3

I am attempting to build a Docker container on my local machine based on the amazonlinux:latest image, but running into a Curl error during the yum install steps in my Dockerfile:

#6 0.378   - Curl error (6): Couldn't resolve host name for https://cdn.amazonlinux.com/al2023/core/mirrors/2023.0.20230322/x86_64/mirror.list [getaddrinfo() thread failed to start]
#6 0.378 Error: Failed to download metadata for repo 'amazonlinux': Cannot prepare internal mirrorlist: Curl error (6): Couldn't resolve host name for https://cdn.amazonlinux.com/al2023/core/mirrors/2023.0.20230322/x86_64/mirror.list [getaddrinfo() thread failed to start]

The Dockerfile I'm using looks like this:

FROM amazonlinux:latest

# Create deploy directory
WORKDIR /deploy

# Install system dependencies
RUN yum -y install make gcc*
# Add NodeSource 10.x yum repository
RUN curl --silent --location https://rpm.nodesource.com/setup_14.x | bash -
# Install nodejs
RUN yum -y install nodejs

# Install serverless
RUN npm install -g serverless

# Copy source
COPY . .

# Install app dependencies
RUN cd /deploy/functions && npm i --production && cd /deploy

#  Run deploy script
CMD ./deploy.sh ; sleep 2m

And my docker-compose.yml is:

version: "3"
services:
  image-resize-on-the-fly:
    build: .
    volumes:
      - ./secrets:/deploy/secrets
    env_file:
      - ./secrets/secrets.env

Other folks on my team are able to successfully run docker-compose up --build with these same files and have no issues. Similarly, I can run commands like docker run -it centos curl google.com with a successful response - but running docker run -it amazonlinux curl google.com fails with the same Curl error (6) as described above. Adding --security-opt seccomp=unconfined flag to the amazonlinux line DOES come back with a successful response.

I attempted to use the unconfined setting as the default in ~/.docker/daemon.json by adding "seccomp-profile":"unconfined" per (https://docs.docker.com/engine/reference/commandline/dockerd/) but got back an error saying the unconfined profile couldn't be found.

At this point, I'm lost for what to try next. There's clearly some kind of network setup issue, but I'm not well versed enough in those matters to understand what else to look for.

Derek Schilling
  • 41
  • 3
  • Can you add where you have installed Docker? Linux/Windows? Seems a DNS problem try to `docker run --dns 8.8.8.8 -it amazonlinux curl google.com` if work try to update the [config.json](https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file) adding the DNS – Max Apr 25 '23 at 17:54
  • @Max Thanks for your note. Running on Mac OSX Ventura. I do have a `dns` flag already in my `daemon.json` file, and inspecting the container it does appears to be using `8.8.8.8` as the `namespace`. – Derek Schilling Apr 26 '23 at 16:21
  • @DerekSchilling I'm sure you've discovered this is about secure computing restrictions - did you find a solution to running docker build based on the amazonlinux docker image? – Fredrik Wendt Jun 24 '23 at 07:47

1 Answers1

1

I'm betting that you're running on a machine where Docker runs with "old" seccomp settings. See this thread for https://github.com/amazonlinux/amazon-linux-2023/issues/80#issuecomment-1017798237 discussion and options.

Fredrik Wendt
  • 988
  • 1
  • 10
  • 17