docker containers - missing attribute - docker

I needed a custom centos image with docker installed. So I built it using centos image and tagged it custom (shown below).
$ docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
centos custom 84766562f881 4 hours ago 664MB
centos/systemd latest 05d3c1e2d0c1 7 weeks ago 202MB
I am trying to deploy couple of containers using Terraform on my local machine, each with a unique name that comes from another file. The docker images are on local machine. Here's the TF code.
$ cat main.tf
provider "docker" {
}
resource "docker_image" "centos" {
name = "centos:custom"
}
resource "docker_container" "app_swarm" {
image = "${docker_image.centos.custom}"
count = "${length(var.docker_cont)}"
name = "${element(var.docker_cont, count.index)}"
}
When I run terraform apply, I get this error which I am not sure how to fix. Can someone point me in the right direction please?
Error: Error running plan: 1 error(s) occurred:
* docker_container.app_swarm: 3 error(s) occurred:
* docker_container.app_swarm[0]: Resource 'docker_image.centos' does not have attribute 'custom' for variable 'docker_image.centos.custom'
* docker_container.app_swarm[1]: Resource 'docker_image.centos' does not have attribute 'custom' for variable 'docker_image.centos.custom'
* docker_container.app_swarm[2]: Resource 'docker_image.centos' does not have attribute 'custom' for variable 'docker_image.centos.custom'
Yes, the other file exists with names, its a simple list.
EDIT:
Thanks David, tried your suggestion and amended the code to look like-
provider "docker" {
}
resource "docker_image" "centos" {
name = "centos:custom"
}
resource "docker_container" "app_swarm" {
image = "${docker_image.centos.latest}"
count = "${length(var.docker_cont)}"
name = "${element(var.docker_cont, count.index)}"
}
But now I get this error.
Error: Error applying plan:
1 error(s) occurred:
* docker_image.centos: 1 error(s) occurred:
* docker_image.centos: Unable to read Docker image into resource: Unable to pull image centos:custom: error pulling image centos:custom: Error response from daemon: manifest for centos:custom not found
I guess I will have to setup a local Docker repository to get this working but I am not sure?

You can only use the specific fields listed in the docker_image resource documentation in the ${docker_image.centos...} interpolation. In particular, even though you don't use the tag :latest, you need a .latest property reference:
image = "${docker_image.centos.latest}"
(If the image actually is one you've built locally, you may also want to specify the keep_locally option on your docker_image resource so that terraform destroy won't delete it.)

