如何获取AWS秘密以用作MySQL密码以运行Docker容器并通过凭据
我正在尝试实现一个方案,只要停止实例并启动该实例时,我想在AWS中使用用户数据运行Docker容器。我无法设置环境变量 如其他帖子所建议的,使用“ Echo”或导出,例如
export MYSQL_HOST=<mysqlsql host url> or echo export MYSQL_HOST=<mysql host url>
我什至尝试将其重定向到/ETC /Profile.d。但我被拒绝了。
我还尝试从AWS-CLI获取秘密,并将其存储在变量中,然后在Docker命令运行时使用此变量,但这也不起作用,但是当我对EC2实例本身进行相同的逻辑时,它就起作用了。请建议如何实现这一目标。这是我到目前为止所做的
Content-Type: multipart/mixed; boundary="//"
MIME-Version: 1.0
--//
Content-Type: text/cloud-config; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="cloud-config.txt"
#cloud-config
cloud_final_modules:
- [scripts-user, always]
--//
Content-Type: text/x-shellscript; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="userdata.txt"
#!/bin/bash
sudo yum install docker -y
sudo service docker start
sudo yum install -y https://s3.amazonaws.com/ec2-downloads-
windows/SSMAgent/latest/linux_arm64/amazon-ssm-agent.rpm
sudo systemctl enable amazon-ssm-agent
sudo systemctl start amazon-ssm-agent
export secret=`aws secretsmanager get-secret-value --secret-id <secret id> --region eu-
west-2|grep SecretString|awk -F\" '{print $4}'`
sudo docker pull <image url from ecr>
sudo docker run -d --restart always -p 8000:80 -e **MYSQL_PASSWORD=$secret** <image id>
--//
i am trying to achieve a scenario where i would like to run a docker container using user-data in aws whenever the instance is stopped and start. I am not able to set the environment variable
using "echo" or export e.g
export MYSQL_HOST=<mysqlsql host url> or echo export MYSQL_HOST=<mysql host url>
i even tried to redirect it to /etc/profile.d as suggest in other posts but i get permission denied.
i have also tried to get the secret from aws-cli and store it in a variable and later use this variable when docker command runs but this also does not work, however when i do the same logic on ec2 instance itself it works. please suggest how to accomplish this. This is what i have done so far
Content-Type: multipart/mixed; boundary="//"
MIME-Version: 1.0
--//
Content-Type: text/cloud-config; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="cloud-config.txt"
#cloud-config
cloud_final_modules:
- [scripts-user, always]
--//
Content-Type: text/x-shellscript; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="userdata.txt"
#!/bin/bash
sudo yum install docker -y
sudo service docker start
sudo yum install -y https://s3.amazonaws.com/ec2-downloads-
windows/SSMAgent/latest/linux_arm64/amazon-ssm-agent.rpm
sudo systemctl enable amazon-ssm-agent
sudo systemctl start amazon-ssm-agent
export secret=`aws secretsmanager get-secret-value --secret-id <secret id> --region eu-
west-2|grep SecretString|awk -F\" '{print $4}'`
sudo docker pull <image url from ecr>
sudo docker run -d --restart always -p 8000:80 -e **MYSQL_PASSWORD=$secret** <image id>
--//
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您需要将一些调试语句放入脚本中,以查看设置的内容。但是一些可以帮助您解决问题的评论:
mysql_host的值;您只是在检索(和导出)秘密价值。sudo不将环境变量传递给子壳,除非您使用- preserve-env-e varname将其传递给dockermysql_host一样)。这告诉shell应该为变量分配一个空字符串。** mysql_host = $ mysql_host **中的那些星号是从您突出显示该问题的文本,还是实际上在您的秘密中。无论哪种情况,都不要这样做;我们想看看您实际正在运行。You need to put some debugging statements into your script, to see what is set where. But a few comments that may help you solve the problem:
MYSQL_HOST; you're just retrieving (and exporting) the secret value.sudodoesn't pass environment variables to the subshell unless you use--preserve-env-e VARNAMEto pass it to DockerMYSQL_HOST). That tells the shell that the variable should be assigned an empty string.**MYSQL_HOST= $MYSQL_HOST**are from you highlighting text for the question, or are actually in your secript. In either case, don't do it; we want to see what you're actually running.