deploy/sandbox: apt retry + 推 http mirror(腾讯云 https 偶发 SSL EOF)
腾讯云内网 apt mirror (169.254.0.3) HTTPS 端偶发不发 close_notify 直接断, OpenSSL 3 严格 fail (error:0A000126: unexpected eof while reading),OpenSSL 1.1.1 容忍。python:3.11-slim 自带 OpenSSL 3,撞这条。 修两层: - Dockerfile 加 Acquire::Retries "5" + Pipeline-Depth "0" + No-Cache "true" - RUN.md 推 APT_MIRROR=http:// 而非 https://(apt 包 GPG 签名校验,无 HTTPS 安全收益,顺手绕开 SSL 兼容问题) 故障兜底加 OpenSSL EOF 一行。 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
29557cad45
commit
792366d9fc
9
RUN.md
9
RUN.md
|
|
@ -293,8 +293,12 @@ sudo -u zcbot docker build \
|
||||||
# --build-arg PIP_TRUSTED_HOST=<host_without_scheme>
|
# --build-arg PIP_TRUSTED_HOST=<host_without_scheme>
|
||||||
|
|
||||||
# apt 源同款(chromium + nodejs + npm 体积大,deb.debian.org 境内慢):
|
# apt 源同款(chromium + nodejs + npm 体积大,deb.debian.org 境内慢):
|
||||||
# --build-arg APT_MIRROR=https://mirrors.cloud.tencent.com # 腾讯云内网
|
# --build-arg APT_MIRROR=http://mirrors.cloud.tencent.com # 腾讯云内网(推 http,见下)
|
||||||
# --build-arg APT_MIRROR=https://mirrors.aliyun.com # 阿里云
|
# --build-arg APT_MIRROR=http://mirrors.aliyun.com # 阿里云
|
||||||
|
# 推荐 http 而非 https:apt 包用 GPG 签名校验,HTTPS 无额外安全收益,且腾讯云
|
||||||
|
# 内网 mirror 走 https 偶发触发 OpenSSL 3 严格的 `unexpected eof while reading`
|
||||||
|
# (旧版 OpenSSL 1.1.1 容忍,新版 fail)。Dockerfile 已加 apt retry=5 + 关
|
||||||
|
# pipeline + no-cache 兜底偶发抖动。
|
||||||
|
|
||||||
# npm 源同款(@mermaid-js/mermaid-cli + 依赖,境内访问 registry.npmjs.org 也慢):
|
# npm 源同款(@mermaid-js/mermaid-cli + 依赖,境内访问 registry.npmjs.org 也慢):
|
||||||
# --build-arg NPM_REGISTRY=https://mirrors.cloud.tencent.com/npm/ # 腾讯云
|
# --build-arg NPM_REGISTRY=https://mirrors.cloud.tencent.com/npm/ # 腾讯云
|
||||||
|
|
@ -453,6 +457,7 @@ sudo xfs_quota -x -c "limit -p bhard=10g zcbot_<user_uuid>" /opt
|
||||||
| `docker run zcbot-sandbox:latest` 报 `Unable to find image` | 镜像没 build。`sudo -u zcbot docker build -f deploy/sandbox/Dockerfile --build-arg HOST_UID=$(id -u zcbot) --build-arg HOST_GID=$(id -g zcbot) -t zcbot-sandbox:latest .` |
|
| `docker run zcbot-sandbox:latest` 报 `Unable to find image` | 镜像没 build。`sudo -u zcbot docker build -f deploy/sandbox/Dockerfile --build-arg HOST_UID=$(id -u zcbot) --build-arg HOST_GID=$(id -g zcbot) -t zcbot-sandbox:latest .` |
|
||||||
| 镜像 build pip 报 `ReadTimeoutError: HTTPSConnectionPool(host='files.pythonhosted.org', ...)` | 境内访问 PyPI 抖动。加 `--build-arg PIP_INDEX_URL=https://mirrors.cloud.tencent.com/pypi/simple/`(腾讯云内网)或阿里云 / 清华源,详 RUN.md「镜像构建」段。Dockerfile 已把 pip timeout 拉到 60s,主因仍是源不通而非超时 |
|
| 镜像 build pip 报 `ReadTimeoutError: HTTPSConnectionPool(host='files.pythonhosted.org', ...)` | 境内访问 PyPI 抖动。加 `--build-arg PIP_INDEX_URL=https://mirrors.cloud.tencent.com/pypi/simple/`(腾讯云内网)或阿里云 / 清华源,详 RUN.md「镜像构建」段。Dockerfile 已把 pip timeout 拉到 60s,主因仍是源不通而非超时 |
|
||||||
