Comments (9)
fabianschurz
commented on June 16, 2024
Same here, i guess that is because the provider uses the image id instead of the digest. Actually i'm pulingl the images to see the image id via docker image inspect TAG | grep Id since i did not manage to found a more elegant solution/workaround.
I wish the provider to allow the use of the digest which is the "new" way since docker registry v2.
from terraform-provider-docker.
viceice
commented on June 16, 2024
@fabianschurz Workarounf / Solution:
resource "docker_image" "nginx" {
name = "nginx:1.18.0-alpine@sha256:29dc24ed982665eb88598e0129e4ec88c2049fafc63125a4a640dd67529dc6d4"
}
resource "docker_container" "nginx" {
name = "nginx-example"
image = docker_image.nginx
restart = "unless-stopped"
start = true
}from terraform-provider-docker.
suzuki-shunsuke
commented on June 16, 2024
I could reproduce the problem.
According to the document, docker_image.name supports an image digest, but actually doesn't work well.
https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs/resources/image#name
name - (Required, string) The name of the Docker image, including any tags or SHA256 repo digests.
$ terraform version
Terraform v0.14.9
+ provider registry.terraform.io/kreuzwerker/docker v2.11.0resource "docker_image" "nginx" {
name = "nginx:1.18.0@sha256:0c56c40f232f41c1b8341c3cc055c8b528cb6decefd7f7c8506e2d30bb9678b6"
}
terraform {
required_providers {
docker = {
source = "kreuzwerker/docker"
version = "2.11.0"
}
}
}
provider "docker" {
}We can pull the Docker image by docker pull command, but terraform apply failed.
$ terraform apply
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# docker_image.nginx will be created
+ resource "docker_image" "nginx" {
+ id = (known after apply)
+ latest = (known after apply)
+ name = "nginx:1.18.0@sha256:0c56c40f232f41c1b8341c3cc055c8b528cb6decefd7f7c8506e2d30bb9678b6"
+ output = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
docker_image.nginx: Creating...
Error: Unable to read Docker image into resource: Unable to find or pull image nginx:1.18.0@sha256:0c56c40f232f41c1b8341c3cc055c8b528cb6decefd7f7c8506e2d30bb9678b6
on main.tf line 1, in resource "docker_image" "nginx":
1: resource "docker_image" "nginx" {
$ docker pull "nginx:1.18.0@sha256:0c56c40f232f41c1b8341c3cc055c8b528cb6decefd7f7c8506e2d30bb9678b6"
docker.io/library/nginx@sha256:0c56c40f232f41c1b8341c3cc055c8b528cb6decefd7f7c8506e2d30bb9678b6: Pulling from library/nginx
e95f33c60a64: Pull complete
8b052b3c1a10: Pull complete
a4f5d275d76e: Pull complete
926c236b9574: Pull complete
f049360d30a6: Pull complete
Digest: sha256:0c56c40f232f41c1b8341c3cc055c8b528cb6decefd7f7c8506e2d30bb9678b6
Status: Downloaded newer image for nginx@sha256:0c56c40f232f41c1b8341c3cc055c8b528cb6decefd7f7c8506e2d30bb9678b6
docker.io/library/nginx:1.18.0@sha256:0c56c40f232f41c1b8341c3cc055c8b528cb6decefd7f7c8506e2d30bb9678b6Error: Unable to read Docker image into resource: Unable to find or pull image nginx:1.18.0@sha256:0c56c40f232f41c1b8341c3cc055c8b528cb6decefd7f7c8506e2d30bb9678b6
Debug Log
Terraform will perform the following actions:
# docker_image.nginx will be created
+ resource "docker_image" "nginx" {
+ id = (known after apply)
+ latest = (known after apply)
+ name = "nginx:1.18.0@sha256:0c56c40f232f41c1b8341c3cc055c8b528cb6decefd7f7c8506e2d30bb9678b6"
+ output = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
2021/03/25 20:45:49 [INFO] backend/local: apply calling Apply
2021/03/25 20:45:49 [INFO] terraform: building graph: GraphTypeApply
2021/03/25 20:45:49 [DEBUG] Resource state not found for node "docker_image.nginx", instance docker_image.nginx
2021/03/25 20:45:49 [DEBUG] ProviderTransformer: "docker_image.nginx (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/kreuzwerker/docker"]
2021/03/25 20:45:49 [DEBUG] ProviderTransformer: "docker_image.nginx" (*terraform.NodeApplyableResourceInstance) needs provider["registry.terraform.io/kreuzwerker/docker"]
