tl;dr installed podman desktop and circleci local execute doesn’t work
Installed podman desktop with Docker plugin, can run Docker commands fine (docker ps
, docker run
etc).
Trying to run circleci local execute
fails due to insufficient permission.
$ circleci local execute --config .circleci/config.yml --org-id LONG-STRING_HERE 'path-filtering/filter'
Fetching latest build environment...
Docker image digest: sha256:008ba7f4223f1e26c11df9575283491b620074fa96da6961e0dcde47fb757014
====>> Spin up environment
Build-agent version ()
process panic
goroutine 1 [running]:
runtime/debug.Stack()
/usr/local/go/src/runtime/debug/stack.go:24 +0x65
github.com/circleci/build-agent/cmd/internal/setup.PanicHandler()
/mnt/ramdisk/circleci/project/cmd/internal/setup/handlers.go:23 +0x85
panic({0x156abe0, 0xc0004cb270})
/usr/local/go/src/runtime/panic.go:1038 +0x215
github.com/circleci/build-agent/outer/docker.NewDockerExecutorWithClient({{{{0xc0000460a8, 0x15}, {{...}, {...}, 0x0, 0x1, {...}, {...}, {...}, {...}, ...}, ...}, ...}, ...}, ...)
/mnt/ramdisk/circleci/project/outer/docker/docker.go:67 +0x699
github.com/circleci/build-agent/outer/docker.NewDockerExecutor({{{{0xc0000460a8, 0x15}, {{...}, {...}, 0x0, 0x1, {...}, {...}, {...}, {...}, ...}, ...}, ...}, ...}, ...)
/mnt/ramdisk/circleci/project/outer/docker/docker.go:103 +0xdc
github.com/circleci/build-agent/outer.newExecutor({_, _}, {{{{0xc0000460a8, 0x15}, {{...}, {...}, 0x0, 0x1, {...}, {...}, ...}, ...}, ...}, ...}, ...)
/mnt/ramdisk/circleci/project/outer/run.go:369 +0x265
github.com/circleci/build-agent/outer.ConfigureAndRun({_, _}, {{0xc0000cbf50, 0x15}, {0x0, 0x0}, {0xc000046108, 0x16}, {0x0, 0x0}, ...})
/mnt/ramdisk/circleci/project/outer/run.go:219 +0x17ad
github.com/circleci/build-agent/cmd/internal/outer/local.runExecuteJob(0xc0002e5c00, 0x0, {0x1987540, 0x0})
/mnt/ramdisk/circleci/project/cmd/internal/outer/local/execute.go:125 +0x2b6
github.com/circleci/build-agent/cmd/internal/outer/local.NewExecuteJobCmd.func1(0xc0003a0c80, {0x165cc0d, 0x5, 0x5})
/mnt/ramdisk/circleci/project/cmd/internal/outer/local/execute.go:64 +0x29
github.com/spf13/cobra.(*Command).execute(0xc0003a0c80, {0xc000524b90, 0x5, 0x5})
/home/circleci/go/pkg/mod/github.com/spf13/cobra@v1.2.1/command.go:856 +0x60e
github.com/spf13/cobra.(*Command).ExecuteC(0xc0003a0a00)
/home/circleci/go/pkg/mod/github.com/spf13/cobra@v1.2.1/command.go:974 +0x3bc
github.com/spf13/cobra.(*Command).Execute(...)
/home/circleci/go/pkg/mod/github.com/spf13/cobra@v1.2.1/command.go:902
github.com/circleci/build-agent/cmd.Execute()
/mnt/ramdisk/circleci/project/cmd/root.go:64 +0x2cf
main.main()
/mnt/ramdisk/circleci/project/main.go:14 +0xca
Unfortunately that error is completely meaningless, so I had to make a wrapper for Docker to have it output what command is running, then modify it to add a --verbose
argument to be passed to the container being run, after which the CircleCI app in the CircleCI container finally told me it was having a permissions issue writing to a unix sock file.
Changing permissions on sock file didn’t help, but adding --privileged
did, so modified wrapper again to pass that option on docker run ...
.
#!/usr/bin/env bash
# Usage:
# $ export PATH="$HOME/bin:$PATH"
# $ docker ....
export PATH="$(echo "$PATH" | sed -E "s?$HOME/bin:??")"
set -x
cmd="$1"; shift
if [ "$cmd" = "run" ] ; then
exec docker "$cmd" --privileged "$@"
else
exec docker "$cmd" "$@"
fi
Finally the container would start and begin running, but then circleci local command fails due to naming convention problem with network:
$ circleci local execute --config .circleci/config.yml --org-id LONG-STRING-HERE 'path-filtering/filter'
Fetching latest build environment...
Docker image digest: sha256:008ba7f4223f1e26c11df9575283491b620074fa96da6961e0dcde47fb757014
+ cmd=run
+ shift
+ '[' run = run ']'
+ exec docker run --privileged --rm --mount type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock --mount type=bind,src=/var/folders/jk/5jpk49vj5_j58_k4vbdr2wl80000gq/T/380038945_circleci_config.yml,dst=/var/folders/jk/5jpk49vj5_j58_k4vbdr2wl80000gq/T//local_build_config.yml --mount type=bind,src=/Users/ME/git/REPO,dst=/Users/ME/git/REPO --mount type=bind,src=/Users/ME/.circleci,dst=/root/.circleci --workdir /Users/ME/git/REPO circleci/picard@sha256:008ba7f4223f1e26c11df9575283491b620074fa96da6961e0dcde47fb757014 circleci build --config /var/folders/jk/5jpk49vj5_j58_k4vbdr2wl80000gq/T//local_build_config.yml --job path-filtering/filter path-filtering/filter
====>> Spin up environment
Build-agent version ()
System information:
Server Version: 4.9.3
Storage Driver: overlay
Backing Filesystem: xfs
Cgroup Driver: systemd
Cgroup Version: 2
Kernel Version: 6.7.7-200.fc39.aarch64
Operating System: fedora
OSType: linux
Architecture: arm64
Error:
Unexpected environment preparation error: error creating ephemeral network bridge: error creating ephemeral docker network: Error response from daemon: network name ZZZ_localbuild-1710826159/607A0043 invalid: names must match [a-zA-Z0-9][a-zA-Z0-9_.-]*: invalid argument
Step failed
Task failed
Error: Unhandled prepare executor error: error creating ephemeral network bridge: error creating ephemeral docker network: Error response from daemon: network name ZZZ_localbuild-1710826159/607A0043 invalid: names must match [a-zA-Z0-9][a-zA-Z0-9_.-]*: invalid argument
Don’t know how to get past this as it’s not running a docker command on the host. I suppose I could write an entire custom implementation of the Docker protocol to intercept this network name being created, but that’s a lot of work…
Can we get a way to generate network names according to the above naming convention?
This is apparently a known issue with circleci local cli since a year ago: Creating a network bridge fails with '/' (forward slash) character in name · Issue #17806 · containers/podman · GitHub