-
Notifications
You must be signed in to change notification settings - Fork 92
Pull an image on a remote host using credentials helper #273
Comments
Hi @michcio1234, I had the exact same problem. After digging into the code I'm pretty sure this is a bug in the way the provider parses the Docker auth config file, but I've found a workaround. I'll file the bug separately, but for now I've found that you can make it work by setting up the provider like this: provider "docker" {
host = "ssh://ec2-user@${aws_instance.main.public_dns}:22"
registry_auth {
address = "${local.docker_registry_url}"
config_file_content = jsonencode({
"auths" = {
"https://${local.docker_registry_url}" = {
"auth": "",
"email": ""
}
}
"credsStore" = "ecr-login"
})
}
} (You could use string interpolation instead of Let me know if this solves your problem. Thanks for filing this, I would have assumed I was doing something wrong otherwise :) |
Oh wow, I should check Github notifications more often, I only now saw your response. ^^ |
@rolandcrosby Nope, it didn't help. Terraform exited with:
I don't have Anyway, many thanks for your response. :) |
Perfect. |
The problem
I want to make a certain Docker image from my ECR repository present on an EC2 instance, using Terraform.
Terraform version:
What I did
Permissions and credentials helper
I have configured permissions (so that instance profile role can log in and pull images) and installed credentials helper on the instance. I put
{"credsStore": "ecr-login"}
in/home/ec2-user/.docker/config.json
. I can SSH into the instance and dodocker pull image:tag
- this works, no need to dodocker login
.I can also do the same using my local docker client by doing
docker -H ssh://ec2-user@instance-dns-name.com:22 pull image:tag
- the image gets pulled onto the instance.Terraform configuration
I was trying to do it in Terraform using Docker provider. Here's what I have:
IIUC, this should pull the image onto the remote machine. However, Terraform exits with this error:
I verified that Terraform actually connects to the remote Docker host (I could create docker service) - it just won't authenticate to the registry.
I also tried defining config like this (not sure if this is a good approach since I want to use credentials helper on a remote machine, not my local one):
But this in turn results in a following error:
The question
How can I make this work, so that an image is pulled on the remote machine, using credentials provided by
ecr-login
helper which runs on that machine?Or maybe it's a bug of Docker Terraform provider?
The text was updated successfully, but these errors were encountered: