I am trying to mount an EFS file system on a Docker container on a EC2 server.
The problem is that I can successfully mount the file system on the EC2 host system, but not in the container, I get the following error in the container :
mount.nfs4: access denied by server while mounting
The container is launched with the following command :
docker run -it --name efs-image --cap-add SYS_ADMIN --cap-add DAC_OVERRIDE --cap-add DAC_READ_SEARCH --restart always --net host --pid host --env-file env.env debian
I could mount the file system on the host then share it in a volume with the container, but I would like to mount it on the container for scaling reasons.
I tried to restart the docker doemon with service docker restart, but I still have the same error.
Can someone explain how to mount the EFS in the container ?
Thanks in advance !
Related
I have an ec2 instance with docker compose installed, running a single container. I have the same setup replicated locally on my machine.
using nc -v **host** 5432 results in:
From my machine > success
From inside a docker container running on my machine > success
From inside the ec2 instance > success
From inside a docker container running on the ec2 > Host is unreachable
I'm guessing there's something I'm missing in the ec2's docker config if anyone can point me in the right direction.
This is the docker_boot.service file
Description=docker boot
After=docker.service
[Service]
Type=oneshot
RemainAfterExit=yes
WorkingDirectory=/home/ubuntu/metabase
ExecStart=sudo /usr/bin/docker-compose -f /home/ubuntu/metabase/docker-compose.yml up -d --remove-orphans
[Install]
WantedBy=multi-user.target
The reason behind this is your Docker container is trying to resolve your RDS DNS using public DNS rather than private one.
For a quick workaround, I think you can nslookup your RDS DNS and take 1 of its IPv4 addresses. Then, use that single IPv4 as your host.
nslookup <ID>.rds.amazonaws.com
For a clean workaround, you need to adjust your Docker container DNS configuration into your VPC internal DNS IPv4 address. Using --dns, you can quickly adjust this and you can add more DNS if your application is trying to reach other services as well.
docker run --name app --dns=169.254.169.253 -p 80:5000 -d app
References:
https://docs.docker.com/config/containers/container-networking/
https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html
I have uploaded my docker image to the AWS EC2 instance. Now I have update my code and modify it, I have created a new docker image with a new tag and upload it to the same docker image repository and want to upload a new docker image to the same ec2 instance.
i connect AWS with ssh client and write this line
docker run --restart=always -p 8000:8000 myDockerImageRepositary:myTag
it gives me an error
Error response from daemon: driver failed programming external connectivity on endpoint dreamy_engelbart (0be73435f9a848ead131e0e15160ce9cb7333fa84565291d027e6a9d6467c476): Bind for 0.0.0.0:8000 failed: port is already allocated.
I think the error is because my previous docker image is running on port 8000 but I have to update that docker image with the new one and don't know how to do that.
Thank you
Run sudo netstat -nltpu to confirm what application is running on that port. If it is docker then it means you probably didn't kill the previous docker container that was running on that port. If you don't have any other containers running, you can just stop all containers using this docker stop $(docker ps -a -q)
If you have other containers running, you can run docker ps to get details of the container running on that port, then run docker stop CONTAINER_ID to stop the container.
The problem is that when uploading docker image of service to the Amazon container registry, the docker image does not run after adding it as a Task.
See (https://aws.amazon.com/getting-started/tutorials/deploy-docker-containers/)
Step1: Push to AWS Container service private image registry
docker push 734122228327.dkr.ecr.us-east-2.amazonaws.com/joethecoder2:latest
## Step2: SSH into running Docker instance
ssh -i "containerservice.pem" ec2-user#ec2-18-217-248-112.us-east-2.compute.amazonaws.com
The authenticity of host 'ec2-18-217-248-112.us-east-2.compute.amazonaws.com (18.217.248.112)' can't be established.
ECDSA key fingerprint is SHA256:wCeAUed36nKeQjEbSDsYjzq8Z5mpNY4pbcahw2mSozs.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ec2-18-217-248-112.us-east-2.compute.amazonaws.com,18.217.248.112' (ECDSA) to the list of known hosts.
| __| __|
| ( _ \ Amazon ECS-Optimized Amazon Linux AMI 2017.09.d
____|_|____/
For documentation visit, http://aws.amazon.com/documentation/ecs
Docker ps running instances
[ec2-user#ip-10-0-0-102 ~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c90a2116f3ab amazon/amazon-ecs-agent:latest "/agent" About an hour ago Up About an hour ecs-agent
[ec2-user#ip-10-0-0-102 ~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c90a2116f3ab amazon/amazon-ecs-agent:latest "/agent" About an hour ago Up About an hour ecs-agent
Results: Do not show that joethecoder2 image is running. WHY?
