Question 84535 in Docker Question posted in
The official documentation can be found here.

AWS Batch not working with private docker registry

I am trying ro run aws batch with private docker registry.Searched on google and found some links where people have suggested to use userdata in launch template and specify docker login there.But my issue is my organization’s docker registry is using certificate also to login. In my local machine I am placing certificate in /etc/docker/cert.d/dockerhost:port location which is working fine.However, if I try to do same in userdata in ec2 it says no directory like /etc/docker…
Not sure how to use private docker registry here.
If anyone has any solution or suggestion please help.

Note: I tried from few links and got it done, posted the solution in answer.

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    Just an update to anyone who is trying the same:

    If you need certificate for docker registry i.e if the connection is SSL then you need to put the certificate at directory /etc/docker/certs.d/dockerhostname:port/.

    When AWS batch instantiates the EC2 box, it has docker preinstalled and you can do the required changes in userdata script in order to fetch image from private repository that works in SSL connection:

    MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="==MYBOUNDARY=="

--==MYBOUNDARY==
Content-Type: text/cloud-config; charset="us-ascii"

packages:
- jq
- aws-cli
runcmd:
- /usr/bin/aws configure set region $(curl http://169.254.169.254/latest/meta-data/placement/region)
- export SECRET_STRING=$(/usr/bin/aws secretsmanager get-secret-value --secret-id your_docker_pwd_secret_name | jq -r '.SecretString')
- export PASSWORD=$(echo $SECRET_STRING | jq -r '.docker_pwd')//.docker_pwd is the key in secret_manger 
- cd /etc/docker
- mkdir certs.d
- cd certs.d
- mkdir docker_host:docker_port
- cd docker_host:docker_port
- openssl s_client -showcerts -connect docker_host:docker_port > ca.crt// download certificate and save as ca.crt
- exit
- docker login docker_host:docker_port --username user_name--password $PASSWORD
- echo 'Completed Init script !!'
--==MYBOUNDARY==--

  2. 0

    This link explain and solve your problem. It worked for me:

    https://aws.amazon.com/blogs/compute/how-to-authenticate-private-container-registries-using-aws-batch/

    Only for ec2 on-demand and not valid for fargate, if you your solution involve the latter(fargate) then if you don want tricky solutions I guess you’ll need push your image from Docker to AWS ECR

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search