Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Use bookworm as docker base image #16324

Merged
merged 4 commits into from Sep 15, 2023
Merged

Use bookworm as docker base image #16324

merged 4 commits into from Sep 15, 2023

Conversation

erikjohnston
Copy link
Member

No description provided.

@erikjohnston erikjohnston marked this pull request as ready for review September 15, 2023 12:05
@erikjohnston erikjohnston requested a review from a team as a code owner September 15, 2023 12:05
@erikjohnston erikjohnston changed the base branch from develop to release-v1.92 September 15, 2023 12:08
@erikjohnston erikjohnston merged commit 3cf1a3a into release-v1.92 Sep 15, 2023
37 checks passed
@erikjohnston erikjohnston deleted the erikj/bump_docker branch September 15, 2023 12:14
@eibhear-from-athlone
Copy link

Hi. I pulled the 1.92.2 image (amd64) and it fails to start up with RuntimeError: can't start new thread error.

Any ideas as to what this might be?

The OS host is Debian 10.13:

eibhear@bigbox:~/services/matrix-synapse$ uname -a
Linux bigbox 4.19.0-25-amd64 #1 SMP Debian 4.19.289-2 (2023-08-08) x86_64 GNU/Linux

Full output of docker logs ... command:

eibhear@bigbox:~/services/matrix-synapse$ docker logs matrix-synapse
Starting synapse with args -m synapse.app.homeserver --config-path /data/homeserver.yaml
This server is configured to use 'matrix.org' as its trusted key server via the
'trusted_key_servers' config option. 'matrix.org' is a good choice for a key
server since it is long-lived, stable and trusted. However, some admins may
wish to use another server for this purpose.

To suppress this warning and continue using 'matrix.org', admins should set
'suppress_key_server_warning' to 'true' in homeserver.yaml.
--------------------------------------------------------------------------------
Error during startup:
Traceback (most recent call last):
  File "/usr/local/lib/python3.11/site-packages/synapse/app/_base.py", line 254, in wrapper
    await cb(*args, **kwargs)
  File "/usr/local/lib/python3.11/site-packages/synapse/app/homeserver.py", line 364, in start
    await _base.start(hs)
  File "/usr/local/lib/python3.11/site-packages/synapse/app/_base.py", line 528, in start
    resolver_threadpool.start()
  File "/usr/local/lib/python3.11/site-packages/twisted/python/threadpool.py", line 158, in start
    self.adjustPoolsize()
  File "/usr/local/lib/python3.11/site-packages/twisted/python/threadpool.py", line 304, in adjustPoolsize
    self._team.grow(self.min - self.workers)
  File "/usr/local/lib/python3.11/site-packages/twisted/_threads/_team.py", line 117, in grow
    @self._coordinator.do
     ^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/twisted/_threads/_threadworker.py", line 107, in do
    working.pop(0)()
  File "/usr/local/lib/python3.11/site-packages/twisted/_threads/_team.py", line 120, in createOneWorker
    worker = self._createWorker()
             ^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/twisted/_threads/_pool.py", line 55, in limitedWorkerCreator
    return ThreadWorker(startThread, Queue())
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/twisted/_threads/_threadworker.py", line 49, in __init__
    startThread(work)
  File "/usr/local/lib/python3.11/site-packages/twisted/_threads/_pool.py", line 49, in startThread
    return threadFactory(target=target).start()
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/threading.py", line 957, in start
    _start_new_thread(self._bootstrap, ())
RuntimeError: can't start new thread

The container details for the prematurely exited 1.92.2 container is as follows:

