Unable to build minikube ISO locally

[coolbrg]

Is this a BUG REPORT or FEATURE REQUEST? (choose one):
BUG REPORT

Environment:
Fedora 25 (Linux)

Docker version
1.12.6

What happened:
I am unable to generate minikube ISO with instruction here https://github.com/kubernetes/minikube/blob/master/docs/contributors/minikube_iso.md#build-instructions.

Getting permission error:
Getting following error:

$ make buildroot-image
docker build  -t gcr.io/k8s-minikube/buildroot-image -f deploy/iso/minikube-iso/Dockerfile deploy/iso/minikube-iso/
Sending build context to Docker daemon 114.2 kB
Step 1 : FROM ubuntu:16.04
 ---> ccc7a11d65b1
[...]
Successfully built 7d9ff5ca90dc

gcr.io/k8s-minikube/buildroot-image successfully built

$ make out/minikube.iso
docker run --rm --workdir /mnt --volume /home/budhram/gowork/src/github.com/kubernetes/minikube:/mnt  \
  --user 1001:1001 --env HOME=/tmp --env IN_DOCKER=1 \
  gcr.io/k8s-minikube/buildroot-image /usr/bin/make out/minikube.iso
make: stat: Makefile: Permission denied
make: *** No rule to make target 'out/minikube.iso'.  Stop.
Makefile:125: recipe for target 'out/minikube.iso' failed
make: *** [out/minikube.iso] Error 2

# Checking inside container
$ docker run --rm --workdir /mnt --volume /home/budhram/gowork/src/github.com/kubernetes/minikube:/mnt  \
> --user 1001:1001 --env HOME=/tmp --env IN_DOCKER=1 \
> -it gcr.io/k8s-minikube/buildroot-image bash
groups: cannot find name for group ID 1001
I have no name!@38b0831a053f:/mnt$ ls
ls: cannot open directory '.': Permission denied

I doubt the volume mount didn't happen properly.

What you expected to happen:
minikube ISO should be generated at out/minikube.iso.

[r2d4]

It works on my machine. Looks like it has something to do with how we're generating the --user flag. We do --user $(shell id -u):$(shell id -g) in all of our docker commands.

[aaron-prindle]

Just tested this @ HEAD, unable to repro, it is also working on my Ubuntu 14.04 machine. I will test on a Fedora 25 machine and see if I am able to repro. Not quite sure what the issue is but I believe that it is related to the '--user' flag as r2d4 mentioned:
https://github.com/kubernetes/minikube/blob/master/Makefile#L62-L63

[r2d4]

@budhrg did you figure this out? do we need to add some additional documentation or rules for fedora?

[gbraad]

@budhrg any progress on this? Do you also want me to have a look at this?

[coolbrg]

@gbraad , please go ahead as well. I am still getting issue with Fedora 25 so I am now trying with Ubuntu VM and now with GCE Ubuntu instance where I was able to create iso. Locally with Ubuntu VM, I am having some issue during make out/minikube.iso after 1hrs+ running.

[gbraad]

For me it seems to work. UID=1000:GID=1000

However, make fails for me for other reasons:

--2017-08-30 02:57:06--  http://sources.buildroot.net/rkt-v1.24.0.tar.gz
Resolving sources.buildroot.net (sources.buildroot.net)... 176.9.16.109
Connecting to sources.buildroot.net (sources.buildroot.net)|176.9.16.109|:80... connected.
HTTP request sent, awaiting response... 404 Not Found
2017-08-30 02:57:07 ERROR 404: Not Found.

Ref: http://sources.buildroot.net/rkt-v1.24.0.tar.gz -> 404 Not Found

[r2d4]

I think thats a red herring: The real error should be before that (I think its a weird gpg signing issue that resolves itself after the command has been ran twice). As a last ditch effort, buildroot attempts to fetch the package from its own sources, which don't contain the rkt package.

[gbraad]

OK, so will do the same and build it on a remote host, as it seems network connectivity is quite important.

Haven't looked into the fact why it failed for @budhrg with a different UID

[coolbrg]

Some logs while creating container with following command

$ docker run --workdir /mnt --volume=/home/budhram/gowork/src/k8s.io/minikube:/mnt --user 1001:1001 --env HOME=/tmp --env IN_DOCKER=1 gcr.io/k8s-minikube/buildroot-image /usr/bin/make out/minikube.iso

make: stat: Makefile: Permission denied
make: *** No rule to make target 'out/minikube.iso'.  Stop.

