Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

curl: command not found when using docker image >= 2.54.0 in an ARM deploymentScript w/ supportingScriptUris #29000

Open
Yunzlez opened this issue May 21, 2024 · 14 comments
Open

curl: command not found when using docker image >= 2.54.0 in an ARM deploymentScript w/ supportingScriptUris #29000

Yunzlez opened this issue May 21, 2024 · 14 comments
Assignees
@bebound
Labels
Azure CLI Team The command of the issue is owned by Azure CLI team customer-reported Issues that are reported by GitHub users external to the Azure organization. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Milestone
Backlog

Comments

@Yunzlez
Copy link

Yunzlez commented May 21, 2024

Describe the bug

When using "kind": "AzureCLI" inside of a Microsoft.Resources/deploymentScripts inside an ARM deployment, the script fails when one or more supportingScriptUris are set.

This happens because when supportingScriptUris is set, the entrypoint script (/mnt/azscripts/azscriptinput/DeploymentScript.sh, provided by the deployment) attempts to retrieve these additional resources using cURL.

cURL was removed in 2.54.0, in this commit, to remove build dependencies from the docker image.

As there seems to be no way to change the default entrypoint script in a Microsoft.Resources/deploymentScripts, this is now broken for any AZ CLI version >= 2.54.0

Related command

docker run -it mcr.microsoft.com/azure-cli:2.61.0 /bin/bash -c 'curl'

Errors

Uri: https://amastorageprodus.blob.core.windows.net/applicationdefinitions/<snip>/artifacts/install.sh failed to download. Detail: /mnt/azscripts/azscriptinput/DeploymentScript.sh: line 93: curl: command not found

Issue script & Debug output

Sample Microsoft.Resources/deploymentScripts definition:

    {
      "type": "Microsoft.Resources/deploymentScripts",
      "apiVersion": "2023-08-01",
      "name": "test-script",
      "location": "[parameters('location')]",
      "kind": "AzureCLI",
      "properties": {
        "azCliVersion": "2.59.0",
        "supportingScriptUris": [
          "[uri(deployment().properties.templateLink.uri, 'artifacts/install.sh')]"
        ],
        "scriptContent": "/bin/bash ./install.sh"
      }
    }

Expected behavior

Using supportingScriptUris inside of a Microsoft.Resources/deploymentScripts ARM resource pulls the external artifacts.

Environment Summary

docker image mcr.microsoft.com/azure-cli with tags >= 2.54.0

Additional context

The only workaround I've found is to fall back to 2.53.0.
@Yunzlez Yunzlez added the bug This issue requires a change to an existing behavior in the product in order to be resolved. label May 21, 2024
@microsoft-github-policy-service microsoft-github-policy-service bot added the customer-reported Issues that are reported by GitHub users external to the Azure organization. label May 21, 2024
@yonzhan
Copy link
Collaborator

yonzhan commented May 21, 2024

Thank you for opening this issue, we will look into it.

@yonzhan yonzhan added question The issue doesn't require a change to the product in order to be resolved. Most issues start as that Azure CLI Team The command of the issue is owned by Azure CLI team and removed bug This issue requires a change to an existing behavior in the product in order to be resolved. labels May 21, 2024
@yonzhan yonzhan added this to the Backlog milestone May 21, 2024
@bebound
Copy link
Contributor

bebound commented May 22, 2024

Why does /mnt/azscripts/azscriptinput/DeploymentScript.sh assume that the curl is installed?

@Yunzlez
Copy link
Author

Yunzlez commented May 22, 2024

I don't know. To be clear: this is not a script we wrote. This script was created by Microsoft and is automatically injected and ran during the ARM deployment. As far as I can tell, there is no way for us to change this behaviour.

@XavierGeerinck
Copy link

Any updates on this?

@bebound
Copy link
Contributor

bebound commented May 27, 2024

@zhoxing-ms for help

@zhoxing-ms
Copy link
Contributor

This happens because when supportingScriptUris is set, the entrypoint script (/mnt/azscripts/azscriptinput/DeploymentScript.sh, provided by the deployment) attempts to retrieve these additional resources using cURL.

@jorgecotillo Could you please help explain does supportingScriptUris assume that the curl is installed? If so, what is the reason?

