Docker on AWS EC2

AWS EC2 Contneir が発表されたので、Dockerを先に触っておこうというコンセプト

- dockerのインストール
# yum install docker.x86_64 docker-devel.x86_64 docker-pkg-devel.x86_64

Loaded plugins: priorities, update-motd, upgrade-helper
amzn-main/latest                                                             | 2.1 kB     00:00
amzn-updates/latest                                                          | 2.3 kB     00:00
Resolving Dependencies
--> Running transaction check
---> Package docker.x86_64 0:1.2.0-2.21.amzn1 will be installed
--> Processing Dependency: libcgroup for package: docker-1.2.0-2.21.amzn1.x86_64
---> Package docker-devel.x86_64 0:1.2.0-2.21.amzn1 will be installed
--> Processing Dependency: golang for package: docker-devel-1.2.0-2.21.amzn1.x86_64
---> Package docker-pkg-devel.x86_64 0:1.2.0-2.21.amzn1 will be installed
--> Running transaction check
---> Package golang.x86_64 0:1.3.3-1.7.amzn1 will be installed
--> Processing Dependency: golang-bin for package: golang-1.3.3-1.7.amzn1.x86_64
--> Processing Dependency: bzr for package: golang-1.3.3-1.7.amzn1.x86_64
--> Processing Dependency: mercurial for package: golang-1.3.3-1.7.amzn1.x86_64
--> Processing Dependency: golang-src for package: golang-1.3.3-1.7.amzn1.x86_64
---> Package libcgroup.x86_64 0:0.40.rc1-5.11.amzn1 will be installed
--> Running transaction check
---> Package bzr.x86_64 0:2.1.2-2.9.amzn1 will be installed
---> Package golang-pkg-bin-linux-amd64.x86_64 0:1.3.3-1.7.amzn1 will be installed
--> Processing Dependency: golang-pkg-linux-amd64 = 1.3.3-1.7.amzn1 for package: golang-pkg-bin-linux-amd64-1.3.3-1.7.amzn1.x86_64
---> Package golang-src.noarch 0:1.3.3-1.7.amzn1 will be installed
---> Package mercurial.x86_64 0:2.6.3-1.22.amzn1 will be installed
--> Running transaction check
---> Package golang-pkg-linux-amd64.noarch 0:1.3.3-1.7.amzn1 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
====================================================================================================
 Package                          Arch         Version                     Repository          Size
====================================================================================================
Installing:
 docker                           x86_64       1.2.0-2.21.amzn1            amzn-updates       4.9 M
 docker-devel                     x86_64       1.2.0-2.21.amzn1            amzn-updates       259 k
 docker-pkg-devel                 x86_64       1.2.0-2.21.amzn1            amzn-updates       111 k
Installing for dependencies:
 bzr                              x86_64       2.1.2-2.9.amzn1             amzn-main          5.9 M
 golang                           x86_64       1.3.3-1.7.amzn1             amzn-updates       3.0 M
 golang-pkg-bin-linux-amd64       x86_64       1.3.3-1.7.amzn1             amzn-updates        15 M
 golang-pkg-linux-amd64           noarch       1.3.3-1.7.amzn1             amzn-updates       8.7 M
 golang-src                       noarch       1.3.3-1.7.amzn1             amzn-updates       6.4 M
 libcgroup                        x86_64       0.40.rc1-5.11.amzn1         amzn-main          146 k
 mercurial                        x86_64       2.6.3-1.22.amzn1            amzn-main          3.7 M
Transaction Summary
====================================================================================================
Install  3 Packages (+7 Dependent packages)
Total download size: 48 M
Installed size: 176 M
Is this ok [y/d/N]: y
Downloading packages:
(1/10): bzr-2.1.2-2.9.amzn1.x86_64.rpm                                       | 5.9 MB     00:00
