post-processors: FAIL to push image to ECR

[dsantanu]

Hi there,
I was wondering if anyone can give me a hand to understand why it's being failed to push the image to ECR. Below is my packer HCL file, with these two stepes under post-processors to tag and push:

packer {
  required_plugins {
    docker = {
      source  = "github.com/hashicorp/docker"
      version = "~> 1"
    }
  }
}
#
locals {
  timestamp = regex_replace(timestamp(), "[- TZ:]", "")
}
#
variable "img_name" {
  type    = string
}
variable "repo" {
  type    = string
}
#
source "docker" "al2023" {
  image  = "public.ecr.aws/amazonlinux/amazonlinux:2023"
  commit = true
}
#
build {
  name    = var.img_name
  sources = ["source.docker.al2023"]

  post-processors {
    post-processor "docker-tag" {
      repository = var.repo
      tags       = ["latest", local.timestamp]
    }

    post-processor "docker-push" {
      ecr_login           = true
      keep_input_artifact = false
      login_server        = var.repo
    }
  }
}

then I run packer as null_resource through terraform:

resource "null_resource" "packer" {
  depends_on = [aws_ecr_repository_policy.this]

  triggers = {
    ami_name = local.ami_name
  }

  provisioner "local-exec" {
    working_dir = "${path.module}/packer_build"
    command     = <<EOF
packer init ${path.module}/my_build.pkr.hcl && \
PACKER_LOG=1 packer build \
  -var ami_name=${local.img_name} \
  -var repo=${aws_ecr_repository.this.repository_url} \
  ${path.module}/my_build.pkr.hcl

if [ $? -eq 0 ]; then
  printf "\n[+]  Packer build SUCCEEDED!!\n"
else
  printf "\n[-]  Packer build FAILED!!! \n" >&2
  exit 1
fi
EOF
  }
}

which fails with:

│ ': exit status 1. Output: r-push): 79a6254fc7b1: Retrying in 7 seconds
│     znpexc-ibc-aut-20231009070233.docker.al2023 (docker-push):
│ 76ec60dbc4a7: Retrying in 6 seconds
│     znpexc-ibc-aut-20231009070233.docker.al2023 (docker-push):
│ 79a6254fc7b1: Retrying in 6 seconds
| ....
| ....
│     znpexc-ibc-aut-20231009070233.docker.al2023 (docker-push):
│ 79a6254fc7b1: Retrying in 1 second
│     znpexc-ibc-aut-20231009070233.docker.al2023 (docker-push):
│ EOF
│     znpexc-ibc-aut-20231009070233.docker.al2023 (docker-push):
│ Logging out...
│ 2023/10/09 07:03:36 packer-plugin-docker_v1.0.8_x5.0_linux_arm64 plugin:
│ 2023/10/09 07:03:36 Executing: /usr/bin/docker [--config
│ /tmp/packer1870521035 logout
│ 99xxxxxxxxxx.dkr.ecr.eu-west-2.amazonaws.com/znpexc-ibc-autbuild]
│     znpexc-ibc-aut-20231009070233.docker.al2023 (docker-push):
│ Removing login credentials for
│ 99xxxxxxxxxx.dkr.ecr.eu-west-2.amazonaws.com
│     znpexc-ibc-aut-20231009070233.docker.al2023 (docker-push):
│ Removing temporary Docker configuration directory
│ 2023/10/09 07:03:36 packer-plugin-docker_v1.0.8_x5.0_linux_arm64 plugin:
│ 2023/10/09 07:03:36 error: Bad exit status: 1
│ 2023/10/09 07:03:36 [INFO] (telemetry) ending docker-push
│
│ * Post-processor failed: Bad exit status: 1
│ ==> Wait completed after 1 minute 951 milliseconds
│ 2023/10/09 07:03:36 machine readable: error-count []string{"1"}
│ ==> Some builds didn't complete successfully and had errors:
│ 2023/10/09 07:03:36 machine readable:
│ znpexc-ibc-aut-20231009070233.docker.al2023,error []string{"1 error(s)
│ occurred:\n\n* Post-processor failed: Bad exit status: 1"}
│
│ * Post-processor failed: Bad exit status: 1
│ ==> Builds finished but no artifacts were created.
│ Build 'znpexc-ibc-aut-20231009070233.docker.al2023' errored after 1
│ minute 951 milliseconds: 1 error(s) occurred:
│
│ * Post-processor failed: Bad exit status: 1
│
│ ==> Wait completed after 1 minute 951 milliseconds
│
│ ==> Some builds didn't complete successfully and had errors:
│ --> znpexc-ibc-aut-20231009070233.docker.al2023: 1 error(s) occurred:
│
│ * Post-processor failed: Bad exit status: 1
│
│ ==> Builds finished but no artifacts were created.
│ 2023/10/09 07:03:36 [INFO] (telemetry) Finalizing.
│ 2023/10/09 07:03:36 waiting for all plugin processes to complete...
│ 2023/10/09 07:03:36
│ /home/santanu/.config/packer/plugins/github.com/hashicorp/docker/packer-plugin-docker_v1.0.8_x5.0_linux_arm64:
│ plugin process exited
│ 2023/10/09 07:03:36
│ /home/santanu/.config/packer/plugins/github.com/hashicorp/docker/packer-plugin-docker_v1.0.8_x5.0_linux_arm64:
│ plugin process exited
│ 2023/10/09 07:03:36
│ /home/santanu/.config/packer/plugins/github.com/hashicorp/docker/packer-plugin-docker_v1.0.8_x5.0_linux_arm64:
│ plugin process exited
│
│   [-]  Packer build FAILED!!!

