[英]Where do I put `.aws/credentials` for Docker awslogs log-driver (and avoid NoCredentialProviders)?
The Docker awslogs documentation states: Docker awslogs 文档指出:
the default AWS shared credentials file (~/.aws/credentials of the root user)
默认的 AWS 共享凭证文件(root 用户的 ~/.aws/credentials)
Yet if I copy my AWS credentials
file there:然而,如果我在那里复制我的 AWS
credentials
文件:
sudo bash -c 'mkdir -p $HOME/.aws; cp .aws/credentials $HOME/.aws/credentials'
... and then try to use the driver: ...然后尝试使用驱动程序:
docker run --log-driver=awslogs --log-opt awslogs-group=neiltest-deleteme --rm hello-world
The result is still the dreaded error:结果仍然是可怕的错误:
docker: Error response from daemon: failed to initialize logging driver: failed to create Cloudwatch log stream: NoCredentialProviders: no valid providers in chain.
docker:来自守护程序的错误响应:无法初始化日志记录驱动程序:无法创建 Cloudwatch 日志流:NoCredentialProviders:链中没有有效的提供程序。 Deprecated.
已弃用。 For verbose messaging see aws.Config.CredentialsChainVerboseErrors.
有关详细消息传递,请参阅 aws.Config.CredentialsChainVerboseErrors。
Where does this file really need to go?这个文件真的需要去哪里? Is it because the Docker daemon isn't running as root but rather some other user and, if so, how do I determine that user?
是因为 Docker 守护进程不是以 root 身份运行,而是以其他用户身份运行,如果是,我如何确定该用户?
NOTE: I can work around this on systems using systemd by setting environment variables .注意:我可以通过设置环境变量在使用 systemd 的系统上解决这个问题。 But this doesn't work on Google CloudShell where the Docker daemon has been started by some other method.
但这在 Docker 守护进程已通过其他方法启动的 Google CloudShell 上不起作用。
Ah ha: I figured it out and tested this on Debian Linux (on my Chromebook w/ Linux VM and Google CloudShell):啊哈:我想通了并在 Debian Linux 上测试了它(在我的 Chromebook w/Linux VM 和 Google CloudShell 上):
The.aws folder must be in the root folder of the root user not in the $HOME
folder! .aws 文件夹必须在root用户的根文件夹中,而不是在
$HOME
文件夹中!
Based on that I was able to successfully run the following:基于此,我能够成功运行以下命令:
pushd $HOME; sudo bash -c 'mkdir -p /.aws; cp .aws/* /.aws/'; popd
docker run --log-driver=awslogs --log-opt awslogs-region=us-east-1 --log-opt awslogs-group=neiltest-deleteme --rm hello-world
I initially figured this all out by looking at the Docker daemon's process information:我最初是通过查看 Docker 守护进程的进程信息来弄明白这一切的:
DOCKERD_PID=$(ps -A | grep dockerd | grep -Eo '[0-9]+' | head -n 1)
sudo cat /proc/$DOCKERD_PID/environ
The confusing bit is that Docker's documentation here is wrong:令人困惑的是这里的 Docker 文档是错误的:
the default AWS shared credentials file (~/.aws/credentials of the root user)
默认的 AWS 共享凭证文件(root 用户的 ~/.aws/credentials)
The true location is /.aws/credentials
.真正的位置是
/.aws/credentials
。 I believe this is because the daemon starts before $HOME
is actually defined since it's not running as a user process.我相信这是因为守护进程在实际定义
$HOME
之前启动,因为它不是作为用户进程运行的。 So starting a shell as root will tell you a different story for tilde or $HOME
:因此,以 root 身份启动 shell 将告诉您波浪号或
$HOME
的不同情况:
sudo sh -c 'cd ~/; echo $PWD'
That outputs /root
but using /root/.aws/credentials
does not work!输出
/root
但使用/root/.aws/credentials
不起作用!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.