jHipster Registry on AWS Beanstalk - amazon-web-services

I've been looking for a way to deploy jhipster microservices to AWS. It seems like jhipster registry provides an easy way to monitor jhipster microservices but I am yet to find a way to deploy jhipster registry to AWS. Cloning jhipster-registry GitHub repo and running jhipster aws returns "Error: Sorry deployment for this database is not possible".
Alternatively, creating a Docker image with mvn compile jib:buildTar and using generated target/jib-image.tar as an AWS Beanstalk app version also fails because it's missing Dockerfile.
What's a good way to deploy jhipster registry to AWS Beanstalk and subsequently use it for monitoring other jhipster microservices deployed to AWS Beanstalk?
Thanks!

After some trial and error I ended up doing something like this:
Clone https://github.com/jhipster/jhipster-registry
Build a Docker container locally with ./mvnw package -Pprod verify jib:dockerBuild
Create an ECR registry in AWS console or using AWS CLI as follows: aws --profile [AWS_PROFILE] ecr create-repository --repository-name [ECR_REGISTRY_NAME]
Assuming that v6.3.0 was cloned in step 1, tag the local Docker as follows: image docker tag [IMAGE_ID] [AWS_ACCOUNT].dkr.ecr.[AWS_REGION].amazonaws.com/[ECR_REGISTRY_NAME]:jhipster-registry-6.3.0
Authenticate to ECR as follows: eval $(aws --profile [AWS_PROFILE] ecr get-login --no-include-email --region [AWS_REGION])
Push the local Docker image to ECR as follows: docker push [AWS_ACCOUNT].dkr.ecr.[AWS_REGION].amazonaws.com/[ECR_REGISTRY_NAME]:jhipster-registry-6.3.0
Set up Elastic Beanstalk (EB) CLI
Initialize local EB project as follows: eb init --profile [AWS_PROFILE]
Create Dockerrun.aws.json with the following content:
{
"AWSEBDockerrunVersion": "1",
"Image": {
"Name": "[AWS_ACCOUNT].dkr.ecr.[AWS_REGION].amazonaws.com/[ECR_REGISTRY_NAME]:jhipster-registry-6.3.0",
"Update": "true"
},
"Ports": [
{
"ContainerPort": 8761
}
]
}
Run jhipster-locally as follows: eb local run --port 8761
Verify that you can access jhipster-registry locally as follows: eb local open
Create a new EB environment running the Docker image from the ECR as follows: eb create [EB_ENV_NAME] --instance-types t2.medium --keyname [EC2_KEY_PAIR_NAME] \ --vpc.id [VPC_ID] --vpc.ec2subnets [EC2_SUBNETS] --vpc.publicip --vpc.elbpublic --vpc.securitygroups [CUSTOM_ELB_SG]
Access remote jhipster-registry as follows: eb open

Related

Pushing a docker image to aws ecr gives no basic auth credentials

when I try to push a docker image to aws ecr it fails giving the following
sudo docker push xxxxxxx.dkr.ecr.us-east-2.amazonaws.com/my-app:1.0
7d9a9c94af8d: Preparing
f77d412f54b5: Preparing
629960860aca: Preparing
f019278bad8b: Preparing
8ca4f4055a70: Preparing
3e207b409db3: Waiting
no basic auth credentials
although logging in is done successfully
aws ecr get-login-password --region us-east-2 | docker login --username AWS --password-stdin xxxx.dkr.ecr.us-east-2.amazonaws.com
Login Succeeded
And the /home/[my user]/.docker/config.json file has the following data
{
"auths": {
"xxxx.dkr.ecr.us-east-2.amazonaws.com": {
"auth": "QVsVkhaRT...."
}
}
}
I am using aws cli version 2.3.5
aws --version
aws-cli/2.3.5 Python/3.8.8 Linux/5.8.0-63-generic exe/x86_64.ubuntu.20 prompt/off
I am using docker version 20.10.10
docker --version
Docker version 20.10.10, build b485636
How can I solve this problem?
You're running sudo docker push.
This means that the credentials in your account won't be used. Instead, Docker is trying to use (nonexistent) credentials in the root user account.
Changing your command to docker push should suffice.

