아래와 같이 docker 관련 에러가 발생할 경우에 대한 대응 방법입니다.
2022-11-09T14:56:57.032Z [ERROR] (pool-2-thread-22) com.aws.greengrass.deployment.DeploymentService: Error occurred while processing deployment. {deploymentId=cdec9d54-928a-41ed-bca8-a6d81a10951b, serviceName=DeploymentService, currentState=RUNNING}
java.util.concurrent.ExecutionException: com.aws.greengrass.componentmanager.exceptions.PackageDownloadException: Failed to download artifact name: 'docker:123456789012.dkr.ecr.ap-northeast-2.amazonaws.com/cdk-hnb659fds-container-assets-123456789012-ap-northeast-2:6421efde9b674e2b82dfb41d8a696fb780120467d9b97426c0c94cfe88e723db' for component com.ml.xgboost-1.0.0, reason: Failed to get auth token for docker login
Caused by: com.aws.greengrass.componentmanager.exceptions.PackageDownloadException: Failed to download artifact name: 'docker:123456789012.dkr.ecr.ap-northeast-2.amazonaws.com/cdk-hnb659fds-container-assets-123456789012-ap-northeast-2:6421efde9b674e2b82dfb41d8a696fb780120467d9b97426c0c94cfe88e723db' for component com.ml.xgboost-1.0.0, reason: Failed to get auth token for docker login
Caused by: software.amazon.awssdk.services.ecr.model.EcrException: User: arn:aws:sts::123456789012:assumed-role/GreengrassV2TokenExchangeRole/599efcf081cb2f8ffd6d27e9f2f75a32129224b0bba059aeae065e332b4f18ba is not authorized to perform: ecr:GetAuthorizationToken on resource: * because no identity-based policy allows the ecr:GetAuthorizationToken action (Service: Ecr, Status Code: 400, Request ID: 0ecc7c57-56a7-44c3-bb5c-d053765714ed, Extended Request ID: null)IAM Role로 이동하여 GreengrassV2TokenExchangeRole을 검색합니다.
아래 Policy가 추가될 수 있도록 합니다.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecr:CreateRepository",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"ecr:CompleteLayerUpload",
"ecr:GetAuthorizationToken",
"ecr:UploadLayerPart",
"ecr:InitiateLayerUpload",
"ecr:BatchCheckLayerAvailability",
"ecr:PutImage"
],
"Resource": "*"
}
]
}아래와 같이 Docker 실행에 실패한 로그가 발생할 수 있습니다.
2022-11-09T16:14:22.422Z [INFO] (pool-2-thread-22) com.ml.xgboost: shell-runner-start. {scriptName=services.com.ml.xgboost.lifecycle.Run, serviceName=com.ml.xgboost, currentState=STARTING, command=["docker run 677146750822.dkr.ecr.ap-northeast-2.amazonaws.com/cdk-hnb659fds-con..."]}
2022-11-09T16:14:22.446Z [WARN] (Copier) com.ml.xgboost: stderr. docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/create": dial unix /var/run/docker.sock: connect: permission denied.. {scriptName=services.com.ml.xgboost.lifecycle.Run, serviceName=com.ml.xgboost, currentState=RUNNING}아래와 같이 greengrass user group에 docker를 추가합니다.
sudo usermod -aG docker ggc_user