Cannot pull images from AWS ECR (login does not seem to work properly)
See original GitHub issueI’m currently using docker-py 3.7.0 on an Ubuntu VM running Docker version 17.09.0-ce.
I’m having difficulty in what appears to be properly logging into docker. I’ve tried to get the AWS ECR credentials one of two ways: via boto3 and calling a subprocess for aws ecr get-login
.
What happens is that when I try and pull an image, I get the dreaded
repository does not exist or may require ‘docker login’
message.
I invoke this script with sudo (eg. sudo ./myscript.py
). If, prior to running the script, I run
aws ecr get-login --no-include-email --region us-west2
and then run the results with sudo
, the script will properly run.
I’ve tried variations and even used reauth
during login. When I do that, I get the response
http://localhost:None “POST /v1.35/auth HTTP/1.1” 200 48 login_results {‘IdentityToken’: ‘’, ‘Status’: ‘Login Succeeded’}
I’ve even deleted the ~/.docker/config.json file but this doesn’t help (a new file isn’t even written).
here is a code snippet of what I’m doing for the login. It’s a little messy right now since I’ve been trying permutations
command = "aws ecr get-login --no-include-email --region us-west-2"
p = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE,stderr=subprocess.PIPE)
(out, err) = p.communicate()
outstr = out.decode("utf-8")
errstr = err.decode("utf-8")
if p.returncode == 0:
# Remove prefix
outstr = outstr.lstrip('docker login ')
parts = outstr.split(' ')
print(parts)
# -u
username = parts[1].strip()
# -p
password = parts[3].strip()
registry_url = parts[len(parts)-1].strip()
else:
print(p.returncode)
'''
token = ecr_client.get_authorization_token()
username, password = base64.b64decode(token['authorizationData'][0]['authorizationToken']).decode('utf-8').split(":")
registry_url = token['authorizationData'][0]['proxyEndpoint']
'''
print('username {}'.format(username))
print('password {}'.format(password))
print('registry_url {}'.format(registry_url))
docker_client = docker.from_env()
treg = registry_url + '/'
login_results = docker_client.login(username=username, password=password, reauth=True, registry=treg)
print('login_results {}'.format(login_results))
Issue Analytics
- State:
- Created 5 years ago
- Comments:16
Top GitHub Comments
Okay, I ran some experiments the last few days. Had to deal with the 12 hour AWS ECR ticket so it took a little longer to do.
It does seem that there is an issue with docker-py.
Based on my findings, I can either use
boto3
or run a sub-process calling the command line toaws ecr
. However the only permutation that seems to work with the following steps.docker login
. This will result in theconfig.json
file being updated (not sure if this has any relevance at all or not).docker_client = docker.from_env()
. I have found doing this prior to the sub-process results in it not working properly (unless you have an already validconfig.json
docker_client.login(username=username, password=password, registry=registry_url)
Whether or not this is expected or not or if I’m doing something wrong, I don’t know. This is what I’ve come up with as steps that work.
Looks like this is still an issue? My workaround has been to wrap the whole thing in a context manager that clears out the config.json first, then does the work, and finally returns it to the original state. It’s not pretty but it does the job. (updated to use the decorator)