Users added to docker group arent retained after reboot

Question

I am using packer to create an image for shipping, and I'm having a strange issue. I add the users to the docker group with the following lines

"sudo groupadd docker",
"sudo usermod -aG docker {{user `service_user`}}",
"sudo usermod -aG docker {{user `config_user`}}",
"newgrp docker",

During the execution of the packer template, everything seems to work fine; the command echos with the expected values, and the image is created. Packer leaves the powered off vm on the esx (I'm using vsphere). I start it up, and if I log in as the service user, I get the following results:

seven10@seven10-sfm:~$ groups
seven10 adm cdrom sudo dip plugdev lxd lpadmin sambashare
seven10@seven10-sfm:~$

but the docker group is nowhere to be found! But the group DOES exist:

seven10@seven10-sfm:~$ cat /etc/group|grep docker
docker:x:999:

If I reissue the usermod commands I am properly added to the groups, and the proper membership will then persist through reboots. The whole point of automating this however, is to avoid having to log in and issue the usermod commands. Does anyone have any idea what is happening with this and how I can fix it?

EDIT: Added a version of the template that produces the same results

{
  "variables": {
    "has_automator": "",
    "has_hydrator": "",
    "has_mongo": "",
    "has_rabbit": "",
    "service_user": "seven10",
    "service_user_pass": "****",
    "config_user": "config",
    "config_user_pass": "****",

    "rabbit_version": "3.6.0-management",
    "mongo_version" : "3.4.4",

    "docker_user": "****",
    "docker_pass": "",
    "docker_network_name": "****",

    "esx_host": "****",
    "vcenter_server": "****",
    "vcenter_datacenter": "*****",
    "vcenter_datastore": "*****",
    "vcenter_username": "*****",
    "vcenter_password": "",

    "hydra_version": "",
    "hydra_name": "",
    "vm_disk_size": "100",
    "vm_cpu": "4",
    "vm_ram": "8000",
    "vm_template": "Ubuntu-16.04"
  },
  "builders": [
    {
      "type": "vsphere",
      "vcenter_server": "{{user `vcenter_server`}}",
      "host":           "{{user `esx_host`}}",
      "datacenter": "{{user `vcenter_datacenter`}}",
      "datastore":  "{{user `vcenter_datastore`}}",
      "username":   "{{user `vcenter_username`}}",
      "password":   "{{user `vcenter_password`}}",
      "template":   "{{user `vm_template`}}",
      "vm_name":    "{{user `hydra_name`}}-{{user `hydra_version`}}",
      "disk_size":  "{{user `vm_disk_size`}}",
      "CPUs":       "{{user `vm_cpu`}}",
      "RAM":        "{{user `vm_ram`}}",
      "insecure_connection": true,
      "ssh_username": "{{user `service_user`}}",
      "ssh_password": "{{user `service_user_pass`}}"
    }
  ],
  "provisioners": [
    {
      "type": "shell",
      "inline": [
        "sleep 10"
      ]
    },
    {
      "type": "shell",
      "execute_command": "echo '{{user `service_user_pass`}}' | sudo -S sh -c '{{ .Vars }} {{ .Path }}'",
      "inline": [
        "echo 'creating config user account'",
            "useradd {{user `config_user`}} -s /bin/bash -m", 
            "echo {{user `config_user`}}:{{user `config_user_pass`}} | chpasswd"
      ]
    },

     {
        "type": "shell",
        "execute_command": "echo '{{user `service_user_pass`}}' | sudo -S sh -c '{{ .Vars }} {{ .Path }}'",
        "inline": [
            "echo 'Adding Docker repo to Apt'",
            "curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -",
            "sudo apt-key fingerprint 0EBFCD88 | grep docker@docker.com || exit 1",
            "sudo add-apt-repository \"deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable\"",

        "echo Updating apt index",
        "sudo apt-get update",
            "echo 'remove any old vmware tools'",
            "sudo apt-get remove -y --purge open-vm-tools",

            "echo 'installing required packages'",
            "sudo apt-get install -y openssh-server vim curl ufw nfs-common unzip linux-image-extra-$(uname -r) apt-transport-https ca-certificates software-properties-common open-vm-tools-desktop docker-ce openjdk-8-jre-headless",

            "echo 'Installing docker",
            "sudo groupadd docker",


            "sudo usermod -aG docker {{user `service_user`}}",
            "sudo usermod -aG docker {{user `config_user`}}",
            "newgrp docker",

            "echo 'Install docker-compose",
            "sudo curl -L https://github.com/docker/compose/releases/download/1.18.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose",
            "sudo curl -L https://raw.githubusercontent.com/docker/compose/1.18.0/contrib/completion/bash/docker-compose -o /etc/bash_completion.d/docker-compose",
            "sudo chmod +x /usr/local/bin/docker-compose",
            "docker-compose --version",

            "echo 'Log in to dockerhub'",
            "echo {{user `docker_pass`}} | docker login -u {{user `docker_user`}} --password-stdin",

        "echo 'creating docker network'",
        "docker network create -d bridge {{user `docker_network_name`}}",
        "chown -R {{user `service_user`}}:{{user `service_user`}} /home/{{user `service_user`}}/.docker"

      ]
    }
  ]
}

The vm template is just a machine I spun up with the 16.04 ISO, installed base with the user name the same as service_user and then exported as a template to vsphere. Eventually I am going to move an ISO instead of from a template, but that is beyond the scope of this question.

EDIT 2: I tried to add an output of the groups command after the newgrp docker command via any of the following

 "groups"
 "echo $(groups)"
 "echo \"$(groups)\"

and all I get out of it is the actual command (ie: vsphere: echo "$(groups)"). So it appears that the reason the user isn't added to the group might be because it is just echoing the commands. This is what the relevant section of the template outputs when it runs:

==> vsphere: Provisioning with shell script: /tmp/packer-shell518775104
  vsphere: Installing docker
  vsphere: sudo groupadd docker
  vsphere: sudo usermod -aG docker seven10
  vsphere: sudo usermod -aG docker config
  vsphere: newgrp docker
  vsphere: echo displaying groups
vsphere: echo "$(groups)"

Please provide your full packer template and scripts to make it possible to point out what you are doing wrong. — Rickard von Essen, May 02 '18 at 09:52
a downvote huh? I'm not posting the whole, big project filled with proprietary information. — Kevin Milner, May 02 '18 at 13:11
I didn't downwote, someone else did. Your question isn't precis enough to have any answer. If your temple is to big create a minimal example that reproduce the problem (that might help you resolve the problem your self). Standard engineering workflow. — Rickard von Essen, May 02 '18 at 13:17
ok fair enough. I've updated the question. I will say that the people who drive-by downvote without an explanation suck. — Kevin Milner, May 02 '18 at 14:00
*sigh* it was a missing single quote in an output line. In fact it was two missing ones that essentially "commented out" the usermod commands. — Kevin Milner, May 02 '18 at 15:54

score 0 · Answer 1 · answered May 02 '18 at 18:55

The problem was located in this section:

 "echo 'Installing docker",
 "sudo groupadd docker",

 "sudo usermod -aG docker {{user `service_user`}}",
 "sudo usermod -aG docker {{user `config_user`}}",
 "newgrp docker",

 "echo 'Install docker-compose",

note the top and bottom echo statements both are missing their terminating '. So everything between the two was treated as part of the initial echo.

Check your string terminators, kids.

Users added to docker group arent retained after reboot

1 Answers1