Cannot pull images from private registry with docker provider about terraform-provider-docker HOT 18 CLOSED

Any chance that some brave soul would be willing to contribute this?

from terraform-provider-docker.

This comment was originally opened by @superseb as hashicorp/terraform#4934 (comment). It was migrated here as part of the provider split. The original comment is below.

Used library should be using $HOME/.dockercfg or $HOME/.docker/config.json. Can you provide some more info on the used resources (dummy out the sensitive stuff) and some debug logging?

from terraform-provider-docker.

This comment was originally opened by @jmprusi as hashicorp/terraform#4934 (comment). It was migrated here as part of the provider split. The original comment is below.

I've been looking at the Terraform code.. I see you are using go-dockerclient, but just using an empty instance of "AuthConfiguration"

https://github.com/hashicorp/terraform/blob/master/builtin/providers/docker/resource_docker_image_funcs.go#L110

There's this go-dockerclient function called "NewAuthConfigurationsFromDockerCfg()" (https://godoc.org/github.com/fsouza/go-dockerclient#NewAuthConfigurationsFromDockerCfg) so I've modified the previous file.. and replaced line 110, with this:

splitImage := strings.Split(image, "/")
auths, _ := dc.NewAuthConfigurationsFromDockerCfg()
auth := auths.Configs[splitImage[0]]
if err := client.PullImage(pullOpts, auth); err != nil {
    return fmt.Errorf("Error pulling image %s: %s\n", splitImage[0], err)
}

And it works fine..

There's this issue hashicorp/nomad/issues/660 , that seem to be related.

My example tf file:

provider "docker" {
  host = "tcp://${aws_instance.dockertesting.public_dns}:2375/"
}

resource "docker_container" "dockerImage" {
  image = "${docker_image.dockerImage.latest}"
  name = "echoapi"
}

resource "docker_image" "dockerImage" {
  name = "quay.io/Company/dockerImage"
}

The provider just returns a 403 when trying to pull the image..

2016/02/02 15:02:25 [ERROR] root: eval: *terraform.EvalRefresh, err: docker_image.DockerImage: Unable to read Docker image into resource: Unable to pull image quay.io/Company/DockerImage: Error pulling image quay.io/Company/DockerImage: Error: Status 403 trying to pull repository Company/DockerImage: "{\"error\": \"Permission Denied\"}"
2016/02/02 15:02:25 [ERROR] root: eval: *terraform.EvalSequence, err: docker_image.DockerImage: Unable to read Docker image into resource: Unable to pull image quay.io/Company/DockerImage: Error pulling image quay.io/Company/DockerImage: Error: Status 403 trying to pull repository Company/DockerImage: "{\"error\": \"Permission Denied\"}"
2016/02/02 15:02:25 [ERROR] root: eval: *terraform.EvalOpFilter, err: docker_image.DockerImage: Unable to read Docker image into resource: Unable to pull image quay.io/Company/DockerImage: Error pulling image quay.io/Company/DockerImage: Error: Status 403 trying to pull repository Company/DockerImage: "{\"error\": \"Permission Denied\"}"
2016/02/02 15:02:25 [ERROR] root: eval: *terraform.EvalSequence, err: docker_image.DockerImage: Unable to read Docker image into resource: Unable to pull image quay.io/Company/DockerImage: Error pulling image quay.io/Company/DockerImage: Error: Status 403 trying to pull repository Company/DockerImage: "{\"error\": \"Permission Denied\"}"
2016/02/02 15:02:25 [TRACE] Exiting eval tree: docker_image.DockerImage
2016/02/02 15:02:25 [DEBUG] vertex docker_container.DockerImage, got dep: docker_image.DockerImage
2016/02/02 15:02:25 [DEBUG] vertex provider.docker (close), got dep: docker_container.DockerImage
2016/02/02 15:02:25 [DEBUG] vertex root, got dep: provider.docker (close)
Error refreshing state: 1 error(s) occurred:

2016/02/02 15:02:25 [DEBUG] vertex root, got dep: provisioner.local-exec
2016/02/02 15:02:25 [DEBUG] vertex root, got dep: provisioner.file
2016/02/02 15:02:25 [DEBUG] vertex root, got dep: provisioner.chef
2016/02/02 15:02:25 [DEBUG] vertex root, got dep: var.aws_key_path
2016/02/02 15:02:25 [DEBUG] vertex root, got dep: var.rds-link_eip1
2016/02/02 15:02:25 [DEBUG] wa* docker_image.DockerImage: Unable to read Docker image into resource: Unable to pull image quay.io/Company/DockerImage: Error pulling image quay.io/Company/DockerImage: Error: Status 403 trying to pull repository Company/DockerImage: "{\"error\": \"Permission Denied\"}"

Thanks!

from terraform-provider-docker.

