Using steps provided here, I kicked off a CodeBuild with the following advanced options checked:
Enable session connection
Allow AWS CodeBuild to modify this service role so it can be used with this build project
The buildspec included a codebuild-breakpoint:
version: 0.2
phases:
pre_build:
commands:
- ls -al
- codebuild-breakpoint
- cd "${SERVICE_NAME}"
- ls -al
- $(aws ecr get-login)
- TAG="$SERVICE_NAME"
build:
commands:
- docker build --tag "${REPOSITORY_URI}:${TAG}" .
post_build:
commands:
- docker push "${REPOSITORY_URI}:${TAG}"
- printf '{"tag":"%s"}' $TAG > ../build.json
artifacts:
files: build.json
The build started and produced the following logs without pausing:
[Container] 2022/02/28 13:49:03 Entering phase PRE_BUILD
[Container] 2022/02/28 13:49:03 Running command ls -al
total 148
drwxr-xr-x 2 root root 4096 Feb 28 13:49 .
drwxr-xr-x 3 root root 4096 Feb 28 13:49 ..
-rw-rw-rw- 1 root root 1818 Feb 28 10:54 user-manager\Dockerfile
-rw-rw-rw- 1 root root 140 Feb 28 10:34 user-manager\body.json
-rw-rw-rw- 1 root root 0 Feb 28 10:54 user-manager\shared-modules\
-rw-rw-rw- 1 root root 4822 Feb 21 14:52 user-manager\shared-modules\config-helper\config.js
-rw-rw-rw- 1 root root 2125 Feb 21 14:52 user-manager\shared-modules\config-helper\config\default.json
-rw-rw-rw- 1 root root 366 Feb 21 14:52 user-manager\shared-modules\config-helper\package.json
-rw-rw-rw- 1 root root 9713 Feb 21 14:52 user-manager\shared-modules\dynamodb-helper\dynamodb-helper.js
-rw-rw-rw- 1 root root 399 Feb 21 14:52 user-manager\shared-modules\dynamodb-helper\package.json
-rw-rw-rw- 1 root root 451 Feb 21 14:52 user-manager\shared-modules\token-manager\package.json
-rw-rw-rw- 1 root root 13885 Feb 21 14:52 user-manager\shared-modules\token-manager\token-manager.js
-rw-rw-rw- 1 root root 44372 Feb 28 10:34 user-manager\src\cognito-user.js
-rw-rw-rw- 1 root root 706 Feb 28 10:34 user-manager\src\package.json
-rw-rw-rw- 1 root root 32734 Feb 28 10:34 user-manager\src\server.js
[Container] 2022/02/28 13:49:03 Running command codebuild-breakpoint
2022/02/28 13:49:03 Build is paused temporarily and you can use codebuild-resume command in the session to resume this build
[Container] 2022/02/28 13:49:03 Running command cd "${SERVICE_NAME}"
/codebuild/output/tmp/script.sh: 4: cd: can't cd to user-manager
My primary question is: Why didn't the build pause and session manager link become available?
Side-quest: The reason I'm trying to debug the session is to try to determine why the process can't CD to the user-manager folder (which clearly exists). Any ideas why?
TLDR: The image on the build machine was too old.
Main quest
The template specified aws/codebuild/ubuntu-base:14.04 as the CodeBuild image. Presumably that image pre-dated the Session Manager functionality (which requires a specific version of the SSM agent to be installed).
I update the agent to aws/codebuild/standard:5.0 and was able to successfully pause on the breakpoint and connect to the session.
Side quest
Once I connected I was able to investigate the cause of the inability to CD to the folder. I can confirm that Tim's shot in the dark was correct! All the entries were in fact files - no folders.
This QuickStart is the gift that keeps on giving! When/if I get all the issues resolved I'll submit a PR to update the project. Those interested in the cause of the file/folder issue can follow up there.
Side quest update
The strange flattening behaviour was due to creating the zip file on a Windows machine and unzipping it on a unix machine (the build agent uses an Ubuntu image). Just zipped it using 7-Zip and that did the job.
Related
I am trying to configure Jetty and facing this:
root#jans-dev:~/jetty-base# java -jar $JETTY_HOME/start.jar --add-to-start=http,deploy
ERROR : Unknown module='http'. List available with --list-modules
Usage: java -jar $JETTY_HOME/start.jar [options] [properties] [configs]
java -jar $JETTY_HOME/start.jar --help # for more information
Background:
Jetty 9.4 installed as root on an lxc container on Ubuntu using sudo apt install jetty9
Jetty service is running and I can access default landing page
Jetty home is set to export JETTY_HOME=/usr/share/jetty
Jetty base is set to export JETTY_BASE=/root/jetty-base
I have executed below command successfully before trying to add modules.
root#jans-dev:~/jetty-base# java -jar $JETTY_HOME/start.jar --create-startd
MKDIR : ${jetty.base}/start.d
INFO : Base directory was modified
Also, when I run --list-modules, it is coming up empty:
root#jans-dev:~/jetty-base# java -jar $JETTY_HOME/start.jar --list-modules
Available Modules:
==================
tags: [-internal]
Enabled Modules:
================
root#jans-dev:~/jetty-base#
I am not sure what am I missing here. How do I make modules available to Jetty? I have also checked this reference
Sounds like your linux distro has mangled the jetty distribution.
Does your /usr/share/jetty directory contain the directories etc/, lib/, and modules/? If not, then that's not a valid ${jetty-home}.
Perhaps your linux distribution put the jetty-home somewhere else?
But that would also be invalid, as the start.jar should be in the same directory as those other directories.
Example of what a proper ${jetty.home} looks like ...