[ec2-user#ip-10-0-0-102 ~]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
amazon/amazon-ecs-agent latest 2d99efccdfef 3 weeks ago 26.8MB
amazon/amazon-ecs-pause 0.1.0 c846030090b6 3 weeks ago 964kB
[ec2-user#ip-10-0-0-102 ~]$
Problem conclusion:
The docker image that was uploaded using Push was not included in the running container service, when adding the Task was done like the example instructions for how to deploy docker containers. (I configured the Task in step 2, and 3, and then setup the cluster in Step 4) See (https://aws.amazon.com/getting-started/tutorials/deploy-docker-containers/)
Test Data
However, when I try to curl the service it does not connect:
curl ec2-18-217-248-112.us-east-2.compute.amazonaws.com:8080
curl: (7) Failed to connect to ec2-18-217-248-112.us-east-2.compute.amazonaws.com port 8080: Connection refused
Further inspection:
Further inspection shows, that the docker service that should be running for joethecoder2 is not running in the docker instance that should be running on the container service node ec2-18-217-248-112.us-east-2.compute.amazonaws.com
Run Task had to be clicked, after setting up the Cluster, to associate the Task with a Cluster. Once the Task is running, port 8080 opens up successfully for the task. Host and Container were both mapped to port 8080
I am unable to connect to nexus from my docker host.
Steps:
I installed docker on AWS linux and created an image.
I then launched an instance based out of the image.
I log on to the instance ( docker host) and docker is running
I try a wget on the host to get a file from nexus and I get the following
Error:
Resolving nexus.XXXX.com (nexus.XXXX.com)... yyy.yy.yy.yy
Connecting to nexus.XXXX.com (nexus.XXXX.com)|yyy.yy.yy.yy|:80... failed: No route to host.
I have a jenkins instance running inside a docker container that's listening on port 8181.
Example URL of the jenkins instance:
http://ec2-34-155-164-97.us-west-2.compute.amazonaws.com/
I have a tomcat docker instance that's listening on port 8383 running inside the jenkins docker container.
I can access jenkins instance from my local browser. Is there any possible way that I can access my docker tomcat instance from my local browser?
Here is my docker run command:
docker run -d -v /var/run/docker.sock:/var/run/docker.sock \ -v $(which docker):/usr/bin/docker -p 8181:8080 jenkins-dsl
Please provide your suggestions.
It sounds like your docker run command simply needs to expose the port that your nested tomcat server is running on.
To do this, you need to pass in -p argument into your command. The -p argument is for binding a host port to the docker container's port:
-p <host_port>:<container_port>
You can pass in as many -p arguments as you want to bind multiple ports.
So if the docker tomcat server is running on port 8383 within the Jenkins docker container, then you can do something like this:
-p 8383:8080
Full command example:
docker run -d -it -p 8383:8080 --name tomcatServer docker-tomcat
I would assume that this would allow you to access tomcat server using the example URL provided like so:
http://ec2-34-155-164-97.us-west-2.compute.amazonaws.com:8383
However, you'd have to ensure your AWS Security Group will allow traffic to port 8383.
EDIT: Updated answer to reflect the resolution we discussed in the comments.
Edited
I could able to launch tomcat by specifying the port in the URL and opening the port in EC2 instance.
http://ec2-34-155-164-97.us-west-2.compute.amazonaws.com:8383
Latest Docker installation guide for Tomcat clearly says you will get this error when you launch it for the first time
You can then go to http://localhost:8888 or http://host-ip:8888 in a browser (noting that it will return a 404 since there are no webapps loaded by default).
its because you do not have any apps in the default webapps folder of Tomcat. your latest Tomcat docker image has the default apps in the "webapps.dist" folder, you have to copy it to "webapps" folder. Do the Following commands
# docker exec -it tomcat-container /bin/bash
# cd webapps.dist
# cp -R * ../webapps
"tomcat-container" is your container name.
now refresh your browser you will get it. if not let me know