Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

awslogs logging driver - NoCredentialProviders: no valid providers in chain #9684

Closed
catalingavan opened this issue Dec 3, 2020 · 6 comments
Closed

awslogs logging driver - NoCredentialProviders: no valid providers in chain #9684

catalingavan opened this issue Dec 3, 2020 · 6 comments
Labels
lifecycle/locked lifecycle/stale

Comments

@catalingavan
Copy link

catalingavan commented Dec 3, 2020
edited
Loading

Hello,

I am using Docker on Windows (Docker Desktop).

I have a docker-compose.yml on which I want to enable awslogs logging driver:

version: "3"
services:
    zookeeper:
        image: confluentinc/cp-zookeeper:6.0.0
        container_name: zookeeper
        hostname: zookeeper
        ports:
          - "2181:2181"
        environment:
            ZOOKEEPER_CLIENT_PORT: 2181
            ZOOKEEPER_TICK_TIME: 2000
            AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID}
            AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY}
            AWS_SESSION_TOKEN: ${AWS_SESSION_TOKEN}
        logging:
            driver: awslogs
            options:
                awslogs-region: eu-west-1
                awslogs-group: zookeeper-logs

Under %userprofile%\.aws I have valid, working aws credentials:

/C:\Users\catalin.gavan\.aws
├── config
└── credentials

When I try to build and run the containers, I get the following error:

C:\Users\catalin.gavan\Work\DockerApp>
docker-compose up

Creating network "dockerapp_default" with the default driver
Creating zookeeper ... error                                                                                                                                                              
ERROR: for zookeeper  Cannot start service zookeeper: failed to initialize logging driver: failed to create Cloudwatch log stream: NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors

ERROR: for zookeeper  Cannot start service zookeeper: failed to initialize logging driver: failed to create Cloudwatch log stream: NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors
ERROR: Encountered errors while bringing up the project.

The CloudWatch zookeeper-logs logs group already exists. The AWS profile which I am using has full access, and has already been tested with different scenarios.

The problem seems to be caused by Docker Desktop (Windows) daemon, which cannot read the .aws credentials.

The same problem has been reported:

image

Thank you
@ndeloof
Copy link

ndeloof commented Dec 3, 2020

Hi,
can you please clarify your deployment target ?

  • If you deploy to an EC2 server and have a docker context / DOCKER_HOST set to point to this EC2 instance, then your AWS credentials should be set on this node.
  • If you run locally on Docker Desktop, then awslog driver is not supported out-of-the box. this driver require AWS credentials to be set for root user who runs the docker daemon, and Docker Descktop does not do the magic you're used to for your local AWS config to be applied to daemon.

@catalingavan
Copy link
Author

Hi,

I am trying to run this locally, on my Windows 10 using Docker Desktop.

Yes, I know that the AWS credentials needs to be passed to the Docker daemon.
The question is, how? Is there a workaround?
Or this feature is not available for Windows no matter what?

I managed to make the same code work on a Ubuntu machine by following this article: https://wdullaer.com/blog/2016/02/28/pass-credentials-to-the-awslogs-docker-logging-driver-on-ubuntu/

Thanks

@ndeloof
Copy link

ndeloof commented Dec 3, 2020

You could hack into the Docker Desktop virtual machine, but I would not recommend this approach.
Other than that, I'd say this is not supported

@catalingavan
Copy link
Author

Thanks! Do you know if this will be supported in the feature?
Does the hack involve some changes in the \\wsl$\docker-desktop location? Or it would be something too complicated?

image

@docker-robott
Copy link
Collaborator

Issues go stale after 90 days of inactivity.
Mark the issue as fresh with /remove-lifecycle stale comment.
Stale issues will be closed after an additional 30 days of inactivity.

Prevent issues from auto-closing with an /lifecycle frozen comment.

If this issue is safe to close now please do so.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle stale

@docker-robott
Copy link
Collaborator

Closed issues are locked after 30 days of inactivity.
This helps our team focus on active issues.

If you have found a problem that seems similar to this, please open a new issue.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle locked

@docker docker locked and limited conversation to collaborators May 2, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
lifecycle/locked lifecycle/stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ndeloof @docker-robott @catalingavan