aws-sam-cli icon indicating copy to clipboard operation
aws-sam-cli copied to clipboard
verified publisher icon aws

Setting --docker-network option on sam build command has no effect

Open bryancornies opened this issue 3 years ago • 7 comments

Description:

When running sam build --docker-network host I am expecting the Docker container that is under build to use the network specified by the docker-network flag.

Steps to reproduce:

  1. Create a simple SAM project w/ PackageType=Image
  2. Add a RUN SLEEP 100 to the Dockerfile to force the build process to pause so it can be inspected
  3. Run sam build --docker-network host
  4. While the Docker image is building, run docker inspect --format='{{range $k, $v := .NetworkSettings.Networks}}{{$k}}{{end}}' [container]

Observed result:

Regardless of what is passed to the --docker-network flag, the under-build Docker container always uses the bridge network.

Expected result:

I would expect the under-build Docker container to use the network specified by the --docker-network option.

Additional environment details (Ex: Windows, Mac, Amazon Linux etc)

SAM CLI version: 1.36.0 OS: CentOS 7 AWS region: us-east-2 PackageType: Image

$ sam build --docker-network host --debug
2022-01-31 14:01:52,006 | Telemetry endpoint configured to be https://aws-serverless-tools-telemetry.us-west-2.amazonaws.com/metrics
2022-01-31 14:01:52,006 | Using config file: samconfig.toml, config environment: default
2022-01-31 14:01:52,006 | Expand command line arguments to:
2022-01-31 14:01:52,006 | --template_file=/home/bryan.cornies/repos/git/bids/teamcity-agent-authorizer/template.yaml --docker_network=host --build_dir=.aws-sam/build --cache_dir=.aws-sam/cache 
2022-01-31 14:01:52,173 | 'build' command is called
2022-01-31 14:01:52,180 | No Parameters detected in the template
2022-01-31 14:01:52,204 | 2 stacks found in the template
2022-01-31 14:01:52,204 | No Parameters detected in the template
2022-01-31 14:01:52,251 | 2 resources found in the stack 
2022-01-31 14:01:52,251 | No Parameters detected in the template
2022-01-31 14:01:52,286 | Found Serverless function with name='TeamCityAgentAuthorizer' and ImageUri='None'
2022-01-31 14:01:52,286 | --base-dir is not presented, adjusting uri ./TeamCityAgentAuthorizer relative to /home/bryan.cornies/repos/git/bids/teamcity-agent-authorizer/template.yaml
2022-01-31 14:01:52,287 | --base-dir is not presented, adjusting uri . relative to /home/bryan.cornies/repos/git/bids/teamcity-agent-authorizer/template.yaml
2022-01-31 14:01:52,287 | No Parameters detected in the template
2022-01-31 14:01:52,327 | Instantiating build definitions
2022-01-31 14:01:52,338 | Unique function build definition found, adding as new (Function Build Definition: BuildDefinition(None, /home/bryan.cornies/repos/git/bids/teamcity-agent-authorizer, Image, , a9f8019e-0096-44eb-bfcc-2c4be9e5504b, {'DockerTag': 'dev', 'DockerContext': '/home/bryan.cornies/repos/git/bids/teamcity-agent-authorizer/TeamCityAgentAuthorizer', 'Dockerfile': 'Dockerfile'}, {}, x86_64, []), Function: Function(name='TeamCityAgentAuthorizer', functionname='TeamCityAgentAuthorizer', runtime=None, memory=None, timeout=10, handler=None, imageuri=None, packagetype='Image', imageconfig=None, codeuri='/home/bryan.cornies/repos/git/bids/teamcity-agent-authorizer', environment=None, rolearn=None, layers=[], events={'HelloWorld': {'Type': 'Api', 'Properties': {'Path': '/hello', 'Method': 'get', 'RestApiId': 'ServerlessRestApi'}}}, metadata={'DockerTag': 'dev', 'DockerContext': '/home/bryan.cornies/repos/git/bids/teamcity-agent-authorizer/TeamCityAgentAuthorizer', 'Dockerfile': 'Dockerfile'}, inlinecode=None, codesign_config_arn=None, architectures=['x86_64'], stack_path=''))
2022-01-31 14:01:52,339 | Building codeuri: /home/bryan.cornies/repos/git/bids/teamcity-agent-authorizer runtime: None metadata: {'DockerTag': 'dev', 'DockerContext': '/home/bryan.cornies/repos/git/bids/teamcity-agent-authorizer/TeamCityAgentAuthorizer', 'Dockerfile': 'Dockerfile'} architecture: x86_64 functions: ['TeamCityAgentAuthorizer']
2022-01-31 14:01:52,339 | Building to following folder /home/bryan.cornies/repos/git/bids/teamcity-agent-authorizer/.aws-sam/build/TeamCityAgentAuthorizer
2022-01-31 14:01:52,340 | Building image for TeamCityAgentAuthorizer function
2022-01-31 14:01:52,344 | Setting DockerBuildArgs: {} for TeamCityAgentAuthorizer function

bryancornies avatar Jan 31 '22 19:01 bryancornies

Thanks for raising the issue! sam build does not build inside a container by default. Can you please try using the --use-container option to enable building inside container? sam build --docker-network <network id> --use-container

wchengru avatar Feb 01 '22 22:02 wchengru

I tried running sam build --docker-network host --use-container but the network still shows as bridge when the container is running. It appears to me that sam's --docker-network option doesn't get passed to the docker build --network option:

--network string Set the networking mode for the RUN instructions during build (default "default")

The specific issue I'm running into is one of the RUN commands in my Dockerfile performs a yum install from behind a proxy. The command fails because our corporate proxy is not reachable from the default bridge Docker network so I have to be able to set the network to host when building the Docker image.

bryancornies avatar Feb 02 '22 15:02 bryancornies

Can confirm - there is no effect from using --docker-network host flag

alxdembo avatar Dec 15 '22 16:12 alxdembo

Why was this closed, is there a solution I'm not seeing?

mathieucoinmiles avatar Sep 29 '23 16:09 mathieucoinmiles

does anybody have a solution for this? i am having this issue too!!!

safejace avatar Jun 19 '24 23:06 safejace

I'm having the same problem with sam local start-lambda --docker-network=host, I think they are related.

LiliumCandidum avatar Mar 23 '25 18:03 LiliumCandidum

I'm having the same issue. Is there any progress in this?

spyrospav avatar Nov 13 '25 20:11 spyrospav