Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ec2-user is not seen as a member of the docker group when var.custom_shell_commands is executed #3939

Open
espizo opened this issue Jun 18, 2024 · 1 comment · May be fixed by #3940
Open

ec2-user is not seen as a member of the docker group when var.custom_shell_commands is executed #3939

espizo opened this issue Jun 18, 2024 · 1 comment · May be fixed by #3940
Labels
awaiting review Stale

Comments

@espizo
Copy link

espizo commented Jun 18, 2024
edited
Loading

We log into Dockerhub and ECR in var.custom_shell_commands during AMI build to pull commonly used base images and pre-warm the Docker cache.

In var.custom_shell_commands, the ec2-user does not yet have access to Docker because it was added to the docker group in the same shell. This results in permission errors, such as:

permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock:

This forces us to use sudo when logging in and pulling images and we end up doing things like:

echo "Login to Dockerhub"
sudo aws ssm get-parameter --name "/github-action-runners/ops/dockerhub_token" --with-decryption --query "Parameter.Value" --output text | sudo docker login --username "$(sudo aws ssm get-parameter --name "/github-action-runners/ops/dockerhub_username" --with-decryption --query "Parameter.Value" --output text)" --password-stdin

echo "Login to ECR"
sudo aws ecr get-login-password | sudo docker login --username AWS --password-stdin ************.dkr.ecr.eu-west-1.amazonaws.com

echo "Move docker config.json to /home/ec2-user/.docker"
sudo mkdir -p /home/ec2-user/.docker
sudo mv /root/.docker/config.json /home/ec2-user/.docker/config.json
sudo chown ec2-user:ec2-user /home/ec2-user/.docker -R
sudo chmod g+rwx "/home/ec2-user/.docker" -R

There are workarounds with subshells and other methods, but they quickly become messy.

Proposed Solution

If var.custom_shell_commands is executed in a separate shell provisioner instead in the Packer templates, logging in and pulling can be done as ec2-user, and there is no need to move .docker/config.json around.
@espizo espizo linked a pull request Jun 18, 2024 that will close this issue
Draft
@github-actions GitHub Actions
Copy link
Contributor

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed if no further activity occurs. Thank you for your contributions.

@github-actions github-actions bot added the Stale label Oct 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
awaiting review Stale
Projects
None yet
Milestone
No milestone
2 participants
@espizo @stuartp44