AWS Lightsail:”在检索容器注册表登录凭据之前,您必须创建一个容器服务。”

huangapple
go评论87阅读模式
英文:

AWS Lightsail: "You must create a container service before retrieving container registry login credentials."

问题

我正在尝试从GitHub操作中部署到Lightsail。我已经创建了一个容器服务(尽管出现错误消息),但我收到一个错误,说我没有。我想这可能与权限有关,但我无法弄清楚可能出错的地方。

以下是此讨论的唯一相关部分,我认为这是完整的配置文件的一部分:

  1.       - name: Release to Amazon Lightsail
  2.         env:
  3.           CONTAINER_SERVICE_NAME: ${{ env.ENVIRONMENT }}-${{ env.SERVICE_NAME }}-cs
  4.         run: |
  5.           echo "Releasing to Amazon Lightsail"
  7.           docker pull $ORG_NAME/$SERVICE_NAME:$GITHUB_SHA
  9.           echo "Uploading docker image to $CONTAINER_SERVICE_NAME"
  11.           # upload the docker image for this pipeline
  12.           aws --debug lightsail push-container-image \
  13.             --service-name $CONTAINER_SERVICE_NAME  \
  14.             --label ${{ env.SERVICE_NAME }}-latest  \
  15.             --image $ORG_NAME/$SERVICE_NAME:$GITHUB_SHA

这是错误信息:

  1. Run echo "Releasing to Amazon Lightsail"
  2. Releasing to Amazon Lightsail
  3. 61388d167c4340ec7054e7e7a64bcd897e407a9d: Pulling from ***/slackbot
  4. [ lots of pulling and downloading ]
  5. Digest: sha256:0d4f0cce97751a1f4ef5dfc5731ad09c2d7762f3c307215269cffccbdb655d79
  6. Status: Downloaded newer image for ***/slackbot:61388d167c4340ec7054e7e7a64bcd897e407a9d
  7. docker.io/***/slackbot:61388d167c4340ec7054e7e7a64bcd897e407a9d
  8. Uploading docker image to production-slackbot-cs
  9. 2023-07-14 22:10:53,018 - MainThread - awscli.clidriver - DEBUG - CLI version: aws-cli/2.13.0 Python/3.11.4 Linux/5.15.0-1041-azure exe/x86_64.ubuntu.22
  10. 2023-07-14 22:10:53,018 - MainThread - awscli.clidriver - DEBUG - Arguments entered to CLI: ['--debug', 'lightsail', 'push-container-image', '--service-name', 'production-slackbot-cs', '--label', 'slackbot-latest', '--image', '***/slackbot:61388d167c4340ec7054e7e7a64bcd897e407a9d']
  11. ...
  12. (省略中间部分)
  13. ...
  14. 2023/07/14 22:10:55 DEBUG: Request Signature:
  15. ...
  16. 2023/07/14 22:10:55 {"__type":"InvalidInputException","message":"You must create a container service before retrieving container registry login credentials."}
  17. InvalidInputException: You must create a container service before retrieving container registry login credentials.
  18. ...
  19. Error: Process completed with exit code 255.

这是我的权限设置:

  1. {
  2.   "Effect": "Allow",
  3.   "Action": [
  4.     "lightsail:GetContainerImages",
  5.     "lightsail:GetContainerAPIMetadata",
  6.     "lightsail:CreateContainerService",
  7.     "lightsail:CreateContainerServiceRegistryLogin",
  8.     "lightsail:GetContainerServices",
  9.     "lightsail:GetContainerServiceDeployments",
  10.     "lightsail:GetContainerServicePowers"
  11.   ],
  12.   "Resource": "*"
  13. },
  14. {
  15.   "Effect": "Allow",
  16.   "Action": [
  17.     "lightsail:CreateContainerServiceDeployment",
  18.     "lightsail:DeleteContainerService",
  19.     "lightsail:RegisterContainerImage",
  20.     "lightsail:UpdateContainerService"
  21.   ],
  22.   "Resource": [my ARN]
  23. }

无论如何,我们都感到困惑。:) 谢谢!

