This is question about Google Container VM Image(beta) https://cloud.google.com/compute/docs/containers/vm-image/
I logged in a instance made by Container VM image. And run:
sudo /usr/share/google/dockercfg_update.sh
That script above does docker login
to private container registry.
It causes error:
/usr/share/google/dockercfg_update.sh: 27: cannot create /root/.dockercfg: Read-only file system
/root
directory seems to be read-only in the container-vm.
How can I docker login
by root user?
Since /root is read-only, your credentials cannot be stored there. You can add a non-root user to 'docker' group and run /usr/share/google/dockercfg_update.sh
and docker login
as that user.
From https://cloud.google.com/compute/docs/containers/vm-image/#accessing_private_google_container_registry
$ sudo usermod -a -G docker ${USER}
$ exec sudo su ${USER}
$ /usr/share/google/dockercfg_update.sh
$ docker pull gcr.io/YOUR_PROJECT/YOUR_IMAGE
How can I 'docker login' by root user
If you must invoke docker login
or /usr/share/google/dockercfg_update.sh
as root
user (not recommended), a hacky way is to prefix HOME=/home/chronos/
to your commands. Ex:
# as 'root' user
$ HOME=/home/chronos/ /usr/share/google/dockercfg_update.sh
$ HOME=/home/chronos/ docker pull gcr.io/YOUR_PROJECT/YOUR_IMAGE
/root
is read-only, so you can't run docker commands because you are not able to store the docker config (or any other files) generated by any authentication methods.
The solution is to run the docker commands as another user in order to save docker config properly.
Below are the steps to follow:
1) authenticate to Container Registry on a system where Cloud SDK is not available:
With an existing user (MYUSER
):
sudo -u MYUSER docker-credential-gcr configure-docker
With a new generated user (NEWUSER
):
sudo useradd -m NEWUSER
sudo -u NEWUSER docker-credential-gcr configure-docker
The -u
flag executes the command as the specified user.
docker-credential-gcr configure-docker
stores your credentials in your user home directory (an alternative to docker login
). This way, you can use Docker's command-line tool to interact directly with Container Registry.
2) Create the docker group (if not exists) and add your user (required with NEWUSER
or MYUSER
with no permission to run Docker's commands):
sudo groupadd docker
sudo usermod -aG docker NEWUSER
3) If needed, restart the docker daemon:
sudo systemctl restart docker
In the end, you can access the docker images placed in your private container registry as MYUSER
or NEWUSER
. If you would like to run dockers:
sudo -u MYUSER docker run ........
The commands reported here work fine also in a startup-script and without the requirement of passwords.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With