Elenche Zetetique

Custom docker image

Once again faced with the problem of infrastructure deployment, when, it would seem, previously perfectly working pipeline suddenly starts throwing errors that have never appeared before, namely in this case about the lack of standard programs like apt and dpkg.

It turned out I had run into a common issue: the upstream Terraform Docker images strip down the image size to reduce attack surface, removing even core tools like dpkg, apt, curl etc.

I decided that using an open image that is under my control is a better long-term solution. And in the future for other purposes I will build my images from the beginning to avoid these kinds of sudden problems.

Here is the Dockerfile:

FROM ubuntu:22.04

RUN apt-get update && apt-get install -y \
  curl unzip gnupg software-properties-common jq \
  && curl -fsSL https://apt.releases.hashicorp.com/gpg | gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg \
  && echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" > /etc/apt/sources.list.d/hashicorp.list \
  && apt-get update && apt-get install -y terraform \
  # Install AWS CLI v2
  && curl -o awscliv2.zip https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip \
  && unzip awscliv2.zip \
  && ./aws/install \
  && rm awscliv2.zip \
  && rm -rf ./aws

ENTRYPOINT ["/bin/bash", "-l", "-c"]

Errors

After building the image and replacing with the appropriate name in the CI file I «tripped» on a couple more errors.

Cannot execute binary file

First one was:

/usr/bin/sh: /usr/bin/sh: cannot execute binary file

«This error occurs when you use a shell in your entrypoint without the -c argument so the command-string appended to the docker run command will be executed within the shell.»

So the last line in the dockerfile turned into:

ENTRYPOINT ["/bin/bash", "-l", "-c"]

Syntax error: “do” unexpected

Then another error popped up:

sh: 7: Syntax error: "do" unexpected

To override the entrypoint of a Docker image, in the .gitlab-ci.yml file:

• For Docker 17.06 and later, set entrypoint to an empty value.
• For Docker 17.03 and earlier, set entrypoint to /bin/sh -c, /bin/bash -c, or an equivalent shell available in the image.

So using the image in the CI file ends up looking like this:

image:
  name: "${CI_TEMPLATE_REGISTRY_HOST}/elenche-devops/infrastellar/tf-base:x.x.x"
  entrypoint: [""]

References

• Cannot execute binary file
• Run your CI/CD jobs in Docker containers. Override the entrypoint of an image