Private docker registry authentication in aws ecs optimized AMI is not successful

问题

I am writing a terraform script for creating a ECS auto scaling cluster. I have created a cluster and added ec2 container instances in to it.My task definition file contains a image that is from a Private docker repository.I go through the aws official documentation and find a page for Private Registry Authentication and tried both of the ways as described there.

using dockercfg
the docker way

I put my ecs.config file in the S3 bucket and during the instance boot time I passed the user data as

#!/bin/bash
yum install -y aws-cli
aws s3 cp s3://<my_bucket_name>/ecs.config /etc/ecs/ecs.config

In my second approach I passed the used data as

echo "ECS_ENGINE_AUTH_TYPE=docker" >>/etc/ecs/ecs.config
echo "ECS_ENGINE_AUTH_DATA={"https://index.docker.io/v1/":{"username":"my_name","password":"my_password","email":"email@example.com"}}"  >>/etc/ecs/ecs.config

I find the data in my /etc/ecs/ecs.config when login onto my container instance but when I try to pull the image manually I shows me an error that no image found.

Then I try docker login command there and enter my credentials manually and try to pull that image again and eventually it was successful.

I am not sure not whether is there a way to achieve private docker registry authentication in ecs optimized image automatically by user data or not or If am doing something wrong.

Please help me out in this.

回答1:

when I try to pull the image manually I shows me an error that no image found

The method you're following provides private registry credentials to the ECS Agent, but not the Docker CLI (the Docker CLI stores its credential data in a different place). Since you've configured credentials for the Agent, you should be able to run a task definition referencing an image in your private registry without manually pulling the image from the Docker CLI.

Edit: It looks like you probably have an error in your /etc/ecs/ecs.config file on the instance due to how you're quoting the echo command. You'll want to change this line:

echo "ECS_ENGINE_AUTH_DATA={"https://index.docker.io/v1/":{"username":"my_name","password":"my_password","email":"email@example.com"}}"  >>/etc/ecs/ecs.config

echo 'ECS_ENGINE_AUTH_DATA={"https://index.docker.io/v1/":{"username":"my_name","password":"my_password","email":"email@example.com"}}'  >>/etc/ecs/ecs.config

来源：https://stackoverflow.com/questions/36052334/private-docker-registry-authentication-in-aws-ecs-optimized-ami-is-not-successfu

标签

amazon-web-services

amazon-ec2

Docker

aws-ec2

amazon-ecs