Related

Bazel's container_pull failing to pull aws-cli image

tldr; When I try to pull an AWS-CLI image from Docker Hub using Bazel, I'm getting odd 404 errors. Pulling other images in the same way works fine.
I'm trying to use Bazel in my monorepo to (among many other things) create several Docker images. One of the Docker images I'm creating uses the verified AWS CLI image as a base.
I'm following along with the rules_docker documentation along with examples provided in that repo.
WORKSPACE File:
load("#bazel_tools//tools/build_defs/repo:http.bzl", "http_file")
load("#bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
http_archive(
name = "io_bazel_rules_docker",
sha256 = "b1e80761a8a8243d03ebca8845e9cc1ba6c82ce7c5179ce2b295cd36f7e394bf",
urls = ["https://github.com/bazelbuild/rules_docker/releases/download/v0.25.0/rules_docker-v0.25.0.tar.gz"],
)
load(
"#io_bazel_rules_docker//repositories:repositories.bzl",
container_repositories = "repositories",
)
container_repositories()
load("#io_bazel_rules_docker//repositories:deps.bzl", container_deps = "deps")
container_deps()
load(
"#io_bazel_rules_docker//container:container.bzl",
"container_pull",
)
load("#io_bazel_rules_docker//contrib:dockerfile_build.bzl",
"dockerfile_image")
container_pull(
name = "alpine_linux_amd64",
digest = "sha256:954b378c375d852eb3c63ab88978f640b4348b01c1b3456a024a81536dafbbf4",
registry = "index.docker.io",
repository = "library/alpine",
# tag field is ignored since digest is set
tag = "3.8",
)
container_pull(
name = "aws_cli",
digest = "sha256:abb7e318502e78ec99d85bfa0121d5fbc11d8c49bb95f7f12db0b546ebd5ff99",
registry = "index.docker.io",
repository = "library/amazon",
# tag field is ignored since digest is set
tag = "2.9.9",
)
http_file(
name = "sam_archive",
downloaded_file_path = "aws-sam-cli-linux-x86_64.zip",
sha256 = "74264b224f133461e324e7877ed8218fe38ac2320ba498024f0c297de7bb3e95",
urls = [
"https://github.com/aws/aws-sam-cli/releases/download/v1.67.0/aws-sam-cli-linux-x86_64.zip",
],
)
And BUILD file:
load("#io_bazel_rules_docker//container:container.bzl", "container_image", "container_layer")
load("#io_bazel_rules_docker//contrib:test.bzl", "container_test")
load("#io_bazel_rules_docker//docker/util:run.bzl", "container_run_and_commit")
# Includes the aws-cli installation archive
container_image(
name = "aws_cli",
base = "#aws_cli//image"
)
container_image(
name = "basic_alpine",
base = "#alpine_linux_amd64//image",
cmd = ["Hello World!"],
entrypoint = ["echo"],
)
Building basic_alpine works fine:
$ bazel build //:basic_alpine
INFO: Analyzed target //:basic_alpine (0 packages loaded, 0 targets configured).
INFO: Found 1 target...
Target //:basic_alpine up-to-date:
bazel-bin/basic_alpine-layer.tar
INFO: Elapsed time: 1.140s, Critical Path: 0.99s
INFO: 50 processes: 16 internal, 34 linux-sandbox.
INFO: Build completed successfully, 50 total actions
Admittedly new to Bazel and maybe I'm not doing this correctly, but building aws_cli fails:
$ bazel build //:aws_cli
INFO: Repository aws_cli instantiated at:
/home/jdibling/repos/stream-ai.io/products/filedrop/monorepo/WORKSPACE:38:15: in <toplevel>
Repository rule container_pull defined at:
/home/jdibling/.cache/bazel/_bazel_jdibling/4ce73e7de2c4ac9889a94fb9b2da25fc/external/io_bazel_rules_docker/container/pull.bzl:294:33: in <toplevel>
ERROR: An error occurred during the fetch of repository 'aws_cli':
Traceback (most recent call last):
File "/home/jdibling/.cache/bazel/_bazel_jdibling/4ce73e7de2c4ac9889a94fb9b2da25fc/external/io_bazel_rules_docker/container/pull.bzl", line 240, column 13, in _impl
fail("Pull command failed: %s (%s)" % (result.stderr, " ".join([str(a) for a in args])))
Error in fail: Pull command failed: 2022/12/23 08:31:25 Running the Image Puller to pull images from a Docker Registry...
