Lifecycle Job - Terraform Dockerfile fails to download for lifecycle job

Questions and Answers
1

Hi,

Trying to build a docker image for a lifecycle job. The terraform includes several private github modules (as sub modules) and well as public sub modules.

the dockerfile currently looks like this:

FROM hashicorp/terraform:1.3.6

ARG TF_VAR_aws_region
ARG TF_VAR_aws_access_key_id
ARG TF_VAR_aws_secret_access_key
ARG TF_VAR_qovery_environment_id
ARG GH_TOKEN

ENV AWS_ACCESS_KEY_ID=$TF_VAR_aws_access_key_id
ENV AWS_SECRET_ACCESS_KEY=$TF_VAR_aws_secret_access_key
ENV AWS_REGION=$TF_VAR_aws_region
ENV GH_TOKEN=$GH_TOKEN

# update software and install aws-cli / curl
RUN apk update && apk upgrade && apk add aws-cli && apk add curl

## install kubectl
RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl && chmod +x ./kubectl && mv ./kubectl /usr/bin/kubectl

# set up kubeconfig for idp cluster
RUN aws eks --region eu-west-2 update-kubeconfig --name oc-idp-cluster

# update git to download private repos 
RUN git config --global url."https://${GH_TOKEN}@github.com/openc".insteadOf "https://github.com/openc"

## add terraform module and qovery workspace
ADD . .

# move to qovery folder to run terraform init
WORKDIR /qovery
RUN terraform init

ENTRYPOINT [ "/bin/sh"]

#checkov:skip=CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images"
#checkov:skip=CKV_DOCKER_3: "Ensure that a user for the container has been created"
#checkov:skip=CKV_DOCKER_4: "Ensure that COPY is used instead of ADD in Dockerfiles"

If i comment out the RUN terraform init and do a local build i can successfully run a terraform init.

but for some reason having it as a command in docker is causing it to generate the error:

