[ 
https://issues.apache.org/jira/browse/MESOS-6169?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Mao Geng updated MESOS-6169:
----------------------------
    Description: 
We are using AWS ECR as docker registry and using 
https://github.com/awslabs/amazon-ecr-credential-helper to get credential 
automatically. 

As amazon-ecr-credential-helper required, we set a .docker/config.json file 
like below: 
{code}
{
    "credsStore": "ecr-login"
{code}
According to the "credsStore" field, docker engine will invoke a 
"docker-credential-ecr-login" command (which we've installed into /usr/bin/) to 
get registry credential whenever required, for example when executing docker 
pull/push. 
This works fine when we tar the .docker/config.json and use uris prarameter to 
pull the tar.gz file for every task using docker image. 

But when I try the new --docker_config option, it doesn't work. The task failed 
to pull the image from ECR. The error message is 
{code}
Failed to launch container: Failed to run 'docker -H 
unix:///var/run/docker.sock pull 
xxxxxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/<image_name>:latest': exited with 
status 1; stderr='WARNING: Error loading config file:/tmp/28Vd2O/.dockercfg - 
The Auth config file is empty unauthorized: authentication required '
{code}

Checked the source at 
https://github.com/apache/mesos/blob/master/src/docker/docker.cpp, but don't 
understand why above errors message says loading a temp .dockercfg file, which 
doesn't exist btw. I assume mesos should pull the image using the config.json 
file I set to --docker_config, right? 

  was:
We are using AWS ECR as docker registry and using 
https://github.com/awslabs/amazon-ecr-credential-helper to get credential 
automatically. 

As amazon-ecr-credential-helper required, we set a .docker/config.json file 
like below: 
{code}
{
    "credsStore": "ecr-login",
    "auths": {
        "xxxxxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com": {
        }
    }
}
{code}
According to the "credsStore" field, docker engine will invoke a 
"docker-credential-ecr-login" command (which we've installed into /usr/bin/) to 
get registry credential whenever required, for example when executing docker 
pull/push. 
This works fine when we tar the .docker/config.json and use uris prarameter to 
pull the tar.gz file for every task using docker image. 

But when I try the new --docker_config option, it doesn't work. The task failed 
to pull the image from ECR. The error message is 
{code}
Failed to launch container: Failed to run 'docker -H 
unix:///var/run/docker.sock pull 
xxxxxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/<image_name>:latest': exited with 
status 1; stderr='WARNING: Error loading config file:/tmp/28Vd2O/.dockercfg - 
The Auth config file is empty unauthorized: authentication required '
{code}

Checked the source at 
https://github.com/apache/mesos/blob/master/src/docker/docker.cpp, but don't 
understand why above errors message says loading a temp .dockercfg file, which 
doesn't exist btw. I assume mesos should pull the image using the config.json 
file I set to --docker_config, right? 


> --docker_config doesn't work with amazon-ecr-credential-helper
> --------------------------------------------------------------
>
>                 Key: MESOS-6169
>                 URL: https://issues.apache.org/jira/browse/MESOS-6169
>             Project: Mesos
>          Issue Type: Bug
>          Components: docker
>    Affects Versions: 1.0.0
>            Reporter: Mao Geng
>            Assignee: Gilbert Song
>
> We are using AWS ECR as docker registry and using 
> https://github.com/awslabs/amazon-ecr-credential-helper to get credential 
> automatically. 
> As amazon-ecr-credential-helper required, we set a .docker/config.json file 
> like below: 
> {code}
> {
>     "credsStore": "ecr-login"
> {code}
> According to the "credsStore" field, docker engine will invoke a 
> "docker-credential-ecr-login" command (which we've installed into /usr/bin/) 
> to get registry credential whenever required, for example when executing 
> docker pull/push. 
> This works fine when we tar the .docker/config.json and use uris prarameter 
> to pull the tar.gz file for every task using docker image. 
> But when I try the new --docker_config option, it doesn't work. The task 
> failed to pull the image from ECR. The error message is 
> {code}
> Failed to launch container: Failed to run 'docker -H 
> unix:///var/run/docker.sock pull 
> xxxxxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/<image_name>:latest': exited 
> with status 1; stderr='WARNING: Error loading config 
> file:/tmp/28Vd2O/.dockercfg - The Auth config file is empty unauthorized: 
> authentication required '
> {code}
> Checked the source at 
> https://github.com/apache/mesos/blob/master/src/docker/docker.cpp, but don't 
> understand why above errors message says loading a temp .dockercfg file, 
> which doesn't exist btw. I assume mesos should pull the image using the 
> config.json file I set to --docker_config, right? 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to