docker login - error storing credentials - write permissions error
I had to remove my existing config.json file. It would not overwrite or modify the one that I had.
I found this question while trying to use ECR to get a Docker container running within a Jenkins pipeline on an AWS EC2 instance with an IAM Instance Profile. I found lots of information about creating, pushing, and pulling instances from ECR, but not running.
The goal is a Docker container with the specific Ruby and Ansible versions installed, with all the various dependencies like Gem files.
I found the following Jenkinsfile worked:
pipeline {
agent any
environment {
DOCKER_CONFIG = "${WORKSPACE}/docker.config"
}
stages {
stage('Build') {
steps {
sh("rm -rf ${DOCKER_CONFIG}")
sh("eval \$(aws ecr get-login --no-include-email | sed 's|https://||')")
withDockerContainer(args: '-v ${WORKSPACE}:/scripts -v ${HOME}/.aws:/root/.aws', image: 'image_name:latest') {
sh("ruby script.rb")
}
}
}
}
}
Notes:
- The Docker login command alters the .docker/config.json file, and it appears to fail in some cases with a write error. My guess is that it cannot handle some combination of existing configuration in the file and errors out. Using the DOCKER_CONFIG environment variable makes it create a new config file locally.
- Removing the ${DOCKER_CONFIG} directory may not be necessary, and could possibly take some extra time. However, I think it might avoid the case where the credentials stored there are stale.
- This must be installed: https://github.com/awslabs/amazon-ecr-credential-helper
- I found the eval statement solution here: Jenkins Amazon ECR: no basic auth credentials
You can remove the file docker-credential-osxkeychain
:
$ sudo rm /usr/local/bin/docker-credential-osxkeychain
For me the simplest solution was to create config.json file under .docker directory inside the user home directory:
~/home/.docker/config.json
Then I copied the content of this file from the server from where i was able to login to the docker hub.
{
"auths": {
"https://index.docker.io/v1/": {
"auth": "SOMEVALUE"
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/18.06.1-ce (linux)"
}
}