** Description changed: + [ Impact ] + + In resource-agents < 4.18 the docker agent is not compatible with docker.io >= 29. The agent depends on the output of `docker images`, which has changed in the recent docker version. + The solution is part of the command itself: use --format for machine readable output. The bug was open upstream: + https://github.com/ClusterLabs/resource-agents/issues/2120 + and fixed in + https://github.com/ClusterLabs/resource-agents/commit/7a0bfa04ac9ea76deb4cb9ea4414d3eab15ecc55 + which is the patch to be backported here. + + [ Test Plan ] + + For each affected release: + + - install resource-agents-extra and docker.io + - run `docker pull alpine:latest` + - run `docker images` and check the image is listed there + - run + ``` + sudo OCF_ROOT=/usr/lib/ocf \ + OCF_RESKEY_image="alpine:latest" \ + OCF_RESKEY_CRM_meta_timeout=30000 \ + /usr/lib/ocf/resource.d/heartbeat/docker validate-all + ``` + and verify it fails stating the image cannot be found + + - run + ``` + sudo OCF_ROOT=/usr/lib/ocf \ + OCF_RESKEY_image="alpine:latest" \ + OCF_RESKEY_name="test-docker-ra" \ + OCF_RESKEY_CRM_meta_timeout=30000 \ + /usr/lib/ocf/resource.d/heartbeat/docker start + ``` + and verify it fails stating the image cannot be found + + - install resource-agents from the -proposed pocket + - run both `/usr/lib/ocf/resource.d/heartbeat/docker` commands again, and verify the image is found and the commands succeed as expected. + + [ Where problems could occur ] + + - The confidence about the patch comes from the fact it comes from + upstream, and was even released there in a more recent version of + resource-agents. + + - The patch is related to an image existence check; failing to perform it correctly would lead to: + a) explicit errors, which would be catched in the test steps above + a) false-negatives: not identifying an image when it is present, but that is exactly the current buggy state, which we want to fix here + b) false-positives: identifying an image that does not exist - which would be caught in the `start` command in the test + + [ Original Description ] + The docker resource agent (/usr/lib/ocf/resource.d/heartbeat/docker) from version 4.13.0-1ubuntu4 of the resource-agents-extra package in Ubuntu 24.04 does not work with Docker CLI 29.x. The reason is that the output format of the “docker images” command has changed from Docker version 28 to 29. Pacemaker reports the following problem when managing a resource using this resource agent: Failed Resource Actions: - * resource-name start on my-host returned 'not configured' (base image, registry.example.com/path/to/image:tag, could not be found.) + * resource-name start on my-host returned 'not configured' (base image, registry.example.com/path/to/image:tag, could not be found.) The problem is in line 515 of /usr/lib/ocf/resource.d/heartbeat/docker: - docker images | awk '{print $1 ":" $2}' | egrep -q -s + docker images | awk '{print $1 ":" $2}' | egrep -q -s "^(docker.io\/|${SERVER_NAME}\/)?${IMAGE_NAME}:${IMAGE_TAG}\$" This depends on the output format of the “docker images” command, which, when used without the --format argument, is not guaranteed to be stable across Docker releases. This line should be changed to - docker images --format '{{.Repository}}:{{.Tag}}' | egrep -q -s + docker images --format '{{.Repository}}:{{.Tag}}' | egrep -q -s "^(docker.io\/|${SERVER_NAME}\/)?${IMAGE_NAME}:${IMAGE_TAG}\$" thus ensuring that the output format will be the same regardless of the Docker release in use. In my environment, this fixed the problem. - Environment details: Distributor ID: Ubuntu Description: Ubuntu 24.04.4 LTS Release: 24.04 Codename: noble resource-agents-extra: - Installed: 1:4.13.0-1ubuntu4 - Candidate: 1:4.13.0-1ubuntu4 - Version table: - *** 1:4.13.0-1ubuntu4 500 - 500 http://archive.ubuntu.com/ubuntu noble/universe amd64 Packages - 100 /var/lib/dpkg/status + Installed: 1:4.13.0-1ubuntu4 + Candidate: 1:4.13.0-1ubuntu4 + Version table: + *** 1:4.13.0-1ubuntu4 500 + 500 http://archive.ubuntu.com/ubuntu noble/universe amd64 Packages + 100 /var/lib/dpkg/status
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2148302 Title: Docker resource agent does not work with Docker CLI 29.x To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/resource-agents/+bug/2148302/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