2021/03/25 20:45:49 [DEBUG] ReferenceTransformer: "docker_image.nginx (expand)" references: []
2021/03/25 20:45:49 [DEBUG] ReferenceTransformer: "docker_image.nginx" references: []
2021/03/25 20:45:49 [DEBUG] ReferenceTransformer: "provider[\"registry.terraform.io/kreuzwerker/docker\"]" references: []
2021/03/25 20:45:49 [DEBUG] Starting graph walk: walkApply
2021-03-25T20:45:49.372+0900 [INFO] plugin: configuring client automatic mTLS
2021-03-25T20:45:49.398+0900 [DEBUG] plugin: starting plugin: path=.terraform/providers/registry.terraform.io/kreuzwerker/docker/2.11.0/darwin_amd64/terraform-provider-docker_v2.11.0 args=[.terraform/providers/registry.terraform.io/kreuzwerker/docker/2.11.0/darwin_amd64/terraform-provider-docker_v2.11.0]
2021-03-25T20:45:49.401+0900 [DEBUG] plugin: plugin started: path=.terraform/providers/registry.terraform.io/kreuzwerker/docker/2.11.0/darwin_amd64/terraform-provider-docker_v2.11.0 pid=46423
2021-03-25T20:45:49.401+0900 [DEBUG] plugin: waiting for RPC address: path=.terraform/providers/registry.terraform.io/kreuzwerker/docker/2.11.0/darwin_amd64/terraform-provider-docker_v2.11.0
2021-03-25T20:45:49.423+0900 [INFO] plugin.terraform-provider-docker_v2.11.0: configuring server automatic mTLS: timestamp=2021-03-25T20:45:49.422+0900
2021-03-25T20:45:49.448+0900 [DEBUG] plugin: using plugin: version=5
2021-03-25T20:45:49.448+0900 [DEBUG] plugin.terraform-provider-docker_v2.11.0: plugin address: address=/var/folders/w0/kzjzgvd52wg5s4jy5h0lcyqh0000gn/T/plugin437404858 network=unix timestamp=2021-03-25T20:45:49.448+0900
2021-03-25T20:45:49.504+0900 [WARN] plugin.stdio: received EOF, stopping recv loop: err="rpc error: code = Unimplemented desc = unknown service plugin.GRPCStdio"
docker_image.nginx: Creating...
2021/03/25 20:45:49 [DEBUG] EvalApply: ProviderMeta config value set
2021/03/25 20:45:49 [DEBUG] docker_image.nginx: applying the planned Create change
2021-03-25T20:45:50.409+0900 [DEBUG] plugin.terraform-provider-docker_v2.11.0: 2021/03/25 20:45:50 [DEBUG] pulled image nginx:1.18.0@sha256:0c56c40f232f41c1b8341c3cc055c8b528cb6decefd7f7c8506e2d30bb9678b6: {"status":"Pulling from library/nginx","id":"docker.io/library/nginx@sha256:0c56c40f232f41c1b8341c3cc055c8b528cb6decefd7f7c8506e2d30bb9678b6"}
2021-03-25T20:45:50.409+0900 [DEBUG] plugin.terraform-provider-docker_v2.11.0: {"status":"Digest: sha256:0c56c40f232f41c1b8341c3cc055c8b528cb6decefd7f7c8506e2d30bb9678b6"}
2021-03-25T20:45:50.409+0900 [DEBUG] plugin.terraform-provider-docker_v2.11.0: {"status":"Status: Image is up to date for nginx@sha256:0c56c40f232f41c1b8341c3cc055c8b528cb6decefd7f7c8506e2d30bb9678b6"}
2021/03/25 20:45:50 [DEBUG] docker_image.nginx: apply errored, but we're indicating that via the Error pointer rather than returning it: Unable to read Docker image into resource: Unable to find or pull image nginx:1.18.0@sha256:0c56c40f232f41c1b8341c3cc055c8b528cb6decefd7f7c8506e2d30bb9678b6
Error: Unable to read Docker image into resource: Unable to find or pull image nginx:1.18.0@sha256:0c56c40f232f41c1b8341c3cc055c8b528cb6decefd7f7c8506e2d30bb9678b6
on main.tf line 1, in resource "docker_image" "nginx":
1: resource "docker_image" "nginx" {
2021-03-25T20:45:50.504+0900 [DEBUG] plugin: plugin process exited: path=.terraform/providers/registry.terraform.io/kreuzwerker/docker/2.11.0/darwin_amd64/terraform-provider-docker_v2.11.0 pid=46423
2021-03-25T20:45:50.504+0900 [DEBUG] plugin: plugin exited
terraform-provider-docker/internal/provider/resource_docker_image_funcs.go
Lines 125 to 135 in 6b0f977
terraform-provider-docker/internal/provider/resource_docker_image_funcs.go
Lines 178 to 190 in 6b0f977
from terraform-provider-docker.
suzuki-shunsuke
commented on June 16, 2024
I found that a Docker image tag 1.18.0 isn't included in RepoDigests.
