Closed Sharvin26 closed 5 years ago
Issue-Label Bot is automatically applying the label question
to this issue, with a confidence of 0.61. Please mark this comment with :thumbsup: or :thumbsdown: to give our bot feedback!
Links: app homepage, dashboard and code for this bot.
The reason your seeing issues is likely because that while you configured ~/.docker/config.json
you did so on the host, not on the worker container - you'll need to mount the ~/.docker/config.json
onto the same path inside the worker container for it to be able to see your configured config.json (read only will likely be enough but not 100% sure about it).
There's a bit more info about it on https://nebula.readthedocs.io/en/latest/config/worker/ on the registry_auth_user
& registry_auth_password
description fields.
Hello @naorlivne
Thanks for the response. I mounted ~/.docker/config.json
onto the same path inside the worker container. But I am getting this error =>
worker | reading config variables
worker | /usr/local/lib/python3.7/site-packages/parse_it/file/file_reader.py:55: UserWarning: config_folder_location does not exist, only envvars & cli args will be used
worker | warnings.warn("config_folder_location does not exist, only envvars & cli args will be used")
worker | reading config variables
worker | no registry user pass combo defined, skipping registry login
worker | checking nebula manager connection
worker | nebula manager connection ok
worker | stopping all preexisting nebula managed app containers in order to ensure a clean slate on boot
worker | initial start of <my-image> app
worker | pulling image <my_registry_url>/<my-image>:latest
worker | <my_registry_url>/<my-image>
worker | problem pulling image <my_registry_url>/<my-image>:latest
worker | docker-credential-ecr-login not installed or not available in PATH
This is my docker-compose.yml
=>
version: '3'
services:
worker:
container_name: worker
build:
context: .
dockerfile: Dockerfile
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /root/.docker/config.json:/root/.docker/config.json
restart: unless-stopped
hostname: worker
environment:
REGISTRY_HOST: < my_regisrty_url >
MAX_RESTART_WAIT_IN_SECONDS: 0
NEBULA_MANAGER_AUTH_USER: nebula
NEBULA_MANAGER_AUTH_PASSWORD: nebula
NEBULA_MANAGER_HOST: < my_manager_url >
NEBULA_MANAGER_PORT: 80
NEBULA_MANAGER_PROTOCOL: http
NEBULA_MANAGER_CHECK_IN_TIME: 30
DEVICE_GROUP: test
KAFKA_BOOTSTRAP_SERVERS: < my_manager_url >:9092
KAFKA_TOPIC: nebula-reports
what am I doing wrong here?
worker | docker-credential-ecr-login not installed or not available in PATH
seems like the important line to me, I admit to not being a big fan of ECR exectly due to headaches like this so I may be wrong but it seems like it requires access to the ECR codebase rather then just the config.json (which is not part of the container but rather the host again) making this related to https://github.com/awslabs/amazon-ecr-credential-helper/issues/56
Seems like you'll have to install the Amazon ECR Docker Credential Helper & configure it (including the AWS access keys) inside the worker container to get it to work.
Possibly helpful link - https://serverfault.com/questions/897636/how-to-add-amazon-ecr-credential-helper-to-path
Hello, @naorlivne Thanks for the response. Is there a better alternative for ECR that I can integrate with the Nebula worker.
Note: I have already tried docker registry open source. But I am looking for a solution which has a GUI which makes easy in the management of the releases (i.e. Images ). As ECR was suitable for that use case so I went with the ECR.
Personally I use docker hub as it's managed by Docker Inc but any registry that supports the standard docker login process will work
Thanks, I'll check it.
Hello
I have configured a nebula worker on the Raspberry. I am using
AWS ECR
as a registry to store the Images. TheAWS ECR
dynamically updates the auth password every 12 hours. I can't update this password every time at the worker. So I have configuredAWS credential helper
which automatically updates the auth password every 12 hours on the edge device.Expected/Wanted Behavior
Whenever I push the update, the worker will pull new image from AWS ECR.
Actual Behavior
It is working perfectly when I add
REGISTRY_AUTH_USER
andREGISTRY_AUTH_PASSWORD
manually every 12 hours. The worker is able to pull the update from the AWS ECR registry.But now when I have configured the
AWS ECR credential helper
the nebula work is unable to pull the Image. To test if myAWS ECR credential helper
is working properly I tried the commanddocker pull <my_registry_url>/<image_name>
and it worked. Note: I also tried this command after 12 hours when my auth_password became invalid and it still worked.I have added worker
docker-compose.yml
and theworker logs
for the reference purpose =>docker-compose.yml
=>worker logs
=>Steps to Reproduce the Problem
make docker
command with the flagTARGET_GOARCH=arm
~/.docker/config.json
as follows =>