784452
Compare
| PKG_ARCH=$(dpkg --print-architecture) | ||
| curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - | ||
| sudo add-apt-repository "deb [arch=${PKG_ARCH}] https://download.docker.com/linux/ubuntu $OS_RELEASE stable" | ||
| sudo apt-get update |
There was a problem hiding this comment.
Not sure if it makes sense to only upgrade the Docker PPA - i.e. something like
apt-get update -o Dir::Etc::sourcelist=/path/to/repo.list
|
Buildkit support was merged in #2328 This seems to have been left open by accident |
This is an experiment to see if we can improve Docker build times by using buildkit. Buildkit will enable a few things:
It looks like this is generally a no-go at this point in time due to the LCOW error, which could be a permissions issue (though I tested setting
Everyone: (F)forC:\ProgramData\docker\tmpandC:\ProgramData\docker\windowsfilterand didn't see anything stand out inprocmon):This is something we probably want to evaluate again in the future (or help fix under LCOW) - buildkit currently says Windows is unsupported - moby/buildkit#616
Update: It looks like it may be possible to use buildkit more directly rather than going through
docker build. buildctl has a Windows binary and it's possible to run the buildkit daemon in a container.That's a reasonably different workflow from what we're doing now, but seems like it may plausibly work without much modification. The convention for passing command line args would vary a bit. For instance,
--build-arg vcs_ref=$(vcs_ref)would become--opt build-arg:vcs_ref=$(vsc_ref). See https://github.com/moby/buildkit#exploring-dockerfiles for more details.