英文:

I'm attempting to deploy to Lightsail from a GitHub Action. I have a container service created (despite the error message) but I'm getting an error saying I don't. I imagine this has to do with privileges, but I can't figure out what might be wrong.

Here is the entire config file, but I believe this is the only relevant stanza for this discussion:

  1.       - name: Release to Amazon Lightsail
  2.         env:
  3.           CONTAINER_SERVICE_NAME: ${{ env.ENVIRONMENT }}-${{ env.SERVICE_NAME }}-cs
  4.         run: |
  5.           echo "Releasing to Amazon Lightsail"
  7.           docker pull $ORG_NAME/$SERVICE_NAME:$GITHUB_SHA
  9.           echo "Uploading docker image to $CONTAINER_SERVICE_NAME"
  11.           # upload the docker image for this pipeline
  12.           aws --debug lightsail push-container-image \
  13.             --service-name $CONTAINER_SERVICE_NAME  \
  14.             --label ${{ env.SERVICE_NAME }}-latest  \
  15.             --image $ORG_NAME/$SERVICE_NAME:$GITHUB_SHA

Here is the error:

  1. Run echo "Releasing to Amazon Lightsail"
  2. Releasing to Amazon Lightsail
  3. 61388d167c4340ec7054e7e7a64bcd897e407a9d: Pulling from ***/slackbot
  4. [ lots of pulling and downloading ]
  5. Digest: sha256:0d4f0cce97751a1f4ef5dfc5731ad09c2d7762f3c307215269cffccbdb655d79
  6. Status: Downloaded newer image for ***/slackbot:61388d167c4340ec7054e7e7a64bcd897e407a9d
  7. docker.io/***/slackbot:61388d167c4340ec7054e7e7a64bcd897e407a9d
  8. Uploading docker image to production-slackbot-cs
  9. 2023-07-14 22:10:53,018 - MainThread - awscli.clidriver - DEBUG - CLI version: aws-cli/2.13.0 Python/3.11.4 Linux/5.15.0-1041-azure exe/x86_64.ubuntu.22
  10. 2023-07-14 22:10:53,018 - MainThread - awscli.clidriver - DEBUG - Arguments entered to CLI: ['--debug', 'lightsail', 'push-container-image', '--service-name', 'production-slackbot-cs', '--label', 'slackbot-latest', '--image', '***/slackbot:61388d167c4340ec7054e7e7a64bcd897e407a9d']
  11. 2023-07-14 22:10:54,466 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function add_s3 at 0x7fc0365e0360>
  12. 2023-07-14 22:10:54,467 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function add_ddb at 0x7fc036919b20>
  13. 2023-07-14 22:10:54,467 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <bound method BasicCommand.add_command of <class 'awscli.customizations.configure.configure.ConfigureCommand'>>
  14. 2023-07-14 22:10:54,467 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function change_name at 0x7fc036d77e20>
  15. 2023-07-14 22:10:54,467 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function change_name at 0x7fc036d9d4e0>
  16. 2023-07-14 22:10:54,467 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function alias_opsworks_cm at 0x7fc0365e2de0>
  17. 2023-07-14 22:10:54,467 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function add_history_commands at 0x7fc036970540>
  18. 2023-07-14 22:10:54,467 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <bound method BasicCommand.add_command of <class 'awscli.customizations.devcommands.CLIDevCommand'>>
  19. 2023-07-14 22:10:54,467 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function add_waiters at 0x7fc0365e2ca0>
  20. 2023-07-14 22:10:54,467 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <bound method AliasSubCommandInjector.on_building_command_table of <awscli.alias.AliasSubCommandInjector object at 0x7fc035f9d6d0>>
  21. 2023-07-14 22:10:54,467 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /usr/local/aws-cli/v2/2.13.0/dist/awscli/data/cli.json
  22. 2023-07-14 22:10:54,469 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function resolve_types at 0x7fc03651df80>
  23. 2023-07-14 22:10:54,469 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function no_sign_request at 0x7fc03651e2a0>
  24. 2023-07-14 22:10:54,469 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function resolve_verify_ssl at 0x7fc03651e200>
  25. 2023-07-14 22:10:54,469 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function resolve_cli_read_timeout at 0x7fc03651e3e0>
  26. 2023-07-14 22:10:54,470 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function resolve_cli_connect_timeout at 0x7fc03651e340>
  27. 2023-07-14 22:10:54,470 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <built-in method update of dict object at 0x7fc035f928c0>
  28. 2023-07-14 22:10:54,470 - MainThread - awscli.clidriver - DEBUG - CLI version: aws-cli/2.13.0 Python/3.11.4 Linux/5.15.0-1041-azure exe/x86_64.ubuntu.22 prompt/off