Any idea what am I doing wrong here? It works perfectly okay with source type amazon-ebs, using assume_role{} configuration in place.

-S

[github-actions]

Hi 👋 thanks for reaching out.

For general questions we recommend reaching out to the [community forum](https://discuss.hashicorp.com/c/packer) for greater visibility.
As the GitHub issue tracker is only watched by a small subset of maintainers and is really reserved for bugs and enhancements, you'll have a better chance of finding someone who can help you in the forum.
We'll mark this issue as needs-reply to help inform maintainers that this question is awaiting a response.
If no activity is taken on this question within 30 days it will be automatically closed.

If you find the forum to be more helpful or if you've found the answer to your question elsewhere please feel free to post a response and close the issue.

[dsantanu]

I think, it's a bug: It fails the very same way if I ran packer by itself:

==> znpexc-ibc-aut-20231009203420.docker.al2023: Creating a temporary directory for sharing data...
==> znpexc-ibc-aut-20231009203420.docker.al2023: Pulling Docker image: public.ecr.aws/amazonlinux/amazonlinux:2023
2023/10/10 14:56:35 packer-plugin-docker_v1.0.8_x5.0_linux_arm64 plugin: 2023/10/10 14:56:35 Set Packer temp dir to /home/santanu/.config/packer/tmp3020070013
2023/10/10 14:56:35 packer-plugin-docker_v1.0.8_x5.0_linux_arm64 plugin: 2023/10/10 14:56:35 Executing: /usr/bin/docker [pull public.ecr.aws/amazonlinux/amazonlinux:2023]
    znpexc-ibc-aut-20231009203420.docker.al2023: 2023: Pulling from amazonlinux/amazonlinux
    znpexc-ibc-aut-20231009203420.docker.al2023: Digest: sha256:f11c9d2a038d1b658dac60a51222bfb7a5d3e04f919093528581f6ce41906b37
    znpexc-ibc-aut-20231009203420.docker.al2023: Status: Image is up to date for public.ecr.aws/amazonlinux/amazonlinux:2023
    znpexc-ibc-aut-20231009203420.docker.al2023: public.ecr.aws/amazonlinux/amazonlinux:2023
==> znpexc-ibc-aut-20231009203420.docker.al2023: Starting docker container...
    znpexc-ibc-aut-20231009203420.docker.al2023: Run command: docker run -v /home/santanu/.config/packer/tmp3020070013:/packer-files -d -i -t --entrypoint=/bin/sh -- public.ecr.aws/amazonlinux/amazonlinux:2023
2023/10/10 14:56:36 packer-plugin-docker_v1.0.8_x5.0_linux_arm64 plugin: 2023/10/10 14:56:36 Starting container with args: [run -v /home/santanu/.config/packer/tmp3020070013:/packer-files -d -i -t --entrypoint=/bin/sh -- public.ecr.aws/amazonlinux/amazonlinux:2023]
2023/10/10 14:56:36 packer-plugin-docker_v1.0.8_x5.0_linux_arm64 plugin: 2023/10/10 14:56:36 Waiting for container to finish starting
    znpexc-ibc-aut-20231009203420.docker.al2023: Container ID: 6bdcbfb60fd73d7bc260511ddb4fce2810d1092bc666103afcd2a9203daebcff
==> znpexc-ibc-aut-20231009203420.docker.al2023: Using docker communicator to connect: 172.17.0.2
2023/10/10 14:56:36 packer-plugin-docker_v1.0.8_x5.0_linux_arm64 plugin: 2023/10/10 14:56:36 Running the provision hook
==> znpexc-ibc-aut-20231009203420.docker.al2023: Committing the container
2023/10/10 14:56:36 packer-plugin-docker_v1.0.8_x5.0_linux_arm64 plugin: 2023/10/10 14:56:36 Committing container with args: [commit 6bdcbfb60fd73d7bc260511ddb4fce2810d1092bc666103afcd2a9203daebcff]
    znpexc-ibc-aut-20231009203420.docker.al2023: Image ID: sha256:dd281fedd51e82ecaa731fecaf627ff4befd462467a59433368379457b05f6f4
==> znpexc-ibc-aut-20231009203420.docker.al2023: Killing the container: 6bdcbfb60fd73d7bc260511ddb4fce2810d1092bc666103afcd2a9203daebcff
==> znpexc-ibc-aut-20231009203420.docker.al2023: Running post-processor:  (type docker-tag)
2023/10/10 14:56:37 [INFO] (telemetry) ending docker.al2023
2023/10/10 14:56:37 [INFO] (telemetry) Starting post-processor docker-tag
