https://serverless-stack.com/ logo
#help
Title
# help
d

David Garcia

03/21/2022, 5:35 PM
Hey there, following up here. Still dealing with this issue. My latest comments have narrowed down the root cause of the issue. https://serverless-stack.slack.com/archives/C01JG3B20RY/p1647536454769239?thread_ts=1643127297.129100&cid=C01JG3B20RY There's also a discrepancy in the documentation at this link: https://docs.serverless-stack.com/constructs/Function#python-runtime-1 Specifically: "You can override this behavior by passing in the
installCommands
through the FunctionBundlePythonProps." This doesn't seem to be correct, passing in installCommands doesn't stop the step that installs poetry, pipenv, or pip. It's not an override, because the script with the passed in commands is passed in afterwards, as seen here in this dockerfile https://github.com/serverless-stack/serverless-stack/blob/master/packages/resources/assets/python/Dockerfile.dependencies This bundling behavior leads to certificate errors, with no clear way for resolution. If it was possible to have custom commands run before external deps are pulled in order to add required certs, then I believe this issue would be alleviated
Please let me know if you'd like me to migrate this information somewhere else, like github, for better tracking
f

Frank

03/22/2022, 1:09 AM
Hey @David Garcia, I missed you reply in the previous thread. Sorry about that.
In this case, the poetry/pipenv/pip are not run. Instead, the commands specified in
installCommands
are written to
sst-deps-install-command.sh
, and only that is executed.
Let me know if you are seeing otherwise.
d

David Garcia

03/22/2022, 1:37 AM
On my team we have Zscaler so the usual fix we have to integrate is add a step into the dockerfile which adds the certificate file we have on our local machines. Since adding the
installCommands
field happens after trying to pip install poetry, pipenv, and pip, which fails because of certificate errors
I'm doing some testing on my end as far as modifying the local docker files in the node_modules folder. Do you think that this situation is within the scope of what you plan to support with serverless stack or should I make a workaround script to modify the dockerfiles myself?
My modifications to the dockerfile in node_modules didn't end up working, I tried to add my cert with
COPY ./cert.file /.../path
but it's saying that the cert file isn't found
f

Frank

03/22/2022, 2:41 AM
Can you manually modify the
Dockerfile.custom
file to something like?https://gist.github.com/fwang/f7309f1b0281fa38ce957a76d8241587
Essentially, add the
cert.file
to the list of files to be copied into the conatiner
And run
pip install
after the COPY command
d

David Garcia

03/22/2022, 12:38 PM
Hey, I've tried modifying that piece of the dockerfile, and it looks like it's /trying/ to run the step but can't find the cert file. Where are files supposed to be located for them to be pulled?
Just for clarity, I've tried putting the cert file in the location where the dockerfiles are, and where the python lambda files are as well
f

Frank

03/23/2022, 4:55 AM
hmm.. can u use absolute path for the cert file inside the
COPY
command?
^ as a side note, I might’ve missed in the previous thread, why was the cert file required?
I’m not too familiar with Python, but I don’t recall the cert file being required from talking to other folks previously.
d

David Garcia

03/25/2022, 3:57 PM
This is kind of an overview of the issue https://community.zscaler.com/t/zscaler-ssl-errors-within-docker-build-process/14900/2 We use Zscaler which requires some dev-station setup in order to correctly place our certs in the right places in our file system / env vars for different services to leverage. For example, Docker and Python have separate requirements for how to set them up with certs. The problem comes from combining the two. That step where pipenv and poetry are installed is causing an ssl error because python needs to be configured with the proper certs, and generally, so does docker. I'm having trouble testing my fixes because my changes to my local sst dockerfiles aren't changing the bundling process anymore
@Frank
2 Views