Mounting failed due to SELinux

...
Aug 30 11:54:57 dhcp35-83.lab.eng.blr.redhat.com systemd[1]: Started libcontainer container 550d89305fd9f36b685b4552ebf5685aee8ca532ca54336d2a164f2f0bfea325.
********************
Aug 30 11:54:57 dhcp35-83.lab.eng.blr.redhat.com kernel: SELinux: mount invalid.  Same superblock, different security settings for (dev mqueue, type mqueue)
********************
Aug 30 11:54:57 dhcp35-83.lab.eng.blr.redhat.com kernel: eth0: renamed from veth90bf406
Aug 30 11:54:57 dhcp35-83.lab.eng.blr.redhat.com kernel: IPv6: ADDRCONF(NETDEV_CHANGE): vethfc5a20d: link becomes ready
Aug 30 11:54:57 dhcp35-83.lab.eng.blr.redhat.com kernel: docker0: port 1(vethfc5a20d) entered blocking state
Aug 30 11:54:57 dhcp35-83.lab.eng.blr.redhat.com kernel: docker0: port 1(vethfc5a20d) entered forwarding state
Aug 30 11:54:57 dhcp35-83.lab.eng.blr.redhat.com NetworkManager[1305]: <info>  [1504074297.6977] device (vethfc5a20d): link connected
Aug 30 11:54:57 dhcp35-83.lab.eng.blr.redhat.com NetworkManager[1305]: <info>  [1504074297.7005] device (docker0): link connected
Aug 30 11:54:57 dhcp35-83.lab.eng.blr.redhat.com oci-register-machine[6859]: 2017/08/30 11:54:57 Register machine: prestart 550d89305fd9f36b685b4552ebf5685aee8ca532ca54336d2a164f2f0bfea325 6842 /var/lib/docker/devicemapper/mnt/fb76a1e6272f23e315afaebf93ea8ad31288f05debdaea0cd863a1df3cff82cd/rootfs
Aug 30 11:54:57 dhcp35-83.lab.eng.blr.redhat.com systemd-machined[10913]: New machine 550d89305fd9f36b685b4552ebf5685a.
Aug 30 11:54:57 dhcp35-83.lab.eng.blr.redhat.com oci-systemd-hook[6864]: systemdhook <debug>: Skipping as container command is /usr/bin/dumb-init, not init or systemd
Aug 30 11:54:57 dhcp35-83.lab.eng.blr.redhat.com oci-umount[6866]: umounthook <info>: prestart /var/lib/docker/devicemapper/mnt/fb76a1e6272f23e315afaebf93ea8ad31288f05debdaea0cd863a1df3cff82cd/rootfs
...
Aug 30 11:54:57 dhcp35-83.lab.eng.blr.redhat.com oci-umount[6866]: umounthook <info>: Failed to canonicalize path [/var/lib/containers/storage/overlay]: No such file or directory. Skipping.
Aug 30 11:54:57 dhcp35-83.lab.eng.blr.redhat.com oci-umount[6866]: umounthook <info>: Failed to canonicalize path [/var/run/containers/storage]: No such file or directory. Skipping.
Aug 30 11:54:57 dhcp35-83.lab.eng.blr.redhat.com oci-umount[6866]: umounthook <info>: Could not find mapping for mount [/var/lib/docker/devicemapper] from host to conatiner. Skipping.
Aug 30 11:54:57 dhcp35-83.lab.eng.blr.redhat.com oci-umount[6866]: umounthook <info>: Could not find mapping for mount [/var/lib/docker/containers] from host to conatiner. Skipping.
Aug 30 11:54:57 dhcp35-83.lab.eng.blr.redhat.com dockerd-current[26101]: make: stat: Makefile: Permission denied
Aug 30 11:54:57 dhcp35-83.lab.eng.blr.redhat.com dockerd-current[26101]: make: *** No rule to make target 'out/minikube.iso'.  Stop.
Aug 30 11:54:57 dhcp35-83.lab.eng.blr.redhat.com systemd-machined[10913]: Machine 550d89305fd9f36b685b4552ebf5685a terminated.
Aug 30 11:54:57 dhcp35-83.lab.eng.blr.redhat.com oci-register-machine[6892]: 2017/08/30 11:54:57 Register machine: poststop 550d89305fd9f36b685b4552ebf5685aee8ca532ca54336d2a164f2f0bfea325 0 /var/lib/docker/devicemapper/mnt/fb76a1e6272f23e315afaebf93ea8ad31288f05debdaea0cd863a1df3cff82cd/rootfs
Aug 30 11:54:57 dhcp35-83.lab.eng.blr.redhat.com oci-systemd-hook[6901]: systemdhook <debug>: Skipping as container command is /usr/bin/dumb-init, not init or systemd
Aug 30 11:54:57 dhcp35-83.lab.eng.blr.redhat.com oci-umount[6902]: umounthook <debug>: poststop ignored
...

@r2d4 Does SELinux need to be disabled in this case?

[coolbrg]

After configuring SELinux for permissive mode with setenforce 0 runtime I am able to proceed with ISO build.

[philgebhardt]

@budhrg Were you ever able to build with ubuntu? I get an error hours into the build. I'm using the standard golang image as a base.