2022/12/23 08:31:29 Image pull was unsuccessful: reading image "index.docker.io/library/amazon#sha256:abb7e318502e78ec99d85bfa0121d5fbc11d8c49bb95f7f12db0b546ebd5ff99": GET https://index.docker.io/v2/library/amazon/manifests/sha256:abb7e318502e78ec99d85bfa0121d5fbc11d8c49bb95f7f12db0b546ebd5ff99: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:library/amazon Type:repository]]
(/home/jdibling/.cache/bazel/_bazel_jdibling/4ce73e7de2c4ac9889a94fb9b2da25fc/external/go_puller_linux_amd64/file/downloaded -directory /home/jdibling/.cache/bazel/_bazel_jdibling/4ce73e7de2c4ac9889a94fb9b2da25fc/external/aws_cli/image -os linux -os-version -os-features -architecture amd64 -variant -features -name index.docker.io/library/amazon#sha256:abb7e318502e78ec99d85bfa0121d5fbc11d8c49bb95f7f12db0b546ebd5ff99)
ERROR: /home/jdibling/repos/stream-ai.io/products/filedrop/monorepo/WORKSPACE:38:15: fetching container_pull rule //external:aws_cli: Traceback (most recent call last):
File "/home/jdibling/.cache/bazel/_bazel_jdibling/4ce73e7de2c4ac9889a94fb9b2da25fc/external/io_bazel_rules_docker/container/pull.bzl", line 240, column 13, in _impl
fail("Pull command failed: %s (%s)" % (result.stderr, " ".join([str(a) for a in args])))
Error in fail: Pull command failed: 2022/12/23 08:31:25 Running the Image Puller to pull images from a Docker Registry...
2022/12/23 08:31:29 Image pull was unsuccessful: reading image "index.docker.io/library/amazon#sha256:abb7e318502e78ec99d85bfa0121d5fbc11d8c49bb95f7f12db0b546ebd5ff99": GET https://index.docker.io/v2/library/amazon/manifests/sha256:abb7e318502e78ec99d85bfa0121d5fbc11d8c49bb95f7f12db0b546ebd5ff99: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:library/amazon Type:repository]]
(/home/jdibling/.cache/bazel/_bazel_jdibling/4ce73e7de2c4ac9889a94fb9b2da25fc/external/go_puller_linux_amd64/file/downloaded -directory /home/jdibling/.cache/bazel/_bazel_jdibling/4ce73e7de2c4ac9889a94fb9b2da25fc/external/aws_cli/image -os linux -os-version -os-features -architecture amd64 -variant -features -name index.docker.io/library/amazon#sha256:abb7e318502e78ec99d85bfa0121d5fbc11d8c49bb95f7f12db0b546ebd5ff99)
ERROR: /home/jdibling/repos/stream-ai.io/products/filedrop/monorepo/BUILD:6:16: //:aws_cli depends on #aws_cli//image:image in repository #aws_cli which failed to fetch. no such package '#aws_cli//image': Pull command failed: 2022/12/23 08:31:25 Running the Image Puller to pull images from a Docker Registry...
2022/12/23 08:31:29 Image pull was unsuccessful: reading image "index.docker.io/library/amazon#sha256:abb7e318502e78ec99d85bfa0121d5fbc11d8c49bb95f7f12db0b546ebd5ff99": GET https://index.docker.io/v2/library/amazon/manifests/sha256:abb7e318502e78ec99d85bfa0121d5fbc11d8c49bb95f7f12db0b546ebd5ff99: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:library/amazon Type:repository]]
(/home/jdibling/.cache/bazel/_bazel_jdibling/4ce73e7de2c4ac9889a94fb9b2da25fc/external/go_puller_linux_amd64/file/downloaded -directory /home/jdibling/.cache/bazel/_bazel_jdibling/4ce73e7de2c4ac9889a94fb9b2da25fc/external/aws_cli/image -os linux -os-version -os-features -architecture amd64 -variant -features -name index.docker.io/library/amazon#sha256:abb7e318502e78ec99d85bfa0121d5fbc11d8c49bb95f7f12db0b546ebd5ff99)
ERROR: Analysis of target '//:aws_cli' failed; build aborted: Analysis failed
INFO: Elapsed time: 4.171s
INFO: 0 processes.
FAILED: Build did NOT complete successfully (0 packages loaded, 0 targets configured)
Just a quick sanity check - should that be library/amazonlinux? AFAICT library/amazon does not exist. However, that one does not have a tag with the sha265 that you specify.
The link you have in the intro is for the amazon/aws-cli image, which does have that tag, so maybe that's the one that you mean to pull?