(2/10): docker-1.2.0-2.21.amzn1.x86_64.rpm                                   | 4.9 MB     00:00
(3/10): docker-devel-1.2.0-2.21.amzn1.x86_64.rpm                             | 259 kB     00:00
(4/10): docker-pkg-devel-1.2.0-2.21.amzn1.x86_64.rpm                         | 111 kB     00:00
(5/10): golang-1.3.3-1.7.amzn1.x86_64.rpm                                    | 3.0 MB     00:00
(6/10): golang-pkg-bin-linux-amd64-1.3.3-1.7.amzn1.x86_64.rpm                |  15 MB     00:00
(7/10): golang-pkg-linux-amd64-1.3.3-1.7.amzn1.noarch.rpm                    | 8.7 MB     00:00
(8/10): golang-src-1.3.3-1.7.amzn1.noarch.rpm                                | 6.4 MB     00:00
(9/10): libcgroup-0.40.rc1-5.11.amzn1.x86_64.rpm                             | 146 kB     00:00
(10/10): mercurial-2.6.3-1.22.amzn1.x86_64.rpm                               | 3.7 MB     00:00
----------------------------------------------------------------------------------------------------
Total                                                                42 MB/s |  48 MB  00:00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : bzr-2.1.2-2.9.amzn1.x86_64                                                      1/10
  Installing : libcgroup-0.40.rc1-5.11.amzn1.x86_64                                            2/10
  Installing : mercurial-2.6.3-1.22.amzn1.x86_64                                               3/10
  Installing : golang-src-1.3.3-1.7.amzn1.noarch                                               4/10
  Installing : golang-pkg-linux-amd64-1.3.3-1.7.amzn1.noarch                                   5/10
  Installing : golang-1.3.3-1.7.amzn1.x86_64                                                   6/10
  Installing : golang-pkg-bin-linux-amd64-1.3.3-1.7.amzn1.x86_64                               7/10
  Installing : docker-pkg-devel-1.2.0-2.21.amzn1.x86_64                                        8/10
  Installing : docker-devel-1.2.0-2.21.amzn1.x86_64                                            9/10
  Installing : docker-1.2.0-2.21.amzn1.x86_64                                                 10/10
  Verifying  : golang-1.3.3-1.7.amzn1.x86_64                                                   1/10
  Verifying  : golang-src-1.3.3-1.7.amzn1.noarch                                               2/10
  Verifying  : docker-1.2.0-2.21.amzn1.x86_64                                                  3/10
  Verifying  : mercurial-2.6.3-1.22.amzn1.x86_64                                               4/10
  Verifying  : golang-pkg-bin-linux-amd64-1.3.3-1.7.amzn1.x86_64                               5/10
  Verifying  : docker-pkg-devel-1.2.0-2.21.amzn1.x86_64                                        6/10
  Verifying  : docker-devel-1.2.0-2.21.amzn1.x86_64                                            7/10
  Verifying  : libcgroup-0.40.rc1-5.11.amzn1.x86_64                                            8/10
  Verifying  : golang-pkg-linux-amd64-1.3.3-1.7.amzn1.noarch                                   9/10
  Verifying  : bzr-2.1.2-2.9.amzn1.x86_64                                                     10/10
Installed:
  docker.x86_64 0:1.2.0-2.21.amzn1                   docker-devel.x86_64 0:1.2.0-2.21.amzn1
  docker-pkg-devel.x86_64 0:1.2.0-2.21.amzn1
Dependency Installed:
  bzr.x86_64 0:2.1.2-2.9.amzn1
  golang.x86_64 0:1.3.3-1.7.amzn1
  golang-pkg-bin-linux-amd64.x86_64 0:1.3.3-1.7.amzn1
  golang-pkg-linux-amd64.noarch 0:1.3.3-1.7.amzn1
  golang-src.noarch 0:1.3.3-1.7.amzn1
  libcgroup.x86_64 0:0.40.rc1-5.11.amzn1
  mercurial.x86_64 0:2.6.3-1.22.amzn1
Complete!

