2017-08-23 68 views
0

我使用Docker與AWS ECR回購。他們要求你做的其中一個步驟是運行「碼頭標籤」來標記帶有標籤的構建圖像,該標籤包含圖像將存儲在ECR中的「完全合格」位置。Docker Python API - 標記容器

我正在努力將腳本遷移到Python API(而不是對docker客戶端執行shell調用)。我無法在https://docker-py.readthedocs.io/en/stable/images.html的API文檔中找到相應的「碼頭標籤」。

有人可以指出我正確的方向嗎?

+1

使用'低級別的API:'https:// docker-py.readthedocs.io/en/stable/api.html#module-docker.api.image'有一個'tag()'方法。 – AChampion

回答

1

對於那些在AWS中使用ECR/ECS的人,下面是一個如何解決這個問題的例子。

Amazon提供這樣的ECR說明把你的圖片:

aws ecr get-login --no-include-email --region us-west-2 
docker build -t myproj . 
docker tag calclab:latest XXXXXXXXXX.dkr.ecr.us-west-2.amazonaws.com/myproj:latest 
docker push XXXXXXXXXX.dkr.ecr.us-west-2.amazonaws.com/myproj:latest 

下面是使用Python的泊塢窗API和寶途(AWS的Python庫)大致相當於。它包括在ECR標記的圖像兩次,這樣我可以跟蹤每個圖像的版本號,同時跟蹤最新的是什麼(所以我ECS任務可以在默認情況下,總是搶最新的圖像)

import docker 
import boto3 

def ecrDemo(version_number): 

    # The ECR Repository URI 
    repo = XXXXXXXXXX.dkr.ecr.us-west-2.amazonaws.com/myproj 
    # The name of the [profile] stored in .aws/credentials 
    profile = "sandbox" 
    # The region your ECR repo is in 
    region = "us-west-2" 
    # How you want to tag your project locally 
    local_tag = "myproj" 

    #Set up a session 
    session = boto3.Session(profile_name=profile, region_name=region) 
    ecr = session.client('ecr') 

    docker_api = docker.APIClient() 

    print "Building image " + local_tag 
    for line in docker_api.build(path='.', tag=local_tag, stream=True, \ 
     dockerfile='./Dockerfile.myproj'): 
     process_docker_api_line(line) 

    # Make auth call and parse out results 
    auth = ecr.get_authorization_token() 
    token = auth["authorizationData"][0]["authorizationToken"] 
    username, password = b64decode(token).split(':') 
    endpoint = auth["authorizationData"][0]["proxyEndpoint"] 

    # print "Make authentication call" 
    # docker_api.login(username=user, password=password, \ 
    #    registry=endpoint, reauth=True) 
    auth_config_payload = {'username': username, 'password': password} 



    version_tag = repo + ':latest' 
    latest_tag = repo + ':' + version_number 

    print "Tagging version " + version_tag 
    if docker_api.tag(local_tag, version_tag) is False: 
     raise RuntimeError("Tag appeared to fail: " + version_tag) 

    print "Tagging latest " + latest_tag 
    if docker_api.tag(local_tag, latest_tag) is False: 
     raise RuntimeError("Tag appeared to fail: " + tag_latest) 

    print "Pushing to repo " + version_tag 
    for line in docker_api.push(version_tag, stream=True, auth_config=auth_config_payload): 
     self.process_docker_api_line(line) 

    print "Pushing to repo " + latest_tag 
    for line in docker_api.push(latest_tag, stream=True, auth_config=auth_config_payload): 
     self.process_docker_api_line(line) 

    print "Removing taged deployment images" 
    # You will still have the local_tag image if you need to troubleshoot 
    docker_api.remove_image(version_tag, force=True) 
    docker_api.remove_image(latest_tag, force=True) 

def process_docker_api_line(payload): 
    """ Process the output from API stream, throw an Exception if there is an error """ 
    # Sometimes Docker sends to "{}\n" blocks together... 
    for segment in payload.split('\n'): 
     line = segment.strip() 
     if line: 
      try: 
       line_payload = json.loads(line) 
      except ValueError as ex: 
       print "Could not decipher payload from API: " + ex.message 
      if line_payload: 
       if "errorDetail" in line_payload: 
        error = line_payload["errorDetail"] 
        sys.stderr.write(error["message"]) 
        raise RuntimeError("Error on build - code " + `error["code"]`) 
       elif "stream" in line_payload: 
        sys.stdout.write(line_payload["stream"]) 
+0

這真是太好了,我正準備發佈一個問題(如果這就是需要的話),但我需要使用API​​從AWS ECR中提取/推送圖像,所以我不能使用經典碼頭登錄功能使用這裏發佈的方法。 如果你有一個很好的開箱即用的例子,或者只是使用命令或API名稱可以爲我節省一些麻煩。 –

+0

嗨,除了上面的函數包含一個構建並且不包含項目的回購或憑證這一事實之外,您還需要哪些額外的信息? – Jason

+0

嗨賈森像我說的那樣很棒,給了我一個很大的開端(明天就開始工作..)我需要做的是從AWS ECR中拉出圖像,重新標記圖像並將其推送到另一個ECR(可能另一個地區或帳戶)。 我想我錯過了上面代碼中的pull命令 –

1

這些是您可以用來構建和標記圖像的步驟。

import docker 
tag = 'latest' # or whatever you want 
client = docker.from_env() 
# identifier of the image on your system 
dockername = "%s:%s" % (<name of the image on your system>, <tag>) 
# the target identifier 
target = "%s:%d/%s" % (<registry address>, <registry_port>, <id or name of the image>) 

# the url is usually unix://var/run/docker.sock' but depends on your environment 
cli = docker.APIClient(base_url=<the daemon\'s url or socket>) 
# build the image 
cli.build(path=..., tag=dockername, pull=..., buildargs=...) 
# tag it 
image = client.images.get(dockername) 
image.tag(target, tag=tag) 
+1

謝謝!當然,低級API是這個庫的方式。我也能夠監視諸如構建之類的事情的進展。 – Jason