Provide official docker image

[pniederlag]

official docker image

would be helpful if you published an docker image with azcopy baked in

[pniederlag]

my image is here (v10):
https://cloud.docker.com/u/datenbetrieb/repository/docker/datenbetrieb/azcopy

an older release can be found on:
https://hub.docker.com/r/hawaku/azcopy

[Edit, by maintainer @JohnRusk : To avoid any possible confusion, the above links are not supplied by Microsoft.]

[JohnRusk]

Thanks for the suggestion @pniederlag. It's probably not something we can do soon, but it does sound like we should look into at some stage.

[colemickens]

+1. Please?

Apparently the Azure CLI is now dependent on this tool for basic functionality. PLEASE include this in the Azure-CLI container or package it in a new container. I can't be bothered to try to package or wrap the CLI and then now every other external tool that its going to expect or download on the fly and shell out to.... just to do very basic things like "create an RG and upload a disk".

[junkiebev]

This is how am doing this @colemickens / @JohnRusk

It's effectively a build artifact which makes the azcopy v10 (linux) binary available for copying from /usr/bin/azcopy when you build a container. It'd be easy to modify it and switch the FROM scratch to a supported image like ubuntu and put CMD azcopy in there or something similar.

FROM alpine as azcopy
RUN apk add --no-cache wget \
&&	wget https://aka.ms/downloadazcopy-v10-linux -O /tmp/azcopy.tgz \
&&	export BIN_LOCATION=$(tar -tzf /tmp/azcopy.tgz | grep "/azcopy") \
&&	tar -xzf /tmp/azcopy.tgz $BIN_LOCATION --strip-components=1 -C /usr/bin
FROM scratch
COPY --from=azcopy /usr/bin/azcopy /usr/bin/azcopy

[JohnRusk]

If you want to lock it to a particular version, instead of always getting the latest, see tips here https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10?toc=%2fazure%2fstorage%2fblobs%2ftoc.json#obtain-a-static-download-link

[jocatalin]

+1 would be useful to have an official image (e.g. to be consumed in azure devops pipelines)

[SudoBrendan]

Adding on to @junkiebev s work - I had to write something similar to the following for an alpine base:

FROM alpine AS build
RUN apk add --no-cache wget \
&&	wget https://aka.ms/downloadazcopy-v10-linux -O /tmp/azcopy.tgz \
&&	export BIN_LOCATION=$(tar -tzf /tmp/azcopy.tgz | grep "/azcopy") \
&&	tar -xzf /tmp/azcopy.tgz $BIN_LOCATION --strip-components=1 -C /usr/bin

FROM alpine:3.9 AS final
RUN apk update && apk add libc6-compat ca-certificates
COPY --from=build /usr/bin/azcopy /usr/local/bin/azcopy
RUN ldd /usr/local/bin/azcopy

[JohnRusk]

Note that if you use the link noted above (aka.ms/downloadazcopy-v10-linux) you don't know exactly which version you'll get, other than it will be the latest one at the time you hit the URL. If you would rather get a repeatable version (the same one) every time, you can follow the instructions here to get a URL to a specific version: https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10#use-azcopy-in-a-script

[dpolivy]

Adding my +1 for this. I'm having issues running azcopy in a Docker container using this image, I think because it doesn't have the right CA certificates installed.

[dylanwulf]

Running azcopy inside of a docker container is very difficult right now, because azcopy v10 depends on keyctl for storing auth tokens. But keyctl is disabled by docker's default seccomp profile (https://docs.docker.com/engine/security/seccomp/). So the only way I can currently get azcopy to work inside a docker container is with SAS tokens.

[JohnRusk]

Good point @dylanwulf . We're aware of the issues and considering solutions, likely for inclusion in AzCopy 10.5. At this stage, its likely that the solution will work for Service Principal Authentication (SPA) and Managed Service Identity (MSI); but not for logging in as a "human" user. We believe that limitation is probably a good thing for such cases, since service-like usage should use SPA or MSI rather than a human's account. How does that sound to you?

[dylanwulf]

@JohnRusk Sounds good! I was trying to use service principal authentication when I discovered this limitation

[kalyan123i]

yes official image will help us a lot with pipelines

[thomasbeauvais]

This is one of the easiest things to do, how is this not done yet? There are literal solutions in this thread. Threads like this are the reason the ecosystem around Azure is breaking down.

</rant>

[franck-cussac]

If you want to use SPA or logging as a human today in a container, you have to add ketctl and add_key syscalls in seccomp config file.

You can find the default seccomp file here : https://raw.githubusercontent.com/docker/docker/v1.12.3/profiles/seccomp/default.json

Just copy, modify it and use it in docker run command.

[derekrprice]

That's not really a solution since it opens up my system keychain to the container.

[juchom]

I have created a docker image with the given solutions here (thanks guys). Until we have an official image from Microsoft, I'll try to update it as soon as a new version of AzCopy will be available.

Repo here:
https://github.com/linoafr/docker-azcopy

Docker hub:
https://hub.docker.com/r/linoa/azcopy

[PeterDaveHello]

For those who wants to specify specific azcopy version, I built one here:

• https://hub.docker.com/r/peterdavehello/azcopy
• https://github.com/PeterDaveHello/docker-azcopy

You can find out all the available versions here:

• https://hub.docker.com/r/peterdavehello/azcopy/tags