Jenkins Amazon ECR:没有基本身份验证凭证 [英] Jenkins Amazon ECR: no basic auth credentials
问题描述
我无法使用Jenkins Pipeline将ocker图像推送到Amazon ECR:我总是得到no basic auth credentials
:-(
I'm not able to push ocker images to Amazon ECR with Jenkins Pipeline: I always get no basic auth credentials
:-(
这是我的设置:
- Jenkins 2.46.2
- Amazon ECR插件1.4
- 我已将AWS凭证
aws-jenkins
添加到Jenkins(在本地测试并成功推送到AWS ECR) - 我已经打印了
/root/.dockercfg
以便调试Jenkinsfile
中的身份验证
- Jenkins 2.46.2
- Amazon ECR plugin 1.4
- I've added AWS credentials
aws-jenkins
to Jenkins (tested locally and successfully pushed to AWS ECR) - I've printed
/root/.dockercfg
to debug auth in myJenkinsfile
Jenkinsfile:
Jenkinsfile:
stage("Docker") {
dir(path) {
docker.build("my-image:latest")
}
docker.withRegistry("https://<my-aws-id>.dkr.ecr.eu-central-1.amazonaws.com", "ecr:eu-central-1:aws-jenkins") {
sh "cat /root/.dockercfg" // debug
docker.image("my-image:latest").push()
}
}
日志:
[Pipeline] withDockerRegistry
Wrote authentication to /root/.dockercfg
[Pipeline] {
[Pipeline] sh
[docker-emotion-compilers] Running shell script
+ cat /root/.dockercfg
{"https://<my-aws-id>.dkr.ecr.eu-central-1.amazonaws.com": {
"auth": "[...]",
"email": "nobody@example.com"
}}[Pipeline] sh
[docker-emotion-compilers] Running shell script
+ docker tag --force=true my-image:latest <my-aws-id>.dkr.ecr.eu-central-1.amazonaws.com/my-image:latest
Warning: '--force' is deprecated, it will be removed soon. See usage.
[Pipeline] sh
[docker-emotion-compilers] Running shell script
+ docker push <my-aws-id>.dkr.ecr.eu-central-1.amazonaws.com/my-image:latest
The push refers to a repository [<my-aws-id>.dkr.ecr.eu-central-1.amazonaws.com/my-image]
e30bf54e0f87: Preparing
b9f2c30c0d28: Preparing
5defc95691fd: Preparing
295d6a056bfd: Preparing
no basic auth credentials
[Pipeline] }
[Pipeline] // withDockerRegistry
有什么想法吗?
更新(2017-05-23):
这是吉拉问题:
https://issues.jenkins-ci.org/browse/JENKINS-44143
UPDATE (2017-05-23):
Here is the Jira issue:
https://issues.jenkins-ci.org/browse/JENKINS-44143
推荐答案
即使docker.withRegistry将在启动时执行ECR登录并在完成时注销,这似乎是合乎逻辑的,也不会执行. 因此,在执行推送之前,您必须安装 awscli 并添加ECR登录命令.
Even that it seems logical that docker.withRegistry will perform a login to ECR at start and logout when done, it is not performed. Therefor you must install awscli and add ECR login command before you perform the push.
sh("eval \ $(aws ecr get-login --no-include-email | sed's | https://|| '))
请参见 http://www.tikalk.com/devops/ecr-in -pipeline/以获得详细示例.
See http://www.tikalk.com/devops/ecr-in-pipeline/ for detailed example.
这篇关于Jenkins Amazon ECR:没有基本身份验证凭证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!