    znpexc-ibc-aut-20231009203420.docker.al2023 (docker-tag): Tagging image: sha256:dd281fedd51e82ecaa731fecaf627ff4befd462467a59433368379457b05f6f4
    znpexc-ibc-aut-20231009203420.docker.al2023 (docker-tag): Repository: <sensitive>:latest
    znpexc-ibc-aut-20231009203420.docker.al2023 (docker-tag): Tagging image: sha256:dd281fedd51e82ecaa731fecaf627ff4befd462467a59433368379457b05f6f4
    znpexc-ibc-aut-20231009203420.docker.al2023 (docker-tag): Repository: <sensitive>:20231010145634
2023/10/10 14:56:37 [INFO] (telemetry) ending docker-tag
2023/10/10 14:56:37 Flagging to keep original artifact from post-processor 'docker-tag'
2023/10/10 14:56:37 [INFO] (telemetry) Starting post-processor docker-push
==> znpexc-ibc-aut-20231009203420.docker.al2023: Running post-processor:  (type docker-push)
    znpexc-ibc-aut-20231009203420.docker.al2023 (docker-push): Creating temporary Docker configuration directory
    znpexc-ibc-aut-20231009203420.docker.al2023 (docker-push): Fetching ECR credentials...
2023/10/10 14:56:37 packer-plugin-docker_v1.0.8_x5.0_linux_arm64 plugin: 2023/10/10 14:56:37 Getting ECR token for account: 998380306071 in eu-west-2..
2023/10/10 14:56:37 packer-plugin-docker_v1.0.8_x5.0_linux_arm64 plugin: 2023/10/10 14:56:37 [INFO] AWS Auth provider used: "SharedCredentialsProvider"
2023/10/10 14:56:37 packer-plugin-docker_v1.0.8_x5.0_linux_arm64 plugin: 2023/10/10 14:56:37 Found region eu-west-2
2023/10/10 14:56:37 packer-plugin-docker_v1.0.8_x5.0_linux_arm64 plugin: 2023/10/10 14:56:37 [INFO] AWS authentication used: "SharedCredentialsProvider"
2023/10/10 14:56:37 packer-plugin-docker_v1.0.8_x5.0_linux_arm64 plugin: 2023/10/10 14:56:37 Successfully got login for ECR: <sensitive>
    znpexc-ibc-aut-20231009203420.docker.al2023 (docker-push): Logging in...
2023/10/10 14:56:37 packer-plugin-docker_v1.0.8_x5.0_linux_arm64 plugin: 2023/10/10 14:56:37 Executing: /usr/bin/docker [--config /tmp/packer296049404 login -u AWS --password-stdin <sensitive>]
    znpexc-ibc-aut-20231009203420.docker.al2023 (docker-push): Login Succeeded
    znpexc-ibc-aut-20231009203420.docker.al2023 (docker-push): WARNING! Your password will be stored unencrypted in /tmp/packer296049404/config.json.
    znpexc-ibc-aut-20231009203420.docker.al2023 (docker-push): Configure a credential helper to remove this warning. See
    znpexc-ibc-aut-20231009203420.docker.al2023 (docker-push): https://docs.docker.com/engine/reference/commandline/login/#credentials-store
    znpexc-ibc-aut-20231009203420.docker.al2023 (docker-push): Pushing: <sensitive>:20231010145634
2023/10/10 14:56:37 packer-plugin-docker_v1.0.8_x5.0_linux_arm64 plugin: 2023/10/10 14:56:37 Executing: /usr/bin/docker [--config /tmp/packer296049404 push <sensitive>:20231010145634]
    znpexc-ibc-aut-20231009203420.docker.al2023 (docker-push): The push refers to repository [<sensitive>]
    znpexc-ibc-aut-20231009203420.docker.al2023 (docker-push): 5392f2132bbf: Preparing
    znpexc-ibc-aut-20231009203420.docker.al2023 (docker-push): 79a6254fc7b1: Preparing
    .... <goes for a min or so> ....
    znpexc-ibc-aut-20231009203420.docker.al2023 (docker-push): 5392f2132bbf: Retrying in 1 second
    znpexc-ibc-aut-20231009203420.docker.al2023 (docker-push): 79a6254fc7b1: Retrying in 1 second
    znpexc-ibc-aut-20231009203420.docker.al2023 (docker-push): EOF
    znpexc-ibc-aut-20231009203420.docker.al2023 (docker-push): Logging out...
2023/10/10 14:57:28 packer-plugin-docker_v1.0.8_x5.0_linux_arm64 plugin: 2023/10/10 14:57:28 Executing: /usr/bin/docker [--config /tmp/packer296049404 logout <sensitive>]
    znpexc-ibc-aut-20231009203420.docker.al2023 (docker-push): Removing login credentials for 998380306071.dkr.ecr.eu-west-2.amazonaws.com
    znpexc-ibc-aut-20231009203420.docker.al2023 (docker-push): Removing temporary Docker configuration directory
2023/10/10 14:57:28 [INFO] (telemetry) ending docker-push

