Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

(cdk-assets): support building Docker images with Podman

See original GitHub issue

I’d like to use Podman to build images when using aws_ecs.ContainerImage.fromAsset("folder")

Use Case

Podman allows me to build and run containers locally without any elevated privileges while maintaining basically the same command line interface as regular Docker. My distribution even provides a /usr/bin/docker file that forwards all commands to podman so most of the time, invoking docker run ... just works.

For the commands aws-cdk currently use, everything works apart from docker inspect, which returns a different error code than docker on failure.

Proposed Solution

I’ve patched this file locally and have been deploying stuff with aws-cdk for a few months based on this:

-     if (e.code !== 'PROCESS_FAILED' || e.exitCode !== 1) { throw e; }
+     if (e.code !== 'PROCESS_FAILED' || ![1, 125].includes(e.exitCode)) { throw e; }

Other

As above the immediate fix is pretty simple. Reason I didn’t want to open a PR just yet is because I’m not sure how to add tests for this, if it needs to be running real podman or not for example. Another option would be to just change that to checking any failure and tests could still possibly pass

  • 👋 I may be able to implement this feature request
  • ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request

Issue Analytics

  • State:open
  • Created 2 years ago
  • Reactions:14
  • Comments:9 (2 by maintainers)

github_iconTop GitHub Comments

3reactions
fcoelhocommented, Sep 6, 2021

A small update to the changes I’m running locally: the endpoint used by podman login now cannot be a https:// prefixed string, even though docker supports it (this endpoint change works for both docker and podman)

diff --git a/packages/cdk-assets/lib/private/docker.ts b/packages/cdk-assets/lib/private/docker.ts
index e1fc544..3a22a10 100644
--- a/packages/cdk-assets/lib/private/docker.ts
+++ b/packages/cdk-assets/lib/private/docker.ts
@@ -41,7 +41,7 @@ export class Docker {
       await this.execute(['inspect', tag], { quiet: true });
       return true;
     } catch (e) {
-      if (e.code !== 'PROCESS_FAILED' || e.exitCode !== 1) { throw e; }
+      if (e.code !== 'PROCESS_FAILED' || ![1, 125].includes(e.exitCode)) { throw e; }
       return false;
     }
   }
@@ -68,7 +68,7 @@ export class Docker {
     await this.execute(['login',
       '--username', credentials.username,
       '--password-stdin',
-      credentials.endpoint], {
+      credentials.endpoint.replace(/^https?:\/\//, '')], {
       input: credentials.password,
 
       // Need to quiet otherwise Docker will complain

I was also having issues with SELinux in my system but seems this will sort it, I’ll test it when there’s a new RC out: https://github.com/aws/aws-cdk/pull/15742

2reactions
paulegancommented, Sep 19, 2021

Before I found this issue I had the same problems with podman and implemented almost identical workarounds. So I can confirm that these changes fix cdk with podman (Fedora 33, Podman 3.3.1).

For anyone searching for the errors generated, without these changes login throws:

fail: docker login --username AWS --password-stdin https://88888.dkr.ecr.eu-west-1.amazonaws.com exited with error code 125: Error: credentials key has https[s]:// prefix

and inspect throws:

fail: docker inspect cdkasset-xxx exited with error code 125: Error: error inspecting object: no such object: "cdkasset-xxx"
Read more comments on GitHub >

github_iconTop Results From Across the Web

aws-cdk/aws-ecr-assets module - AWS Documentation
This will instruct the toolkit to build a Docker image from my-image , push it to an Amazon ECR repository and wire the...
Read more >
Using the Docker integration with Podman container runtime
Podman is an alternative to Docker as it provides a Docker-compatible CLI interface and socket. This specificity allows you to use the Datadog...
Read more >
Building a Native Executable - Quarkus
They support the same capabilities to build native executables as Oracle GraalVM CE, with no significant ... A working container runtime (Docker or...
Read more >
Docker - Noise
Build a docker executor image for the Gitlab Runner. ... If an AWS CDK stack being deployed uses assets such as Docker images,...
Read more >
Chapter 4. Developing and deploying a Spring Boot runtime ...
For building and deploying your applications to OpenShift, Spring Boot 2.1.x only supports builder images based on OpenJDK 8 and OpenJDK 11.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

(ec2): support throughput option in EBS volume

Next page

ssm: service principals are incorrect for all regions since `ap-east-1`