  29. 2023-07-14 22:10:54,470 - MainThread - awscli.clidriver - DEBUG - Arguments entered to CLI: ['--debug', 'lightsail', 'push-container-image', '--service-name', 'production-slackbot-cs', '--label', 'slackbot-latest', '--image', '***/slackbot:61388d167c4340ec7054e7e7a64bcd897e407a9d']
  30. 2023-07-14 22:10:54,470 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function add_timestamp_parser at 0x7fc0365e0cc0>
  31. 2023-07-14 22:10:54,470 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function register_uri_param_handler at 0x7fc0375f9ee0>
  32. 2023-07-14 22:10:54,471 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function add_binary_formatter at 0x7fc035f602c0>
  33. 2023-07-14 22:10:54,471 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function no_pager_handler at 0x7fc0375207c0>
  34. 2023-07-14 22:10:54,471 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function inject_assume_role_provider_cache at 0x7fc037115800>
  35. 2023-07-14 22:10:54,567 - MainThread - botocore.utils - DEBUG - IMDS ENDPOINT: http://169.254.169.254/
  36. 2023-07-14 22:10:54,569 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function attach_history_handler at 0x7fc036950e00>
  37. 2023-07-14 22:10:54,569 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function inject_json_file_cache at 0x7fc036dfdda0>
  38. 2023-07-14 22:10:54,628 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /usr/local/aws-cli/v2/2.13.0/dist/awscli/botocore/data/lightsail/2016-11-28/service-2.json
  39. 2023-07-14 22:10:54,658 - MainThread - botocore.hooks - DEBUG - Event building-command-table.lightsail: calling handler <function inject_commands at 0x7fc035f605e0>
  40. 2023-07-14 22:10:54,658 - MainThread - botocore.hooks - DEBUG - Event building-command-table.lightsail: calling handler <function add_waiters at 0x7fc0365e2ca0>
  41. 2023-07-14 22:10:54,668 - MainThread - botocore.hooks - DEBUG - Event building-command-table.lightsail: calling handler <bound method AliasSubCommandInjector.on_building_command_table of <awscli.alias.AliasSubCommandInjector object at 0x7fc035f9d6d0>>
  42. 2023-07-14 22:10:54,669 - MainThread - botocore.hooks - DEBUG - Event building-command-table.lightsail_push-container-image: calling handler <function add_waiters at 0x7fc0365e2ca0>
  43. 2023-07-14 22:10:54,669 - MainThread - botocore.hooks - DEBUG - Event building-command-table.lightsail_push-container-image: calling handler <bound method AliasSubCommandInjector.on_building_command_table of <awscli.alias.AliasSubCommandInjector object at 0x7fc035f9d6d0>>
  44. 2023-07-14 22:10:54,670 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.custom.push-container-image.service-name: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7fc0381e8090>
  45. 2023-07-14 22:10:54,670 - MainThread - botocore.hooks - DEBUG - Event process-cli-arg.custom.push-container-image: calling handler <awscli.argprocess.ParamShorthandParser object at 0x7fc03753e6d0>
  46. 2023-07-14 22:10:54,670 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.custom.push-container-image.image: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7fc0381e8090>
  47. 2023-07-14 22:10:54,670 - MainThread - botocore.hooks - DEBUG - Event process-cli-arg.custom.push-container-image: calling handler <awscli.argprocess.ParamShorthandParser object at 0x7fc03753e6d0>
  48. 2023-07-14 22:10:54,670 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.custom.push-container-image.label: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7fc0381e8090>
  49. 2023-07-14 22:10:54,670 - MainThread - botocore.hooks - DEBUG - Event process-cli-arg.custom.push-container-image: calling handler <awscli.argprocess.ParamShorthandParser object at 0x7fc03753e6d0>
  50. 2023/07/14 22:10:54 DEBUG: Request Signature:
  51. ---[ CANONICAL STRING  ]-----------------------------
  52. POST
  53. /
  54. content-length:2
  55. content-type:application/x-amz-json-1.1
  56. host:lightsail.***.amazonaws.com
  57. x-amz-date:20230714T221054Z
  58. x-amz-security-token:***
  59. x-amz-target:Lightsail_20161128.GetContainerAPIMetadata
  60. content-length;content-type;host;x-amz-date;x-amz-security-token;x-amz-target
  61. 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
  62. ---[ STRING TO SIGN ]--------------------------------
  63. AWS4-HMAC-SHA256
  64. 20230714T221054Z
  65. 20230714/***/lightsail/aws4_request
  66. a0d61a57603c598459025912f6107fa80f82c6abf01fcf62cdfb0d607fb8f221
  67. -----------------------------------------------------
  68. 2023/07/14 22:10:54 DEBUG: Request lightsail/GetContainerAPIMetadata Details:
  69. ---[ REQUEST POST-SIGN ]-----------------------------
  70. POST / HTTP/1.1
  71. Host: lightsail.***.amazonaws.com