Error

ld -m elf_i386  -Bsymbolic -pie -E --hash-style=gnu -T /iso/out/buildroot/output/build/syslinux-6.03/core/i386/syslinux.ld -M -o ldlinux.elf ldlinux.o \
	--start-group libcom32.a --whole-archive /iso/out/buildroot/output/build/syslinux-6.03/bios/com32/lib/libcom32core.a libldlinux.a --end-group \
	> ldlinux.map
ld: ldlinux.elf: Not enough room for program headers, try linking with -N
ld: final link failed: Bad value
/iso/out/buildroot/output/build/syslinux-6.03/core/Makefile:167: recipe for target 'ldlinux.elf' failed

[r2d4]

@philgebhardt You should use the base image that we provide, and the makefile IN_DOCKER=1 make out/minikube.iso

[philgebhardt]

Thanks @r2d4, this wasn't immediately obvious from the build documentation. But I realize now, what I was doing was a bit funky. The following command gets past the issue I mentioned above (which is basically what make out/minikube.iso does 😄 ).

docker run -it -e IN_DOCKER=1 -w /mnt -v $PWD:/mnt gcr.io/k8s-minikube/buildroot-image make out/minikube.iso

[philgebhardt]

Build still fails (hours into the build), this time on crio-bin-v1.0.0, which fails to find go on minikube's buildroot-image.

Is the provided image supposed to have go installed? There is no step to install it from what I can tell by looking at the Dockerfile.

make[3]: Entering directory '/mnt/out/buildroot/output/build/crio-bin-v1.0.0'
hack/find-godeps.sh: line 26: go: command not found
hack/find-godeps.sh: line 26: go: command not found
hack/find-godeps.sh: line 26: go: command not found
touch "/mnt/out/buildroot/output/build/crio-bin-v1.0.0/_output/.gopathok"
if [ ! -x "/mnt/out/buildroot/output/build/crio-bin-v1.0.0/_output/bin/git-validation" ]; then \
	go get -u github.com/vbatts/git-validation; \
fi
if [ ! -x "/mnt/out/buildroot/output/build/crio-bin-v1.0.0/_output/bin/gometalinter" ]; then \
	go get -u github.com/alecthomas/gometalinter; \
	cd /mnt/out/buildroot/output/build/crio-bin-v1.0.0/_output/src/github.com/alecthomas/gometalinter; \
	git checkout 23261fa046586808612c61da7a81d75a658e0814; \
	go install github.com/alecthomas/gometalinter; \
	/mnt/out/buildroot/output/build/crio-bin-v1.0.0/_output/bin/gometalinter --install; \
fi
if [ ! -x "/mnt/out/buildroot/output/build/crio-bin-v1.0.0/_output/bin/go-md2man" ]; then \
	go get -u github.com/cpuguy83/go-md2man; \
fi
/bin/sh: 2: go: not found
Makefile:203: recipe for target '.install.gitvalidation' failed
make[3]: *** [.install.gitvalidation] Error 127
make[3]: *** Waiting for unfinished jobs....
/bin/sh: 2: go: not found
Makefile:217: recipe for target '.install.md2man' failed
make[3]: *** [.install.md2man] Error 127
/bin/sh: 2: go: not found
/bin/sh: 3: cd: can't cd to /mnt/out/buildroot/output/build/crio-bin-v1.0.0/_output/src/github.com/alecthomas/gometalinter
fatal: reference is not a tree: 23261fa046586808612c61da7a81d75a658e0814
/bin/sh: 5: go: not found
/bin/sh: 6: /mnt/out/buildroot/output/build/crio-bin-v1.0.0/_output/bin/gometalinter: not found
Makefile:208: recipe for target '.install.gometalinter' failed
make[3]: Leaving directory '/mnt/out/buildroot/output/build/crio-bin-v1.0.0'
make[3]: *** [.install.gometalinter] Error 127
package/pkg-generic.mk:206: recipe for target '/mnt/out/buildroot/output/build/crio-bin-v1.0.0/.stamp_configured' failed
make[2]: *** [/mnt/out/buildroot/output/build/crio-bin-v1.0.0/.stamp_configured] Error 2
make[2]: Leaving directory '/mnt/out/buildroot'
make[1]: *** [minikube_iso] Error 2
Makefile:119: recipe for target 'minikube_iso' failed
make[1]: Leaving directory '/mnt'
make: *** [out/minikube.iso] Error 2
Makefile:137: recipe for target 'out/minikube.iso' failed
Makefile:139: recipe for target 'out/minikube.iso' failed
make: *** [out/minikube.iso] Error 2

Let me know if I should open this as a separate issue.

[r2d4]

I'm not sure exactly why this requirement is there, but crio-bin builds with the host go toolchain, outside of docker.

You need go 1.8 on the host machine to build the minikube iso (even in docker). That probably warrants its own issue.

https://github.com/kubernetes/minikube/pull/1998/files#diff-49e34775b90ee6cc9eeffcf820e76bd0R5

ref #1998

[coolbrg]

I will verify again.

[fejta-bot]

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

[fejta-bot]

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten
/remove-lifecycle stale

[fejta-bot]

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

[kfox1111]

I'm seeing this too:
[kfox@zathras minikube]$ docker pull gcr.io/k8s-minikube/buildroot-image
Using default tag: latest
Trying to pull repository gcr.io/k8s-minikube/buildroot-image ...
Pulling repository gcr.io/k8s-minikube/buildroot-image
unauthorized: authentication required

[afbjorklund]

@kfox1111 : I don't think the image has ever been pushed, to build it use: make buildroot-image

[kfox1111]

Ah, ok. That seems to be working. Thanks.