Docker container export and deployement question

I got a question - I have a docker image running locally on my Mac. - I'm trying to export that local image and deploy on AWS elasticbean stalk env.
Should I use docker export command which outputs it as a tar file then upload to AWS? or should it be in a different non compressed format?
I already tried the above and docker export it as a tar file but AWS didn't like that so what approach should I take here?
You can create a repository in your aws ECR (Amazon Elastic Container Registry) and push your local image to that repo
aws ecr get-login --no-include-email --region us-east-2
docker tag test-pod:latest 24533xxxxx.dkr.ecr.us-east-2.amazonaws.com/test:latest
docker push 24533xxxxx.dkr.ecr.us-east-2.amazonaws.com/test:latest

Build a docker image on AWS Codebuild based on an image pulled from an ECR of another user: "no basic auth credentials"

I have a line in my Dockerfile like this:
FROM 6*********.dkr.ecr.ap-southeast-1.amazonaws.com/*************:ff03401
This ECR is owned by another user.
As recommended in this question, I am trying to log in by using these commands in the build section of my buildspec.yml, and then immediately pull this docker image:
- aws configure set aws_access_key_id $ECR_ACCESS_KEY
- aws configure set aws_secret_access_key $ECR_SECRET_KEY
- eval aws ecr get-login --no-include-email --region ap-southeast-1 --registry-ids 6***********
- docker pull 6***********.dkr.ecr.ap-southeast-1.amazonaws.com/****************:ff03401
When I look at the Codebuild logs, I see that eval aws ecr get-login... outputs a docker login ... command which, if I run it on my local machine, logs me in successfully, and lets me do the docker pull 6******....
In Codebuild, however, docker pull says:
Error response from daemon: Get https://6**********.dkr.ecr.ap-southeast-1.amazonaws.com/v2/******************/manifests/ff03401: no basic auth credentials
I have also tried adding --profile ecrproduction to the first three commands, without success.

Pull images from AWS ECR on AWS EC2 without using docker login but using EC2 Instance role and ECR repository permissions

Can we pull images from AWS ECR Repository on an AWS EC2 instance running docker assigning AWS EC2 instance role/policy and AWS ECR Repository permission that provides access to ECR.
I have currently provided all permissions but the error I am getting is "unauthorized: authentication required".
Let me know if this is possible.
you can actually skip the docker login step, even aws ecr get-token which still did the docker login, using ecr credential helper.
with the helper, just config the docker:
{
"credHelpers": {
"aws_account_id.dkr.ecr.region.amazonaws.com": "ecr-login"
}
}
refer to: https://lwpro2.wordpress.com/2019/10/30/authenticating-amazon-ecr-repositories-for-docker-cli-with-credential-helper/
Run the below command in your cron and cron will refresh your login credentials.
COMMAND=`eval aws ecr get-login --region us-west-2`
echo `eval $COMMAND`
So you can avoid any login to ecr itself and access seamlessly all the time.

docker swarm and aws ecr authentication using api keys

I'm having trouble pulling docker images from AWS ECR when deploying a stack to my docker swarm cluster that runs in AWS EC2.
If I try to ssh to any of the nodes and authenticate manually and pull an image manually, there are no issues
This works:
root#manager1 ~ # `aws ecr get-login --no-include-email --region us-west-2 `
Login Succeeded
root#manager1 ~ # docker pull *****.dkr.ecr.us-west-2.amazonaws.com/myapp:latest
however, if I try deploying a stack or service:
docker stack deploy --compose-file docker-compose.yml myapp
The image can't be found and on the node that I already authenticated as well as on all other manager/worker nodes.
Error from docker service ps myapp :
"No such image: *****.dkr.ecr.us-west-2.amazonaws.com/myapp:latest"
OS: RHEL 7.3
Docker version: Docker version 1.13.1-cs5, build 21c42d8
Anyone have a solution for this issue?
Try this command
docker login -u Username -p password *****.dkr.ecr.us-west-2.amazonaws.com && docker stack deploy --compose-file docker-compose.yml myapp --with-registry-auth