=> ERROR [8/9] RUN terraform init                                                                                                                                              2.5s
------                                                                                                                                                                               
 > [8/9] RUN terraform init:
0.505 Initializing modules...
0.521 - ess-api in ../module
0.522 Downloading git::https://github.com/openc/oc-aws-aurora.git?ref=0.0.21 for ess-api.aurora-postgres...
1.961 - ess-api.aurora-postgres in .terraform/modules/ess-api.aurora-postgres
2.024 Downloading registry.terraform.io/terraform-aws-modules/rds-aurora/aws 8.5.0 for ess-api.aurora-postgres.aurora...
2.162 Downloading registry.terraform.io/terraform-aws-modules/lambda/aws 6.5.0 for ess-api.aurora-postgres.lambda-aurora-config...
2.296 Downloading registry.terraform.io/terraform-aws-modules/iam/aws 5.32.1 for ess-api.iam_assumable_role_admin...
2.416 ╷
2.416 │ Error: Failed to download module
2.416 │ 
2.416 │ Could not download module "aurora"
2.416 │ (.terraform/modules/ess-api.aurora-postgres/main.tf:1) source code from
2.416 │ "git::https://github.com/terraform-aws-modules/terraform-aws-rds-aurora?ref=66b662c915409f23a918defe3c8a17126bf2dc9e":
2.416 │ error downloading
2.416 │ 'https://github.com/terraform-aws-modules/terraform-aws-rds-aurora?ref=66b662c915409f23a918defe3c8a17126bf2dc9e':
2.416 │ /usr/bin/git exited with 128: Cloning into
2.416 │ '.terraform/modules/ess-api.aurora-postgres.aurora'...
2.416 │ assertion failed [result.value != EEXIST]: VmTracker attempted to allocate
2.416 │ existing mapping
2.416 │ (ThreadContextVm.cpp:47 mmap)
2.416 │ error: git-remote-https died of signal 5
2.416 │ .
2.416 ╵
2.416 
2.416 ╷
2.416 │ Error: Failed to download module
2.416 │ 
2.416 │ Could not download module "lambda-aurora-config"
2.416 │ (.terraform/modules/ess-api.aurora-postgres/postgres_lambda_config.tf:1)
2.416 │ source code from
2.416 │ "git::https://github.com/terraform-aws-modules/terraform-aws-lambda?ref=9633abb6b6d275d3a28604dbfa755098470420d4":
2.416 │ error downloading
2.416 │ 'https://github.com/terraform-aws-modules/terraform-aws-lambda?ref=9633abb6b6d275d3a28604dbfa755098470420d4':
2.416 │ /usr/bin/git exited with 128: Cloning into
2.416 │ '.terraform/modules/ess-api.aurora-postgres.lambda-aurora-config'...
2.416 │ assertion failed [result.value != EEXIST]: VmTracker attempted to allocate
2.416 │ existing mapping
2.416 │ (ThreadContextVm.cpp:47 mmap)
2.416 │ error: git-remote-https died of signal 5
2.416 │ .
2.416 ╵
2.416 
2.416 ╷
2.416 │ Error: Failed to download module
2.416 │ 
2.416 │ Could not download module "iam_assumable_role_admin"
2.416 │ (../module/k8s-sa-role.tf:1) source code from
2.416 │ "git::https://github.com/terraform-aws-modules/terraform-aws-iam?ref=7825816ce6cb6a2838c0978b629868d24358f5aa":
2.416 │ error downloading
2.416 │ 'https://github.com/terraform-aws-modules/terraform-aws-iam?ref=7825816ce6cb6a2838c0978b629868d24358f5aa':
2.416 │ /usr/bin/git exited with 128: Cloning into
2.416 │ '.terraform/modules/ess-api.iam_assumable_role_admin'...
2.416 │ assertion failed [result.value != EEXIST]: VmTracker attempted to allocate
2.416 │ existing mapping
2.416 │ (ThreadContextVm.cpp:47 mmap)
2.416 │ error: git-remote-https died of signal 5
2.416 │ .
2.416 ╵
2.416 
2.416 ╷
2.416 │ Error: Failed to download module
2.416 │ 
2.416 │ Could not download module "aurora"
2.416 │ (.terraform/modules/ess-api.aurora-postgres/main.tf:1) source code from
2.416 │ "git::https://github.com/terraform-aws-modules/terraform-aws-rds-aurora?ref=66b662c915409f23a918defe3c8a17126bf2dc9e":
2.416 │ error downloading
2.416 │ 'https://github.com/terraform-aws-modules/terraform-aws-rds-aurora?ref=66b662c915409f23a918defe3c8a17126bf2dc9e':
2.416 │ /usr/bin/git exited with 128: Cloning into
2.416 │ '.terraform/modules/ess-api.aurora-postgres.aurora'...
2.416 │ assertion failed [result.value != EEXIST]: VmTracker attempted to allocate
2.416 │ existing mapping
2.416 │ (ThreadContextVm.cpp:47 mmap)
2.416 │ error: git-remote-https died of signal 5
2.416 │ .
2.416 ╵
2.416 
2.416 ╷
2.416 │ Error: Failed to download module
2.416 │ 
2.416 │ Could not download module "aurora"
2.416 │ (.terraform/modules/ess-api.aurora-postgres/main.tf:1) source code from
2.416 │ "git::https://github.com/terraform-aws-modules/terraform-aws-rds-aurora?ref=66b662c915409f23a918defe3c8a17126bf2dc9e":
2.416 │ error downloading
2.416 │ 'https://github.com/terraform-aws-modules/terraform-aws-rds-aurora?ref=66b662c915409f23a918defe3c8a17126bf2dc9e':
2.416 │ /usr/bin/git exited with 128: Cloning into
2.416 │ '.terraform/modules/ess-api.aurora-postgres.aurora'...
2.416 │ assertion failed [result.value != EEXIST]: VmTracker attempted to allocate
2.416 │ existing mapping
2.416 │ (ThreadContextVm.cpp:47 mmap)
2.416 │ error: git-remote-https died of signal 5
2.416 │ .
2.416 ╵
2.416 
2.416 ╷
2.416 │ Error: Failed to download module
2.416 │ 
2.416 │ Could not download module "lambda-aurora-config"
2.416 │ (.terraform/modules/ess-api.aurora-postgres/postgres_lambda_config.tf:1)
2.416 │ source code from
2.416 │ "git::https://github.com/terraform-aws-modules/terraform-aws-lambda?ref=9633abb6b6d275d3a28604dbfa755098470420d4":
2.416 │ error downloading
2.416 │ 'https://github.com/terraform-aws-modules/terraform-aws-lambda?ref=9633abb6b6d275d3a28604dbfa755098470420d4':
2.416 │ /usr/bin/git exited with 128: Cloning into
2.416 │ '.terraform/modules/ess-api.aurora-postgres.lambda-aurora-config'...
2.416 │ assertion failed [result.value != EEXIST]: VmTracker attempted to allocate
2.416 │ existing mapping
2.416 │ (ThreadContextVm.cpp:47 mmap)
2.416 │ error: git-remote-https died of signal 5
2.416 │ .
2.416 ╵
2.416 
2.416 ╷
2.416 │ Error: Failed to download module
2.416 │ 
2.416 │ Could not download module "aurora"
2.416 │ (.terraform/modules/ess-api.aurora-postgres/main.tf:1) source code from
2.416 │ "git::https://github.com/terraform-aws-modules/terraform-aws-rds-aurora?ref=66b662c915409f23a918defe3c8a17126bf2dc9e":
2.416 │ error downloading
2.416 │ 'https://github.com/terraform-aws-modules/terraform-aws-rds-aurora?ref=66b662c915409f23a918defe3c8a17126bf2dc9e':
2.416 │ /usr/bin/git exited with 128: Cloning into
2.416 │ '.terraform/modules/ess-api.aurora-postgres.aurora'...
2.416 │ assertion failed [result.value != EEXIST]: VmTracker attempted to allocate
2.416 │ existing mapping
2.416 │ (ThreadContextVm.cpp:47 mmap)
2.416 │ error: git-remote-https died of signal 5
2.416 │ .
2.416 ╵
2.416 
2.417 ╷
2.417 │ Error: Failed to download module
2.417 │ 
2.417 │ Could not download module "lambda-aurora-config"
2.417 │ (.terraform/modules/ess-api.aurora-postgres/postgres_lambda_config.tf:1)
2.417 │ source code from
2.417 │ "git::https://github.com/terraform-aws-modules/terraform-aws-lambda?ref=9633abb6b6d275d3a28604dbfa755098470420d4":
2.417 │ error downloading
2.417 │ 'https://github.com/terraform-aws-modules/terraform-aws-lambda?ref=9633abb6b6d275d3a28604dbfa755098470420d4':
2.417 │ /usr/bin/git exited with 128: Cloning into
2.417 │ '.terraform/modules/ess-api.aurora-postgres.lambda-aurora-config'...
2.417 │ assertion failed [result.value != EEXIST]: VmTracker attempted to allocate
2.417 │ existing mapping
2.417 │ (ThreadContextVm.cpp:47 mmap)
2.417 │ error: git-remote-https died of signal 5
2.417 │ .
2.417 ╵
2.417 
2.417 ╷
2.417 │ Error: Failed to download module
2.417 │ 
2.417 │ Could not download module "iam_assumable_role_admin"
2.417 │ (../module/k8s-sa-role.tf:1) source code from
2.417 │ "git::https://github.com/terraform-aws-modules/terraform-aws-iam?ref=7825816ce6cb6a2838c0978b629868d24358f5aa":
2.417 │ error downloading
2.417 │ 'https://github.com/terraform-aws-modules/terraform-aws-iam?ref=7825816ce6cb6a2838c0978b629868d24358f5aa':
2.417 │ /usr/bin/git exited with 128: Cloning into
2.417 │ '.terraform/modules/ess-api.iam_assumable_role_admin'...
2.417 │ assertion failed [result.value != EEXIST]: VmTracker attempted to allocate
2.417 │ existing mapping
2.417 │ (ThreadContextVm.cpp:47 mmap)
2.417 │ error: git-remote-https died of signal 5
2.417 │ .
2.417 ╵
2.417 
------
Dockerfile:31
--------------------
  29 |     # move to qovery folder to run terraform init
  30 |     WORKDIR /qovery
  31 | >>> RUN terraform init
  32 |     
--------------------
ERROR: failed to solve: process "/bin/sh -c terraform init" did not complete successfully: exit code: 1

