Error pinging docker server on "terraform apply"

Question

I am doing the terraform tutorial and reach the step to execute terraform apply.

After executing that command I get this error:

WARNING: cgroup v2 is not fully supported yet, proceeding with partial confinement

Error: Error pinging Docker server: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/_ping": dial unix /var/run/docker.sock: connect: permission denied

  on main.tf line 9, in provider "docker":
   9: provider "docker" {

This is what I have in my configuration main.tffile:

terraform {
  required_providers {
    docker = {
      source = "kreuzwerker/docker"
    }
  }
}

provider "docker" {
  
}

resource "docker_image" "nginx" {
  name         = "nginx:latest"
  keep_locally = false
}

resource "docker_container" "nginx" {
  image = docker_image.nginx.latest
  name  = "tutorial"
  ports {
    internal = 80
    external = 8000
  }
}

I have tried adding host = "unix:///var/run/docker.sock" in the provider function but still get that error. I have docker and NGINX configured in my pc too.

Does anyone know what is causing it?

Answer 1

You can verify the docker current endpoint with

docker context ls

and this is the result

later paste unix:///var/run/docker.sock to

provider "docker" {
    host = "unix:///var/run/docker.sock"
}

Answer 2

I had a similar problem on a machine in a corporate environment. If you can run docker run hello-world successfully, then your Docker installation is fine. Run docker context ls to print all contexts. The currently active context is indicated with an asterisk (*).

You can switch your context to back to default with docker context use for your tutorial:

docker context use default

Alternatively, you can change the provider block in your terraform main.tf file to another contact by specifying it:

provider "docker" {
  host = "your currently active context"
}

In my case, I suspect someone in IT added a corporately approved context without me knowing.

Some background on contexts

A context is a combination of several properties. These include:

• Name
• Endpoint configuration
• TLS info
• Orchestrator

The easiest way to see what contexts looks like is to view them:

docker context ls

When "default" is the active context, the asterisk in the NAME column indicates that this is the active context. This means all docker commands will be executed against the “default” context unless overridden with environment variables such as DOCKER_HOST and DOCKER_CONTEXT, or on the command-line with the --context and --host flags.

Answer 3

Ensure Docker CLI tools are installed under /usr/local/bin and Set /var/run/docker.sock which some third-party clients such as terrafor may use to communicate with Docker

Reference: https://docs.docker.com/desktop/mac/permission-requirements/

Answer 4

You can find your Docker Socket using the following command:

docker context ls

And then update your provider block accordingly with the socket address

provider "docker" {
  host = "unix:///home/rehman/.docker/desktop/docker.sock"
}

Answer 5

I had to reboot. In Linux. systemctl restart docker wasn't enough. Logging out and in again to Gnome wasn't enough. Just reboot.

Answer 6

If docker ps command is successful then it means that the default host that provider of terraform uses is not correct.

Turning off Docker Desktop and writing docker ps shown me the path that it is looking for.

Answer 7

When you run docker run hello-world with your user id you will see the same error that you are getting. This is happening because your user doesn't have access to execute the commands of docker. Please do the following steps.

1. cat /etc/group --> There should be a docker group available if you installed docker correctly.
2. Add your userid to docker group sudo usermod -aG docker $User_Name
3. Logout from the session and login again
4. docker run hello-world --> This should run error free now.

Now try to apply Terraform again and everything will work.