I have created EMR cluster (5.23.0) with JupyterHub. I create ssh tunnel to 9443 on master node. However, I am not able to connect to JupyterHub, the page does not resolve.Any ideas what is missing?
I assume you have your security groups configured correctly. Double check them just to be sure.
As for the JupyterHub, have you checked that the JupyterHub docker container is running?
If you SSH into the master node and run:
sudo docker ps
You will be given a list of running docker containers. If the list is empty, try starting the container manually:
sudo docker start jupyterhub
The web interface at port 9443 on your EMR master node should be available.
Related
I'm new to devops. I want to install Jenkins in AWS EC2 with docker.
I have installed the Jenkins by this command:
docker run -p 8080:8080 -p 50000:50000 -d -v jenkins_home:/var/jenkins_home jenkins/jenkins:lts
On AWS security group, I have enabled port 8080 and 50000. I also enabled port 22 for SSH, 27017 for Mongo and 3000 for Node.
I can see the Jenkins container when I run docker ps. However, when I run https://xxxx.us-east-2.compute.amazonaws.com:8080, there is not a Jenkins window popup for Jenkins setting and display error, ERR_SSL_PROTOCOL_ERROR.
Does someone know what's wrong here? Should I install Nginx as well? I didn't install it yet.
The error is due to the fact that you are using https:
https://xxxx.us-east-2.compute.amazonaws.com:8080
From your description it does not seem that you've setup any type of ssl connection to your instance. So you should connect using http only:
http://xxxx.us-east-2.compute.amazonaws.com:8080
But this is not good practice as you communicate using plain text. A common solution is to access your jenkins web-ui through ssh tunnel. This way the connection is encrypted and you don't have to exposed any jenkins port in your security groups.
I am unable to connect my docker worker to docker swam manager.
I have created multiple aws EC2 instances and have made one of them as a manager docker swarm init --listen-addr 0.0.0.0:2377 and trying to connect it via other EC2 instances docker swarm join 0.0.0.0:2377 as a worker, But it gives me an error.
"Error response from daemon: Timeout was reached before node joined`.
The attempt to join the swarm will continue in the background".
I need my docker swarm manager to list docker node ls all the nodes including manager and workers.
To resolve this problem I needed to expose respective ports from both Docker Worker and Docker Manager instances.
I discovered some information while resolving this question,
TCP Port 2377 is a Default port used for communication so add custom tcp rule for port 2377 in security group of aws EC2.
TCP port 2376 for secure Docker client communication. This port is required for Docker Machine to work. Docker Machine is used to orchestrate Docker hosts.
TCP port 2377 This port is used for communication between the nodes of a Docker Swarm or cluster. It only needs to be opened on manager nodes.
TCP and UDP port 7946 for communication among nodes (container network discovery).
UDP port 4789 for overlay network traffic (container ingress networking).
Kindly Note: Aside from those ports, port 22 (for SSH traffic) and any other ports needed for specific services to run on the cluster have to be open.
You need to use the real ip address in the docker swarm join command.
The "0.0.0.0" is not a real ip-address, it's an alias for "all (local) ip-addresses", it's not something you can connect to.
1.run the command in the master node:
docker swarm join-token worker
2.and than run the command obtained from above step
example:
root#ubuntu:~# docker swarm join-token worker
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-0akniaryx9xg8mmb08rbd42kwntigfkyk33vt7ac0wrehn58mk-5voo7jfl3kl40yl4cmvf16lgt 10.0.10.4:2377
root#ubuntu:~#
run on worker node:
docker swarm join --token SWMTKN-1-0akniaryx9xg8mmb08rbd42kwntigfkyk33vt7ac0wrehn58mk-5voo7jfl3kl40yl4cmvf16lgt 10.0.10.4:2377
I have setup a basic 2 node k8s cluster on AWS using KOPS .. I had issues connecting and interacting with the cluster using kubectl ... and I keep getting the error:
The connection to the server api.euwest2.dev.avi.k8s.com was refused - did you specify the right host or port? when trying to run any kubectl command .....
have done basic kops export kubecfg --name xyz.hhh.kjh.k8s.com --config=~$KUBECONFIG --> to export the kubeconfig for the cluster I have created. Not sure what else I'm missing to make a successful connection to the kubeapi-server to make kubectl work ?
