aws ecs优化AMI中的私有docker注册表身份验证不成功
[英]Private docker registry authentication in aws ecs optimized AMI is not successful
问题描述
I am writing a terraform script for creating a ECS auto scaling cluster. 
我正在编写一个用于创建ECS自动缩放集群的terraform脚本。 I have created a cluster and added ec2 container instances in to it.My task definition file contains a image that is from a Private docker repository.I go through the aws official documentation and find a page for Private Registry Authentication and tried both of the ways as described there. 我创建了一个集群并在其中添加了ec2容器实例。我的任务定义文件包含来自私有docker存储库的图像。我查看了aws官方文档,找到了私有注册表身份验证的页面,并尝试了这两种方式如那里所述。
- using dockercfg 使用dockercfg
- the docker way 码头工人的方式
I put my ecs.config file in the S3 bucket and during the instance boot time I passed the user data as 我把我的ecs.config文件放在S3存储桶中,在实例启动时我将用户数据传递给了
#!/bin/bash
yum install -y aws-cli
aws s3 cp s3://<my_bucket_name>/ecs.config /etc/ecs/ecs.config
In my second approach I passed the used data as 在我的第二种方法中,我将使用过的数据作为
echo "ECS_ENGINE_AUTH_TYPE=docker" >>/etc/ecs/ecs.config
echo "ECS_ENGINE_AUTH_DATA={"https://index.docker.io/v1/":{"username":"my_name","password":"my_password","email":"email@example.com"}}" >>/etc/ecs/ecs.config
I find the data in my /etc/ecs/ecs.config when login onto my container instance but when I try to pull the image manually I shows me an error that no image found. 登录到我的容器实例时,我在/etc/ecs/ecs.config中找到了数据但是当我尝试手动拉动图像时,我向我显示一个错误,没有找到图像。
Then I try docker login command there and enter my credentials manually and try to pull that image again and eventually it was successful. 然后我在那里尝试docker login命令并手动输入我的凭据并尝试再次拉出该图像并最终成功。
I am not sure not whether is there a way to achieve private docker registry authentication in ecs optimized image automatically by user data or not or If am doing something wrong. 我不确定是否有办法通过用户数据自动实现ecs优化图像中的私有docker注册表身份验证或者是否做错了。
Please help me out in this. 请帮我解决这个问题。
1 个解决方案
解决方案1
4 已采纳 2016-03-17 05:41:06
when I try to pull the image manually I shows me an error that no image found
The method you're following provides private registry credentials to the ECS Agent, but not the Docker CLI (the Docker CLI stores its credential data in a different place). 您所遵循的方法为ECS代理提供私有注册表凭据,但不提供Docker CLI(Docker CLI将其凭据数据存储在其他位置)。 Since you've configured credentials for the Agent, you should be able to run a task definition referencing an image in your private registry without manually pulling the image from the Docker CLI. 由于您已为代理配置了凭据,因此您应该能够在私有注册表中运行引用映像的任务定义,而无需手动从Docker CLI中提取映像。
Edit: It looks like you probably have an error in your /etc/ecs/ecs.config file on the instance due to how you're quoting the echo command. 编辑:由于您引用echo命令的方式,您的/etc/ecs/ecs.config文件中可能出现错误。 You'll want to change this line: 你想要改变这一行:
echo "ECS_ENGINE_AUTH_DATA={"https://index.docker.io/v1/":{"username":"my_name","password":"my_password","email":"email@example.com"}}" >>/etc/ecs/ecs.config
to 至
echo 'ECS_ENGINE_AUTH_DATA={"https://index.docker.io/v1/":{"username":"my_name","password":"my_password","email":"email@example.com"}}' >>/etc/ecs/ecs.config
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.