$ ls -la jetty-home-9.4.44.v20210927
total 776
drwxr-xr-x 6 joakim joakim 4096 Sep 27 18:12 ./
drwxr-xr-x 74 joakim joakim 12288 Nov 2 15:32 ../
drwxr-xr-x 2 joakim joakim 4096 Oct 7 10:07 bin/
drwxr-xr-x 4 joakim joakim 4096 Oct 14 07:17 etc/
drwxr-xr-x 14 joakim joakim 4096 Oct 7 10:07 lib/
-rw-r--r-- 1 joakim joakim 30012 Sep 27 18:12 license-eplv10-aslv20.html
drwxr-xr-x 22 joakim joakim 4096 Oct 7 10:07 modules/
-rw-r--r-- 1 joakim joakim 6262 Sep 27 18:12 notice.html
-rw-r--r-- 1 joakim joakim 163958 Sep 27 18:10 start.jar
-rw-r--r-- 1 joakim joakim 550572 Sep 27 17:44 VERSION.txt
In the past, there were Linux Distributions that tried to put the various Jetty libs (The jar files in ${jetty.home}/lib/) in their distribution setup as separate dependencies, but that's not a valid setup for a modular Servlet/Web Container like Jetty. Most distributions have realized this and have reverted to a sane setup now.
The fastest fix for you is to remove this bad Jetty package from your linux distribution and just download and use the official tarball.
https://search.maven.org/artifact/org.eclipse.jetty/jetty-home
https://www.eclipse.org/jetty/download.php
I am trying to logrotate my log files. Here is my configuration file:
/home/deploy/apps/production_app/current/log/*.log {
daily
missingok
rotate 52
compress
create 0644 deploy deploy
delaycompress
notifempty
sharedscripts
copytruncate
}
And this is result of
ll apps/production_app/current/log/
on my log files:
-rw-rw-r-- 1 deploy deploy 0 Jul 1 10:01 production.log
-rw-rw-r-- 1 deploy deploy 1124555 Jul 1 10:01 production.log.1
And when I run this command
logrotate -v /etc/logrotate.d/production_app
I get following:
error: error creating output file /var/lib/logrotate.status.tmp:
Permission denied
And here is permission on my log-rotate config file
lrwxrwxrwx 1 root root 67 Feb 25 2019 /etc/logrotate.d/production_app -> /home/deploy/apps/production_app/shared/config/log_rotation
please check whether the dir "var/lib" is readonly.
I have an issue where a few tools, Portainer for example, can't find the docker socket on AWS.
I have some setup scripts that were run to set various containers.
On MacOS, it works without problems.
On a CentOS box, no problem as well.
On CentOS / AWS, containers cannot connect to the docker socket.
I am talking about a local unsecured connection to /var/run/docker.sock
What could be different on AWS?
I can see the socket:
➜ run ls -ld /var/run/docker*
drwxr-xr-x 8 root root 200 Nov 27 14:04 /var/run/docker
-rw-r--r-- 1 root root 4 Nov 27 14:03 /var/run/docker.pid
srw-rw-r-- 1 root docker 0 Nov 27 14:03 /var/run/docker.sock
I have register AWS IoT Greengrass group.
I also download Greengrass certificate from console and AmazonRoot-CA1
here is list my certificate files(store in /greengrass/certs/):
-rw-r--r-- 1 pi pi 1220 Jan 15 10:07 82ab16xxxx.cert.pem
-rw-r--r-- 1 pi pi 1679 Jan 15 10:07 82ab16xxxx.private.key
-rw-r--r-- 1 pi pi 451 Jan 15 10:07 82ab16xxxx.public.key
-rw-r--r-- 1 pi pi 1188 Jan 15 10:07 root.ca.pem
When I start greengrassd by command:
sudo ./greengrassd start
I have error:
Setting up greengrass daemon
Validating hardlink/softlink protection
Waiting for up to 40s for Daemon to start
Error occured while generating TLS config: ErrUnknownURIScheme: no handlers matched for path: .../greengrass/certs/root.ca.pem
The Greengrass daemon process with [pid = 18029] died
I have try to re-install OS but still error.
I also install mosquitto-clients and mosquitto on raspberrypi
Thanks.
I'm guessing your issue is that you haven't activated your root CA from the console.
try this instead:
sudo wget -O root.ca.pem https://www.amazontrust.com/repository/AmazonRootCA1.pem
try doing this directly in your certs directory then restarting your deamon.
Background: I am facing this error AWS codedeploy deployment throwing "[stderr] Could not open input file" while trying to invoke a php file from the sh file at afterInstall step
In the afterInstall step, I am trying to run a php file from the afterInstall.sh file and I am getting this error - unable to open php file.
I am not sure what exactly to do. Thought of trying to manually check if I could run the file as that user.
The CodeDeploy agent default user is root.
The directory listing below shows the ownership of the deployed files in their destination folder, /tmp, after a successful deployment.
ubuntu#ip-10-0-xx-xx:~$ ls -l /tmp
total 36
-rw-r--r-- 1 root root 85 Aug 2 05:04 afterInstall.php
-rw-r--r-- 1 root root 78 Aug 2 05:04 afterInstall.sh
-rw-r--r-- 1 root root 1397 Aug 2 05:04 appspec.yml
-rw------- 1 root root 3189 Aug 2 05:07 codedeploy-agent.update.log
drwx------ 2 root root 16384 Aug 2 03:01 lost+found
-rw-r--r-- 1 root root 63 Aug 2 05:04 out.log
runas is an optional filed in the AppSpec file. The user to impersonate when running the script. By default, this is the AWS CodeDeploy agent running on the instance(If you don't specify a non-root user, it will be root).
To run host agent as a non-root user, the environment variable CODEDEPLOY_USER needs to be set, as the link to the host agent source code show. The env variable can be set to whatever user you want the host agent to run as.