[英]Pulling image from Amazon ECR using docker-java
我在使用 docker-java 客户端从 Amazon ECR 中提取图像时遇到问题。 ECR 注册中心登录认证成功,但无法从存储库中拉取特定镜像。 奇怪的是,使用 bash 登录 ECR 并使用 docker 拉取图像是可行的。
我正在使用 3.0 版本的 java-docker 库( https://github.com/docker-java/docker-java/ )。 有关如何调试或解决此问题的任何帮助都会很有用。
// ECR client
AmazonECRClient ecrClient = new AmazonECRClient(awsCredentialsProvider);
GetAuthorizationTokenRequest getAuthTokenRequest = new GetAuthorizationTokenRequest();
List<String> registryIds = new ArrayList<String>();
registryIds.add("accountid");
getAuthTokenRequest.setRegistryIds(registryIds);
// Get Authorization Token
GetAuthorizationTokenResult getAuthTokenResult = ecrClient.getAuthorizationToken(getAuthTokenRequest);
AuthorizationData authData = getAuthTokenResult.getAuthorizationData().get(0);
String userPassword = StringUtils.newStringUtf8(Base64.decodeBase64(authData.getAuthorizationToken()));
String user = userPassword.substring(0, userPassword.indexOf(":"));
String password = userPassword.substring(userPassword.indexOf(":")+1);
DockerClientConfigBuilder config = new DockerClientConfigBuilder();
config.withDockerHost("unix:///var/run/docker.sock");
config.withDockerTlsVerify(false);
config.withRegistryUsername(user);
config.withRegistryPassword(password);
config.withRegistryUrl(authData.getProxyEndpoint());
config.build();
DockerCmdExecFactory dockerCmdExecFactory = new DockerCmdExecFactoryImpl();
//Docker client
DockerClient dockerClient = DockerClientBuilder.getInstance(config)
.withDockerCmdExecFactory(dockerCmdExecFactory)
.build();
// Response
AuthResponse response = dockerClient.authCmd().exec();
System.out.println(response.getStatus());
// Pull image
PullImageCmd pullImageCmd = dockerClient.pullImageCmd(respositoryname);
pullImageCmd
.exec(new PullImageResultCallback())
.awaitSuccess();
标准输出是:
Login Succeeded
Exception in thread "main" com.github.dockerjava.api.exception.DockerClientException: Could not pull image: unauthorized: authentication required
您需要将客户端的AuthConfig
传递给 pull 命令。
PullImageCmd pullImageCmd = dockerClient
.pullImageCmd(respositoryname)
.withAuthConfig(dockerClient.authConfig());
对我来说,问题是 authData.getEndpointProxy() 返回了一个带有“https://”的 URL,但 pull image cmd 只能在没有该前缀的情况下工作,所以我不得不删除它。
我有同样的问题,我添加了“withAuthConfig”和“withRepository”,但我仍然有“未经授权:用户名或密码不正确”。 知道为什么吗?
我的代码:
public void pullImage() {
GetAuthorizationTokenRequest request = new GetAuthorizationTokenRequest();
// Get Authorization Token
GetAuthorizationTokenResult response = client.getAuthorizationToken(request);
AuthorizationData authData = response.getAuthorizationData().get(0);
String userPassword = StringUtils.newStringUtf8(Base64.decodeBase64(authData.getAuthorizationToken()));
String user = userPassword.substring(0, userPassword.indexOf(":"));
String password = userPassword.substring(userPassword.indexOf(":") + 1);
DockerClientConfig config = DefaultDockerClientConfig.createDefaultConfigBuilder()
.withDockerTlsVerify(false)
.withRegistryUsername(user)
.withRegistryPassword(password)
.withRegistryUrl(authData.getProxyEndpoint().replace("https://", ""))
.build();
DockerHttpClient httpClient = new ApacheDockerHttpClient.Builder()
.dockerHost(config.getDockerHost())
.sslConfig(config.getSSLConfig())
.maxConnections(100)
.connectionTimeout(Duration.ofSeconds(30))
.responseTimeout(Duration.ofSeconds(45))
.build();
//Docker client
DockerClient dockerClient = DockerClientImpl.getInstance(config, httpClient);
// Response
AuthResponse authResponse = dockerClient.authCmd().exec();
System.out.println(authResponse.getStatus());
// Pull image
PullImageCmd pullImageCmd = dockerClient
.pullImageCmd(respositoryname)
.withAuthConfig(dockerClient.authConfig())
.withRepository(respositoryname);
pullImageCmd.exec(new ResultCallback<PullResponseItem>() {
@Override
public void onStart(Closeable closeable) {
System.out.println("Pull started : " + closeable);
}
@Override
public void onNext(PullResponseItem object) {
System.out.println("Pull on next : " + object);
}
@Override
public void onError(Throwable throwable) {
System.out.println("Pull error : " + throwable);
}
@Override
public void onComplete() {
System.out.println("Pull finished");
}
@Override
public void close() throws IOException {
System.out.println("Pull closed");
}
});
}
结果 :
Login Succeeded
Pull error : com.github.dockerjava.api.exception.InternalServerErrorException: Status 500: {"message":"Get \"https://registry-1.docker.io/v2/library/pleiade3tierserver/tags/list\": unauthorized: incorrect username or password"}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.