Parallel Docker pushes still failing due to credentials being removed

[andyshinn]

When filing a bug, please include the following headings if possible. Any example text in this template can be deleted.

Overview of the Issue

96 added support for parallel pushing images in their own context. But I'm still having an issue where authentication fails for parallel builds when the first build removes the authentication and the second fails if it is still in the middle of pushing images.

Reproduction Steps

Steps to reproduce this issue

• Build multiple containers and have the post processor try to push them.

Plugin and Packer version

❯ packer version
Packer v1.8.2

❯ packer plugins installed
/usr/local/bin/github.com/hashicorp/amazon/packer-plugin-amazon_v1.0.4_x5.0_darwin_amd64
/usr/local/bin/github.com/hashicorp/docker/packer-plugin-docker_v1.0.5_x5.0_darwin_amd64
/usr/local/bin/github.com/hashicorp/amazon/packer-plugin-amazon_v1.1.0_x5.0_darwin_amd64

Simplified Packer Buildfile

packer {
  required_plugins {
    docker = {
      version = "1.0.5"
      source  = "github.com/hashicorp/docker"
    }
  }
}

variable "docker_password" {
  type        = string
  description = "Docker password"
  sensitive   = true
}

variable "docker_username" {
  type        = string
  description = "Docker username"
  default     = "andyshinn"
}

source "docker" "ubuntu-bionic" {
  image  = "ubuntu:18.04"
  commit = true
}

source "docker" "ubuntu-focal" {
  image  = "ubuntu:20.04"
  commit = true
}

build {
  name = "base-fips"

  sources = [
    "source.docker.ubuntu-bionic",
    "source.docker.ubuntu-focal",
  ]

  provisioner "shell" {
    only = ["docker.ubuntu-bionic", "docker.ubuntu-focal"]

    inline = [
      "apt-get update -q",
      "apt-get install -qy sudo lsb-release",
    ]
  }

  post-processors {
    post-processor "docker-tag" {
      only = ["docker.ubuntu-bionic", "docker.ubuntu-focal"]

      repository = "ghcr.io/myorg/${source.name}"
      tags       = ["0.0.3-fips"]
    }

    post-processor "docker-push" {
      only = ["docker.ubuntu-bionic", "docker.ubuntu-focal"]

      login          = true
      login_server   = "ghcr.io"
      login_username = var.docker_username
      login_password = var.docker_password
    }
  }
}

Operating system and Environment details

OS, Architecture, and any other information you can provide about the environment.

macOS 12.4 21F79 x86_6

Log Fragments and crash.log files

Include appropriate log fragments. If the log is longer than a few dozen lines, please include the URL to the gist of the log or use the Github detailed format instead of posting it directly in the issue.

Set the env var PACKER_LOG=1 for maximum log detail.

    base-fips.docker.ubuntu-focal (docker-push): Login Succeeded
    base-fips.docker.ubuntu-focal (docker-push): Pushing: ghcr.io/myorg/ubuntu-focal:0.0.3-fips
    base-fips.docker.ubuntu-focal (docker-push): The push refers to repository [ghcr.io/myorg/ubuntu-focal]
    base-fips.docker.ubuntu-focal (docker-push): 5b5a60a65e35: Preparing
    base-fips.docker.ubuntu-focal (docker-push): af7ed92504ae: Preparing
    base-fips.docker.ubuntu-focal (docker-push): af7ed92504ae: Layer already exists
    base-fips.docker.ubuntu-bionic (docker-push): 5bc6fff2eeb6: Pushed
    base-fips.docker.ubuntu-bionic (docker-push): 0.0.3-fips: digest: sha256:2122845b860f1f738e4ad3d293f74f08c09eba0655cff09844844ba764f19958 size: 741
    base-fips.docker.ubuntu-bionic (docker-push): Pushing: ghcr.io/myorg/ubuntu-bionic:0.0.3-fips
    base-fips.docker.ubuntu-bionic (docker-push): The push refers to repository [ghcr.io/myorg/ubuntu-bionic]
    base-fips.docker.ubuntu-bionic (docker-push): 5bc6fff2eeb6: Preparing
    base-fips.docker.ubuntu-bionic (docker-push): 95129a5fe07e: Preparing
    base-fips.docker.ubuntu-bionic (docker-push): 95129a5fe07e: Layer already exists
    base-fips.docker.ubuntu-bionic (docker-push): 5bc6fff2eeb6: Layer already exists
    base-fips.docker.ubuntu-bionic (docker-push): 0.0.3-fips: digest: sha256:2122845b860f1f738e4ad3d293f74f08c09eba0655cff09844844ba764f19958 size: 741
    base-fips.docker.ubuntu-bionic (docker-push): Logging out...
    base-fips.docker.ubuntu-bionic (docker-push): Removing login credentials for ghcr.io
    base-fips.docker.ubuntu-bionic (docker-push): Removing temporary Docker configuration directory
Build 'base-fips.docker.ubuntu-bionic' finished after 1 minute 36 seconds.
    base-fips.docker.ubuntu-focal (docker-push): 5b5a60a65e35: Pushed
    base-fips.docker.ubuntu-focal (docker-push): 0.0.3-fips: digest: sha256:571c22dba3fbf736113d8e5de9c0d92e32167fd1d70b45e8c88e4b40e4e70367 size: 742
    base-fips.docker.ubuntu-focal (docker-push): Pushing: ghcr.io/myorg/ubuntu-focal:0.0.3-fips
    base-fips.docker.ubuntu-focal (docker-push): The push refers to repository [ghcr.io/myorg/ubuntu-focal]
    base-fips.docker.ubuntu-focal (docker-push): 5b5a60a65e35: Preparing
    base-fips.docker.ubuntu-focal (docker-push): af7ed92504ae: Preparing
    base-fips.docker.ubuntu-focal (docker-push): unauthorized: unauthenticated: User cannot be authenticated with the token provided.
    base-fips.docker.ubuntu-focal (docker-push): Logging out...
    base-fips.docker.ubuntu-focal (docker-push): Removing login credentials for ghcr.io
    base-fips.docker.ubuntu-focal (docker-push): Removing temporary Docker configuration directory

[devashish-patel]

Hi @andyshinn, Thanks for reporting the issue.

I tried to reproduce the issue with the temple you have attached and some other ways, however I could not reproduce the problem. If you are able to reproduce the issue, could you please give us the full logs by setting the env var PACKER_LOG=1 when running backer build?

PACKER_LOG=1 packer build <your_template_name>

TIA!

[nywilken]

Hi @andyshinn I wanted to follow up since there has been no activity on this issue.

Are you still running into problems?

I'm going to close this issue since we can't reproduce. But if you are still running into issues just reply to the thread with any new information and we will gladly reopen.

[andyshinn]

I will reopen this when I try and rebuild the images again to reproduce. The template is big and does multiple providers s I will try and reproduce with only the Docker provider.