terraform-provider-docker
terraform-provider-docker copied to clipboard
kreuzwerker
Unable to remove Docker image: image is referenced in multiple repositories
This issue was originally opened by @stoically as https://github.com/hashicorp/terraform-provider-docker/issues/301. It was migrated here as a result of the community provider takeover from @kreuzwerker. The original body of the issue is below.
Terraform Version
Terraform v0.13.3
Affected Resource(s)
- docker_image
Terraform Configuration Files
data "docker_registry_image" "traefik" {
name = "traefik:latest"
}
resource "docker_image" "traefik" {
name = data.docker_registry_image.traefik.name
pull_triggers = [data.docker_registry_image.traefik.sha256_digest]
}
Expected Behavior
Should always silently upgrade the image / container
Actual Behavior
Error: Unable to remove Docker image: Error response from daemon: conflict: unable to delete 1a3f0281f41e (must be forced) - image is referenced in multiple repositories
Steps to Reproduce
Unfortunately not sure how to reproduce
Notes
Would it be safe to always force-remove images?
I think we should ignore the failure to remove Docker images because images can be referenced out of Terraform.
I think it will partially solve it. Here the case is that the user would like to update the latest tag always
This issue is stale because it has been open 60 days with no activity.
Remove stale label or comment or this will be closed in 7 days.
If you don't want this issue to be closed, please set the label pinned.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue is stale because it has been open 60 days with no activity.
Remove stale label or comment or this will be closed in 7 days.
If you don't want this issue to be closed, please set the label pinned.
This is still a problem with 2.15.0.
If two containers are spun from the same image, a subsequent run where the image should be updated will stop one container, try to update the image and fail because the other container is still running.
This doesn't feel right. If two containers depend on the same image, they should both be destroyed before the image (not familiar with the internals here, but I assume it's a graph of dependencies).
If I may posit a solution:
- Always download the latest image
- Update all the Terraform-referenced Docker containers to the new image
- Attempt to remove the older image.
A failure to remove the older image at this point may be seen as a Warning, not a Failure, as Terraform has technically completed its proper procedure and updated to the latest available image for all the containers in the list.
BTW, this can be easily replicated by doing the following:
#MariaDB Registry Image
data "docker_registry_image" "mariadb" {
name = "mariadb:latest"
}
#Maria DB Docker Image
resource "docker_image" "mariadb" {
name = data.docker_registry_image.mariadb.name
pull_triggers = [data.docker_registry_image.mariadb.sha256_digest]
keep_locally = false
}
#Maria DB Docker Image
resource "docker_image" "mariadb_another" {
name = data.docker_registry_image.mariadb.name
pull_triggers = [data.docker_registry_image.mariadb.sha256_digest]
keep_locally = false
}
If you deploy both those images, when Terraform goes to update mariadb, sometimes it will fail and complain that it can't remove the image. It will also fail to update the image for mariadb_another, leaving your MariaDB instances out of sync. It's never been a big issue for me, because if I get annoyed by it, I just destroy everything and let Terraform rebuild it.
I have the same problem. I have two instances (prelive and prod) with different Terraform deployments running on the same machine.
When both instances are referenced to the same image, the next deployment to one instance fails because the image is still in use by the other instance and this other instance should not be changed either
I think it would be very helpful if this error would only trigger a warning and the process would continue normally.