  72. User-Agent: aws-sdk-go/1.44.39 (go1.18.1; linux; amd64) lightsailctl/v1.0.4 (go1.18.1; linux; amd64)
  73. Content-Length: 2
  74. Authorization: AWS4-HMAC-SHA256 Credential=***/20230714/***/lightsail/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date;x-amz-security-token;x-amz-target, Signature=59e575cba84116c94392b5a472a15a699d2ebc2ae5ff54a3abaf808c2bf51282
  75. Content-Type: application/x-amz-json-1.1
  76. X-Amz-Date: 20230714T221054Z
  77. X-Amz-Security-Token: ***
  78. X-Amz-Target: Lightsail_20161128.GetContainerAPIMetadata
  79. Accept-Encoding: gzip
  80. {}
  81. -----------------------------------------------------
  82. 2023/07/14 22:10:55 DEBUG: Response lightsail/GetContainerAPIMetadata Details:
  83. ---[ RESPONSE ]--------------------------------------
  84. HTTP/1.1 200 OK
  85. Content-Length: 61
  86. Connection: keep-alive
  87. Content-Type: application/x-amz-json-1.1
  88. Date: Fri, 14 Jul 2023 22:10:55 GMT
  89. Server: Server
  90. X-Amzn-Requestid: 8ba40949-9a3d-4cb9-93e0-0887f28c7200
  91. -----------------------------------------------------
  92. 2023/07/14 22:10:55 {"metadata":[{"name":"lightsailctlVersion","value":"1.0.0"}]}
  93. 2023/07/14 22:10:55 DEBUG: Request Signature:
  94. ---[ CANONICAL STRING  ]-----------------------------
  95. POST
  96. /
  97. content-length:2
  98. content-type:application/x-amz-json-1.1
  99. host:lightsail.***.amazonaws.com
  100. x-amz-date:20230714T221055Z
  101. x-amz-security-token:***
  102. x-amz-target:Lightsail_20161128.CreateContainerServiceRegistryLogin
  103. content-length;content-type;host;x-amz-date;x-amz-security-token;x-amz-target
  104. 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
  105. ---[ STRING TO SIGN ]--------------------------------
  106. AWS4-HMAC-SHA256
  107. 20230714T221055Z
  108. 20230714/***/lightsail/aws4_request
  109. fa25e2fad9231a25f2ecfe7922efd5c8ceaa1dfdf1316d822039318ab3febb69
  110. -----------------------------------------------------
  111. 2023/07/14 22:10:55 DEBUG: Request lightsail/CreateContainerServiceRegistryLogin Details:
  112. ---[ REQUEST POST-SIGN ]-----------------------------
  113. POST / HTTP/1.1
  114. Host: lightsail.***.amazonaws.com
  115. User-Agent: aws-sdk-go/1.44.39 (go1.18.1; linux; amd64) lightsailctl/v1.0.4 (go1.18.1; linux; amd64)
  116. Content-Length: 2
  117. Authorization: AWS4-HMAC-SHA256 Credential=***/20230714/***/lightsail/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date;x-amz-security-token;x-amz-target, Signature=a97ac5132d3195815d2b1d5ebe18a198e957b2e1acad403e02cdeeee8c7b6d71
  118. Content-Type: application/x-amz-json-1.1
  119. X-Amz-Date: 20230714T221055Z
  120. X-Amz-Security-Token: ***
  121. X-Amz-Target: Lightsail_20161128.CreateContainerServiceRegistryLogin
  122. Accept-Encoding: gzip
  123. {}
  124. -----------------------------------------------------
  125. 2023/07/14 22:10:55 DEBUG: Response lightsail/CreateContainerServiceRegistryLogin Details:
  126. ---[ RESPONSE ]--------------------------------------
  127. HTTP/1.1 400 Bad Request
  128. Content-Length: 138
  129. Connection: keep-alive
  130. Content-Type: application/x-amz-json-1.1
  131. Date: Fri, 14 Jul 2023 22:10:55 GMT
  132. Server: Server
  133. X-Amzn-Requestid: 94ad92e5-de73-4e00-aff1-a99a8ca74b45
  134. -----------------------------------------------------
  135. 2023/07/14 22:10:55 {"__type":"InvalidInputException","message":"You must create a container service before retrieving container registry login credentials."}
  136. InvalidInputException: You must create a container service before retrieving container registry login credentials.
  137. {
  138. RespMetadata: {
  139. StatusCode: 400,
  140. RequestID: "94ad92e5-de73-4e00-aff1-a99a8ca74b45"
  141. },
  142. Message_: "You must create a container service before retrieving container registry login credentials."
  143. }
  144. 2023-07-14 22:10:55,355 - MainThread - awscli.clidriver - DEBUG - Exception caught in main()
  145. Traceback (most recent call last):
  146. File "awscli/clidriver.py", line 460, in main
  147. File "awscli/clidriver.py", line 595, in __call__
  148. File "awscli/customizations/commands.py", line 205, in __call__
  149. File "awscli/customizations/lightsail/push_container_image.py", line 65, in _run_main
  150. File "subprocess.py", line 571, in run
  151. subprocess.CalledProcessError: Command '['lightsailctl', '--plugin', '--input-stdin']' returned non-zero exit status 1.
  152. Command '['lightsailctl', '--plugin', '--input-stdin']' returned non-zero exit status 1.
  153. Error: Process completed with exit code 255.