View build details: docker-desktop://dashboard/build/desktop-linux/desktop-linux/9a2gmr0y2lwb9itdhx5qt1gtq

Any ideas if

2

Updating the terraform image has some how removed the issue!

update it to

FROM hashicorp/terraform:1.7.4

and it works except for it now errors on the

# set up kubeconfig for idp cluster
RUN aws eks --region eu-west-2 update-kubeconfig --name oc-idp-cluster

The image builds on my local machine but when running in qovery errors with:

Dockerfile:21
--------------------
  19 |     
  20 |     # set up kubeconfig for idp cluster
  21 | >>> RUN aws eks --region eu-west-2 update-kubeconfig --name oc-idp-cluster
  22 |     
  23 |     # update git to download private repos
--------------------
ERROR: failed to solve: process "/bin/sh -c aws eks --region eu-west-2 update-kubeconfig --name oc-idp-cluster" did not complete successfully: exit code: 254
❌ Container image 058264218412.dkr.ecr.eu-west-2.amazonaws.com/ebcfe2e1-93cc-4741-bd32-7cfd683d71d6:8798728370432662210-9139e90f0fb1dc72c514a20b0fc4ae61edb54a94 failed to be build: Look at the build logs to understand the error
💣 Deployment aborted following a failure to deploy a service. This is a general/global message. Look at your services deployment status to know which one made the deployment fail
3

Didnt have the variables in qovery!