All geek questions in one place

Amazon ECS private DockerHub repo: failed to decode provided docker account

I have a private repository on DockerHub that I am trying to deploy with ECS. I always get the following error:

Unable to decode provided docker credentials module="ecs credentials" type="dockercfg"

or if I try with a docker like:

 Unable to decode provided docker credentials module="ecs credentials" type="docker"

I tried all the features mentioned in the ECS developer forums.

I tried:

 ECS_ENGINE_AUTH_TYPE=dockercfg ECS_ENGINE_AUTH_DATA='{"https://index.docker.io/v1/":{"auth":"<token>","email":"<email>"}}'

I also tried:

 ECS_ENGINE_AUTH_TYPE=docker ECS_ENGINE_AUTH_DATA='{"https://index.docker.io/v1/":{"username":"<username>","password":"<password>","email":"<email>"}}'

And also (due to docs at https://godoc.org/github.com/aws/amazon-ecs-agent/agent/engine/dockerauth ):

 ECS_ENGINE_AUTH_TYPE=docker ECS_ENGINE_AUTH_DATA='{"https://index.docker.io/v1/<username>":{"username":"<username>","password":"<password>","email":"<email>"}}'

I also tried without "and" around JSON .. same effect. I always get the same error.

I have to add that I get ecs.config from an S3 container that works fine. I also retyped the file manually in case there is some dubious formation when loading the file (although I don’t see how this can happen, since the S3 file comes in as a stream of bytes).

If I SSH into the instance and do the following:

 docker login --username=<username> --password=<password> --email=<email>

Then I can pull the image successfully: docker pull A/B:latest

However, even after logging in (and therefore the docker generates the file ~ / .docker / config.json), I still get the same error from ECS.

I should mention that all operations when changing the ecs.config file were performed as follows:

  • Change the number of tasks to 0
  • Wait for completion
  • sudo stop ecs
  • Change configuration file
  • sudo start ecs
  • Change the number of tasks by 1

Repeat ...

This is very frustrating. How is this work or how will it change from the moment of writing the documentation?

Any help would be appreciated.

EDIT

I also tried installing auth docker in the JSON configuration file in the /etc/ecs/ecs.config.json file:

 { "EngineAuthType": "docker", "EngineAuthData": { "https://index.docker.io/v1/": { "username": "<me>", "password": "<password>", "email": "<email>" } } }

The JSON configuration for this is described here: https://godoc.org/github.com/aws/amazon-ecs-agent/agent/config . It is also mentioned in the code comments here: https://github.com/aws/amazon-ecs-agent/blob/b197eddd9d5272eeac7dddaa2a84cc4c85522354/agent/engine/dockerauth/doc.go

More specific:

These keys can be set by setting the environment variables "ECS_ENGINE_AUTH_TYPE" and "ECS_ENGINE_AUTH_DATA" or by setting the keys "EngineAuthData" and "EngineAuthType" in the JSON configuration file located in the configured "ECS_AGENT_CONFIG_FILE_PATH" (see http://godoc.org/ .com / aws / amazon-ecs-agent / agent / config )

This again, giving the same error ...

+5
source share
1 answer

After spending some time looking at the ECS agent code ( https://github.com/aws/amazon-ecs-agent ), I realized where the problem is. The problem is in the email field that needs to be deleted!

So just write how to do it:

You need to follow these instructions: http://docs.aws.amazon.com/AmazonECS/latest/developerguide/private-auth.html .

However, all examples include an email field.

ecs.config should look like this:

 ECS_ENGINE_AUTH_TYPE=dockercfg ECS_ENGINE_AUTH_DATA={"https://index.docker.io/v1/":{"auth":"<your auth token>"}}

To download ecs.config from the S3 container when your instances are created, follow these steps: http://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html , in particular, "To save ecs.config file on Amazon S3 "and" Download the ecs.config file from Amazon S3 headers on startup. "

+5
source

Source: https://habr.com/ru/post/1236778/

More articles:


All Articles