[
https://issues.apache.org/jira/browse/MESOS-6169?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mao Geng updated MESOS-6169:
----------------------------
Description:
We are using AWS ECR as docker registry and using
https://github.com/awslabs/amazon-ecr-credential-helper to get credential
automatically.
As amazon-ecr-credential-helper required, we set a .docker/config.json file
like below:
{code}
{
"credsStore": "ecr-login"
}
{code}
According to the "credsStore" field, docker engine will invoke a
"docker-credential-ecr-login" command (which we've installed into /usr/bin/) to
get registry credential whenever required, for example when executing docker
pull/push.
This works fine when we tar the .docker/config.json and use uris prarameter to
pull the tar.gz file for every task using docker image.
But when I try the new --docker_config option, it doesn't work. The task failed
to pull the image from ECR. The error message is
{code}
Failed to launch container: Failed to run 'docker -H
unix:///var/run/docker.sock pull
xxxxxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/<image_name>:latest': exited with
status 1; stderr='WARNING: Error loading config file:/tmp/28Vd2O/.dockercfg -
The Auth config file is empty unauthorized: authentication required '
{code}
Checked the source at
https://github.com/apache/mesos/blob/master/src/docker/docker.cpp, but don't
understand why above errors message says loading a temp .dockercfg file, which
doesn't exist btw. I assume mesos should pull the image using the config.json
file I set to --docker_config, right?
was:
We are using AWS ECR as docker registry and using
https://github.com/awslabs/amazon-ecr-credential-helper to get credential
automatically.
As amazon-ecr-credential-helper required, we set a .docker/config.json file
like below:
{code}
{
"credsStore": "ecr-login"
{code}
According to the "credsStore" field, docker engine will invoke a
"docker-credential-ecr-login" command (which we've installed into /usr/bin/) to
get registry credential whenever required, for example when executing docker
pull/push.
This works fine when we tar the .docker/config.json and use uris prarameter to
pull the tar.gz file for every task using docker image.
But when I try the new --docker_config option, it doesn't work. The task failed
to pull the image from ECR. The error message is
{code}
Failed to launch container: Failed to run 'docker -H
unix:///var/run/docker.sock pull
xxxxxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/<image_name>:latest': exited with
status 1; stderr='WARNING: Error loading config file:/tmp/28Vd2O/.dockercfg -
The Auth config file is empty unauthorized: authentication required '
{code}
Checked the source at
https://github.com/apache/mesos/blob/master/src/docker/docker.cpp, but don't
understand why above errors message says loading a temp .dockercfg file, which
doesn't exist btw. I assume mesos should pull the image using the config.json
file I set to --docker_config, right?
> --docker_config doesn't work with amazon-ecr-credential-helper
> --------------------------------------------------------------
>
> Key: MESOS-6169
> URL: https://issues.apache.org/jira/browse/MESOS-6169
> Project: Mesos
> Issue Type: Bug
> Components: docker
> Affects Versions: 1.0.0
> Reporter: Mao Geng
> Assignee: Gilbert Song
>
> We are using AWS ECR as docker registry and using
> https://github.com/awslabs/amazon-ecr-credential-helper to get credential
> automatically.
> As amazon-ecr-credential-helper required, we set a .docker/config.json file
> like below:
> {code}
> {
> "credsStore": "ecr-login"
> }
> {code}
> According to the "credsStore" field, docker engine will invoke a
> "docker-credential-ecr-login" command (which we've installed into /usr/bin/)
> to get registry credential whenever required, for example when executing
> docker pull/push.
> This works fine when we tar the .docker/config.json and use uris prarameter
> to pull the tar.gz file for every task using docker image.
> But when I try the new --docker_config option, it doesn't work. The task
> failed to pull the image from ECR. The error message is
> {code}
> Failed to launch container: Failed to run 'docker -H
> unix:///var/run/docker.sock pull
> xxxxxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/<image_name>:latest': exited
> with status 1; stderr='WARNING: Error loading config
> file:/tmp/28Vd2O/.dockercfg - The Auth config file is empty unauthorized:
> authentication required '
> {code}
> Checked the source at
> https://github.com/apache/mesos/blob/master/src/docker/docker.cpp, but don't
> understand why above errors message says loading a temp .dockercfg file,
> which doesn't exist btw. I assume mesos should pull the image using the
> config.json file I set to --docker_config, right?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
