无法通过S3对Elastic Beanstalk中的Docker进行身份验证

Question

http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_docker_image.html#docker-singlecontainer-dockerrun-privaterepo

按照此处的说明连接到Elastic Beanstalk的私有docker hub容器,但它固执地拒绝工作.看起来在调用docker loginDocker 1.12时,生成的文件没有电子邮件属性,但听起来像aws期待它所以我创建了一个名为dockercfg.json的文件,如下所示:

{
    "https://index.docker.io/v1/": {
        "auth": "Y2...Fz",
        "email": "c...n@gmail.com"
    }
}

我的Dockerrun.aws.json文件的相关部分如下所示:

  "Authentication": {
    "Bucket": "elasticbeanstalk-us-west-2-9...4",
    "Key": "dockercfg.json"
  },

我将文件上传到S3存储桶的根目录.为什么我仍然会收到错误,说Error: image c...6/w...t:23 not found. Check snapshot logs for details.我确信这些名称是正确的,如果它是公共存储库,这将会有效.完整错误如下.我正在使用Circle CI从GitHub部署,如果它有所作为,我很乐意提供所需的任何其他信息.

INFO: Deploying new version to instance(s).                         
WARN: Failed to pull Docker image c...6/w...t:23, retrying...
ERROR: Failed to pull Docker image c...6/w...t:23: Pulling repository docker.io/c...6/w...t
Error: image c...6/w...t:23 not found. Check snapshot logs for details.
ERROR: [Instance: i-06b66f5121d8d23c3] Command failed on instance. Return code: 1 Output: (TRUNCATED)...b-project
Error: image c...6/w...t:23 not found
Failed to pull Docker image c...6/w...t:23: Pulling repository docker.io/c...6/w...t
Error: image c...6/w...t:23 not found. Check snapshot logs for details. 
Hook /opt/elasticbeanstalk/hooks/appdeploy/pre/03build.sh failed. For more detail, check /var/log/eb-activity.log using console or EB CLI.
INFO: Command execution completed on all instances. Summary: [Successful: 0, Failed: 1].
ERROR: Unsuccessful command execution on instance id(s) 'i-06b66f5121d8d23c3'. Aborting the operation.
ERROR: Failed to deploy application.                                

ERROR: Failed to deploy application.

编辑:这是完整的Dockerrun文件.请注意,%BUILD_NUM%只是一个int,我可以验证它是否有效.

{
  "AWSEBDockerrunVersion": "1",
  "Authentication": {
    "Bucket": "elasticbeanstalk-us-west-2-9...4",
    "Key": "dockercfg.json"
  },
  "Image": {
    "Name": "c...6/w...t:%BUILD_NUM%",
    "Update": "true"
  },
  "Ports": [
    {
      "ContainerPort": "8080"
    }
  ]
}

编辑:此外,我已经验证,如果我公开这个Docker Hub容器,这是有效的.

Answer 1

好的,我们这样做;

看同一个doc页面,

使用Docker 1.6.2及更早版本,docker login命令以以下格式在〜/ .dockercfg中创建身份验证文件:

{
  "server" :
  {
    "auth" : "auth_token",
    "email" : "email"
  }
}

你看,你已经把这部分说得正确了.请逐一仔细检查以下案例;

1)您是否在同一地区托管S3存储桶？

Amazon S3存储桶必须与使用它的环境位于同一区域.Elastic Beanstalk无法从其他区域中托管的Amazon S3存储桶下载文件.

2)您是否检查了所需的权限？

将s3:GetObject操作的权限授予实例配置文件中的IAM角色.有关详细信息,请参阅管理Elastic Beanstalk实例配置文件.

3)您的配置文件中有S3存储桶信息吗？(我想你也有这个)

在您的文件的Authentication(v1)或 authentication(v2)参数中包含Amazon S3存储桶信息Dockerrun.aws.json.

无法看到您的权限或您的环境区域,因此请仔细检查这些.如果这不起作用,我会尽可能升级到Docker 1.7+并使用相应的~/.docker/config.json样式.