Reputation: 129
AWS Batch not working with private docker registry
I am trying ro run aws batch with private docker registry.Searched on google and found some links where people have suggested to use userdata in launch template and specify docker login there.But my issue is my organization's docker registry is using certificate also to login. In my local machine I am placing certificate in /etc/docker/cert.d/dockerhost:port location which is working fine.However, if I try to do same in userdata in ec2 it says no directory like /etc/docker... Not sure how to use private docker registry here. If anyone has any solution or suggestion please help.
Note: I tried from few links and got it done, posted the solution in answer.
Upvotes: 0
Views: 1051
Answers (2)
Reputation: 41
This link explain and solve your problem. It worked for me:
Only for ec2 on-demand and not valid for fargate, if you your solution involve the latter(fargate) then if you don want tricky solutions I guess you'll need push your image from Docker to AWS ECR
Upvotes: 0
Reputation: 129
Just an update to anyone who is trying the same:
If you need certificate for docker registry i.e if the connection is SSL then you need to put the certificate at directory /etc/docker/certs.d/dockerhostname:port/.
When AWS batch instantiates the EC2 box, it has docker preinstalled and you can do the required changes in userdata script in order to fetch image from private repository that works in SSL connection:
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="==MYBOUNDARY=="
--==MYBOUNDARY==
Content-Type: text/cloud-config; charset="us-ascii"
packages:
- jq
- aws-cli
runcmd:
- /usr/bin/aws configure set region $(curl http://169.254.169.254/latest/meta-data/placement/region)
- export SECRET_STRING=$(/usr/bin/aws secretsmanager get-secret-value --secret-id your_docker_pwd_secret_name | jq -r '.SecretString')
- export PASSWORD=$(echo $SECRET_STRING | jq -r '.docker_pwd')//.docker_pwd is the key in secret_manger
- cd /etc/docker
- mkdir certs.d
- cd certs.d
- mkdir docker_host:docker_port
- cd docker_host:docker_port
- openssl s_client -showcerts -connect docker_host:docker_port > ca.crt// download certificate and save as ca.crt
- exit
- docker login docker_host:docker_port --username user_name--password $PASSWORD
- echo 'Completed Init script !!'
--==MYBOUNDARY==--
Upvotes: 1
Related Questions
- How to pull Docker image from a private repository using AWS Batch?
- AWS Batch, AWS ECR : Docker run gives an error x509: certificate signed by unknown authority
- Docker - unable to run script
- Docker executable not found in PATH when using AWS batch/ECS
- Docker in Docker on AWS Batch?
- how to provide docker image in aws?
- How to override the docker image in an AWS Batch job?
- AWS Batch for private container image
- Docker pushing containers to private registry
- Private docker registry authentication in aws ecs optimized AMI is not successful