Moby: Please add --add-host=[], --net options to docker build

@RoelVdP Any reason to why you try to do this ?

@resouer Yes. In our somewhat complex network setup, we need to edit the host file. We found a workaround here; http://jasonincode.com/customizing-hosts-file-in-docker/ but surely there must be a better way. --add-host=[] would fix this. It also looks like (see other tickets) many people are looking for this. (Hence --add-host=[] was added to docker run, here it is available today.). Having the same for docker build would be fantastic, thank you

In general I'm +1 with adding support for things like resource management for the builds, however add-host is specifically something that could make a build work on one host and not on another, and you can't tell why by just looking at the source (Dockerfile).

If you need resolution to these hosts, I'd suggest setting up a DNS server to handle these requests transparently.

So basically, I would have to -1 this one for now, I think.

however add-host is specifically something that could make a build work on one host and not on another, and you can't tell why by just looking at the source (Dockerfile).

@cpuguy83 playing devils advocate here; having a special DNS on one host and not on another, would also break the build on one host; looking at the Dockerfile also wouldn't explain why it breaks on that host but succeeds on another?

A DNS server needs to be installed to cover the (fairly basic) functionality of adding a single host IP/name to the hosts file?

@RoelVdP My point is, if you want to modify /etc/hosts, do it as part of the build at the beginning of your RUN command.

If the fact that the build isn't working due to needing hosts is an exception to the rule, then yes, fire up a DNS server like github.com/tianon/rawdns to handle this scenario transparently to the build.

@thaJeztah I get your point. And having --add-host would probably be somewhat equivalent of firing up a DNS server... but a feature once added is abused... which makes me (personally) less comfortable with this one in particular.

@cpuguy83 It is not possible to do it using RUN command/as part of the build; Docker makes this file R/O....

(except when using the complex solution mentioned in the url above http://jasonincode.com/customizing-hosts-file-in-docker/)

It would be great to have this functionality, just like it is available in Docker run.

@RoelVdP The build container is the same thing as a docker run container.
/etc/hosts is mounted as read-write, and I checked just to make sure.

FROM busybox
RUN echo 8.8.8.8 foo > /etc/hosts; ping -c 4 foo

@cpuguy83 A nice one-line workaround you found there, but it's not static;

$ cat Dockerfile
FROM busybox
RUN echo 8.8.8.8 foo > /etc/hosts; cat /etc/hosts
RUN cat /etc/hosts

$ sudo docker build .
Sending build context to Docker daemon 2.048 kB
Sending build context to Docker daemon
Step 0 : FROM busybox
---> 4986bf8c1536
Step 1 : RUN echo 8.8.8.8 foo > /etc/hosts; cat /etc/hosts
---> Running in 22d95c996843
8.8.8.8 foo
---> 5df6fa4f3b7d
Removing intermediate container 22d95c996843
Step 2 : RUN cat /etc/hosts
---> Running in d989b8e95b85
172.17.0.33 7f674915980d
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
---> 1232cf428f6b
Removing intermediate container d989b8e95b85
Successfully built 1232cf428f6b

Yep, you'd need to make your changes for each RUN command.

For anyone who's reading this; thanks to @cpuguy83 we now have the following workaround;

RUN echo ${IP} ${NAME} >> /etc/hosts; ${COMMAND}

The command HAS to be on the same line as the hosts addition (it will not be there the next RUN command), but at least this can be used for each command where needed. Definitely easier then the workaround at http://jasonincode.com/customizing-hosts-file-in-docker/

@cpuguy83 Thanks. While a nice workaround, it would still be great to have the --add-host solution mentioned earlier?

Not that there isn't already sufficient justification for this in this thread, but I'm bumping into this big-time when trying to create a Dockerfile that builds a Java project which is dependent on a linked Docker DB container. When building the image, the Java build is kicked off which contains unit tests that need to be able to hit the DB... but of course, I can't link the DB container to the build container. So at a minimum, it'd be nice to be able to add the current host IP of the DB server to the build container's /etc/hosts — but better still would be to be able to establish the link at build time.