Here are my privileges:

  1. {
  2. "Effect": "Allow",
  3. "Action": [
  4. "lightsail:GetContainerImages",
  5. "lightsail:GetContainerAPIMetadata",
  6. "lightsail:CreateContainerService",
  7. "lightsail:CreateContainerServiceRegistryLogin",
  8. "lightsail:GetContainerServices",
  9. "lightsail:GetContainerServiceDeployments",
  10. "lightsail:GetContainerServicePowers"
  11. ],
  12. "Resource": "*"
  13. },
  14. {
  15. "Effect": "Allow",
  16. "Action": [
  17. "lightsail:CreateContainerServiceDeployment",
  18. "lightsail:DeleteContainerService",
  19. "lightsail:RegisterContainerImage",
  20. "lightsail:UpdateContainerService"
  21. ],
  22. "Resource": [my ARN]
  23. },
  24. }

Anyway, we're stumped. AWS Lightsail:”在检索容器注册表登录凭据之前,您必须创建一个容器服务。”
Thanks!

答案1

得分: 0

问题已通过在deploy-service-production的运行命令中将lightsailctl二进制文件的curl目标从s3.us-west-2.amazonaws.com更改为s3.us-east-1.amazonaws.com来解决。

英文:

The issue was resolved by changing the curl target for the lightsailctl binary from s3.us-west-2.amazonaws.com to s3.us-east-1.amazonaws.com in the deploy-service-production's run command.

huangapple
  • 本文由 发表于 2023年7月17日 21:58:09
  • 转载请务必保留本文链接:https://go.coder-hub.com/76705194.html
  • amazon-lightsail
  • amazon-web-services
  • github-actions
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定