Hey all I have a Docker Dagster question right now in my Dag dagster #announcements

Hey all, I have a Docker/Dagster question—right n...

Basil V

02/16/2021, 11:47 PM

Hey all, I have a Docker/Dagster question—right now in my Dagster pipeline I'm using the

dagster-aws

library to read/write files to S3. It works locally, however, when running within Docker, it can't find my credentials. The specific error is

botocore.exceptions.NoCredentialsError: Unable to locate credentials

and seems to be coming from

dagster_aws/s3/compute_log_manager.py

when boto3 tries to instantiate the client. I volume mounted my

~/.aws

file (containing creds/config) into the Docker containers at

/root

using

docker-compose

but Dagster/boto3 still isn't able to find the credentials. Does anyone know how to resolve this/where the credentials should be stores so boto3 can find them? (note for actual deployment we plan to use IAM but for testing Docker locally I need to figure out how to pass the creds). Thanks again!

alex

02/16/2021, 11:57 PM

could try environment variables

Cameron Gallivan

02/17/2021, 12:28 AM

Are you using a single docker container or running a multi-container setup with docker-compose

Basil V

02/17/2021, 12:35 AM

multi-container setup with docker-compose

Basil V

02/17/2021, 12:36 AM

env variables would be great, but the way dagster-aws constructs the boto3 client I'm not sure would currently work with env variables would it?

Cameron Gallivan

02/17/2021, 12:36 AM

It does, it just uses botocore so it’ll look for env vars to provide the credentials

Cameron Gallivan

02/17/2021, 12:37 AM

I’m doing the same approach after i couldn’t figure out how to properly mount the .aws dir for it

👍 1

Basil V

02/17/2021, 12:38 AM

Oh awesome. That would be ideal then. This was the line where I think the client gets created right (

python_modules/libraries/dagster-aws/dagster_aws/s3/compute_log_manager.py

line 63)?

Copy code

self._s3_session = boto3.resource(
            "s3", use_ssl=use_ssl, verify=_verify, endpoint_url=endpoint_url
        ).meta.client

Basil V

02/17/2021, 12:38 AM

Cool I'll try env variables then if you had success with that. I had just thought based on that code snippet above that it didn't load the env variables anywhere.

Basil V

02/17/2021, 12:38 AM

Thanks!

Cameron Gallivan

02/17/2021, 12:39 AM

If you don’t have the var’s set by default you can do:

Copy code

AWS_ACCESS_KEY_ID="$(aws configure get aws_access_key_id)"
AWS_SECRET_ACCESS_KEY="$(aws configure get aws_secret_access_key)"

in a build.sh script. Just need to expose them in the docker-compose for each service, I don’t think I even reference them in the actual dockerfiles

Basil V

02/17/2021, 12:40 AM

Oh awesome thanks!

jordan

02/17/2021, 12:41 AM

https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html#configuring-credentials boto has a credential lookup chain where it will look in these places in this order. So https://github.com/dagster-io/dagster/blob/0d85183fda0654dea76638e73dd4fc88fb825b1[…]les/libraries/dagster-aws/dagster_aws/s3/compute_log_manager.py will start at 3. on the list (envvars)

👍 1

Basil V

02/17/2021, 12:43 AM

Oh awesome thanks! That was the piece of info I was missing. Really appreciate it all!

9 Views

Open in Slack

Previous Next