Category: DevOps

Getting Started with Amazon Elastic Container Registry

Posted on by Jerry Wang

What is Amazon Elastic Container Registry?

Amazon Elastic Container Registry (Amazon ECR) is an AWS managed container image registry service that is secure, scalable, and reliable. Amazon ECR supports private container image repositories with resource-based permissions using AWS IAM. This is so that specified users or Amazon EC2 instances can access your container repositories and images. You can use your preferred CLI to push, pull, and manage Docker images, Open Container Initiative (OCI) images, and OCI compatible artifacts.

Components of Amazon ECR

Amazon ECR contains the following components:

Registry

An Amazon ECR registry is provided to each AWS account; you can create image repositories in your registry and store images in them.

Repository

An Amazon ECR image repository contains your Docker images, Open Container Initiative (OCI) images, and OCI compatible artifacts.

Image

You can push and pull container images to your repositories. You can use these images locally on your development system, or you can use them in Amazon ECS task definitions and Amazon EKS pod specifications.

Getting Started with Amazon ECR

Prerequisites

  • Sign up for AWS
  • Install the AWS CLI
  • Install Docker

Create an IAM user

Create an IAM user, and then grant this user administrative permissions by attaching an existing policy AmazonEC2ContainerRegistryFullAccess to this user.

Create an image repository

A repository is where you store your Docker or Open Container Initiative (OCI) images in Amazon ECR. Each time you push or pull an image from Amazon ECR, you specify the repository and the registry location which informs where to push the image to or where to pull it from.

  • Choose Get Started.
  • Inside the Create repository form:
  • For Visibility settings, choose the visibility setting for the repository.
  • For Repository name, provide a concise name. For example, sonarqube.
  • For Tag immutability, enable tag immutability to prevent image tags from being overwritten by subsequent image pushes using the same tag. Disable tag immutability to allow image tags to be overwritten.
  • For Image scan settings and Encryption settings, leave them as Disabled.
  • Choose Create repository.

Create a Docker image

For brevity, pull a docker image from the Docker Hub instead. For example, sonarqube:8.9.2-enterprise:

docker pull sonarqube:8.9.2-enterprise

Authenticate to your default registry

After you have installed and configured the AWS CLI, authenticate the Docker CLI to your default registry. That way, the docker command can push and pull images with Amazon ECR. The AWS CLI provides a get-login-password command to simplify the authentication process.

The get-login-password is the preferred method for authenticating to an Amazon ECR private registry when using the AWS CLI. Ensure that you have configured your AWS CLI to interact with AWS. For more information, see AWS CLI configuration basics:

aws ecr get-login-password --region [region] | docker login --username AWS --password-stdin [aws_account_id].dkr.ecr.[region].amazonaws.com

Make sure replace [region] and [aws_account_id] with your region and AWS account ID.

Push an image to Amazon ECR

Now you can push your image to the Amazon ECR repository you created in the previous section. You use the docker CLI to push images, but there are a few prerequisites that must be satisfied for this to work properly:

  • The minimum version of docker is installed: 1.7
  • The Amazon ECR authorization token has been configured with docker login.
  • The Amazon ECR repository exists and the user has access to push to the repository.

After those prerequisites are met, you can push your image to your newly created repository in the default registry for your account.

Tag the image to push to your registry, which is sonarqube:8.9.2-enterprise in this case:

docker tag sonarqube:8.9.2-enterprise [aws_account_id].dkr.ecr.[region].amazonaws.com/sonarqube:8.9.2-enterprise

Push the image:

docker push [aws_account_id].dkr.ecr.[region].amazonaws.com/sonarqube:8.9.2-enterprise

Pull an image from Amazon ECR

After your image has been pushed to your Amazon ECR repository, you can pull it from other locations. Use the docker CLI to pull images, but there are a few prerequisites that must be satisfied for this to work properly:

  • The minimum version of docker is installed: 1.7
  • The Amazon ECR authorization token has been configured with docker login.
  • The Amazon ECR repository exists and the user has access to pull from the repository.

After those prerequisites are met, you can pull your image. To pull your example image from Amazon ECR, run the following command:

docker pull [aws_account_id].dkr.ecr.[region].amazonaws.com/sonarqube:8.9.2-enterprise

Installing Ruby from Source on Debian 8 Using SaltStack

Posted on by Jerry Wang
Photo by Castorly Stock on Pexels.com

The default Ruby shipped with Debian 8 is of version 2.1.5, which is very old. You can use the following SaltStack states to install Ruby 2.5.1 from source:

bison:
  pkg.installed

libgdbm-dev:
  pkg.installed

libreadline-dev:
  pkg.installed

libssl-dev:
  pkg.installed

openssl:
  pkg.installed

zlib1g-dev:
  pkg.installed

download_ruby_2.5.1_source:
  cmd.run:
    - name: curl -s -S --retry 5 https://cache.ruby-lang.org/pub/ruby/2.5/ruby-2.5.1.tar.gz | tar xz
    - runas: jenkins
    - cwd: /var/lib/jenkins
    - unless: command -v ruby && test '2.5.1p57' = $(ruby -v|awk '{print $2}')

install_ruby_2.5.1_from_source:
  cmd.run:
    - name: cd /var/lib/jenkins/ruby-2.5.1 && ./configure && make && make install
    - onchanges:
      - download_ruby_2.5.1_source

remove_ruby_2.5.1_source:
  file.absent:
    - name: /var/lib/jenkins/ruby-2.5.1
    - onchanges:
      - download_ruby_2.5.1_source

References

Adding Multiple Lines to a File using Ansible

Posted on by Jerry Wang
Photo by Pixabay on Pexels.com

The Ansible module lineinfile will search a file for a line and ensure that it is present or absent. It is useful when you want to change a single line in a file only. But how to add multiple lines to a file? You can use a loop to do this together with lineinfile like the following:

- name: ASE Deps | Configure sudoers
  lineinfile:
    dest: /etc/sudoers
    line: "{{ item }}"
  with_items:
    - "Defaults:sybase !requiretty"
    - "sybase ALL=(ALL) NOPASSWD: /bin/mount, /bin/umount, /bin/mkdir, /bin/rmdir, /bin/ps"

Want to buy me a coffee? Do it here: https://www.buymeacoffee.com/j3rrywan9

Configuring DNS when DHCP is Used on Ubuntu

Posted on by Jerry Wang
Photo by panumas nikhomkhai on Pexels.com

When eth0 is configured to use DHCP on Ubuntu (14.04 LTS), the contents of /etc/resolv.conf are overwritten by resolvconf (man 8 resolvconf), which in turn is called by dhclient. So you can neither set “dns-nameservers” and “dns-search” in /etc/resolv.conf nor /etc/network/interfaces.d/eth0.cfg.

The solution is to supersede the “domain-name-servers” and “domain-search” values in /etc/dhcp/dhclient.conf (man 5 dhclient.conf):

supersede domain-name-servers 172.16.101.11;
supersede domain-search "example.com";

And you may need to renew DHCP lease to make above change effective:

sudo dhclient -r eth0
sudo dhclient eth0