+1 we rely on some static hosts file entries for an internal VPN and adding echo "host IP" > /etc/hosts to every command that requires to know about the hosts is a major letdown.

I see the approach here as adding a host(s) as a build argument. It's really too bad we can't easily add a hostfile to the Dockerfile as part of the build process. What's the advantage to adding a list of the hosts as a build argument, as opposed to providing a hostfile somewhere inside the Dockerfile, like I do for other resouces?

E.G.

ADD hosts /etc/

The posted solution above is the closest to this feature, just looks sort of icky and it might not work for every container:

http://jasonincode.com/customizing-hosts-file-in-docker/

In another thread I read a reference to HOSTALIASES. This works well for me.

--add-host=[] was previously added to docker run. Having the same option available for docker build would be great.

Does any one need --net option?
I think it is necessary for docker build to add it. Because in some case, I want to choose the net during docker build.

@xuxinkun +1

I just reached a few hours ago a situation where I need to explicitly set the --net option during build time. Do you know of any workaround?

@ramonsnir
I did not find a good way. Maybe the only way is to add --net option for build. I am coding on it. Later, I will try to make a pull request,

@xuxinkun Great. While at it, would you mind looking ad adding the --add-host=[] option also (this can maybe be taken integrally from docker run)?

@RoelVdP
OK. I will code it. I will try to make a pull request next week or later.

@cpuguy83 @duglin It seems to me this is another symptom that suggests making build have the same flags as run.

@RoelVdP As a workaround, you can today do docker run $runoptions builder-image | docker build -
assuming builder-image will output a tar context.

@tiborvass
how about this solution? add a --run-opts=[] option. u can use docker build --run-opts=['-net=bridge','--cpushares=1024 '] to achieve this.

Please add --net= option.

Since NAT, Portforwards and such adds quite a bit of overhead and failure-scenarios we've disabled dockers default networking entirely (--bridge=none) and only allow --net=host to get networking in a container (otherwise we fill the conntrack pool within 15minutes even if we set it as high as 1M entries and effectively hit a DoS scenario), so the only way to get networking in a container is if you add --net=host to the run command. (i wish this could be selected as default).

Currently we can't build anything with docker build if i have an identical setup as we run in production since we can't tell the build-process to use "--net=host".

@cetex
As https://github.com/docker/docker/pull/16004#issuecomment-137591883 say, @tiborvass want to add this option, but not add it directly to docker build. He wants to make docker build have similar option as docker run. I agree with his opinion. I suppose a solution as https://github.com/docker/docker/issues/10324#issuecomment-137907291.
If you want to use --net option right now, my pull request https://github.com/docker/docker/pull/16004 may help you.

I want --net, I don't see why those network parameters for "docker run" cannot be applied to "docker build". Actually I have problems with bridge everyday and eventually we basically always use --net=host for everything (most of my containers gossip each other, do leader election etc).

And I agree with cetex, --net=host should be default for docker run/build.

I'd prefer it if --net=host would be configurable on docker daemon commandline so you "select a system default" when starting the daemon. docker [run|build] --net= should only be used when you want to override the system defaults for some reason.

agree, --net=host should be allowed on build. building an image on our bare metal servers with our own apt repos is such major PITA for something so minutely trivial that I'm starting to rethink docker completely. what other gotchas for previously solved things will I run into?

+1 --net=host
"docker build" does not work for me when connected with VPN to my office,because the docker0 bridge is blocked. When running the container --net=host solves the issue.

+1 --net=host
"docker build" does not work often times in various permutations of AWS EC2 VPC's as well, while docker run works perfectly fine on 1.8.1. The divergent networking behavior between docker build and docker run needs to be sorted.

+1 --net=host

Also, on a cloud vm. run works with --net=host, but I can't build a docker container.

@tiborvass
How exactly to do this workaround?

@bakanov docker run -v $(pwd):/context --net=host builder-image | docker build -t myimage - where builder-image's responsibility is to send a tar stream of /context to stdout.

• 1 This NEEDS to be implemented also in the dockerfile. It's totally absurd that I cannot set a host alias in a docker image during the build process. I don't see why I should have to supply arguments to the docker run command which should be internal to the container. It makes no sense to me.

