Docker Community Forums

Share and learn in the Docker community.

Docker Enterprise 3.0 Beta - Exercise 2.1 install errors on GovCloud

I’ve followed the guide provided via email “Docker Enterprise 3.0 Public Beta Exercises” specifically Exercise 2.1: Docker Certified Infrastructure to and created a cluster.yml file so that I can use docker cluster create. However, the create does not succeed.

Note that I’ve setup the AWS CLI and am pulling the access key and secret from a custom profile into env vars. I’ve also run through the other prereq steps such as testing Docker Hub login. I already use GovCloud and created these creds specifically with the 5 required IAM permissions described in the Google Doc.

My setup mirrors the YAML file provided in the example except for one change (region from us-east-1 to us-gov-west-1):

variable:
  region: us-gov-west-1
  subscription_url: https://storebits.docker.com/ee/m/sub-xxx
  ucp_password:
    type: "prompt"

provider:
  aws:
    region: ${region}

cluster:
  engine:
    url: ${subscription_url}
    version: "ee-test-19.03"
  ucp:
    version: "docker/ucp:3.2.0-beta4"
    username: "admin"
    password: ${ucp_password}
  dtr:
    version: "docker/dtr:2.7.0-beta4"
 
resource:
  aws_instance:
    managers:
      quantity: 1
    registry:
      quantity: 1

Note that here I have xxx’d out the ID portion of the subscription_url but it matches what’s provided in the My Content section on Docker Hub.

When I try to create this cluster it fails. It looks like the Docker CLI is running terraform apply which is then failing. Here’s sample output with debug log which shows the 4 errors that occur (related to AMIs and AZs):

$ docker cluster --log-level debug create
Please provide a value for ucp_password:
DEBU[0004] Image Ref: sha256:49ac8843ff076ac49815fbdf42c2648a347f958093804c784619d7810f7d87dc
DEBU[0004] Generating public/private rsa key pair.
DEBU[0004] Your identification has been saved in /data/keys/ssh/id_rsa.
DEBU[0004] Your public key has been saved in /data/keys/ssh/id_rsa.pub.
DEBU[0004] The key fingerprint is:
DEBU[0004] SHA256:xxx
DEBU[0004] The key's randomart image is:
DEBU[0004] +---[RSA 2048]----+
DEBU[0004] xxx
DEBU[0004] +----[SHA256]-----+
DEBU[0004] Planning cluster on aws
DEBU[0004] Initializing modules...
DEBU[0004] - module.cloud
DEBU[0004]   Getting source "terraform/modules/aws_cloud"
DEBU[0004] - module.platform
DEBU[0004]   Getting source "terraform/modules/docker/enterprise"
DEBU[0004] - module.registry
DEBU[0004]   Getting source "terraform/modules/aws_instance"
DEBU[0004] - module.managers
DEBU[0004]   Getting source "terraform/modules/aws_instance"
DEBU[0004] - module.cloud.inventory
DEBU[0004]   Getting source "../docker/kubernetes"
DEBU[0004] - module.cloud.cloudstor
DEBU[0005]   Getting source "../docker/cloudstor"
DEBU[0005] - module.cloud.object_storage
DEBU[0005]   Getting source "../docker/object_storage"
DEBU[0005] - module.registry.inventory
DEBU[0005]   Getting source "../docker/hosts"
DEBU[0005] - module.managers.inventory
DEBU[0005]   Getting source "../docker/hosts"
DEBU[0005]
DEBU[0005] Initializing provider plugins...
DEBU[0005] - Checking for available provider plugins on https://releases.hashicorp.com...
DEBU[0005] - Downloading plugin for provider "acme" (1.2.1)...
DEBU[0005] - Downloading plugin for provider "local" (1.2.2)...
DEBU[0005] - Downloading plugin for provider "template" (2.1.2)...
DEBU[0005] - Downloading plugin for provider "aws" (1.60.0)...
DEBU[0006]
DEBU[0006] The following providers do not have any version constraints in configuration,
DEBU[0006] so the latest version was installed.
DEBU[0006]
DEBU[0006] To prevent automatic upgrades to new major versions that may contain breaking
DEBU[0006] changes, it is recommended to add version = "..." constraints to the
DEBU[0006] corresponding provider blocks in configuration, with the constraint strings
DEBU[0006] suggested below.
DEBU[0006]
DEBU[0006] * provider.local: version = "~> 1.2"
DEBU[0006] * provider.template: version = "~> 2.1"
DEBU[0006]
DEBU[0006] Terraform has been successfully initialized!
DEBU[0006]
DEBU[0006] You may now begin working with Terraform. Try running "terraform plan" to see
DEBU[0006] any changes that are required for your infrastructure. All Terraform commands
DEBU[0006] should now work.
DEBU[0006]
DEBU[0006] If you ever set or change modules or backend configuration for Terraform,
DEBU[0006] rerun this command to reinitialize your working directory. If you forget, other
DEBU[0006] commands will detect it and remind you to do so if necessary.
DEBU[0008] Refreshing Terraform state in-memory prior to plan...
DEBU[0008] The refreshed state will be used to calculate this plan, but will not be
DEBU[0008] persisted to local or remote state storage.
DEBU[0008]
DEBU[0008] data.template_file.ucp: Refreshing state...
DEBU[0008] data.template_file.registry: Refreshing state...
DEBU[0008] data.template_file.dtr: Refreshing state...
DEBU[0008] data.template_file.engine: Refreshing state...
DEBU[0008] data.template_file.subscription: Refreshing state...
DEBU[0009] data.template_file.nopasswords: Refreshing state...
DEBU[0009] data.template_file.groups: Refreshing state...
DEBU[0009] data.template_file.kubernetes: Refreshing state...
DEBU[0009] data.template_file.nopasswords: Refreshing state...
DEBU[0009] data.template_file.names: Refreshing state...
DEBU[0009] data.template_file.names: Refreshing state...
DEBU[0010] data.aws_region.current: Refreshing state...
DEBU[0010] data.aws_availability_zones.available: Refreshing state...
DEBU[0010] data.template_file.cloudstor: Refreshing state...
DEBU[0010] data.aws_region.current: Refreshing state...
DEBU[0010] data.aws_ami.ami: Refreshing state...
DEBU[0010] data.aws_availability_zones.available: Refreshing state...
DEBU[0010] data.aws_ami.ami: Refreshing state...
DEBU[0010] data.aws_availability_zones.available: Refreshing state...
DEBU[0010] data.aws_region.current: Refreshing state...
DEBU[0010]
DEBU[0010] Error: Error refreshing state: 4 error(s) occurred:
DEBU[0010]
DEBU[0010] * module.registry.data.aws_ami.ami: 1 error(s) occurred:
DEBU[0010]
DEBU[0010] * module.registry.data.aws_ami.ami: data.aws_ami.ami: Your query returned no results. Please change your search criteria and try again.
DEBU[0010] * module.managers.data.aws_ami.ami: 1 error(s) occurred:
DEBU[0010]
DEBU[0010] * module.managers.data.aws_ami.ami: data.aws_ami.ami: Your query returned no results. Please change your search criteria and try again.
DEBU[0010] * module.registry.local.azs: local.azs: key "us-gov-west-1" does not exist in map local.regions in:
DEBU[0010]
DEBU[0010] ${local.regions["${data.aws_region.current.name}"]}
DEBU[0010] * module.managers.local.azs: local.azs: key "us-gov-west-1" does not exist in map local.regions in:
DEBU[0010]
DEBU[0010] ${local.regions["${data.aws_region.current.name}"]}
DEBU[0010]
DEBU[0010]

