docker pull <image> 在 cloudformation UserData 标记中不起作用
Posted
技术标签:
【中文标题】docker pull <image> 在 cloudformation UserData 标记中不起作用【英文标题】:docker pull <image> not working in cloudformation UserData tag 【发布时间】:2022-01-06 15:42:44 【问题描述】:UserData:
'Fn::Base64': |
#!/bin/bash
yum -y install docker
dockerd
docker pull apache/superset
在上面提到的 Cloudformation UserData 标签中:
一切正常,直到dockerd
。 docker pull 命令不执行。
模板不会产生任何错误。
但是当我 ssh 进入由我的 cloudformation 模板创建的 ec2 实例时 - 我没有看到 docker 映像。
我可以在 ec2 上手动运行 docker pull <image>
并且它可以工作。
是否需要任何特定设置才能从云形成模板的 ec2 上的 docker hub(不是 ECR)中提取图像?
我的整个 CF 模板供参考:
Parameters:
InstanceType:
Type: String
Default: t2.micro
Description: Enter instance size. Default is t3a.medium.
AllowedValues: # dropdown options
- t1.nano
- t1.micro
- t2.micro
Key:
Type: AWS::EC2::KeyPair::KeyName
Default: aseem-ec2-eu-west-1
Description: The key used to access the instance.
Mappings:
AmiIdForRegion:
us-east-1:
AMI: ami-04ad2567c9e3d7893
eu-west-1:
AMI: ami-09d4a659cdd8677be
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 172.34.0.0/16
EnableDnsSupport: true
EnableDnsHostnames: true
InstanceTenancy: default
Tags:
- Key: Name
Value: Linux VPC
InternetGateway:
Type: AWS::EC2::InternetGateway
VPCGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref VPC
InternetGatewayId: !Ref InternetGateway
SubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: eu-west-1a
VpcId: !Ref VPC
CidrBlock: 172.34.1.0/24
MapPublicIpOnLaunch: true
RouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
InternetRoute:
Type: AWS::EC2::Route
DependsOn:
- InternetGateway
- VPCGatewayAttachment
Properties:
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
RouteTableId: !Ref RouteTable
SubnetARouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTable
SubnetId: !Ref SubnetA
SecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: Enable HTTP access via port 80
GroupName: superset-ec2-security-group-3
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 8080 # HTTP- port 80
ToPort: 8080
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 22 # ssh
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
SecurityGroupEgress: # all external traffic
- IpProtocol: -1
CidrIp: 0.0.0.0/0
ElasticIP:
Type: AWS::EC2::EIP
Properties:
Domain: vpc
InstanceId: !Ref LinuxEc2
LinuxEc2:
Type: AWS::EC2::Instance
Properties:
SubnetId: !Ref SubnetA
SecurityGroupIds:
- !Ref SecurityGroup
ImageId: !FindInMap [ AmiIdForRegion,!Ref AWS::Region,AMI ]
KeyName: !Ref Key
InstanceType: !Ref InstanceType
BlockDeviceMappings:
- DeviceName: /dev/xvda
Ebs:
VolumeSize: 100
Tags:
- Key: Name # naming your instance
Value: superset-6
UserData:
'Fn::Base64': |
#!/bin/bash
yum -y install docker
dockerd
docker pull apache/superset
Outputs:
PublicDnsName:
Value: !GetAtt LinuxEc2.PublicDnsName
PublicIp:
Value: !GetAtt LinuxEc2.PublicIp
【问题讨论】:
你在 /var/log/user-data.log 中看到了什么? @kgiannakakis 我想是/var/log/cloud-init-output.log
?
@Marcin,是的,这是用户数据的正确日志。
进展如何?仍然不清楚为什么会出现问题以及如何解决?
@kgiannakakis 我从未在 /var/logs 中看到过这样的文件。是针对一些非标准的 AMI 吗?
【参考方案1】:
您不应在您的用户数据中执行dockerd
。这将启动 docker 守护进程并冻结进一步的执行。相反,它应该是:
UserData:
'Fn::Base64': |
#!/bin/bash
yum -y install docker
systemctl enable docker
systemctl start docker
docker pull apache/superset
【讨论】:
是的,这行得通!我确实在日志文件/var/log/cloud-init-output.log
中看到了 pull complete
以上是关于docker pull <image> 在 cloudformation UserData 标记中不起作用的主要内容,如果未能解决你的问题,请参考以下文章
docker下来镜像error pulling image configuration:
sh setelah docker pull ubuntu image install sudo
解决docker: error pulling image configuration: Get https://registry-1.docker.io/v2/library/mysql/: TLS