@RoelVdP can you clarify if the work around you describe results in the /etc/hosts file being modified permanently in the container after the build is complete? I can certainly see that it modifies etc/hosts within the context of a run command, but any changes I make are ultimately overwritten in the final built container

May be a good feature for Dockerfile will be smth like this:
REQUIREDHOSTS ['builddb', 'saltmaster', 'inetproxy']

Just naming the hosts to add during build and ensuring their availability during run. Names only.
It can be functioning kind like EXPOSE feature for ports.

Such a feature will solve the initial problem and add the needed transparency avoiding possible human errors. Will it?

@jskrepnek Sorry cannot recall details. Been quite a while since we needed it.

+1 --net=host

+1 for --net=host or --add-host

_USER POLL_

_The best way to get notified of updates is to use the _Subscribe_ button on this page._

Please don't use "+1" or "I have this too" comments on issues. We automatically
collect those comments to keep the thread short.

The people listed below have upvoted this issue by leaving a +1 comment:

@lwcolton

+1

Without this, how can you build this example from https://docs.docker.com/engine/examples/apt-cacher-ng/?

FROM ubuntu
RUN  echo 'Acquire::http { Proxy "http://dockerhost:3142"; };' >> /etc/apt/apt.conf.d/01proxy
RUN apt-get update && apt-get install -y vim git

# docker build -t my_ubuntu .

@ebuildy good point, this is a type in this docs, the RUN echo … should be down one line.

In this example, dockerhost cannot resolve, isnit?

I achieved this with --build-arg to give the container IP instead of a hostname, but I am really curious to see the doc example working, is it broken or I miss something?

@ebuildy it's broken, I did a tiny tiny PR to fix it (naively) https://github.com/docker/docker/pull/19580

Due to the issues with ufw on docker we use the setup described here https://github.com/docker/docker/issues/4737#issuecomment-191653053.

With this setup, only containers in our custom bridge from the IP range 192.168.0.0/24 have access to the internet. During build we can not specify this bridge with --net=mybridge so we have no internet access and the build fails.

So big +1 for adding the --net option to build.

I have a different use case for docker build --net. I want highly reproducible Docker image builds and would like to be able to disable networking entirely, so the only packages installed into the container are those provided explicitly and not random package downloads off the Internet.

Why not use something like the following in your Dockerfile?

FROM busybox

ARG HOSTS
ENV HOSTS ${HOSTS:-}

RUN [ ! -n "${HOSTS}" ] && echo "${HOSTS}" >> /etc/hosts

Then just run…

$ docker build --build-arg HOSTS="8.8.8.8 example.com" .

Above example easily allows appending hosts whenever you need some.

I would like support for docker build net=none to be sure that a build was not using the internet.

To access apt-cacher-ng (or other services!) on a different network during docker build, we jump through a whole bunch of _jinja2_ hoops - something along the lines of

1. Set apt-cacher up to be accessible on 172.17.0.0/16(the default docker bridge network)
2. Have a header in dockerfile that updates the proxy to be at the 172.17 address for apt-cacher-ng
3. Do all the docker build stuff...
4. Have a footer in dockerfile that rewrites the proxy to be at the "real" address for apt-cacher-ng

(And the jinja2 entertainment comes in because apt-cacher-ng is a docker container elsewhere, and the address changes, so yay, more fun. Whatever)

This does keep the dockefile Pure and Repeatable, but lord, at what cost?

So yeah, a huge +1 to having --net= as an option...

@franz-josef-kaiser If we do that, when the DNS of that domain changed, we have to rebuild the docker image. In a cluster of containers like in Kubernetes, the domain of a service will change a lot.

@wb14123 Valid concern. Above was meant as "in the meantime"/workaround.

Additional note: When you run it as separate RUN statement in the end, then it's just a very quick container that you can rebuild very fast as the rest is already cached. Such a rebuild should just take some seconds.