* Post-processor failed: Bad exit status: 1
Build 'znpexc-ibc-aut-20231009203420.docker.al2023' errored after 53 seconds 42 milliseconds: 1 error(s) occurred:

* Post-processor failed: Bad exit status: 1

==> Wait completed after 53 seconds 43 milliseconds
2023/10/10 14:57:28 packer-plugin-docker_v1.0.8_x5.0_linux_arm64 plugin: 2023/10/10 14:57:28 error: Bad exit status: 1
==> Wait completed after 53 seconds 43 milliseconds
2023/10/10 14:57:28 machine readable: error-count []string{"1"}
==> Some builds didn't complete successfully and had errors:
2023/10/10 14:57:28 machine readable: znpexc-ibc-aut-20231009203420.docker.al2023,error []string{"1 error(s) occurred:\n\n* Post-processor failed: Bad exit status: 1"}

* Post-processor failed: Bad exit status: 1
==> Builds finished but no artifacts were created.
2023/10/10 14:57:28 [INFO] (telemetry) Finalizing.

==> Some builds didn't complete successfully and had errors:
--> znpexc-ibc-aut-20231009203420.docker.al2023: 1 error(s) occurred:

* Post-processor failed: Bad exit status: 1

==> Builds finished but no artifacts were created.
2023/10/10 14:57:28 waiting for all plugin processes to complete...
2023/10/10 14:57:28 /home/santanu/.config/packer/plugins/github.com/hashicorp/docker/packer-plugin-docker_v1.0.8_x5.0_linux_arm64: plugin process exited
2023/10/10 14:57:28 /home/santanu/.config/packer/plugins/github.com/hashicorp/docker/packer-plugin-docker_v1.0.8_x5.0_linux_arm64: plugin process exited
2023/10/10 14:57:28 /home/santanu/.config/packer/plugins/github.com/hashicorp/docker/packer-plugin-docker_v1.0.8_x5.0_linux_arm64: plugin process exited

It's logs in to the repo just fine but then fails without giving any helpful information. I did see some commnet from @rickard-von-essen on this issue before, stating native support has been added - is there anything still missing in that area? Can any one help pls?

[nywilken]

Hi @dsantanu this looks like it might be a possible documentation bug. Looking at the provided template I don't see any login information for the docker push post-processor. I don't recall if it defaults to using the environment variables or set aws profile.

Have you tried specifying login credentials via aws_access_key and aws_secret_key?

The post-processor uses a different auth library for AWS so the credentials may not work the same way when using the AWS source builder. That said I believe once you provide credentials things should work as expected. Alternatively you can specify the aws_profile attribute to use any selected profile. Below is an example

build {
  name = "docker-push-ecr-public"
  sources = [
    "source.docker.ubuntu-bionic"
  ]

  post-processors {
    post-processor "docker-tag" {
      repository = "public.ecr.aws/j9y7g6y8/dev_hc_pkr_dkr_test_1"
      tags       = ["packer-rocks", "burrito-boi"]
    }

    post-processor "docker-push" {
      ecr_login    = true
      aws_profile  = "default"
      login_server = "https://public.ecr.aws/j9y7g6y8/dev_hc_pkr_dkr_test_1"
    }
  }
}

[github-actions]

Hi,

This issue has not received any update in the last 3 weeks, and will automatically be closed in 7 days if it does not receive any activity by then.

If you find the community forum to be more helpful or if you've found the answer to your question elsewhere please feel free to post a response and close the issue.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.