Uploading Product Images to the ECR

The Amazon Elastic Container Registry (ECR) is an AWS managed Docker container registry. CDF and Kubernetes will search for product images to download from the ECR and instantiate them.

The ECR is accessible from the internet and protected by username and password credentials. You can perform tasks in this section from a local host or from the bastion, as long as the AWS CLI has been configured.

Uploading images requires the script upload_images_to_ECR to be installed and located in the aws-scripts/scripts/ directory. This script parses the manifest.json description file and creates the ECR and its repositories. Then the CDF script uploadimages.sh is called, which passes the correct parameters and uploads the product images.

Uploading Image Requirements

In order to be able to upload images to the ECR, the following requirements must be met:

• You must be able to execute a bash script.
• The system used must have the following basic Linux/Unix utilities installed:
  • cat
  • find
  • awk
  • jq
  • pwd
  • unzip
  • tar

• You must have aws cli configured on your system.
• You must have fulfilled all requirements for the CDF uploadimages.sh script.

To create the ECR and then upload the product images to it:

1. Verify that you have downloaded the product image files for the capabilities you wish to install.

2. Run the following command:
   # <path to upload script>/upload_images_to_ECR \
-d <images' folder> \
-F <product package> \
-o <organization> \
-y \
[-c <parallel uploads count>]\
[-uip <uploadimages.sh path>]

Where:

<path to upload script>: It is possible to execute the upload script from any folder. The recommendation is to have the current folder set to the one with downloaded images; then the path would resemble aws-scripts/.

<images' folder>: Folder where all images in their subfolders are located; usually it is the folder where you have unpacked downloaded packages. Can be specified multiple times for situations where images are located in various folders.

<product package>: Path to the package file. For example, ./transformationhub-<version>.tar. Can be specified multiple times.

<organization>: Specifies the organization name (namespace) where the suite images are placed in the ECR. Record the chosen organization name in the AWS worksheet. There might be multiple repositories in the ECR which might be shared or overlap. Pay special attention to specify the correct organization name. The organization name must be valid ASCII, and can be from 2 to 255 characters. It can only contain lowercase letters, numbers, dashes (-), and underscores (_).

<parallel upload counts>: Maximum allowed parallel uploads; this is limited based on the CPU cores. The parameter is optional. If not specified, defaults to 8.

<uploadimages.sh path>: Path to the original CDF uploadimages.sh script. Parameter is optional. When not specified, the upload_images_to_ECR script will try to locate it in the images' folder or in the unpacked cdf-deployer package, which is part of of the arcsight-platform-cloud-installer package. Note that normally you should not unpack this package.

Example:

./arcsight-platform-cloud-installer-22.1.00153-22.1.599/aws-scripts/upload_images_to_ECR \
-F ./transformationhub-3.6.0.1284-master.tar -o srgdemo \
-y \
-c 8

3. Run the following command:
   <path to upload script>/upload_images_to_ECR \

-F cdf-byok-images.tar \

-o <organization>\

-y \

-c <parallel uploads count>
   

Ensure that you give the upload process sufficient time to complete. You can check the returned messages or check the log file in the directory where you are executing the upload script to determine successful upload. While the upload progresses, the repositories are created in the ECR, followed by image uploads to the repositories.

Next Step: Configuring Route 53 Routing