Bash tools missing from 3.3.0 release #119
Comments
|
Same here. Just had to spend over an hour picking apart a CloudFormation stack after an ECS service deployment failed and then failed to rollback because we were using the |
|
Hi all, This is likely due to a bug that was released in 3.3.0 - please see: #120 We have release v3.3.1 as of last night. Please let us know if this has alleviated your issues. Thanks, |
|
Hi, I think #120 is unrelated. The image of 3.2.0 was built with a lot of tools included such as Newer releases are built from I'm a big fan of small images, don't get me wrong :-) I solved this issue for now by locking my taskdef.json to v3.2.0: |
|
Gotcha, thanks for the explanation. Apologies for the trouble! Related issue: #126 |
|
I was using the latest tag and defining the entrypoint explicitly to use local mode (/usr/bin/xray, you can find this configuration in the official AWS docs) and those changes also broke X-Ray daemon in prod for me. Suggestion: maintain the old images and create a slim tag for folks who want smaller images. |
|
Hey CarlosDomingues, Apologies for the issues. We will be republishing the Dockerhub images using the base amazonlinux, and maintain this as the standard solution for Dockerhub users, as it was established as the standard from day one. We will be updating guidance on this in our public documentation, as well as supplying build instructions for those who wish to incorporate the extra tools into their ECR images for healthchecks or other operational items. |
|
New release 3.3.2 has been completed. Will be updating the docs accordingly. |
|
Hey @awssandra , shipping the same image tag but as 2 different artefacts to 2 different registries seems a bit of anti-pattern to me. I would expect I understand the reason for having 2 Dockerfiles, the amount of embedded tools the end user requires varies, but I would expect the tag to be consistent regardless of its location. I think the problem you are going to have is that folks hitting the Docker Hub rate limitting issue are just going to swap out the registries in their Task definitions and expect it to work. But as we've seen in this thread, their existing health checks will break when moving from Hub to ECR and they won't know why. If you look at some of the Docker official images the naming convention is
So my suggestion would be to keep DockerHub and ECR Public in sync, with For example:
|
Already ran into this. Was confusing as I expected to be fixed, but was getting the same problems when using ECR, IIUC. |
|
Hi @ollypom @fosrias @thomasritz @CarlosDomingues Thanks! |
|
My needs are simple. Just need |
|
Due to the lack of a health check for ECS, I just used I'd prefer to have a real health check command if that's possible. Thanks for such a great tool. And thanks for your support. |
|
I fully appreciate the teams effort to cut down the image size, but I too would appreciate input as to a real health check. |
|
Hi @cynicaljoy @thomasritz |
|
To follow up on @srprash's comment, we are specifically considering migrating both the public ECR and DockerHub image to use the debian:bullseye-slim. It has all of the basic bash tools you'd expect but at half the size of |
|
@thomasritz
|
|
Just to bump this up. We have a process of hardening original images before we run them in our infrastructure. The but it fails with:
Also, the fact that |
|
This is really inconsistent and made me crazy today. |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs in next 7 days. Thank you for your contributions. |
|
activity |
|
I don't understand why there hasn't been any movement on this issue. It's been a year. It's crazy for the same tag on different repos to point to fundamentally different images. Nothing has to be re-invented here, the precedent is already there - you add a suffix to the tag according to what is it based on (exactly as @project0 suggested) and push all of the tags to all of the repos, e.g.
|
|
Sorry for the delays on action for this issue - we have been off track on improvements for the daemon image and this has unfortunately slipped through the cracks. The only concern we have heard regarding the proposal @rbpltr mentioned is that pointing This change shouldn't be breaking functionality wise, just additive, but there could be size limits on sidecars that could lead to poor customer experience. Given this is mitigable by migrating to the |
|
for the scratch image ( |
This works but I'm not sure how robust it is. |
Thanks, that worked: when I originally tried it I had the entire line after CMD as a single segment opposed to individual items in the array |
|
(sorry if this was already suggested) Doing something like |
|
I tried a different approach which gives me some idea that the service is currently running. > xray
2023-11-27T19:17:32Z [Info] Initializing AWS X-Ray daemon 3.3.9
2023-11-27T19:17:32Z [Error] listen udp 127.0.0.1:2000: bind: address already in useYou can then grep this to verify that the service is already listening on that port:
Usage in AWS CDK: const xray = taskDefinition.addContainer("XRay", {
image: cdk.aws_ecs.ContainerImage.fromRegistry("amazon/aws-xray-daemon"),
cpu: 32,
memoryReservationMiB: 256,
essential: true,
portMappings: [
{
containerPort: 2000,
protocol: cdk.aws_ecs.Protocol.UDP,
},
],
// TODO: Replace with a better health check in the future.
// https://github.com/aws/aws-xray-daemon/issues/119
healthCheck: {
command: [
"CMD-SHELL",
"xray | grep 'bind: address already in use' || exit 0",
],
},
}); |
If one ECS Fargate container of a task has a health check configured, then all containers must have a health check.
With 3.2.0, I could use
trueas dummy health check.With 3.3.0, this health check fails due to
trueno longer being available in the image.It would be nice if there was an explicit health check command or so for the daemon.
The text was updated successfully, but these errors were encountered: