我在哪里放置 Docker awslogs 日志驱动程序的 `.aws/credentials`(并避免 NoCredentialProviders)?
[英]Where do I put `.aws/credentials` for Docker awslogs log-driver (and avoid NoCredentialProviders)?
问题描述
The Docker awslogs documentation states: 
Docker awslogs 文档指出:
the default AWS shared credentials file (~/.aws/credentials of the root user)
Yet if I copy my AWS credentials file there:然而,如果我在那里复制我的 AWS credentials文件:
sudo bash -c 'mkdir -p $HOME/.aws; cp .aws/credentials $HOME/.aws/credentials'
... and then try to use the driver: ...然后尝试使用驱动程序:
docker run --log-driver=awslogs --log-opt awslogs-group=neiltest-deleteme --rm hello-world
The result is still the dreaded error:结果仍然是可怕的错误:
docker: Error response from daemon: failed to initialize logging driver: failed to create Cloudwatch log stream: NoCredentialProviders: no valid providers in chain.
Where does this file really need to go?这个文件真的需要去哪里? Is it because the Docker daemon isn't running as root but rather some other user and, if so, how do I determine that user?是因为 Docker 守护进程不是以 root 身份运行,而是以其他用户身份运行,如果是,我如何确定该用户?
NOTE: I can work around this on systems using systemd by setting environment variables .注意:我可以通过设置环境变量在使用 systemd 的系统上解决这个问题。 But this doesn't work on Google CloudShell where the Docker daemon has been started by some other method.但这在 Docker 守护进程已通过其他方法启动的 Google CloudShell 上不起作用。
1 个解决方案
解决方案1
0 已采纳 2022-12-22 16:53:12
Ah ha: I figured it out and tested this on Debian Linux (on my Chromebook w/ Linux VM and Google CloudShell):啊哈:我想通了并在 Debian Linux 上测试了它(在我的 Chromebook w/Linux VM 和 Google CloudShell 上):
The.aws folder must be in the root folder of the root user not in the $HOME folder! .aws 文件夹必须在root用户的根文件夹中,而不是在$HOME文件夹中!
Based on that I was able to successfully run the following:基于此,我能够成功运行以下命令:
pushd $HOME; sudo bash -c 'mkdir -p /.aws; cp .aws/* /.aws/'; popd
docker run --log-driver=awslogs --log-opt awslogs-region=us-east-1 --log-opt awslogs-group=neiltest-deleteme --rm hello-world
I initially figured this all out by looking at the Docker daemon's process information:我最初是通过查看 Docker 守护进程的进程信息来弄明白这一切的:
DOCKERD_PID=$(ps -A | grep dockerd | grep -Eo '[0-9]+' | head -n 1)
sudo cat /proc/$DOCKERD_PID/environ
The confusing bit is that Docker's documentation here is wrong:令人困惑的是这里的 Docker 文档是错误的:
the default AWS shared credentials file (~/.aws/credentials of the root user)
The true location is /.aws/credentials .真正的位置是/.aws/credentials 。 I believe this is because the daemon starts before $HOME is actually defined since it's not running as a user process.我相信这是因为守护进程在实际定义$HOME之前启动,因为它不是作为用户进程运行的。 So starting a shell as root will tell you a different story for tilde or $HOME :因此,以 root 身份启动 shell 将告诉您波浪号或$HOME的不同情况:
sudo sh -c 'cd ~/; echo $PWD'
That outputs /root but using /root/.aws/credentials does not work!输出/root但使用/root/.aws/credentials不起作用!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.