unable to define ssh key when using terraform to create linux vm

I'm trying to use terraform to create linux vm. what I see online is pretty straight forward
resource "tls_private_key" "this" {
for_each = local.worker_env_map
algorithm = "RSA"
rsa_bits = 4096
}
resource "azurerm_linux_virtual_machine" "example" {
name = "worker-machine"
resource_group_name = "rogertest"
location = "australiaeast"
size = "Standard_D2_v4"
admin_username = data.azurerm_key_vault_secret.kafkausername.value
network_interface_ids = [
azurerm_network_interface.example.id,
]
admin_ssh_key {
username = "adminuser"
public_key = tls_private_key.this["env1"].public_key_openssh
}
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "18_04-lts-gen2"
version = "latest"
}
}
but i'm keep getting this error
Code="InvalidParameter" Message="Destination path for SSH public keys is currently limited to its default value /home/kafkaadmin/.ssh/authorized_keys due to a known issue in Linux provisioning agent."
Target="linuxConfiguration.ssh.publicKeys.path"
but I'm following as exactly outline on this page?
https://learn.microsoft.com/en-us/azure/virtual-machines/linux/quick-create-terraform
I tired to reproduce the same issue in my environment and got the below results
This is the error I am getting for destination path for SSH public keys are currently limited to its default value, destination path on the VM for the SSH keys if the file is already exist the specific keys are appended to the file
If we need a non-default location for public keys then at the moment, the only way is to create our own custom solution.
I have used the below command to create own path for keys
az vm create --resource-group rg_name --name myVM --image UbuntuLTS --admin-username user_name --generate-ssh-keys --ssh-dest-key-path './'
I have the Linux-vm terraform code using this Document
I have followed the below steps to execute the file
terraform init
Using the above command it will initialize the file
terraform plan
This will creates an execution plan and it will preview the changes that terraform plans to make the infrastructure it will show the monitoring and email notification rules
terraform apply
This will creates or updates the infrastructure depending on the configuration and also creates the metric rules for the flexible server
I am able to see the created Linux-virtual machine
NOTE: For creating Linux-vm we can use this terraform Document also for reference

How to skip TLS cert check for crictl (containerd CR) while pulling the images from private repository

I have installed k8s 1.24 version and containerd (containerd://1.5.9) is the CR for my setup (ubuntu 20.04).
I have also installed docker on my VM and have added my private repository under /etc/docker/daemon.json with the following changes:
{ "insecure-registries" : ["myPvtRepo.com:5028"] }
When I am running docker pull myPvtRepo:123/image after login to my pvt repo by using docker login myPvtRepo:123 command, I am able to pull the images while running the same command with crictl pull myPvtRepo:123/image, I am facing:
E0819 06:49:01.200489 162610 remote_image.go:218] "PullImage from
image service failed" err="rpc error: code = Unknown desc = failed to
pull and unpack image "myPvtRepo.com:5028/centos:latest": failed to
resolve reference "myPvtRepo.com:5028/centos:latest": failed to do
request: Head https://myPvtRepo.com::5028/v2/centos/manifests/latest:
x509: certificate signed by unknown authority"
image="myPvtRepo.com::5028/centos:latest" FATA[0000] pulling image:
rpc error: code = Unknown desc = failed to pull and unpack image
"myPvtRepo.com::5028/centos:latest": failed to resolve reference
"myPvtRepo.com:5028/centos:latest": failed to do request: Head
https://myPvtRepo.com::5028/v2/centos/manifests/latest: x509:
certificate signed by unknown authority
FYI, I have modified /etc/containerd/config.toml with below content.
version = 2
[plugin."io.containerd.grpc.v1.cri".registry.configs."myPvtRepo.com:5028".tls]
insecure_skip_verify = true
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://myPvtRepo.com:5028", "https://myPvtRepo.com:5038", "https://myPvtRepo.com:5037",
"https://myPvtRepo.com:5039"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."IP:5000"]
endpoint = ["http://IP:5000"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."IP:5000"]
endpoint = ["http://IP:5000"]
I have also modified containerd's endpoint to point to containerd's sock.
Can you please help me out to understand and fix that even after setting insecure_skip_verify = true for my pvt repository and restarting the containerd service why I am getting this issue.
I got a solution:
cd /usr/local/share/ca-certificates/
curl -L --remote-name http://your-artifacts.com/xyz-bundle.crt
/usr/sbin/update-ca-certificates
This one work for me.
Also make sure to update your endpoints under /etc/crictl.yaml
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: ""
timeout: 0
debug: false
pull-image-on-create: false
disable-pull-on-run: false
You will need to specify the hosts.toml file for the private registry and add skip-verify = true.
ref: https://github.com/containerd/containerd/blob/main/docs/hosts.md
Steps:
create folders: mkdir -p /etc/containerd/certs.d/<your registry>
add these config in /etc/containerd/config.toml:
[plugins."io.containerd.grpc.v1.cri".registry]
config_path = "/etc/containerd/certs.d"
create and edit hosts.toml under the just created folder
server = "https://<your registry>"
[host."https://<your registry>"]
capabilities = ["pull", "resolve"]
skip_verify = true