■すんなり

- Dockerのインストール確認
# docker version

Client version: 1.2.0
Client API version: 1.14
Go version (client): go1.3.3
Git commit (client): fa7b24f/1.2.0
OS/Arch (client): linux/amd64
2014/11/17 10:10:53 Get http:///var/run/docker.sock/v1.14/version: dial unix /var/run/docker.sock: no such file or directory

■インストールされたバージョンをながめる

# docker info

Containers: 0
Images: 0
Storage Driver: devicemapper
 Pool Name: docker-202:1-269202-pool
 Pool Blocksize: 64 Kb
 Data file: /var/lib/docker/devicemapper/devicemapper/data
 Metadata file: /var/lib/docker/devicemapper/devicemapper/metadata
 Data Space Used: 293.0 Mb
 Data Space Total: 102400.0 Mb
 Metadata Space Used: 0.7 Mb
 Metadata Space Total: 2048.0 Mb
Execution Driver: native-0.2
Kernel Version: 3.14.20-20.44.amzn1.x86_64
Operating System: Amazon Linux AMI 2014.09

■Dockerの情報が表示される。コンテナも作ってないしイメージもないので、0ですね。

- Dockerを使いはじめる
# /etc/init.d/docker start
■プロセスのスタート

-- 必要であれば以下も
# chkconfig docker on
■これでインスタンスリブート時に勝手にDockerが上がる

- AmazonLinuxのイメージをさがす

https://registry.hub.docker.com/
ここで必要なパッケージをさがしませう。
今回はAWSなので、Docker上もAmazonLinuxを使う方向で。
→どうやらLatestがまだ2014.03の模様

- OSイメージの取得
# docker pull vettl/amazon-linux:latest

Pulling repository vettl/amazon-linux
0a270722a07c: Download complete
d25f22b5d1eb: Download complete

- ダウンロードしたイメージの確認
# docker images

REPOSITORY               TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
vettl/amazon-linux       latest              0a270722a07c        7 months ago        607.8 MB

- コンテナ作成コマンドの確認
# docker run

Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
Run a command in a new container
  -a, --attach=[]            Attach to STDIN, STDOUT or STDERR.
  -c, --cpu-shares=0         CPU shares (relative weight)
  --cap-add=[]               Add Linux capabilities
  --cap-drop=[]              Drop Linux capabilities
  --cidfile=""               Write the container ID to the file
  --cpuset=""                CPUs in which to allow execution (0-3, 0,1)
  -d, --detach=false         Detached mode: run container in the background and print new container ID
  --device=[]                Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc)
  --dns=[]                   Set custom DNS servers
  --dns-search=[]            Set custom DNS search domains
  -e, --env=[]               Set environment variables
  --entrypoint=""            Overwrite the default ENTRYPOINT of the image
  --env-file=[]              Read in a line delimited file of environment variables
  --expose=[]                Expose a port from the container without publishing it to your host
  -h, --hostname=""          Container host name
  -i, --interactive=false    Keep STDIN open even if not attached
  --link=[]                  Add link to another container in the form of name:alias
  --lxc-conf=[]              (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"
  -m, --memory=""            Memory limit (format: <number><optional unit>, where unit = b, k, m or g)
  --name=""                  Assign a name to the container
  --net="bridge"             Set the Network mode for the container
                               'bridge': creates a new network stack for the container on the docker bridge
                               'none': no networking for this container
                               'container:<name|id>': reuses another container network stack
                               'host': use the host network stack inside the container.  Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure.
  -P, --publish-all=false    Publish all exposed ports to the host interfaces
  -p, --publish=[]           Publish a container's port to the host
                               format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort
                               (use 'docker port' to see the actual mapping)
  --privileged=false         Give extended privileges to this container
  --restart=""               Restart policy to apply when a container exits (no, on-failure, always)
  --rm=false                 Automatically remove the container when it exits (incompatible with -d)
  --sig-proxy=true           Proxy received signals to the process (even in non-TTY mode). SIGCHLD, SIGSTOP, and SIGKILL are not proxied.
  -t, --tty=false            Allocate a pseudo-TTY
  -u, --user=""              Username or UID
  -v, --volume=[]            Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container)
  --volumes-from=[]          Mount volumes from the specified container(s)
  -w, --workdir=""           Working directory inside the container

- いざ鎌倉
# docker run -it --name AmazonLinux1 vettl/amazon-linux /bin/bash

[root@eaf067a49fc7 /]#
こんなふうにプロンプトが変更され、Dockerの中でRootuserとして生を受ける

==== ポインツ ==================================================================
exitで元のホストに戻ることができるけど、SSH等のサービスを上げていない場合は、ログインできる術がなくなってしまう
HTTPDインスタンスや、DBインスタンス等の場合、SSHのサービス自体を起動させないことで、セキュリティリスクを
減らすことが出来るのもDockerの強みなので、SSHを使わずに、中身を編集する方法がほしい
================================================================================

- 解決方法 nsenter、nsenterをつかう
-- nsenterのインストール
# docker run -v /usr/local/bin:/target jpetazzo/nsenter

nsenterを簡単に使うために、以下のスクリプトを用意する

# vi /usr/local/bin/nsenter_sh

=======================================================================
#!/bin/bash
#
# Contaner login script
if [ -z $1 ] ; then
    echo "usage: nsenter_sh [ContainerID]"
    exit 1
else
    PID=$(docker inspect --format {{.State.Pid}} $1)
    nsenter --target $PID --mount --uts --ipc --net --pid
fi
exit 0
=======================================================================

# chmod 755 nsenter_sh

権限変更して簡単起動に

- 動作確認
# nsenter eaf067a49fc7

[root@eaf067a49fc7 /]#
■プロンプトがかわることを確認

おしまい
=====


ということで、Dockerのインストールと簡単ログインのお話でした。