lambda.LayerVersion: missing DNS when building a layer with docker

[thomas-roos]

Describe the bug

That hack 'echo "nameserver 8.8.8.8" > /etc/resolv.conf is necessary to allow pip to fetch packages from the internet.

    const layerVersion = new lambda.LayerVersion(this, 'BundledLayerVersionPythonRuntime', {
      compatibleRuntimes: [
        lambda.Runtime.PYTHON_3_12,
      ],
      code: lambda.Code.fromAsset(path.join(__dirname, '..', 'lambda-handler', 'mapper','layer'),{
        bundling: {
          command: [
                '/bin/bash',
                '-c',
                'echo "nameserver 8.8.8.8" > /etc/resolv.conf && sleep 5 && python3 -m pip install -r requirements.txt --no-cache-dir -t /asset-output/python --index-url https://pypi.org/simple/ ',
              ],
          image: lambda.Runtime.PYTHON_3_12.bundlingImage,
          user: 'root',
          platform: 'linux/amd64',
        },
      }),
    });

Expected Behavior

echo "nameserver 8.8.8.8" > /etc/resolv.conf is not necessary, and it works just out of the box

Current Behavior

WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by ‘NewConnectionError(‘<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7f9779c5c6b0>: Failed to establish a new connection: [Errno -2] Name or service not known’)’: /simple/jmespath/

Reproduction Steps

Stack without the hack.

Possible Solution

--dns parameter should be a parameter to building
https://docs.docker.com/network/

Additional Information/Context

No response

CDK CLI Version

2.126.0 (build fb74c41)

Framework Version

No response

Node.js Version

9.6.7

OS

Ubuntu 20.04

Language

TypeScript

Language Version

No response

Other information

No response

[patrickmryan]

In your bundling settings, add network=host and try again (without tweaking resolve.conf).

[thomas-roos]

tried this before, tried it now - not working

cdk synth
Bundling asset IngestionFunction/BundledLayerVersionPythonRuntime/Code/Stage...
Looking in indexes: https://pypi.org/simple/
WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7f6c037c8310>: Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/kafka-python/
WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7f6c037c9010>: Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/kafka-python/
WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7f6c037c9c10>: Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/kafka-python/
WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7f6c037ca810>: Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/kafka-python/
WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7f6c037cb310>: Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/kafka-python/
ERROR: Could not find a version that satisfies the requirement kafka-python (from versions: none)

[patrickmryan]

Try to execute the pip install separately from CDK. Might be an issue with your Docker install. Here's my test:

[patrick85-dev ~]$ docker run -it public.ecr.aws/sam/build-python3.12 /bin/bash
bash-5.2# cd /tmp
bash-5.2# echo kafka-python > requirements.txt
bash-5.2# mkdir output
bash-5.2# python3 -m pip install -r requirements.txt --no-cache-dir -t $PWD/output --index-url https://pypi.org/simple/
Looking in indexes: https://pypi.org/simple/
Collecting kafka-python (from -r requirements.txt (line 1))
  Obtaining dependency information for kafka-python from https://files.pythonhosted.org/packages/75/68/dcb0db055309f680ab2931a3eeb22d865604b638acf8c914bedf4c1a0c8c/kafka_python-2.0.2-py2.py3-none-any.whl.metadata
  Downloading kafka_python-2.0.2-py2.py3-none-any.whl.metadata (7.8 kB)
Downloading kafka_python-2.0.2-py2.py3-none-any.whl (246 kB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 246.5/246.5 kB 5.4 MB/s eta 0:00:00
Installing collected packages: kafka-python
Successfully installed kafka-python-2.0.2
WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv

[notice] A new release of pip is available: 23.2.1 -> 24.0
[notice] To update, run: pip install --upgrade pip
bash-5.2# exit
exit

[pahud]

This doesn't seem to be a bug from CDK but we need more inputs from here.

[thomas-roos]

Retried in a non-corporate environment, it works without the hack.
To make it work in my corporate environment I needed to add a proper DNS (8.8.8.8) to /var/snap/docker/current/config/daemon.json
Sorry for the noise - closing. Thanks for the responses.

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.