Terraform: "Error: Reference to undeclared resource when calling modules from terragrunt" in Azure

I'm trying to use terragrunt for the first time. I have followed the directory structure referred to https://terratest.gruntwork.io/docs/getting-started/quick-start/. I wanted to ret gid of duplicate main.tf, outputs.tf, and vars.tf that I have been using inside my environment folders. Below are the version and error that I'm facing. Any help would be greatly appreciated. Thanks in advance.
Terragrunt version
terragrunt version v0.23.10
Terraform version
Terraform v0.12.24
Directory Structure
terraform-live/
├── prod
│ └── resource_group
│ ├── main.tf
│ └── terragrunt.hcl
└── terragrunt.hcl
contents of terraform-live/terragrunt.hcl
backend = "azurerm"
config = {
key = "${path_relative_to_include()}/terraform.tfstate"
resource_group_name = "common-rg"
storage_account_name = "testsa01"
container_name = "tfstate"
}
}
contents of terraform-live/prod/resource_group/main.tf
backend "azurerm" {}
}
contents of terraform-live/prod/resource_group/terragrunt.hcl
terraform {
source = "git::git#github.com:adi4dpeople/terraform_modules.git//resource_group?ref=v0.0.1"
}
# Include all settings from the root terragrunt.hcl file
include {
path = find_in_parent_folders()
}
# These are the variables we have to pass in to use the module specified in the terragrunt configuration above
inputs = {
location = "westus"
rg_name = "testrg01"
}
When i run terragrunt plan, i get the following error:
[terragrunt] 2020/04/24 22:24:39 Reading Terragrunt config file at /home/aditya/terraform-live/prod/resource_group/terragrunt.hcl
[terragrunt] [/home/aditya/terraform-live/prod/resource_group] 2020/04/24 22:24:39 Running command: terraform --version
[terragrunt] 2020/04/24 22:24:44 Terraform files in /home/aditya/terraform-live/prod/resource_group/.terragrunt-cache/Hovi5Z9TKrGgHU_Lf1P2xFmhkm0/4M87gZKvnrwMknqj9CwuSBSfiHk/resource_group are up to date. Will not download again.
[terragrunt] 2020/04/24 22:24:44 Copying files from /home/aditya/terraform-live/prod/resource_group into /home/aditya/terraform-live/prod/resource_group/.terragrunt-cache/Hovi5Z9TKrGgHU_Lf1P2xFmhkm0/4M87gZKvnrwMknqj9CwuSBSfiHk/resource_group
[terragrunt] 2020/04/24 22:24:44 Setting working directory to /home/aditya/terraform-live/prod/resource_group/.terragrunt-cache/Hovi5Z9TKrGgHU_Lf1P2xFmhkm0/4M87gZKvnrwMknqj9CwuSBSfiHk/resource_group
[terragrunt] [/home/aditya/terraform-live/prod/resource_group] 2020/04/24 22:24:44 Backend azurerm has not changed.
[terragrunt] [/home/aditya/terraform-live/prod/resource_group] 2020/04/24 22:24:44 Running command: terraform init -backend-config=access_key=xxxxxxxxxxxx -backend-config=container_name=tfstate -backend-config=key=prod/resource_group/terraform.tfstate -backend-config=resource_group_name=testrg01 -backend-config=storage_account_name=testsa01
Initializing the backend...
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
[terragrunt] 2020/04/24 22:24:52 Running command: terraform plan
Acquiring state lock. This may take a few moments...
Error: Reference to undeclared resource
on outputs.tf line 2, in output "id":
2: value = azurerm_resource_group.rg.id
A managed resource "azurerm_resource_group" "rg" has not been declared in the
root module.
Error: Reference to undeclared resource
on outputs.tf line 6, in output "name":
6: value = azurerm_resource_group.rg.name
A managed resource "azurerm_resource_group" "rg" has not been declared in the
root module.
Releasing state lock. This may take a few moments...
[terragrunt] 2020/04/24 22:25:01 Hit multiple errors:
exit status 1
aditya#LAPTOP-6C2MPJDV:~/terraform-live/prod/resource_group$
I have solved my problem with this GitHub issue on terragrunt
https://github.com/gruntwork-io/terragrunt/issues/1151
I faced a similar issue when trying to create assign a pull role to an Azure Kubernetes cluster to pull images from an Azure container registry using a Managed system identity
Azure role assignment (outputs.tf file)
output "acr_id" {
value = azure_container_registry.acr.id
}
This was put in a module directory called azure-role-assignment
However, when I call the module output file in my Test environment (main.tf file):
# Create azure container registry
module "azure_container_registry" {
source = "../modules/azure-container-registry"
container_registry_name = var.container_registry_name
resource_group_name = var.resource_group_name
location = var.location
sku = var.sku
admin_enabled = var.admin_enabled
}
# Create azure role assignment
module "azure_role_assignment" {
source = "../modules/azure-role-assignment"
scope = module.azure_container_registry.acr_id
role_definition_name = var.role_definition_name
principal_id = module.azure_kubernetes_cluster.principal_id
}
However, when I run terraform apply, I get the error:
Error: Reference to undeclared resource
on ../modules/azure-container-registry/outputs.tf line 2, in output "acr_id":
2: value = azure_container_registry.acr.id
A managed resource "azure_container_registry" "acr" has not been declared in
module.azure_container_registry.
Here's how I solved it:
The issue was from how I defined the value of the arc_id in the outputs.tf file. Instead of this:
Azure role assignment (outputs.tf file)
output "acr_id" {
value = azure_container_registry.acr.id
}
It should be this:
Azure role assignment (`outputs.tf` file)
output "acr_id" {
value = azurerm_container_registry.acr.id
}
That is azurerm_container_registry.acr.id and not azure_container_registry.acr.id
That's all.
I hope this helps

