compose icon indicating copy to clipboard operation
compose copied to clipboard
verified publisher icon docker

[BUG] SSH Agent Forwarding doesn't work with compose up but works with build

Open ravishi opened this issue 1 year ago • 0 comments

Description

I'm using ssh: default + --mount=ssh,required=true to forward the ssh identities into my docker build. It worked at first but started failing without any clear reason after a while. Then I found an old bug (#9338) saying it only worked for build and I confirmed that's what's happening. It only works if I use docker compose build, but fails if I use docker compose up.a

Steps To Reproduce

  1. Have an image that requires ssh agent
  2. Changed the compose file to include the new ssh entry (ssh: ["default"])
  3. Clean my docker repo of any images/containers
  4. Bring my stack up with docker compose up -d service

Describe the results you received

It fails building the container that required ssh agent pass-through. It however works if I build that container first with docker compose build service).

The failure I'm getting is:

------
 > [service service 5/7] RUN --mount=type=ssh,required=true      ssh-keyscan github.com >> /root/.ssh/known_hosts     && pip install -r requirements.txt:
------
failed to solve: no SSH key "" forwarded from the client

Describe the results you expected:

Expected everything to be properly built and the stack brought up.

Additional information you deem important (e.g. issue happens only occasionally):

  • It was working with up in May 17. It was not working in May 22.
  • I'm on MacOS.

Compose Version

$ docker compose version
Docker Compose version v2.27.0-desktop.2

Docker Environment

$ docker info
Client:
 Version:    26.1.1
 Context:    desktop-linux
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.14.0-desktop.1
    Path:     /Users/dirleyrodrigues/.docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.27.0-desktop.2
    Path:     /Users/dirleyrodrigues/.docker/cli-plugins/docker-compose
  debug: Get a shell into any image or container (Docker Inc.)
    Version:  0.0.29
    Path:     /Users/dirleyrodrigues/.docker/cli-plugins/docker-debug
  dev: Docker Dev Environments (Docker Inc.)
    Version:  v0.1.2
    Path:     /Users/dirleyrodrigues/.docker/cli-plugins/docker-dev
  extension: Manages Docker extensions (Docker Inc.)
    Version:  v0.2.23
    Path:     /Users/dirleyrodrigues/.docker/cli-plugins/docker-extension
  feedback: Provide feedback, right in your terminal! (Docker Inc.)
    Version:  v1.0.4
    Path:     /Users/dirleyrodrigues/.docker/cli-plugins/docker-feedback
  init: Creates Docker-related starter files for your project (Docker Inc.)
    Version:  v1.1.0
    Path:     /Users/dirleyrodrigues/.docker/cli-plugins/docker-init
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
    Version:  0.6.0
    Path:     /Users/dirleyrodrigues/.docker/cli-plugins/docker-sbom
  scout: Docker Scout (Docker Inc.)
    Version:  v1.8.0
    Path:     /Users/dirleyrodrigues/.docker/cli-plugins/docker-scout

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 6
 Server Version: 26.1.1
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: e377cd56a71523140ca6ae87e30244719194a521
 runc version: v1.1.12-0-g51d5e94
 init version: de40ad0
 Security Options:
  seccomp
   Profile: unconfined
  cgroupns
 Kernel Version: 6.6.26-linuxkit
 Operating System: Docker Desktop
 OSType: linux
 Architecture: aarch64
 CPUs: 6
 Total Memory: 7.755GiB
 Name: docker-desktop
 ID: e4ec2fec-d3d2-4d00-808d-8599410128f4
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 No Proxy: hubproxy.docker.internal
 Labels:
  com.docker.desktop.address=unix:///Users/dirleyrodrigues/Library/Containers/com.docker.docker/Data/docker-cli.sock
 Experimental: false
 Insecure Registries:
  hubproxy.docker.internal:5555
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: daemon is not using the default seccomp profile

Anything else?

No response

ravishi avatar May 22 '24 12:05 ravishi