$ docker inspect "nginx:1.18.0@sha256:0c56c40f232f41c1b8341c3cc055c8b528cb6decefd7f7c8506e2d30bb9678b6" | ag -A 3 RepoDigests
"RepoDigests": [
"nginx@sha256:0c56c40f232f41c1b8341c3cc055c8b528cb6decefd7f7c8506e2d30bb9678b6"
],
"Parent": "",from terraform-provider-docker.
suzuki-shunsuke
commented on June 16, 2024
If we remove the image tag, then it works well.
resource "docker_image" "nginx" {
# remove `:1.18.0`
# name = "nginx:1.18.0@sha256:0c56c40f232f41c1b8341c3cc055c8b528cb6decefd7f7c8506e2d30bb9678b6"
name = "nginx@sha256:0c56c40f232f41c1b8341c3cc055c8b528cb6decefd7f7c8506e2d30bb9678b6"
}
terraform {
required_providers {
docker = {
source = "kreuzwerker/docker"
version = "2.11.0"
}
}
}
provider "docker" {
}$ terraform apply
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# docker_image.nginx will be created
+ resource "docker_image" "nginx" {
+ id = (known after apply)
+ latest = (known after apply)
+ name = "nginx@sha256:0c56c40f232f41c1b8341c3cc055c8b528cb6decefd7f7c8506e2d30bb9678b6"
+ output = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
docker_image.nginx: Creating...
docker_image.nginx: Creation complete after 5s [id=sha256:2dd397812ae1957ba18df0a62f0bcfa4ea3150027deab92cef0adf80803d0853nginx@sha256:0c56c40f232f41c1b8341c3cc055c8b528cb6decefd7f7c8506e2d30bb9678b6]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.from terraform-provider-docker.
fabianschurz
commented on June 16, 2024
But still the provider uses the image id not the digest from docker hub, or am i wrong?
When i use the digest from docker hub i get an error that the image could not be found. If i use the image id then it works as expected but i have to pull the image before and inspect it to get the image id because it's not being shown in docker hub.
I did not define a docker image resource instead i directly wrote the SHA into double quotes after the equals sign of image.
resource "docker_container" "portainer" {
image = "sha256:96a1c6cc3d158fac0b5be75382b9b24d0a89ed5db7a59a3442d01556c139fff1" # portainer/portainer-ce:2.1.1
If i insert the digest there i get an error as already said. But i did not try to define the image via image resource.
@suzuki-shunsuke
Does your configuration work with the digest?
from terraform-provider-docker.
suzuki-shunsuke
commented on June 16, 2024
docker_container.image is not an image digest but an image id.
It's documented.
https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs/resources/container#image
image - (Required, string) The ID of the image to back this container. The easiest way to get this value is to use the docker_image resource as is shown in the example above.
from terraform-provider-docker.
suzuki-shunsuke
commented on June 16, 2024
I have created a pull request to fix #52 (comment) .
from terraform-provider-docker.
fabianschurz
commented on June 16, 2024
Yeah but to get the image id i need to pull the actual image. The digest is what's being shown in the docker hub so it should be possible to use it
from terraform-provider-docker.
Related Issues (20)
- Support for automatic spell-checking
- Docker Containers Destroyed if Stopped When Refreshing State HOT 2
- Authentication fails on docker hub
- provider ignoring context if a dockerfile exists in the current directory
- `docker_regsitry_iamge` is not able to pull image metadata from a private registry
- Creation of docker container failed (python image) HOT 1
- `docker_image` doesn't build specified platform
- Lambda consistently fails the FIRST pull from ECR after `docker_image_registry` completed uploading `docker_image` HOT 1
- Support for `docker image import`
- Feat: Support buildtime Secrets
- docker_container devices forces resource replacement at all times HOT 10
- Support for detachable containers
- Conditionally rebuild image
- feat: Add support for additional docker_image build contexts
- Flaky `Error response from daemon: Conflict, cannot remove the default link name of the container` on `terraform destroy`
- Support for VolumeOptions.Subpath in docker_container.mounts.volume_options HOT 1
- Support for Docker Cluster Volumes
- Error during pushing image to GCP Artifact Registry, Unable to create image, image not found: unable to get digest: Got bad response from registry: 405 Method Not Allowed
- Error when pushing ECR public registry: `unable to get digest: Got bad response from registry: 400 Bad Request`
- Support for error message when service didn't converge
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-provider-docker.