[
    {
        "Id": "70b1a49d2570b3a916ad10a56133fe725db04179a4d1f3a35fbce35eb292db8a",
        "Created": "2023-09-15T16:17:57.865326765Z",
        "Path": "/start.py",
        "Args": [],
        "State": {
            "Status": "exited",
            "Running": false,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 0,
            "ExitCode": 1,
            "Error": "",
            "StartedAt": "2023-09-15T16:17:59.182638354Z",
            "FinishedAt": "2023-09-15T16:18:01.116535037Z",
            "Health": {
                "Status": "unhealthy",
                "FailingStreak": 0,
                "Log": []
            }
        },
        "Image": "sha256:214ef5b6e4d43cbdd9afffa0eca99ed31cb3e7172edf8538f4b7bfcc53bedbfa",
        "ResolvConfPath": "/var/lib/docker/containers/70b1a49d2570b3a916ad10a56133fe725db04179a4d1f3a35fbce35eb292db8a/resolv.conf",
        "HostnamePath": "/var/lib/docker/containers/70b1a49d2570b3a916ad10a56133fe725db04179a4d1f3a35fbce35eb292db8a/hostname",
        "HostsPath": "/var/lib/docker/containers/70b1a49d2570b3a916ad10a56133fe725db04179a4d1f3a35fbce35eb292db8a/hosts",
        "LogPath": "/var/lib/docker/containers/70b1a49d2570b3a916ad10a56133fe725db04179a4d1f3a35fbce35eb292db8a/70b1a49d2570b3a916ad10a56133fe725db04179a4d1f3a35fbce35eb292db8a-json.log",
        "Name": "/matrix-synapse",
        "RestartCount": 0,
        "Driver": "overlay2",
        "Platform": "linux",
        "MountLabel": "",
        "ProcessLabel": "",
        "AppArmorProfile": "docker-default",
        "ExecIDs": null,
        "HostConfig": {
            "Binds": [
                "/home/eibhear/services/matrix-synapse/synapse-data:/data"
            ],
            "ContainerIDFile": "",
            "LogConfig": {
                "Type": "json-file",
                "Config": {}
            },
            "NetworkMode": "matrix-synapse",
            "PortBindings": {},
            "RestartPolicy": {
                "Name": "no",
                "MaximumRetryCount": 0
            },
            "AutoRemove": false,
            "VolumeDriver": "",
            "VolumesFrom": null,
            "CapAdd": null,
            "CapDrop": null,
            "Dns": [],
            "DnsOptions": [],
            "DnsSearch": [],
            "ExtraHosts": null,
            "GroupAdd": null,
            "IpcMode": "shareable",
            "Cgroup": "",
            "Links": null,
            "OomScoreAdj": 0,
            "PidMode": "",
            "Privileged": false,
            "PublishAllPorts": false,
            "ReadonlyRootfs": false,
            "SecurityOpt": null,
            "UTSMode": "",
            "UsernsMode": "",
            "ShmSize": 67108864,
            "Runtime": "runc",
            "ConsoleSize": [
                0,
                0
            ],
            "Isolation": "",
            "CpuShares": 0,
            "Memory": 0,
            "NanoCpus": 0,
            "CgroupParent": "",
            "BlkioWeight": 0,
            "BlkioWeightDevice": [],
            "BlkioDeviceReadBps": null,
            "BlkioDeviceWriteBps": null,
            "BlkioDeviceReadIOps": null,
            "BlkioDeviceWriteIOps": null,
            "CpuPeriod": 0,
            "CpuQuota": 0,
            "CpuRealtimePeriod": 0,
            "CpuRealtimeRuntime": 0,
            "CpusetCpus": "",
            "CpusetMems": "",
            "Devices": [],
            "DeviceCgroupRules": null,
            "DiskQuota": 0,
            "KernelMemory": 0,
            "MemoryReservation": 0,
            "MemorySwap": 0,
            "MemorySwappiness": null,
            "OomKillDisable": false,
            "PidsLimit": 0,
            "Ulimits": null,
            "CpuCount": 0,
            "CpuPercent": 0,
            "IOMaximumIOps": 0,
            "IOMaximumBandwidth": 0,
            "MaskedPaths": [
                "/proc/asound",
                "/proc/acpi",
                "/proc/kcore",
                "/proc/keys",
                "/proc/latency_stats",
                "/proc/timer_list",
                "/proc/timer_stats",
                "/proc/sched_debug",
                "/proc/scsi",
                "/sys/firmware"
            ],
            "ReadonlyPaths": [
                "/proc/bus",
                "/proc/fs",
                "/proc/irq",
                "/proc/sys",
                "/proc/sysrq-trigger"
            ]
        },
        "GraphDriver": {
            "Data": {
                "LowerDir": "/var/lib/docker/overlay2/ad6895e2bb1f789165e8ddc87912949320acb4dc1fba833f3ce0c7f9abf04763-init/diff:/var/lib/docker/overlay2/714b6179731be44493c512455c9c561308b0d6b035e7c8ae778cdba17e2ce3d1/diff:/var/lib/docker/overlay2/09ff055f12d2eee5acbf41d60e29fe506fceb0e480398cdd23daf30f4fedb585/diff:/var/lib/docker/overlay2/60cfb2598bb5e2ae3cf90141d54960f989f092ad1d5c49e9119449355cef6a8d/diff:/var/lib/docker/overlay2/88f89ae04bb50ad99edfa85312786749816a7444179ba294882ba66d37391d53/diff:/var/lib/docker/overlay2/98d1dfb740227561abfccf4bb4623e39f178531bc863bd17be9e721af1ea6324/diff:/var/lib/docker/overlay2/72d88e72910540015f6505d10c57b93bc4a725c0b248bf4529121e1f9548a1f7/diff:/var/lib/docker/overlay2/a5488bb0769c374bded9be87f59af183b00ff7ceb785cb33a0b8ec5446a50ef9/diff:/var/lib/docker/overlay2/765a1d994efbde843605ed23e0ff3a6dbee70c299964973391941e2c1a689d5c/diff:/var/lib/docker/overlay2/6665f6c3ee77d318c5778bce957befe28007be195b5369b469e677af17783e84/diff",
                "MergedDir": "/var/lib/docker/overlay2/ad6895e2bb1f789165e8ddc87912949320acb4dc1fba833f3ce0c7f9abf04763/merged",
                "UpperDir": "/var/lib/docker/overlay2/ad6895e2bb1f789165e8ddc87912949320acb4dc1fba833f3ce0c7f9abf04763/diff",
                "WorkDir": "/var/lib/docker/overlay2/ad6895e2bb1f789165e8ddc87912949320acb4dc1fba833f3ce0c7f9abf04763/work"
            },
            "Name": "overlay2"
        },
        "Mounts": [
            {
                "Type": "bind",
                "Source": "/home/eibhear/services/matrix-synapse/synapse-data",
                "Destination": "/data",
                "Mode": "",
                "RW": true,
                "Propagation": "rprivate"
            }
        ],
        "Config": {
            "Hostname": "70b1a49d2570",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "ExposedPorts": {
                "8008/tcp": {},
                "8009/tcp": {},
                "8448/tcp": {}
            },
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "LANG=C.UTF-8",
                "GPG_KEY=A035C8C19219BA821ECEA86B64E628F8D684696D",
                "PYTHON_VERSION=3.11.5",
                "PYTHON_PIP_VERSION=23.2.1",
                "PYTHON_SETUPTOOLS_VERSION=65.5.1",
                "PYTHON_GET_PIP_URL=https://github.com/pypa/get-pip/raw/9af82b715db434abb94a0a6f3569f43e72157346/public/get-pip.py",
                "PYTHON_GET_PIP_SHA256=45a2bb8bf2bb5eff16fdd00faef6f29731831c7c59bd9fc2bf1f3bed511ff1fe"
            ],
            "Cmd": null,
            "Healthcheck": {
                "Test": [
                    "CMD-SHELL",
                    "curl -fSs http://localhost:8008/health || exit 1"
                ],
                "Interval": 15000000000,
                "Timeout": 5000000000,
                "StartPeriod": 5000000000
            },
            "ArgsEscaped": true,
            "Image": "matrixdotorg/synapse:v1.92.2",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": [
                "/start.py"
            ],
            "OnBuild": null,
            "Labels": {
                "gitsha1": "e7274f764b057e5cd4f96e9d67eb011367564411",
                "org.opencontainers.image.documentation": "https://github.com/matrix-org/synapse/blob/master/docker/README.md",
                "org.opencontainers.image.licenses": "Apache-2.0",
                "org.opencontainers.image.source": "https://github.com/matrix-org/synapse.git",
                "org.opencontainers.image.url": "https://matrix.org/docs/projects/server/synapse",
                "org.opencontainers.image.version": "1.92.2"
            }
        },
        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "32b8a63c9238739e87da8760557a785177fa8f6d195ee70f4ac28048181f51da",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {},
            "SandboxKey": "/var/run/docker/netns/32b8a63c9238",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "",
            "Gateway": "",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "",
            "IPPrefixLen": 0,
            "IPv6Gateway": "",
            "MacAddress": "",
            "Networks": {
                "matrix-synapse": {
                    "IPAMConfig": {
                        "IPv4Address": "172.21.0.2"
                    },
                    "Links": null,
                    "Aliases": [
                        "70b1a49d2570"
                    ],
                    "NetworkID": "7dfd794829398b30f469f0f5741152d2a5805c8e31fbc7519b03644f9676a5b4",
                    "EndpointID": "",
                    "Gateway": "",
                    "IPAddress": "",
                    "IPPrefixLen": 0,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "",
                    "DriverOpts": null
                }
            }
        }
    }
]

