Elastic beanstalk not copying single container logs - amazon-web-services

I'm trying to sync a folder, full of folders which have log files in, from a single docker container instance deployed on AWS elastic beanstalk. I've used the logging directive as shown here https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/single-container-docker-configuration.html but when I request the full logs none of my logs are downloaded
Dockerrun.aws.json
{
"AWSEBDockerrunVersion": "1",
"Image": {
~snip~
"Update": "true"
},
"Ports": [
{
"ContainerPort": 80
}
],
"Logging": "/var/log/applogs"
}
Container structure:
bash-4.2# ls -la /var/log/applogs/
total 8
drwxr-xr-x 2 root root 4096 Dec 5 15:35 .
drwxr-xr-x 12 root root 4096 Dec 5 15:35 ..
lrwxrwxrwx 1 root root 34 Dec 5 15:35 app -> /var/www/html/app/storage/logs
lrwxrwxrwx 1 root root 14 Dec 5 15:35 httpd -> /var/log/httpd
lrwxrwxrwx 1 root root 16 Dec 5 15:35 php-fpm -> /var/log/php-fpm
It was my impression that the logging directive would recursively include (And also follow symlinks) all log files in the directory specified, but it's not bringing anything across. Am I wrong about that or just doing something wrong here?

I solved this by symlinking the individual log files in the container, not ideal but it will have to do

Related

Running SageMaker ProcessingJob as non root user

Files copied by SageMaker from s3 to docker inside ProcessingJob have root ownership and permissions which do not allow non owner users (non root) to write to them.
I'd like to run the docker container as non root user and be able to write to folders created by SageMaker, so the Dockerfile looks like this:
FROM base
...
USER nonroot
Exemplary permissions and ownership of folders copied from s3 to SageMaker's docker container:
2022-11-30T10:20:13.567+01:00 + ls -la /opt/ml/processing
2022-11-30T10:20:13.567+01:00 total 24
2022-11-30T10:20:13.567+01:00 drwxr-xr-x 6 root root 4096 Nov 30 09:20 .
2022-11-30T10:20:13.567+01:00 drwxr-xr-x 5 root root 4096 Nov 30 09:20 ..
2022-11-30T10:20:13.567+01:00 drwxr-xr-x 2 root root 4096 Nov 30 09:20 data
2022-11-30T10:20:13.568+01:00 drwxr-xr-x 2 root root 4096 Nov 30 09:20 output
I'd expect these folders to either has nonroot user ownership.
I've checked the documentation but no luck there. If there's any obvious way to achieve this that I missed, please let me know. Thanks!

Synbolik link to aws EFS on web server doesn't work?

I have static folder serving the files on uwsgi.
/user/app/static/
lrwxrwxrwx 1 root root 23 Oct 13 09:40 _out -> /usr/src/app/_mat/_out/
drwxr-xr-x 8 root root 4096 Oct 13 09:49 assets
drwxr-xr-x 8 root root 4096 Oct 13 09:40 pages
in this case, the imagefiles under assets can be appeared correctly,
however the image files under _out can not be accessed.(404 error occurs)
static/assets/test.png is ok
static/_out/test.png returns 404 error
/usr/src/app/_mat/ are on the aws EFS.
I checked the permissions.
Generally speaking, does symbolic link work under web server?

docker socker at /var/run/docker.sock with AWS

I have an issue where a few tools, Portainer for example, can't find the docker socket on AWS.
I have some setup scripts that were run to set various containers.
On MacOS, it works without problems.
On a CentOS box, no problem as well.
On CentOS / AWS, containers cannot connect to the docker socket.
I am talking about a local unsecured connection to /var/run/docker.sock
What could be different on AWS?
I can see the socket:
➜ run ls -ld /var/run/docker*
drwxr-xr-x 8 root root 200 Nov 27 14:04 /var/run/docker
-rw-r--r-- 1 root root 4 Nov 27 14:03 /var/run/docker.pid
srw-rw-r-- 1 root docker 0 Nov 27 14:03 /var/run/docker.sock

Tomcat's logs is empty after rotating - AWS EC2 - Tomcat 8

Every Tomcat's logs is empty. When I access EC2 with console on the /var/log/tomcat8 dir, every log file is empty with 0kb.
I already tried to change the logrotate.elasticbeanstalk.tomcat8.conf, but without success.
This is the entire logrotate.elasticbeanstalk.tomcat8.conf file as I already tried to change.
/var/log/tomcat8/* {
size 10M
rotate 5
missingok
compress
notifempty
dateext
dateformat %s
olddir /var/log/tomcat8/rotated
}
This is how Tomcat's log file look:
-rw-r--r-- 1 tomcat tomcat 0 Jul 18 00:01 catalina.2019-07-17.log
-rw-r--r-- 1 tomcat tomcat 0 Jul 18 17:01 catalina.2019-07-18.log
-rw-r--r-- 1 tomcat tomcat 0 Jul 19 19:01 catalina.2019-07-19.log
Look in the rotated subdirectory for .gz files with the same filename as a prefix. E.g., catalina.2019-07-17*.gz

What is the default user that codedeploy runs the hook scripts as?

Background: I am facing this error AWS codedeploy deployment throwing "[stderr] Could not open input file" while trying to invoke a php file from the sh file at afterInstall step
In the afterInstall step, I am trying to run a php file from the afterInstall.sh file and I am getting this error - unable to open php file.
I am not sure what exactly to do. Thought of trying to manually check if I could run the file as that user.
The CodeDeploy agent default user is root.
The directory listing below shows the ownership of the deployed files in their destination folder, /tmp, after a successful deployment.
ubuntu#ip-10-0-xx-xx:~$ ls -l /tmp
total 36
-rw-r--r-- 1 root root 85 Aug 2 05:04 afterInstall.php
-rw-r--r-- 1 root root 78 Aug 2 05:04 afterInstall.sh
-rw-r--r-- 1 root root 1397 Aug 2 05:04 appspec.yml
-rw------- 1 root root 3189 Aug 2 05:07 codedeploy-agent.update.log
drwx------ 2 root root 16384 Aug 2 03:01 lost+found
-rw-r--r-- 1 root root 63 Aug 2 05:04 out.log
runas is an optional filed in the AppSpec file. The user to impersonate when running the script. By default, this is the AWS CodeDeploy agent running on the instance(If you don't specify a non-root user, it will be root).
To run host agent as a non-root user, the environment variable CODEDEPLOY_USER needs to be set, as the link to the host agent source code show. The env variable can be set to whatever user you want the host agent to run as.