Support Alpine Linux

[hoppalotta]

Support for Alpine Linux would be very beneficial.

Excited about this project launch, it will solve a big problem for us. Thanks!

[jterry75]

You mean Alpine has the hosting OS, not as a container right?

[hoppalotta]

Hi @jterry75 thank you for the response. I believe my request is for Alpine-based containers as clients.

My hope is to use this daemon to authenticate .NET applications running on alpine-based containers using gMSA/Windows Auth to SQL Server. Not sure that it matters, but In our use case, the compute platform is Fargate and the db is RDS.

Thanks again!

[smhmhmd]

My hope is to use this daemon to authenticate .NET applications running on alpine-based containers using gMSA/Windows Auth to SQL Server.

Yes, that would work as long as your containers run on a host/instance.

Not sure that it matters, but In our use case, the compute platform is Fargate and the db is RDS.

Thanks for the feedback, this helps us prioritize.

[jterry75]

Perfect thats what we needed thank you!

[hdoan741]

@jterry75 +1 for Alpine Linux support! I'm trying to build the code on a Debian machine and it's been a struggle!

[hdoan741]

cc @saikiranakula-amzn since you've been making a lot of changes recently.

Can you provide a guide to install for Debian/Ubuntu? That'd be very helpful

[smhmhmd]

@hdoan741
Please check the Ubuntu Dockerfiles - https://github.com/aws/credentials-fetcher/tree/mainline/docker and let us know how we can help.

[smhmhmd]

@hdoan741 Please let us know if https://github.com/aws/credentials-fetcher/tree/mainline/docker works for you

[Park646]

My hope is to use this daemon to authenticate .NET applications running on alpine-based containers using gMSA/Windows Auth to SQL Server.

Yes, that would work as long as your containers run on a host/instance.

Not sure that it matters, but In our use case, the compute platform is Fargate and the db is RDS.

Thanks for the feedback, this helps us prioritize.

Has support for Alpine Linux containers using krb5-libs to utilize credentials-fetcher through the Fargate ECS Agent, been implemented? Are there any solution documents for this?
I've attempted the solution outlined through https://aws.amazon.com/blogs/containers/windows-authentication-with-gmsa-on-linux-containers-on-amazon-ecs-with-aws-fargate/
The container sticks in a pending state, but I can see its attempting to contact the DC over port 88, however nothing in the logs of the DC indicate any attempts. I do see wfp packet drops / audit failures around the same time. I think we have it all configured correctly, but containers are stuck in pending state.

[smhmhmd]

Tagging @sb-ruisms @abh-guj-aws @saikiranakula-amzn for above customer issue

[saikiranakula-amzn]

Hi @Park646 Seems like a configuration issue, can you please take a look at the troubleshooting issue by running it on EC2 in domainless mode(as shown in this blog - https://aws.amazon.com/blogs/containers/using-windows-authentication-with-gmsa-on-linux-containers-on-amazon-ecs/) , since Fargate use similar configuration if the task works on ECS on EC2, it should work same on Fargate, As you have access to the instance on ECS on EC2, you can check any issues with configuration. Please let us know if the issue persists

[smhmhmd]

@Park646
If you would like, we can have a conference call, my email is samiull at amazon dot com
cc: @jamolina

[smhmhmd]

@Park646 Glad to hear that your problem is resolved over email. Thanks for connecting.