Packer: docker-push post processor tries to push using invalid repo string (uses sha256:string from repositories.json)
FOR BUGS:
Packer fails to push using sha256 of repository, Matched sha to /var/lib/docker/image/aufs/repositories.json with correct details.
This completely breaks the docker post-processor to push to ECR
According to official docker docs , Usage: docker push [OPTIONS] NAME[:TAG] however
2016/03/02 16:37:02 ui: docker (docker-push): Pushing: sha256:2e18ee540e6941f218f27d8a38ae5b60bb9aaef3953ef23aa0d4cfa30ac82b35
2016/03/02 16:37:02 packer: 2016/03/02 16:37:02 Executing: /usr/bin/docker [push sha256:2e18ee540e6941f218f27d8a38ae5b60bb9aaef3953ef23aa0d4cfa30ac82b35]
the sha256 shown matches the sha256 in repositories.json next to the actual repository string which would work if used.
Source responsible
https://github.com/mitchellh/packer/blob/master/post-processor/docker-push/post-processor.go#L86-L102
name := artifact.Id()
if i := strings.Index(name, "/"); i >= 0 {
// This should always be true because the / is required. But we have
// to get the index to this so we don't accidentally strip off the port
if j := strings.Index(name[i:], ":"); j >= 0 {
name = name[:i+j]
}
}
ui.Message("Pushing: " + name)
if err := driver.Push(name); err != nil {
return nil, false, err
}
return nil, false, nil
}
Attempting decoupled from packer, same error.
[root@graphene packer_ansible]# docker push sha256:82b1e1e0e34c1aa59fe90287812a0867b184c1287313ea04c4dd80971e57e9fe
The push refers to a repository [docker.io/library/sha256]
Repository does not exist: sha256
- Packer Version
v0.9 - Host platform
Debian v8.3 - Debug log output from
PACKER_LOG=1 packer build template.json.
https://gist.github.com/russmac/83a99af39ad2474c2f57 - The simplest example template and scripts needed to reproduce the bug.
https://gist.github.com/russmac/5beb8fec9b101c005671
russmac
All 3 comments
Same issue with Packer 0.8.6
russmac
on 2 Mar 2016
Thanks for opening an issue. You are missing a pair of square braces in your post-processor section (you need a list of lists).
What this means that is that each post-processor is running directly against the output of the builder, rather than docker-push running against the result of docker-tag, and that is why you see docker-push trying to push the SHA.
If you look at the examples on the docker page you'll notice they have nested lists. (An extra set of [ ].)
This is not an intuitive failure mode. I see this issue come up fairly regularly and I thought this was a bug myself when I first encountered it.
The reason it works this way is because it allows us to use the result of a build more than once. So for example if you want to make a Vagrant .box _and_ a .tar file at the same time or tag a docker build as v1.2.3 _and_ staging or push to ECS _and_ DockerHub at the same time you can do that without having to run the build twice.
cbednarski
on 2 Mar 2016
Thankyou for explaining :).
russmac
on 3 Mar 2016
Related issues
tleyden
路
3Comments
frezbo
路
3Comments
DanielBo
路
3Comments
Tensho
路
3Comments
PartyImp
路
3Comments
Most helpful comment
Thanks for opening an issue. You are missing a pair of square braces in your post-processor section (you need a list of lists).
What this means that is that each post-processor is running directly against the output of the builder, rather than
docker-pushrunning against the result ofdocker-tag, and that is why you seedocker-pushtrying to push the SHA.If you look at the examples on the docker page you'll notice they have nested lists. (An extra set of
[ ].)This is not an intuitive failure mode. I see this issue come up fairly regularly and I thought this was a bug myself when I first encountered it.
The reason it works this way is because it allows us to use the result of a build more than once. So for example if you want to make a Vagrant
.box_and_ a.tarfile at the same time or tag a docker build asv1.2.3_and_stagingor push to ECS _and_ DockerHub at the same time you can do that without having to run the build twice.