Comments (15)
Maybe copying ~/.dockercfg
to /root/.dockercfg
would work? Deimos runs as root
, directly under the slave. There doesn't seem to be much documentation on how to control which .dockercfg
file is used for authentication; the name of the file itself turns up only one hit in the Docker docs:
https://www.google.com/#q=site:docs.docker.com+.dockercfg
from deimos.
@solidsnack thank you for getting back to me. I'm pretty sure I tried copying the file over to /root/.dockercfg and it didn't work. I'll confirm today and get back to you.
Is supporting authenticating with a private registry something that you would like to support in deimos directly by calling the docker 'login' command prior to pull, as opposed to relying on the presence of a .dockercfg file? If so, I'd be happy to take a shot at adding it.
from deimos.
No dice when copying the file to /root/.dockercfg, still get a 403 when pulling.
Just for the hell of it, I hardcoded a "docker login" call right before the pull in docker.py and did a find for the .dockercfg file. It ended up being placed in:
/tmp/mesos/slaves/20140703-141945-16842879-5050-9288-0/frameworks/20140703-141945-16842879-5050-9288-0000/executors/ubuntu_0-1404399606067/runs/15363f63-5689-49e2-8038-fc5d45ab34d4/.dockercfg
from deimos.
It'd be great to have support for it. Given what you've discovered, I'm really not sure what the best way to add it is -- logging in every time seems like a bad pattern -- but I'd be happy to accept what you come up with.
Maybe the right thing to do is have Deimos copy a specific .dockercfg
into .
?
from deimos.
@solidsnack that would do the trick. The only way that I can think of providing the contents of the .dockercfg file to deimos is via an attribute in deimos.cfg. Perhaps base64 encoding a valid dockercfg file and providing it as a setting? When the executor sets up the working directory deimos can write the contents to the file. The .dockercfg file format allows the specification of credentials for multiple registries, so a global value for the dockercfg files should be able to hold login info for all of the containers expected to be deployed across the cluster.
Does that sound like an acceptable approach? It's definitely a kludgy solution but the authentication interface with docker doesn't leave a while lot of options.
from deimos.
Would it not be better to simply configure Deimos with a path to the .dockercfg
file?
[docker.index]
dockercfg = /etc/dockercfg
Base64 encoding the file and inlining it would seem to have at the least the disadvantage that one is forced to treat the Deimos configuration file as a holder of secure credentials.
from deimos.
Yes, that would be better.
from deimos.
Haven't tested the code in 73b8872 but it's a start. Could you look it over and maybe give it a shot?
from deimos.
@solidsnack I just tried out that commit but still received a 403. It looks like the docker pull is being executed prior to the dockercfg being placed. I traced it down to somewhere is this block: https://github.com/mesosphere/deimos/blob/dockercfg/deimos/docker.py#L20-L27 . Their is a comment which says "Forces external call to pre-fetch image".
I tried moving the 'self.place_dockercfg()' call right before https://github.com/mesosphere/deimos/blob/dockercfg/deimos/containerizer/docker.py#L123, but https://github.com/mesosphere/deimos/blob/dockercfg/deimos/containerizer/docker.py#L328 is evaluating to false, so the config file is not set.
from deimos.
There was a bug in the config loader.
I've pushed a new branch with your changes and the fix to the config file reader.
diff --git a/deimos/config.py b/deimos/config.py
index 097a1f2..ab58a1e 100644
--- a/deimos/config.py
+++ b/deimos/config.py
@@ -189,6 +189,9 @@ def parse(f):
del parsed["containers.options"]
if len(containers) > 0:
parsed["containers"] = Containers(**containers)
+ if "docker.index" in parsed:
+ parsed["index"] = parsed["docker.index"]
+ del parsed["docker.index"]
return _Struct(**parsed)
diff --git a/deimos/containerizer/docker.py b/deimos/containerizer/docker.py
index ac1155c..3b750a6 100644
--- a/deimos/containerizer/docker.py
+++ b/deimos/containerizer/docker.py
@@ -120,14 +120,14 @@ class Docker(Containerizer, _Struct):
else:
env += mesos_env() + [("MESOS_DIRECTORY", self.workdir)]
+ self.place_dockercfg()
+
runner_argv = deimos.docker.run(run_options, image, launchy.argv,
env=env, ports=launchy.ports,
cpus=cpus, mems=mems)
log_mesos_env(logging.DEBUG)
- self.place_dockercfg()
-
observer = None
with open("stdout", "w") as o: # This awkward multi 'with' is a
with open("stderr", "w") as e: # concession to 2.6 compatibility
from deimos.
