amazon-web-services - 通过 Gitlab CI-CD 管道登录 aws

问题描述

我的.gitlab-ci.yml管道在去年就像一个魅力，今天，从一无所有，我无法登录到我的 aws 帐户，并出现以下错误：

$ echo `aws ecr get-login --no-include-email --region eu-central-1` | sh
Traceback (most recent call last):
  File "/usr/local/bin/aws", line 19, in <module>
    import awscli.clidriver
  File "/usr/local/lib/python3.5/dist-packages/awscli/clidriver.py", line 17, in <module>
    import botocore.session
  File "/usr/local/lib/python3.5/dist-packages/botocore/session.py", line 30, in <module>
    import botocore.client
  File "/usr/local/lib/python3.5/dist-packages/botocore/client.py", line 16, in <module>
    from botocore.args import ClientArgsCreator
  File "/usr/local/lib/python3.5/dist-packages/botocore/args.py", line 26, in <module>
    from botocore.signers import RequestSigner
  File "/usr/local/lib/python3.5/dist-packages/botocore/signers.py", line 19, in <module>
    import botocore.auth
  File "/usr/local/lib/python3.5/dist-packages/botocore/auth.py", line 121
    pairs.append(f'{quoted_key}={quoted_value}')
                                              ^
SyntaxError: invalid syntax

环境

我正在使用 docker 构建映像，将它们推送到 ECR，然后强制部署在我的 ECS 集群中。我还在我的自托管服务器中使用 gitlab，并在 Gitlab CI/CD 部分设置了 3 个定义的变量。变量是：AWS_ACCESS_KEY_ID, AWS_DEFAULT_REGION, AWS_SECRET_ACCESS_KEY.

这是我的.gitlab-ci.yml文件：

services:
  - docker:dind

stages:
  - test_build
  - deploy_staging
  - deploy_production

test_build:
  stage: test_build
  only:
    - merge_requests
  tags:
    - genuino.webapp.runner
  image: ubuntu:16.04
  script:
    # Add some dependencies for docker and the AWS CLI
    - apt-get update -y  # Get the most up-to-date repos.
    - apt-get install -y apt-transport-https ca-certificates software-properties-common python-software-properties curl python3-pip
    # Install Docker
    - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
    - apt-key fingerprint 0EBFCD88
    - add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
    - apt-get update -y
    - apt-get install -y docker-ce
    # Build our image
    - docker build -t $APP_NAME -f ./deploy/Dockerfile .

deploy_staging:
  stage: deploy_staging
  image: ubuntu:16.04
  only:
    - tags
  except:
    - branches
  tags:
    - genuino.webapp.runner
  script:
    # Add some dependencies for docker and the AWS CLI
    - apt-get update -y  # Get the most up-to-date repos.
    - apt-get install -y apt-transport-https ca-certificates software-properties-common python-software-properties curl python3-pip
    # Install Docker
    - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
    - apt-key fingerprint 0EBFCD88
    - add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
    - apt-get update -y
    - apt-get install -y docker-ce
    # Install the AWS CLI and login to our registry
    - pip3 install awscli
    - pip3 install rsa
   - echo `aws ecr get-login --no-include-email --region eu-central-1` | sh
    # Build and push our image
    - docker build -t $APP_NAME -f ./deploy/Dockerfile .
    - docker tag $APP_NAME:$VERSION $REPOSITORY_URL/$APP_NAME:$VERSION
    - docker push $REPOSITORY_URL/$APP_NAME:$VERSION
    # Force deploy
    - aws ecs update-service --cluster genuino-staging --service webapp --force-new-deployment --region eu-central-1

deploy_production:
  stage: deploy_production
  image: ubuntu:16.04
  when: manual
  only:
    refs:
      - develop
      - tags
  except:
    - branches
  tags:
    - genuino.webapp.runner
  script:
    # Add some dependencies for docker and the AWS CLI
    - apt-get update -y  # Get the most up-to-date repos.
    - apt-get install -y apt-transport-https ca-certificates software-properties-common python-software-properties curl python3-pip
    # Install Docker
    - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
    - apt-key fingerprint 0EBFCD88
    - add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
    - apt-get update -y
    - apt-get install -y docker-ce
    # Install the AWS CLI and login to our registry
    - pip3 install awscli
    - pip3 install rsa
    - echo `aws ecr get-login --no-include-email --region eu-central-1` | sh
    # Build and push our image
    - docker build -t $PROD_APP_NAME -f ./deploy/Dockerfile.production .
    - docker tag $PROD_APP_NAME:$VERSION $REPOSITORY_URL/$PROD_APP_NAME:$VERSION
    - docker push $REPOSITORY_URL/$PROD_APP_NAME:$VERSION
    # Force deploy
    - aws ecs update-service --cluster genuino-production --service webapp --force-new-deployment --region eu-central-1

我已经做了什么

我尝试将身份验证行更改为：aws ecr get-login-password | docker login -u AWS --password-stdin $REPOSITORY_URL，它在本地主机中工作，但在部署期间出现此错误：

$ aws ecr get-login-password | docker login -u AWS --password-stdin $REPOSITORY_URL
Traceback (most recent call last):
  File "/usr/local/bin/aws", line 19, in <module>
    import awscli.clidriver
  File "/usr/local/lib/python3.5/dist-packages/awscli/clidriver.py", line 17, in <module>
    import botocore.session
  File "/usr/local/lib/python3.5/dist-packages/botocore/session.py", line 30, in <module>
    import botocore.client
  File "/usr/local/lib/python3.5/dist-packages/botocore/client.py", line 16, in <module>
    from botocore.args import ClientArgsCreator
  File "/usr/local/lib/python3.5/dist-packages/botocore/args.py", line 26, in <module>
    from botocore.signers import RequestSigner
  File "/usr/local/lib/python3.5/dist-packages/botocore/signers.py", line 19, in <module>
    import botocore.auth
  File "/usr/local/lib/python3.5/dist-packages/botocore/auth.py", line 121
    pairs.append(f'{quoted_key}={quoted_value}')
                                              ^
SyntaxError: invalid syntax
Error: Cannot perform an interactive login from a non TTY device

标签： amazon-web-servicesdockergitlabgitlab-ciaws-cli