aws ecs中的私有Docker注册认证优化AMI不成功 [英] Private docker registry authentication in aws ecs optimized AMI is not successful
问题描述
我正在编写一个用于创建ECS自动缩放集群的地形脚本。
我已经创建了一个集群,并在其中添加了ec2容器实例。我的任务定义文件包含一个来自私人Docker存储库的映像。我通过aws官方文档找到
当我尝试手动拉动图像ws我有一个错误,没有找到图像
您正在关注的方法提供ECS代理的私有注册表凭据,但不是Docker CLI(Docker CLI将其凭据数据存储在不同的位置)。由于您已为代理配置了凭据,所以您应该可以在私有注册表中运行引用映像的任务定义,而无需手动从Docker CLI中拉取映像。
编辑:
由于你如何引用这个例子,看起来你实际上你的 /etc/ecs/ecs.config
文件中可能有错误 echo
命令。您将要更改此行:
echoECS_ENGINE_AUTH_DATA = {https://index.docker.io/v1 /\":{\"username\":\"my_name\",\"password\":\"my_password\",\"email\":\"email@example.com}}>> /etc/ecs/ecs.config
至
echo'ECS_ENGINE_AUTH_DATA = {https://index.docker.io/v1/:{username:my_name,password:my_password,email:email@example.com}} '>> /etc/ecs/ecs.config
I am writing a terraform script for creating a ECS auto scaling cluster. I have created a cluster and added ec2 container instances in to it.My task definition file contains a image that is from a Private docker repository.I go through the aws official documentation and find a page for Private Registry Authentication and tried both of the ways as described there.
- using dockercfg
- the docker way
I put my ecs.config file in the S3 bucket and during the instance boot time I passed the user data as
#!/bin/bash
yum install -y aws-cli
aws s3 cp s3://<my_bucket_name>/ecs.config /etc/ecs/ecs.config
In my second approach I passed the used data as
echo "ECS_ENGINE_AUTH_TYPE=docker" >>/etc/ecs/ecs.config
echo "ECS_ENGINE_AUTH_DATA={"https://index.docker.io/v1/":{"username":"my_name","password":"my_password","email":"email@example.com"}}" >>/etc/ecs/ecs.config
I find the data in my /etc/ecs/ecs.config when login onto my container instance but when I try to pull the image manually I shows me an error that no image found.
Then I try docker login command there and enter my credentials manually and try to pull that image again and eventually it was successful.
I am not sure not whether is there a way to achieve private docker registry authentication in ecs optimized image automatically by user data or not or If am doing something wrong.
Please help me out in this.
when I try to pull the image manually I shows me an error that no image found
The method you're following provides private registry credentials to the ECS Agent, but not the Docker CLI (the Docker CLI stores its credential data in a different place). Since you've configured credentials for the Agent, you should be able to run a task definition referencing an image in your private registry without manually pulling the image from the Docker CLI.
Edit:
It looks like you probably have an error in your /etc/ecs/ecs.config
file on the instance due to how you're quoting the echo
command. You'll want to change this line:
echo "ECS_ENGINE_AUTH_DATA={"https://index.docker.io/v1/":{"username":"my_name","password":"my_password","email":"email@example.com"}}" >>/etc/ecs/ecs.config
to
echo 'ECS_ENGINE_AUTH_DATA={"https://index.docker.io/v1/":{"username":"my_name","password":"my_password","email":"email@example.com"}}' >>/etc/ecs/ecs.config
这篇关于aws ecs中的私有Docker注册认证优化AMI不成功的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!