Hadoop/Yarn Docker-Container-Executor fails because of "Invalid docker rw mount"

I am trying to execute the simple example for the Hadoop/Yarn (Version: 2.9.1) Docker-Container-Executor:
vars="YARN_CONTAINER_RUNTIME_TYPE=docker,YARN_CONTAINER_RUNTIME_DOCKER_IMAGE=hadoop-docker"
hadoop jar hadoop-examples.jar pi -Dyarn.app.mapreduce.am.env=$vars -Dmapreduce.map.env=$vars -Dmapreduce.reduce.env=$vars 10 100
Unfortunately the job fails with the following exception:
Failing this attempt.Diagnostics: [2018-09-08 22:23:54.288]Exception from container-launch.
Container id: container_1536441225683_0004_02_000001
Exit code: 29
Exception message: Invalid docker rw mount '/tmp/hadoop-hadoop/nm-local-dir/usercache/hadoop/appcache/application_1536441225683_0004/:/tmp/hadoop-hadoop/nm-local-dir/usercache/hadoop/appcache/application_1536441225683_0004/', realpath=/tmp/hadoop-hadoop/nm-local-dir/usercache/hadoop/appcache/application_1536441225683_0004/
Error constructing docker command, docker error code=14, error message='Invalid docker read-write mount'
Anybody has an idea how to solve the Invalid docker read-write mount?
Solved by adding this directory to property docker.allowed.rw-mounts in etc/hadoop/container-executor.cfg. If you get error message for multiple directories they need to be added comma seperated.
In my case:
docker.allowed.rw-mounts=/usr/local/hadoop/,/var/hadoop/yarn/local-dir,/var/hadoop/yarn/log-dir,/tmp/hadoop-hadoop/

Resources