This comment was originally opened by @jpsecher as hashicorp/terraform#4934 (comment). It was migrated here as part of the provider split. The original comment is below.

I have the same problem.

from terraform-provider-docker.

This comment was originally opened by @markovuksanovic as hashicorp/terraform#4934 (comment). It was migrated here as part of the provider split. The original comment is below.

+1

from terraform-provider-docker.

This comment was originally opened by @jonbrouse as hashicorp/terraform#4934 (comment). It was migrated here as part of the provider split. The original comment is below.

I can also confirm this bug. This is a WAG but I'm wondering if the image is getting parsed correctly.

from terraform-provider-docker.

This comment was originally opened by @rhyas as hashicorp/terraform#4934 (comment). It was migrated here as part of the provider split. The original comment is below.

@jonbrouse That was my thought at first as well, but it's actually parsing stuff OK near as I can tell. The issue seems to be the authentication. I saw the option for including the docker env file for the go-dockerclient library as @jmprusi notes, but I've been investigating a different route and playing with some code that lets you put user/pass in the image resource definition. This seems like it would be better, in that it would keep the configuration for credentials within the terraform configuration instead of adding another env/external dependency. But maybe it should do both? take terra resource config first, then env??

from terraform-provider-docker.

This comment was originally opened by @mecorusfc as hashicorp/terraform#4934 (comment). It was migrated here as part of the provider split. The original comment is below.

Is there a workaround? Terraform is completely non-functional for Docker without the capability of using your credentials to access a registry. Seems like a big miss. I used up a lot of time setting up some stuff only to find out Terraform is a no-go for Docker. Any workaround is acceptable if we know that you are fixing the issue. By the way, my error message is slightly different. It gets a 500 on the pull with the error: 'no basic auth credentials'. I think it is the same thing though.

from terraform-provider-docker.

This comment was originally opened by @iahmad-khan as hashicorp/terraform#4934 (comment). It was migrated here as part of the provider split. The original comment is below.

Facing the same issue , any workaround?

from terraform-provider-docker.

This comment was originally opened by @iahmad-khan as hashicorp/terraform#4934 (comment). It was migrated here as part of the provider split. The original comment is below.

In my case it pull the image , but still results in this error:

docker_image.ubuntu: Creating...
  latest: "" => "<computed>"
  name:   "" => "ubuntu:precise"
Error applying plan:

1 error(s) occurred:

* docker_image.ubuntu: **Unable to read Docker image into resource** Unable to find or pull image ubuntu:precise

Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.

from terraform-provider-docker.

This comment was originally opened by @mecorusfc as hashicorp/terraform#4934 (comment). It was migrated here as part of the provider split. The original comment is below.

There was a pull request. I rebuilt my terraform with the change from the pull request and things worked. However, there are plenty of other things in the Docker world that terraform hasn’t kept up with. I stopped using it. I’m watching to see if they support the other providers the way they support Amazon.

Michael Corum
VP, Technical Architecture Solutions

RGA Reinsurance Company
16600 Swingley Ridge Road
Chesterfield, Missouri 6301701706
T 636.736.7066
www.rgare.com

From: Ijaz ahmad khan <[email protected]mailto:[email protected]>
Reply-To: hashicorp/terraform <[email protected]mailto:[email protected]>
Date: Wednesday, January 11, 2017 at 3:34 PM
To: hashicorp/terraform <[email protected]mailto:[email protected]>
Cc: Corum Michael <[email protected]mailto:[email protected]>, Comment <[email protected]mailto:[email protected]>
Subject: Re: [hashicorp/terraform] Cannot pull images from private registry with docker provider (#4934)

In my case it pull the image , but still results in this error:

docker_image.ubuntu: Creating...
latest: "" => ""
name: "" => "ubuntu:precise"
Error applying plan:

1 error(s) occurred:

• docker_image.ubuntu: Unable to read Docker image into resource Unable to find or pull image ubuntu:precise

Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHubhashicorp/terraform#4934 (comment), or mute the threadhttps://github.com/notifications/unsubscribe-auth/AFo5lVNb8y5SxWe5j3-rz5gBboR3aaJPks5rRUrXgaJpZM4HQrfO.

from terraform-provider-docker.

This comment was originally opened by @krm1 as hashicorp/terraform#4934 (comment). It was migrated here as part of the provider split. The original comment is below.

Any update on this issue?

from terraform-provider-docker.

This comment was originally opened by @mbukosky as hashicorp/terraform#4934 (comment). It was migrated here as part of the provider split. The original comment is below.

+1

from terraform-provider-docker.

+1

from terraform-provider-docker.

+1

from terraform-provider-docker.

+1

from terraform-provider-docker.

+1

from terraform-provider-docker.

@OverlyExcessive ✅ see #21

from terraform-provider-docker.