Sounds like either:
Your kube-apiserver is not running.
Check with docker ps -a | grep apiserver on your Kubernetes master.
api.euwest2.dev.avi.k8s.com is resolving to an IP address where your nothing is listening.
208.73.210.217?
You have the wrong port configured for your kube-apiserver on your ~/.kube/config
server: https://api.euwest2.dev.avi.k8s.com:6443?
I want to run a docker container on EC2 and also I need to ssh into the container for debugging purposes. I have 2 ports open for ssh 22 and 8022 on my EC2 instance(security group applied). The problem is when I want to bind 22 port of my docker container to port 8022 then it tells address already in use. And the address is used by sshd program. If I kill the process then I cant ssh to the instance from my localhost. How can I overcome this deadlock?
As mentioned in the comments, you don't need to start ssh inside the container in order to go inside the container. You can use the docker exec command to go inside the container after you ssh into the EC2 instance by running:
docker exec -it <container-name> bash
If you still want to ssh into the container directly, then you need to do the following:
Start the container and map port 22 inside to a free port outside;
docker run -p 2222:22 ...
After starting the container, exec into it and install ssh if not yet installed, and start the ssh service using something like systemctl start sshd
ssh into the container, by using the ec2 instance IP and the mapped port
ssh <container-user>#<ec2-instance-ip> -p 2222
This will connect to the ec2 instance and redirect you into the container due to the port mapping.
The problem is that when uploading docker image of service to the Amazon container registry, the docker image does not run after adding it as a Task.
See (https://aws.amazon.com/getting-started/tutorials/deploy-docker-containers/)
Step1: Push to AWS Container service private image registry
docker push 734122228327.dkr.ecr.us-east-2.amazonaws.com/joethecoder2:latest
## Step2: SSH into running Docker instance
ssh -i "containerservice.pem" ec2-user#ec2-18-217-248-112.us-east-2.compute.amazonaws.com
The authenticity of host 'ec2-18-217-248-112.us-east-2.compute.amazonaws.com (18.217.248.112)' can't be established.
ECDSA key fingerprint is SHA256:wCeAUed36nKeQjEbSDsYjzq8Z5mpNY4pbcahw2mSozs.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ec2-18-217-248-112.us-east-2.compute.amazonaws.com,18.217.248.112' (ECDSA) to the list of known hosts.
| __| __|
| ( _ \ Amazon ECS-Optimized Amazon Linux AMI 2017.09.d
____|_|____/
For documentation visit, http://aws.amazon.com/documentation/ecs
Docker ps running instances
[ec2-user#ip-10-0-0-102 ~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c90a2116f3ab amazon/amazon-ecs-agent:latest "/agent" About an hour ago Up About an hour ecs-agent
[ec2-user#ip-10-0-0-102 ~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c90a2116f3ab amazon/amazon-ecs-agent:latest "/agent" About an hour ago Up About an hour ecs-agent
Results: Do not show that joethecoder2 image is running. WHY?
[ec2-user#ip-10-0-0-102 ~]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
amazon/amazon-ecs-agent latest 2d99efccdfef 3 weeks ago 26.8MB
amazon/amazon-ecs-pause 0.1.0 c846030090b6 3 weeks ago 964kB
[ec2-user#ip-10-0-0-102 ~]$
Problem conclusion:
The docker image that was uploaded using Push was not included in the running container service, when adding the Task was done like the example instructions for how to deploy docker containers. (I configured the Task in step 2, and 3, and then setup the cluster in Step 4) See (https://aws.amazon.com/getting-started/tutorials/deploy-docker-containers/)
Test Data
However, when I try to curl the service it does not connect:
curl ec2-18-217-248-112.us-east-2.compute.amazonaws.com:8080
curl: (7) Failed to connect to ec2-18-217-248-112.us-east-2.compute.amazonaws.com port 8080: Connection refused
Further inspection:
Further inspection shows, that the docker service that should be running for joethecoder2 is not running in the docker instance that should be running on the container service node ec2-18-217-248-112.us-east-2.compute.amazonaws.com
Run Task had to be clicked, after setting up the Cluster, to associate the Task with a Cluster. Once the Task is running, port 8080 opens up successfully for the task. Host and Container were both mapped to port 8080