Skip to content

Instantly share code, notes, and snippets.

@jwgstr

jwgstr/gist:4dcc9f16c52529486de0f6fa78c55aef

Created May 24, 2022 18:42
Show Gist options
  • Save jwgstr/4dcc9f16c52529486de0f6fa78c55aef to your computer and use it in GitHub Desktop.
Save jwgstr/4dcc9f16c52529486de0f6fa78c55aef to your computer and use it in GitHub Desktop.
Download ZIP
An Example of a Dockerfile for Lambda Running Python 3.10.4
Raw
gistfile1.txt
ARG FUNCTION_DIR="/app/"
ARG AWS_LINUX_VERSION="2022"
ARG PYTHON_VERSION="3.10.4"
FROM amazonlinux:${AWS_LINUX_VERSION} as python-layer
ARG PYTHON_VERSION
# install python
RUN yum update -y
RUN yum groupinstall "Development Tools" -y
RUN yum install openssl1.1 openssl1.1-devel libffi-devel bzip2-devel wget -y
RUN wget https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tgz
RUN tar -xf Python-${PYTHON_VERSION}.tgz
RUN cd Python-${PYTHON_VERSION}/ && \
./configure --enable-optimizations && \
make install
RUN ln -s /Python-${PYTHON_VERSION}/python /usr/bin/python
RUN python -m pip install --upgrade pip
FROM amazonlinux:${AWS_LINUX_VERSION} as base-layer
# copy over python
ARG PYTHON_VERSION
COPY --from=python-layer /Python-${PYTHON_VERSION} /Python-${PYTHON_VERSION}
COPY --from=python-layer /usr/local/bin /usr/local/bin
COPY --from=python-layer /usr/local/lib /usr/local/lib
RUN ln -s /Python-${PYTHON_VERSION}/python /usr/bin/python
ARG FUNCTION_DIR
RUN mkdir -p ${FUNCTION_DIR}
WORKDIR ${FUNCTION_DIR}
FROM base-layer as build-layer
######## YOUR OWN SETUP PROCESS HERE ########################
# copy over requirements and install those
COPY setup.py .
RUN pip install . --target "${FUNCTION_DIR}"
# copy over configuration and service code then install it
COPY config/ ${FUNCTION_DIR}/config/
COPY service/ ${FUNCTION_DIR}/
RUN pip install . --target "${FUNCTION_DIR}"
######## ########################### ########################
# install lambda runtime interface client for python
RUN pip install awslambdaric --target "${FUNCTION_DIR}"
FROM base-layer as runtime-layer
# copy in the built dependencies
ARG FUNCTION_DIR
COPY --from=build-layer ${FUNCTION_DIR} ${FUNCTION_DIR}
WORKDIR ${FUNCTION_DIR}
# (optional) add lambda runtime interface emulator
#ADD https://github.com/aws/aws-lambda-runtime-interface-emulator/releases/latest/download/aws-lambda-rie /usr/bin/aws-lambda-rie
#RUN chmod 755 /usr/bin/aws-lambda-rie
#ENTRYPOINT [ "/usr/bin/aws-lambda-rie", "python", "-m", "awslambdaric" ]
ENTRYPOINT [ "python", "-m", "awslambdaric" ]
######## REFERENCE YOUR OWN HANDLER HERE ########################
CMD [ "main.app" ]```
######## ############################### ########################
@matthewdeanmartin
Copy link

I tried this out, we're using an on premise Gitlab server to build our containers and it fails on not being able to resolve the yum repo. On my workstation I can get the mirror.list file and calling the yum repo returns an access denied XML file.

Anyhow, just leaving this here in case someone by random chance finds a solution.

