We log into Dockerhub and ECR in var.custom_shell_commands during AMI build to pull commonly used base images and pre-warm the Docker cache.
In var.custom_shell_commands, the ec2-user does not yet have access to Docker because it was added to the docker group in the same shell. This results in permission errors, such as:
permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock:
This forces us to use sudo when logging in and pulling images and we end up doing things like:
There are workarounds with subshells and other methods, but they quickly become messy.
Proposed Solution
If var.custom_shell_commands is executed in a separate shell provisioner instead in the Packer templates, logging in and pulling can be done as ec2-user, and there is no need to move .docker/config.json around.
We log into Dockerhub and ECR in
var.custom_shell_commands
during AMI build to pull commonly used base images and pre-warm the Docker cache.In
var.custom_shell_commands
, the ec2-user does not yet have access to Docker because it was added to the docker group in the same shell. This results in permission errors, such as:This forces us to use sudo when logging in and pulling images and we end up doing things like:
There are workarounds with subshells and other methods, but they quickly become messy.
Proposed Solution
If
var.custom_shell_commands
is executed in a separate shell provisioner instead in the Packer templates, logging in and pulling can be done as ec2-user, and there is no need to move .docker/config.json around.