Creation of docker container failed (python image)

[ishankapoor21]

code: -
terraform {
required_providers {
docker = {
source = "kreuzwerker/docker"
version = "3.0.2"
}
}
}

provider "docker" {
host = "unix:///var/run/docker.sock"
}
resource "docker_image" "ubuntu" {
name = "python:latest"
}
resource "docker_container" "container" {
image = docker_image.ubuntu.image_id
name = "ubuntu1e"
wait = true
}
resource "docker_network" "private_network" {
name = "inet2"
driver = "bridge"
}

error: -
docker_container.container: Creating...
╷
│ Error: Plugin did not respond
│
│ with docker_container.container,
│ on Docker_Create_Container_Main.tf line 1, in resource "docker_container" "container":
│ 1: resource "docker_container" "container" {
│
│ The plugin encountered an error, and failed to respond to the plugin.(*GRPCProvider).ApplyResourceChange call. The plugin logs may contain more details.
╵

Stack trace from the terraform-provider-docker_v3.0.2 plugin:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xc5b6f7]

goroutine 16 [running]:
github.com/terraform-providers/terraform-provider-docker/internal/provider.resourceDockerContainerCreate.func1(0x7?)
github.com/terraform-providers/terraform-provider-docker/internal/provider/resource_docker_container_funcs.go:508 +0x1b7
created by github.com/terraform-providers/terraform-provider-docker/internal/provider.resourceDockerContainerCreate
github.com/terraform-providers/terraform-provider-docker/internal/provider/resource_docker_container_funcs.go:521 +0x2b6e

Error: The terraform-provider-docker_v3.0.2 plugin crashed!

This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.

[lkwg82]

For next time, please add version of terraform, use syntax highlighting it really helps to read code an minify the potential bug example.

TLDR
usage bug and maybe non defensive implementation of missing health check in provider

Longer

I could reproduce the behaviour, but it starts with the config of your example.

The example tries to start a container python:latest and should wait for a healthy state.

See

If true, then the Docker container is waited for being healthy state after creation. If false, then the container health state is not checked. Defaults to false.
https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs/resources/container#wait

Lets have a look at the healthcheck in the image (executed by the container):

$ docker history python:latest
IMAGE          CREATED       CREATED BY                                      SIZE      COMMENT
fc7a60e86bae   4 weeks ago   CMD ["python3"]                                 0B        buildkit.dockerfile.v0
<missing>      4 weeks ago   RUN /bin/sh -c set -eux;   wget -O get-pip.p…   10.1MB    buildkit.dockerfile.v0
<missing>      4 weeks ago   ENV PYTHON_GET_PIP_SHA256=9cc01665956d22b3bf…   0B        buildkit.dockerfile.v0
<missing>      4 weeks ago   ENV PYTHON_GET_PIP_URL=https://github.com/py…   0B        buildkit.dockerfile.v0
<missing>      4 weeks ago   ENV PYTHON_PIP_VERSION=23.2.1                   0B        buildkit.dockerfile.v0
<missing>      4 weeks ago   RUN /bin/sh -c set -eux;  for src in idle3 p…   0B        buildkit.dockerfile.v0
<missing>      4 weeks ago   RUN /bin/sh -c set -eux;   wget -O python.ta…   60.7MB    buildkit.dockerfile.v0
<missing>      4 weeks ago   ENV PYTHON_VERSION=3.12.1                       0B        buildkit.dockerfile.v0
<missing>      4 weeks ago   ENV GPG_KEY=7169605F62C751356D054A26A821E680…   0B        buildkit.dockerfile.v0
<missing>      4 weeks ago   RUN /bin/sh -c set -eux;  apt-get update;  a…   18.6MB    buildkit.dockerfile.v0
<missing>      4 weeks ago   ENV LANG=C.UTF-8                                0B        buildkit.dockerfile.v0
<missing>      4 weeks ago   ENV PATH=/usr/local/bin:/usr/local/sbin:/usr…   0B        buildkit.dockerfile.v0
<missing>      2 weeks ago   /bin/sh -c set -ex;  apt-get update;  apt-ge…   587MB     
<missing>      2 weeks ago   /bin/sh -c apt-get update && apt-get install…   177MB     
<missing>      2 weeks ago   /bin/sh -c set -eux;  apt-get update;  apt-g…   48.4MB    
<missing>      2 weeks ago   /bin/sh -c #(nop)  CMD ["bash"]                 0B        
<missing>      2 weeks ago   /bin/sh -c #(nop) ADD file:7d8adf68670e8dc2a…   116MB

No healthcheck as it would be implemented it according to https://docs.docker.com/engine/reference/builder/#healthcheck

So lets recheck it with a proper healthcheck:

main.tf

resource "docker_image" "ubuntu" {
  name = "python:latest"
  keep_locally = true # convinience for iterations
}

resource "docker_container" "container" {
  image = docker_image.ubuntu.image_id
  name  = "ubuntu1e-${replace(timestamp(),":","")}" # unique name for iterations
  wait  = true
 
  tty = true # need to use interactive container, very unusual
  healthcheck {
    interval = "1s"
    start_period = "1s"
    retries = 1
    test = [ "CMD", "/bin/true"]
  }
}

this results in no crash with this output:

Terraform will perform the following actions:

  # docker_container.container will be created
  + resource "docker_container" "container" {
      + attach                                      = false
      + bridge                                      = (known after apply)
      + command                                     = (known after apply)
      + container_logs                              = (known after apply)
      + container_read_refresh_timeout_milliseconds = 15000
      + entrypoint                                  = (known after apply)
      + env                                         = (known after apply)
      + exit_code                                   = (known after apply)
      + hostname                                    = (known after apply)
      + id                                          = (known after apply)
      + image                                       = "sha256:fc7a60e86baeb42215d3f91f262880a3a9b4efd00c91f6597e65d9e1c7745ec9"
      + init                                        = (known after apply)
      + ipc_mode                                    = (known after apply)
      + log_driver                                  = (known after apply)
      + logs                                        = false
      + must_run                                    = true
      + name                                        = (known after apply)
      + network_data                                = (known after apply)
      + read_only                                   = false
      + remove_volumes                              = true
      + restart                                     = "no"
      + rm                                          = false
      + runtime                                     = (known after apply)
      + security_opts                               = (known after apply)
      + shm_size                                    = (known after apply)
      + start                                       = true
      + stdin_open                                  = false
      + stop_signal                                 = (known after apply)
      + stop_timeout                                = (known after apply)
      + tty                                         = true
      + wait                                        = true
      + wait_timeout                                = 60

      + healthcheck {
          + interval     = "1s"
          + retries      = 1
          + start_period = "1s"
          + test         = [
              + "CMD",
              + "/bin/true",
            ]
          + timeout      = "0s"
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.
docker_container.container: Creating...
docker_container.container: Creation complete after 2s [id=77a986cccd6e1b9ee952f411f7ae901510f3869cb5bd2c9224fea3e53f1caab2]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

IMHO: no one would use an interactive container u did, this is bleeding edge or hacking around ;).