Step 6/33 : RUN yum update -y
 ---> Running in f92f44d2481b
Amazon Linux 2022 repository                    0.0  B/s |   0  B     00:00    
Errors during downloading metadata for repository 'amazonlinux':
  - Curl error (6): Couldn't resolve host name for https://al2022-repos-us-west-2-9761ab97.s3.dualstack.us-west-2.amazonaws.com/core/mirrors/2022.0.20220504/x86_64/mirror.list [getaddrinfo() thread failed to start]
Error: Failed to download metadata for repo 'amazonlinux': Cannot prepare internal mirrorlist: Curl error (6): Couldn't resolve host name for https://al2022-repos-us-west-2-9761ab97.s3.dualstack.us-west-2.amazonaws.com/core/mirrors/2022.0.20220504/x86_64/mirror.list [getaddrinfo() thread failed to start]
Ignoring repositories: amazonlinux
Dependencies resolved.
Nothing to do.
Complete!
Removing intermediate container f92f44d2481b
 ---> 7db3d872e4d3
Step 7/33 : RUN yum groupinstall "Development Tools" -y
 ---> Running in dcdd483686a8
Amazon Linux 2022 repository                    0.0  B/s |   0  B     00:00    
Errors during downloading metadata for repository 'amazonlinux':
  - Curl error (6): Couldn't resolve host name for https://al2022-repos-us-west-2-97[61](https://git.loc.gov/COP/public-records/build/python_base_image/-/jobs/528757#L61)ab97.s3.dualstack.us-west-2.amazonaws.com/core/mirrors/2022.0.20220504/x86_[64](https://git.loc.gov/COP/public-records/build/python_base_image/-/jobs/528757#L64)/mirror.list [getaddrinfo() thread failed to start]
Error: Failed to download metadata for repo 'amazonlinux': Cannot prepare internal mirrorlist: Curl error (6): Couldn't resolve host name for https://al2022-repos-us-west-2-9761ab97.s3.dualstack.us-west-2.amazonaws.com/core/mirrors/2022.0.20220504/x86_64/mirror.list [getaddrinfo() thread failed to start]
Ignoring repositories: amazonlinux
Module or Group 'Development Tools' is not available.
Error: Nothing to do.
The command '/bin/sh -c yum groupinstall "Development Tools" -y' returned a non-zero code: 1

@jwgstr
Copy link
Author

jwgstr commented May 24, 2022

So I haven't used GitLab much myself. I presume that this is an issue with your env? and not GitLab? As in you maybe have a locked down on-prem env where if you want to access a yum repo you need to point to that proxy maybe? Or you don't have yum repos cached locally at all.

My gut reaction though is if you have the ability to push images into the GitLab Container Registry, you might be able to build just the python-layer image by separating it into it's own Dockerfile on your local machine (off premise), then upload that to Container Registry (say by bringing it into your env on a flash drive, scanning it etc, and then uploading it). And then use that python-layer as the base for the remainder of the above-mentioned Dockerfile so you effectively aren't maintaining that part of the build on-prem.

This still presumes that subsequent steps like doing a pip install (which will hit remote repositories) is allowed in your on-prem env (even if only through a proxy). But given that you might have been using the AWS official python images previously this approach might get you far enough along that pip install would work.

I'm making a lot of assumptions here. Feel free to provide a little more information. Happy to help bat around ideas if you want.

@BrutalSimplicity
Copy link

If you change the python-layer to the following, this should avoid the yum install issues. The fix here is to use the AWS SAML CLI Python build image. I inspected this with dive and found that it had all of the required build libraries and source files. I have not tried building the entire Dockerfile, but if that was the only issue I suspect it will work.

FROM amazon/aws-sam-cli-build-image-python3.8 as python-layer

ARG PYTHON_VERSION
RUN curl https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tgz --output Python-${PYTHON_VERSION}.tgz
RUN tar -xf Python-${PYTHON_VERSION}.tgz
RUN cd Python-${PYTHON_VERSION}/ && \
    ./configure --enable-optimizations && \
    make install
RUN ln -sf /Python-${PYTHON_VERSION}/python /usr/bin/python
RUN python -m pip install --upgrade pip

@FredrikWendt
Copy link

I assume this was yet another victim of glibc version 2.34 using syscall clone3, which was not allowed by Docker.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment