docker 拉 <image> 在 cloudformation UserData 标签中不工作
docker pull <image> not working in cloudformation UserData tag
UserData:
'Fn::Base64': |
#!/bin/bash
yum -y install docker
dockerd
docker pull apache/superset
在上面提到的 Cloudformation UserData 标签中:
一切正常,直到 dockerd。 docker pull 命令没有执行。
模板不会产生任何错误。
但是当我通过 ssh 进入由我的 cloudformation 模板创建的 ec2 实例时 - 我没有看到 docker 图像。
我可以在 ec2 上手动 运行 docker pull <image> 并且它有效。
从云形成模板中的 ec2 上的 docker 集线器(不是 ECR)中提取映像是否需要任何特定设置?
我的整个CF模板供参考:
Parameters:
InstanceType:
Type: String
Default: t2.micro
Description: Enter instance size. Default is t3a.medium.
AllowedValues: # dropdown options
- t1.nano
- t1.micro
- t2.micro
Key:
Type: AWS::EC2::KeyPair::KeyName
Default: aseem-ec2-eu-west-1
Description: The key used to access the instance.
Mappings:
AmiIdForRegion:
us-east-1:
AMI: ami-04ad2567c9e3d7893
eu-west-1:
AMI: ami-09d4a659cdd8677be
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 172.34.0.0/16
EnableDnsSupport: true
EnableDnsHostnames: true
InstanceTenancy: default
Tags:
- Key: Name
Value: Linux VPC
InternetGateway:
Type: AWS::EC2::InternetGateway
VPCGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref VPC
InternetGatewayId: !Ref InternetGateway
SubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: eu-west-1a
VpcId: !Ref VPC
CidrBlock: 172.34.1.0/24
MapPublicIpOnLaunch: true
RouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
InternetRoute:
Type: AWS::EC2::Route
DependsOn:
- InternetGateway
- VPCGatewayAttachment
Properties:
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
RouteTableId: !Ref RouteTable
SubnetARouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTable
SubnetId: !Ref SubnetA
SecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: Enable HTTP access via port 80
GroupName: superset-ec2-security-group-3
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 8080 # HTTP- port 80
ToPort: 8080
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 22 # ssh
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
SecurityGroupEgress: # all external traffic
- IpProtocol: -1
CidrIp: 0.0.0.0/0
ElasticIP:
Type: AWS::EC2::EIP
Properties:
Domain: vpc
InstanceId: !Ref LinuxEc2
LinuxEc2:
Type: AWS::EC2::Instance
Properties:
SubnetId: !Ref SubnetA
SecurityGroupIds:
- !Ref SecurityGroup
ImageId: !FindInMap [ AmiIdForRegion,!Ref AWS::Region,AMI ]
KeyName: !Ref Key
InstanceType: !Ref InstanceType
BlockDeviceMappings:
- DeviceName: /dev/xvda
Ebs:
VolumeSize: 100
Tags:
- Key: Name # naming your instance
Value: superset-6
UserData:
'Fn::Base64': |
#!/bin/bash
yum -y install docker
dockerd
docker pull apache/superset
Outputs:
PublicDnsName:
Value: !GetAtt LinuxEc2.PublicDnsName
PublicIp:
Value: !GetAtt LinuxEc2.PublicIp
您不应该在您的用户数据中执行 dockerd。这将启动 docker 守护程序并冻结进一步的执行。相反,它应该是:
UserData:
'Fn::Base64': |
#!/bin/bash
yum -y install docker
systemctl enable docker
systemctl start docker
docker pull apache/superset
UserData:
'Fn::Base64': |
#!/bin/bash
yum -y install docker
dockerd
docker pull apache/superset
在上面提到的 Cloudformation UserData 标签中:
一切正常,直到 dockerd。 docker pull 命令没有执行。
模板不会产生任何错误。
但是当我通过 ssh 进入由我的 cloudformation 模板创建的 ec2 实例时 - 我没有看到 docker 图像。
我可以在 ec2 上手动 运行 docker pull <image> 并且它有效。
从云形成模板中的 ec2 上的 docker 集线器(不是 ECR)中提取映像是否需要任何特定设置?
我的整个CF模板供参考:
Parameters:
InstanceType:
Type: String
Default: t2.micro
Description: Enter instance size. Default is t3a.medium.
AllowedValues: # dropdown options
- t1.nano
- t1.micro
- t2.micro
Key:
Type: AWS::EC2::KeyPair::KeyName
Default: aseem-ec2-eu-west-1
Description: The key used to access the instance.
Mappings:
AmiIdForRegion:
us-east-1:
AMI: ami-04ad2567c9e3d7893
eu-west-1:
AMI: ami-09d4a659cdd8677be
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 172.34.0.0/16
EnableDnsSupport: true
EnableDnsHostnames: true
InstanceTenancy: default
Tags:
- Key: Name
Value: Linux VPC
InternetGateway:
Type: AWS::EC2::InternetGateway
VPCGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref VPC
InternetGatewayId: !Ref InternetGateway
SubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: eu-west-1a
VpcId: !Ref VPC
CidrBlock: 172.34.1.0/24
MapPublicIpOnLaunch: true
RouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
InternetRoute:
Type: AWS::EC2::Route
DependsOn:
- InternetGateway
- VPCGatewayAttachment
Properties:
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
RouteTableId: !Ref RouteTable
SubnetARouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTable
SubnetId: !Ref SubnetA
SecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: Enable HTTP access via port 80
GroupName: superset-ec2-security-group-3
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 8080 # HTTP- port 80
ToPort: 8080
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 22 # ssh
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
SecurityGroupEgress: # all external traffic
- IpProtocol: -1
CidrIp: 0.0.0.0/0
ElasticIP:
Type: AWS::EC2::EIP
Properties:
Domain: vpc
InstanceId: !Ref LinuxEc2
LinuxEc2:
Type: AWS::EC2::Instance
Properties:
SubnetId: !Ref SubnetA
SecurityGroupIds:
- !Ref SecurityGroup
ImageId: !FindInMap [ AmiIdForRegion,!Ref AWS::Region,AMI ]
KeyName: !Ref Key
InstanceType: !Ref InstanceType
BlockDeviceMappings:
- DeviceName: /dev/xvda
Ebs:
VolumeSize: 100
Tags:
- Key: Name # naming your instance
Value: superset-6
UserData:
'Fn::Base64': |
#!/bin/bash
yum -y install docker
dockerd
docker pull apache/superset
Outputs:
PublicDnsName:
Value: !GetAtt LinuxEc2.PublicDnsName
PublicIp:
Value: !GetAtt LinuxEc2.PublicIp
您不应该在您的用户数据中执行 dockerd。这将启动 docker 守护程序并冻结进一步的执行。相反,它应该是:
UserData:
'Fn::Base64': |
#!/bin/bash
yum -y install docker
systemctl enable docker
systemctl start docker
docker pull apache/superset