@Yunzlez
Copy link
Author

Yunzlez commented May 31, 2024

Appreciate you looking into this - is there any update on this issue currently?

@anthony-c-martin
Copy link
Member

anthony-c-martin commented Sep 12, 2024
edited
Loading

This happens because when supportingScriptUris is set, the entrypoint script (/mnt/azscripts/azscriptinput/DeploymentScript.sh, provided by the deployment) attempts to retrieve these additional resources using cURL.

@jorgecotillo Could you please help explain does supportingScriptUris assume that the curl is installed? If so, what is the reason?

@zhoxing-ms it is used to fetch user scripts to be executed inside the container. Please see https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/deployment-script-template if you'd like more information about the product. If you would like more specifics (e.g. a link to the script itself), please reach out to me internally - my alias is antmarti.

We've been able to work around this by switching from curl to wget in our initialization script. DeploymentScripts is a heavily utilized resource on Azure; please keep us in mind if you need to make any further destructive changes to the image.

@bebound
Copy link
Contributor

bebound commented Sep 12, 2024

@anthony-c-martin curl and wget are not required in CLI docker image. We don't explicitly install them in the dockerfile. Please make sure these packages are installed before using them in your script.

PS: These packages are provided by the base OS of our image, but it may change in the future. For example, python:3.11-alpine includes only wget, while azurelinux3 has curl.

@XavierGeerinck
Copy link

@anthony-c-martin curl and wget are not required in CLI docker image. We don't explicitly install them in the dockerfile. Please make sure these packages are installed before using them in your script.

PS: These packages are provided by the base OS of our image, but it may change in the future. For example, python:3.11-alpine includes only wget, while azurelinux3 has curl.

It might make sense to provide those by default though. They are both small packages and are heavily utilized, outweighing the disadvantages if we had to manually provide them

@anthony-c-martin
Copy link
Member

It might make sense to provide those by default though. They are both small packages and are heavily utilized, outweighing the disadvantages if we had to manually provide them

+1

Please make sure these packages are installed before using them in your script.

Thanks for clarifying; sounds like we may need to move to publishing our own container image - installing at runtime is going to be too slow and unreliable for use in deploymentScripts.

@bebound
Copy link
Contributor

bebound commented Sep 13, 2024

We adhere to Docker best practices:

Don't install unnecessary packages

If the official image doesn't meet your needs, you should build your own image on top of it.

PS: I'm not saying we won't add more Linux tools in the image, but creating an all-encompassing development environment is not the goal of CLI image.

@XavierGeerinck
Copy link

We adhere to Docker best practices:

Don't install unnecessary packages

If the official image doesn't meet your needs, you should build your own image on top of it.

PS: I'm not saying we won't add more Linux tools in the image, but creating an all-encompassing development environment is not the goal of CLI image.

This is a DX question, not a best practices question.

"Does Microsoft want to provide a great DX, or do they want devs to struggle"

In the question above, currently it's the "struggle" part.

We are with 3 devs here already saying the same "It's a HELL" with no guidance. Creating own containers creates and brings a hassle that organizations do not want to deal with. Especially for something such as curl or wget

@anthony-c-martin
Copy link
Member

anthony-c-martin commented Sep 13, 2024
edited
Loading

We adhere to Docker best practices:

Don't install unnecessary packages

If the official image doesn't meet your needs, you should build your own image on top of it.

@bebound bear in mind that this container image is used directly for https://github.com/marketplace/actions/azure-cli-action. The Docker guidance on "publish your own container image" does not really apply for this use case, because it's not trivial to swap out images - your users would have to completely replace their usage of this action.

PS: I'm not saying we won't add more Linux tools in the image, but creating an all-encompassing development environment is not the goal of CLI image.

I think you're taking this guidance to the extreme. wget & curl aren't just part of an "all-encompassing development environment" - they're very frequently used for scripting in CI environments.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bebound bebound

Labels
Azure CLI Team The command of the issue is owned by Azure CLI team customer-reported Issues that are reported by GitHub users external to the Azure organization. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
6 participants
@XavierGeerinck @bebound @zhoxing-ms @anthony-c-martin @Yunzlez @yonzhan