@ggogel
Copy link

ggogel commented Sep 15, 2023

@eibhear-from-athlone Are you running an old version of Docker? See https://stackoverflow.com/questions/70087344/python-in-docker-runtimeerror-cant-start-new-thread

yingziwu added a commit to yingziwu/synapse that referenced this pull request Sep 15, 2023
@yingziwu
Merge tag 'v1.92.2' into develop
3bc3b5d 
This is a Docker-only update to mitigate [CVE-2023-4863](https://cve.org/CVERecord?id=CVE-2023-4863), a critical vulnerability in `libwebp`. Server admins not using Docker should ensure that their `libwebp` is up to date (if installed). We encourage admins to upgrade as soon as possible.

- Update docker image to use Debian bookworm as the base. ([\matrix-org#16324](matrix-org#16324))
@eibhear-from-athlone
Copy link

@eibhear-from-athlone Are you running an old version of Docker?

That's exactly it. I used the debian-packaged version, 18.09. Thanks.

@DMRobertson DMRobertson mentioned this pull request Sep 18, 2023
Closed
@DMRobertson DMRobertson changed the title Use bookwork as docker base image Use bookworm as docker base image Sep 18, 2023
@DMRobertson DMRobertson mentioned this pull request Dec 4, 2023
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@wrjlewis wrjlewis wrjlewis approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@erikjohnston @eibhear-from-athlone @ggogel @wrjlewis