Just tried and received the following error:
Jul 8 18:24:38 vagrant deimos[4456]: deimos.containerizer.docker.launch()
Jul 8 18:24:38 vagrant deimos[4456]: deimos.state.lock() request // launch EX (60s)
Jul 8 18:24:38 vagrant deimos[4456]: deimos.state.lock() success // launch EX (60s)
Jul 8 18:24:38 vagrant deimos[4456]: deimos.containerizer.docker.launch() eid = ubuntu_0-1404843876386
Jul 8 18:24:38 vagrant deimos[4456]: deimos.containerizer.docker.launch() mesos = 50de9b28-f781-481e-a14d-8bcb2e0c54f2
Jul 8 18:24:38 vagrant deimos[4456]: deimos.docker.matching_image_for_host() call // bash -c '#012 set -o errexit -o nounset -o pipefail#012 ( source /etc/os-release && tr A-Z a-z <<<"$ID#011$VERSION_ID" )#012 '
Jul 8 18:24:38 vagrant deimos[4456]: deimos.docker.matching_image_for_host() exit 0 // bash -c '#012 set -o errexit -o nounset -o pipefail#012 ( source /etc/os-release && tr A-Z a-z <<<"$ID#011$VERSION_ID" )#012 '
Jul 8 18:24:38 vagrant deimos[4456]: deimos.docker.matching_image_for_host() STDOUT // ubuntu#01114.04
Jul 8 18:24:38 vagrant deimos[4456]: deimos.cli() Unhandled failure in launch#012Traceback (most recent call last):#012 File "/srv/deimos/deimos/__init__.py", line 73, in cli#012 result = deimos.containerizer.stdio(containerizer, *argv[1:])#012 File "/srv/deimos/deimos/containerizer/__init__.py", line 97, in stdio#012 return method(recordio.read(proto), *args[1:])#012 File "/srv/deimos/deimos/containerizer/docker.py", line 72, in launch#012 image = self.determine_image(url, launchy)#012 File "/srv/deimos/deimos/containerizer/docker.py", line 314, in determine_image#012 default = self.image_from_system_context(launchy)#012 File "/srv/deimos/deimos/containerizer/docker.py", line 324, in image_from_system_context#012 return deimos.docker.matching_image_for_host(**opts)#012 File "/srv/deimos/deimos/docker.py", line 123, in matching_image_for_host#012 return image_token("%s:%s" % (distro, release), *args, **kwargs)#012TypeError: image_token() got an unexpected keyword argument 'dockercfg'
Jul 8 18:24:38 vagrant mesos-slave[4354]: E0708 18:24:38.612555 4371 slave.cpp:2310] Container '50de9b28-f781-481e-a14d-8bcb2e0c54f2' for executor 'ubuntu_0-1404843876386' of framework '20140703-141945-16842879-5050-9288-0000' failed to start: Could not launch container '50de9b28-f781-481e-a14d-8bcb2e0c54f2': External containerizer failed (status: 8)
I'm going to try and debug now ...
from deimos.
@jschneiderhan How is this working out for you today?
from deimos.
I just tried 95a7677, which is HEAD of the index-config-fixes branch, and it worked perfectly
from deimos.
This made it in to 0.4.0
from deimos.
Great. This will be super-useful for people using a private registry. I'm going to close the issue as my use case is now met. Thanks @solidsnack!
from deimos.
Related Issues (20)
- deimos not picking up additional options for the run command from config HOT 1
- TypeError exception during launch HOT 3
- How to map service port to the random port? HOT 6
- Possible to run any docker container? HOT 3
- Status code not being returned by conteinerizer
- Support Images with Entrypoint defined HOT 17
- Error when trying to start mesos-slave with bad path for containerizer_path HOT 1
- Mesos with Spark trying to download non-existent libmesos/ubuntu:14.04 HOT 21
- Use Deimos for only Marathon HOT 2
- Container info in /cgroups on CentOS 6.5 HOT 4
- -p option doesn't work as documented HOT 1
- Mesos environment variables not set when task_info specified
- More than just docker? HOT 3
- Hooks to run tasks after container launch / shutdown HOT 5
- Container flaps between 'Staging' and 'Running' => can't download a package HOT 4
- Question: How does port pairing work? HOT 1
- Deimos should not override workdir HOT 1
- Customize docker run arguments HOT 2
- Deimos insists on ate least one pull per image
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from deimos.