How to automate a docker run from a private Dockerhub repo?

半世苍凉 提交于 2019-12-12 08:47:38

问题


I have a EC2 server running Docker and I'd like to add the following to the User Data so my private Dockerhub images will be pulled/run when the server starts up, like so:

#!/bin/bash
sudo docker run -p 3333:3333 -d --name Hello myusername/hello

But I'm unsure as to how to go about authenticating in order to gain access to the private repo myusername/hello.

With Github you create and upload a deploy key, does Dockerhub offer a similar deploy key option?


回答1:


UPDATE: Figured out an even better way that doesn't involve baking your creds into an image at all. See the following question for information that would be applicable to solving this problem as well: Is it secure to store EC2 User-Data shell scripts in a private S3 bucket?

This helps keep your secrets in the least number of places necessary at any given time.


Figured out a better way:

  1. Launch a machine using your desired OS
  2. Install Docker
  3. run sudo docker login on that machine
  4. Upon successful authentication Docker will place a .dockercfg file in your home directory (e.g. /home/yourusername/.dockercfg). Docker will use this file for all authentication from now on.
  5. Create an image of your machine to be used when launching all new instances. This image will now have the .dockercfg file baked-in.
  6. Add the following to the User Data of your machine image:
#!/bin/bash
sudo docker run -p 3333:3333 -d --name Hello yourusername/hello

Now when you launch an instance based on your machine image your sudo docker run commands will succeed in pulling private repos provided the user you run the docker command under has a .dockercfg file in their home directory.

Hope that helps anyone looking to figure this out.




回答2:


Update: See my other answer for a better method that doesn't require hard-coding your creds into your User Data script


To get an instance to pull a private Dockerhub repo upon launching you can authenticate simply by running sudo docker login in the User Data start-up script before your sudo docker run command, altogether like so:

#!/bin/bash
sudo docker login -u <username> -p <password> -e <email>
sudo docker run -p 3333:3333 -d --name Hello myusername/hello

This requires hard-coding your Dockerhub creds into your User Data script, which is less than ideal, but it does work.




回答3:


I figured out a better way if you care to use ECS (which creates the EC2 instance/s for you) and don't want to utilize file storage in your solution. I mixed the solutions suggested by @AJB ('User Data' property and 'docker login' output), I'll describe the process:

  1. use docker login on your machine (no sudo needed as far as I can tell), upon successful login run cat .docker/config.json and you'll get something like:

{"auths":{"https://index.docker.io/v1/":{"auth":"KEY","email":"EMAIL"}}}

  1. copy the KEY and EMAIL aside
  2. on ECS - create a cluster, service and a task definition (with the image property set to yourusername/hello), this will automatically generate the configuration for the EC2
  3. on EC2 menu - go to Launch Configuration menu and choose the launch configuration generated by ECS
  4. click on copy launch configuration button and edit to taste (you can change the AMI although I'd recommend stay with Amazon Linux AMI unless you have to, set a new descriptive name)
  5. inside Edit Details -> Advanced Details edit the User Data property and add the following (replace KEY and EMAIL):
mkdir /home/ec2-user/.docker/
echo '{"auths":{"https://index.docker.io/v1/":{"auth":"KEY","email":"EMAIL"}}}' >> /home/ec2-user/.docker/config.json
sudo stop ecs
sudo start ecs
  1. switch to Auto Scaling Groups menu and choose the one generated by ECS
  2. click Edit and choose the Launch Configuration you just created, save
  3. switch to Instances menu and terminate the running instance
  4. you're done!

A new Instance will shortly be launched by the Auto Scaling Group which now uses the new configuration which allows access to the private repository on your DockerHub account.



来源:https://stackoverflow.com/questions/27869415/how-to-automate-a-docker-run-from-a-private-dockerhub-repo

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!