apply exited with 1
$

Note: I have also xxx’d out a few lines above regarding RSA keys that aren’t relevant to the errors shown.

Specifically, the 4 errors of interest are at the bottom of this output:

* module.registry.data.aws_ami.ami: 1 error(s) occurred:
* module.registry.data.aws_ami.ami: data.aws_ami.ami: Your query returned no results. Please change your search criteria and try again.

* module.managers.data.aws_ami.ami: 1 error(s) occurred:
* module.managers.data.aws_ami.ami: data.aws_ami.ami: Your query returned no results. Please change your search criteria and try again.

* module.registry.local.azs: local.azs: key "us-gov-west-1" does not exist in map local.regions in:
${local.regions["${data.aws_region.current.name}"]}

* module.managers.local.azs: local.azs: key "us-gov-west-1" does not exist in map local.regions in:
${local.regions["${data.aws_region.current.name}"]}

I cannot seem to find these registry or managers modules in ~/.docker/cluster/clusters/<cluster id>/.terraform/ to debug them further.

Here’s my cluster version info:

$ docker cluster version
Version:  v0.3.5
Commit:   417cfb1
Build:    Plugin

And my full version info:

$ docker version
Client: Docker Engine - Enterprise
 Version:           19.03.0-rc2
 API version:       1.40
 Go version:        go1.12.5
 Git commit:        674d742
 Built:             Tue Jun  4 23:49:39 2019
 OS/Arch:           darwin/amd64
 Experimental:      false

Server: Docker Engine - Enterprise
 Engine:
  Version:          19.03.0-rc2
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.12.5
  Git commit:       674d742
  Built:            Tue Jun  4 23:56:08 2019
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v1.2.6
  GitCommit:        894b81a4b802e4eb2a91d1ce216b8817763c29fb
 runc:
  Version:          1.0.0-rc8
  GitCommit:        425e105d5a03fabd737a126ad93d62a9eeede87f
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683
 Kubernetes:
  Version:          v1.14.1
  StackAPI:         v1beta2

I’m running Docker Desktop Enterprise 3.0 Beta on macOS 10.14.5.

Hi there,

We are aware that Docker Cluster does not work with AWS GovCloud. Thank you for the feedback. As a workaround please install Docker Enterprise manually via our documentation.

1 Like

@davidyu Thank you for the update! The docker cluster command is definitely one of the features I was looking forward to most in EE 3.0 from DockerCon. Can you confirm whether Docker Cluster support for GovCloud will be coming in the 3.0 GA release? [If not, could we have this added to the Known Issues section for reference?]

Hi @davidyu - can you give an update around when GovCloud support for docker cluster is expected to land?