+1

@franz-josef-kaiser I'm using your trick. I tried your trick but the RUN line returned a non-zero exit code. I think you meant:

RUN [ -n "${HOSTS}" ] &&…

(Removed the bang !)

I'm using this to set a path to our enterprise Maven repository (building a Java project). The only purpose of this image is to provide an isolated build environment, so it's not a problem for me, that the IP could change.

Except…for some reason that RUN line isn't actually modifying /etc/hosts. If I run it in a container manually it modifies /etc/hosts as expected. But when it runs from the Dockerfile it isn't modifying /etc/hosts.

Aha! Combining your idea with @RoelVdP's I now have this:

In Dockerfile:

ARG HOSTS
ENV HOSTS ${HOSTS:-}
…
RUN [ -n "${HOSTS}" ] && echo "${HOSTS}" >> /etc/hosts && mvn install

And I build like:

docker build -t nrron --build-arg HOSTS="10.1.1.103 artifactory.domain.com" .

My Maven POM files can access artifactory.domain.com from that mvn install line!

+1

+1

+1

+1

Docker guys, this request is 1.5 years old, has a lot of discussion and people interested. When will this very easy feature request be considered for implementation?

+1

i think never XD

+1

the echo "ipaddress fullyqualified dns-name" >> /etc/hosts does not work if you build as non-root. /etc/hosts is only writeable by root. How is that fixed.
I do not like to rewrite all our buildscripts.

Hi, people interested in this issue, we are looking at https://github.com/docker/docker/pull/20987 again to implement this.

+1

+1

@tonistiigi @thaJeztah how does #27702 fix this?

Note that though setting the network at build time is now merged, then it has been possible to access the hosts on networks from the container to the internet (i.e container -> docker host -> osx (when on mac) -> whatever comes next).

I hit this issue today, one of the build script need to have specific domain name and IP mapping during the image building. Having --add-host in docker build would be handy in this case. And I don't think #27702 fully solved the request of this issue.

+1 , there needs to be --net options for the docker build command.

@gauravkaila this feature is in 1.13, which will be released next week. Please try out the release candidates and let us know if it is working for you.

@twang2218 if you need new features, please don't comment on a closed, resolved issue as no one will read it, you need to open a new issue.

@justincormack The title of this issue is Please add --add-host=[], --net options to docker build, and only --net has been added to docker build, --add-host=[] is still missing, that is the reason I didn't open another issue, because it is the same issue, and it shouldn't be closed.

Just open a new issue. There were several issues for this previously, it is
not helpful to comment on closed issues, I only saw this by accident.

On 12 Jan 2017 11:44 a.m., "Tao Wang" notifications@github.com wrote:

@justincormack https://github.com/justincormack The title of this issue
is Please add --add-host=[], --net options to docker build, and only --net
has been added to docker build, --add-host=[] is still missing, that is
the reason I didn't open another issue, because it is the same issue, and
it shouldn't be closed.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/docker/docker/issues/10324#issuecomment-272143236,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAdcPCBi4v_TfDbg8SbHnxj6eDgc57AEks5rRhIagaJpZM4DWmzR
.

ok, I will open a new issue for this.

COPY hosts /root/hosts
ENTRYPOINT ["bin/sh", "-c", "cat /root/hosts >> /etc/hosts && exec /bin/bash"]

Seems to be working pretty well, if you need to add a list of hosts to your container's /etc/hosts

I'm facing now an issue that it could be solved with this feature. May be I'm wrong and it could be solved somehow else.

I'm building an image in my CI environment and in one of the commands I need to access a production service that is deployed in a private network. There is a public IP available, but I need that the configured ip in the image is the private one. I saw the --ad-host in the run command so i though that that could be a solution. Point the service to a host name and then redirect the hostname on build time and runtime to different ip's

But no --add-host uption for docker build...

May be there is another option to solve this?

@compains --add-host was added in v17.04 #30383

+1

theres a similar option for the service ?

+1000

We need to be able to set the custom dns from dockerfile

+1

+1

+1

+1

Hi,

If you want to specify hostname during build time, now it implemented under this pull request:
https://github.com/moby/buildkit/pull/1339
You can vote for it to be merged asap.