Docker build fails with SSL connection timeout when downloading musl-1.2.5.tar.gz

[nmn3m]

Description

The Docker build process fails with SSL connection timeouts when attempting to download musl-1.2.5.tar.gz from musl.libc.org during the static bash binary compilation step. This prevents successful completion of the driver image build.

Environment

• OS: Linux 6.12.53-1-lts
• Docker BuildKit: Enabled
• Build script: ./demo/clusters/kind/build-dra-driver-gpu.sh
• Affected Dockerfile: deployments/container/Dockerfile

Steps to Reproduce

1. Set up the environment:

   export KIND_CLUSTER_NAME="kind-dra-1"

2. Run the build script:

   ./demo/clusters/kind/build-dra-driver-gpu.sh

3. Build fails during the bash-static compilation step

Error Output

#18 145.1 File: musl-1.2.5.tar.gz | Url: https://musl.libc.org/releases/musl-1.2.5.tar.gz
#18 165.1 curl: (28) SSL connection timeout
#18 190.1 curl: (28) SSL connection timeout
#18 215.1 curl: (28) SSL connection timeout
#18 240.1 curl: (28) SSL connection timeout
#18 265.2 curl: (28) SSL connection timeout
#18 290.2 curl: (28) SSL connection timeout
#18 315.2 curl: (28) SSL connection timeout
#18 340.2 curl: (28) SSL connection timeout
#18 365.2 curl: (28) SSL connection timeout

Root Cause

The issue occurs at Dockerfile:65-70 where the build script downloads musl-libc:

1. Network connectivity: While musl.libc.org is reachable via ping, HTTPS connections timeout
2. Docker network isolation: Default Docker networking may have restricted access to external HTTPS endpoints
3. Insufficient timeouts: The current --connect-timeout 20 may be too short for slow/restricted networks

Workaround/Solution

Two changes resolve the issue:

1. Use host network for Docker build

File: deployments/container/Makefile (line 62)

build:
	DOCKER_BUILDKIT=1 \
		$(DOCKER) $(BUILDX) build --pull \
+		--network=host \
		$(DOCKER_BUILD_OPTIONS) \

2. Increase curl timeout parameters

File: deployments/container/Dockerfile (line 67)

-    sed -i 's/-sLO/-sSfLO --retry 300 --connect-timeout 20 --retry-delay 5 --retry-all-errors /g' ./build.sh && \
+    sed -i 's/-sLO/-sSfLO --retry 300 --connect-timeout 60 --max-time 600 --retry-delay 5 --retry-all-errors /g' ./build.sh && \

Changes:

• Increase --connect-timeout from 20s to 60s
• Add --max-time 600 for 10-minute overall timeout

Suggested Fix

Consider one or both of the following approaches:

1. Add build argument for network mode (allows users to override if needed):

   DOCKER_NETWORK ?= default
   build:
       $(DOCKER) $(BUILDX) build --network=$(DOCKER_NETWORK) ...

2. Increase default timeouts to handle various network conditions globally

Additional Context

• The --network=host flag allows Docker to bypass network isolation and use the host's network stack
• Alternative mirrors for musl-libc could be considered as fallback options

[jgehrcke]

Hello. No offense -- but the content appears to be AI-generated and has low signal-to-noise ratio. If you use AI, please let your fellow human beings know.

Did you try solution approach (1) without (2)?

[nmn3m]

@jgehrcke Hello, you’re right, I used AI to help write this issue. While setting up DRA, I collected all the logs and commands I used into a file, then used AI to rephrase them into the issue description. I apologize for that. I’ll avoid using AI to describe issues in the future and make sure my ideas are clear.

I also tried approach 1 without approach 2, and it worked well.