| 镜像 build npm 装 mermaid-cli 慢 / fail | npm 源境内慢。加 `--build-arg NPM_REGISTRY=https://mirrors.cloud.tencent.com/npm/`(腾讯云)或 `https://registry.npmmirror.com/`(阿里) |
|
| 镜像 build npm 装 mermaid-cli 慢 / fail | npm 源境内慢。加 `--build-arg NPM_REGISTRY=https://mirrors.cloud.tencent.com/npm/`(腾讯云)或 `https://registry.npmmirror.com/`(阿里) |
|
||||||
|
| 镜像 build apt 报 `OpenSSL error: ... unexpected eof while reading` | 腾讯云 / 阿里 mirror HTTPS 端偶发 close_notify 缺失,OpenSSL 3 严格 fail。改用 http 形式:`--build-arg APT_MIRROR=http://mirrors.cloud.tencent.com`(apt 包 GPG 签名校验,无 HTTPS 安全收益)。Dockerfile 已配 apt retry=5 + 关 pipeline,重 build 一般直接过 |
|
||||||
| 容器内 shell 写工作目录报 `Permission denied`(but `sandbox check` ⑤ HOST_UID aligned ok) | DockerExecutor 写死了 `--user 1000:1000` 不会自动跟 build 的 HOST_UID 同步(改 `--user zcbot` 后已修)。仍报错检查镜像内 `docker run --rm --entrypoint id zcbot-sandbox:latest zcbot` 输出 uid 是否 = `id -u $(whoami)` |
|
| 容器内 shell 写工作目录报 `Permission denied`(but `sandbox check` ⑤ HOST_UID aligned ok) | DockerExecutor 写死了 `--user 1000:1000` 不会自动跟 build 的 HOST_UID 同步(改 `--user zcbot` 后已修)。仍报错检查镜像内 `docker run --rm --entrypoint id zcbot-sandbox:latest zcbot` 输出 uid 是否 = `id -u $(whoami)` |
|
||||||
| 模型用 run_python 跑 `render_diagrams.py` 报 `mmdc returncode=1: Failed to launch chromium` | 容器内 chromium 缺 puppeteer no-sandbox 配置。镜像已落 `/sandbox/puppeteer-config.json` + ENV `MERMAID_PUPPETEER_CONFIG`,render_diagrams.py 已读 env 自动 -p 注入;仍跪查 `docker exec ... env \| grep MERMAID` 看 env 是否在 |
|
| 模型用 run_python 跑 `render_diagrams.py` 报 `mmdc returncode=1: Failed to launch chromium` | 容器内 chromium 缺 puppeteer no-sandbox 配置。镜像已落 `/sandbox/puppeteer-config.json` + ENV `MERMAID_PUPPETEER_CONFIG`,render_diagrams.py 已读 env 自动 -p 注入;仍跪查 `docker exec ... env \| grep MERMAID` 看 env 是否在 |
|
||||||
| Export 报 "无可导出内容" | task 没 messages(只 system 不算);先发条消息再 export |
|
| Export 报 "无可导出内容" | task 没 messages(只 system 不算);先发条消息再 export |
|
||||||
|
|
|
||||||
|
|
@ -23,7 +23,9 @@ RUN if [ -n "${APT_MIRROR}" ]; then \
|
||||||
-e "s|http://security.debian.org|${APT_MIRROR}|g" \
|
-e "s|http://security.debian.org|${APT_MIRROR}|g" \
|
||||||
-e "s|https://security.debian.org|${APT_MIRROR}|g" \
|
-e "s|https://security.debian.org|${APT_MIRROR}|g" \
|
||||||
/etc/apt/sources.list /etc/apt/sources.list.d/*.sources 2>/dev/null || true; \
|
/etc/apt/sources.list /etc/apt/sources.list.d/*.sources 2>/dev/null || true; \
|
||||||
fi
|
fi && \
|
||||||
|
printf 'Acquire::Retries "5";\nAcquire::http::Pipeline-Depth "0";\nAcquire::http::No-Cache "true";\n' \
|
||||||
|
> /etc/apt/apt.conf.d/80-zcbot-retries
|
||||||
|
|
||||||
# - iptables / ip6tables: init.sh 配 blocklist 需要(NET_ADMIN cap 在 docker run 处加)
|
# - iptables / ip6tables: init.sh 配 blocklist 需要(NET_ADMIN cap 在 docker run 处加)
|
||||||
# - iproute2: ip 命令(调试 / 排查)
|
# - iproute2: ip 命令(调试 / 排查)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue