Help us understand the problem. What is going on with this article?

Amazon LinuxのDockerコンテナを動かす

More than 3 years have passed since last update.

Mac上にVagrantでCentOSのVMを立てて、その上でAmazon LinuxのDocker Containerを動かす手順。

Amazon Linux用のAnsibleスクリプトの動作試験をするために用意した。

なお、最初はDocker for MacでMac上に直接コンテナを動かそうとしたが、後述の理由で断念した。

  • Mac OS Sierra 10.12.1
  • Vagrant 1.8.1
  • Virtual Box 5.0.28 r111378

Vagrant, VirtualBoxのインストール

先人のありがたい知恵に従う。
http://qiita.com/you-me/items/3126e7f91ccdf4d8a873

centos7.2のイメージを使う。

$ vagrant box add centos7 https://github.com/CommanderK5/packer-centos-template/releases/download/0.7.2/vagrant-centos-7.2.box
==> box: Box file was not detected as metadata. Adding it directly...
==> box: Adding box 'centos7' (v0) for provider: 
    box: Downloading: git@github.com:CommanderK5/packer-centos-template/releases/download/0.7.2/vagrant-centos-7.2.box
An error occurred while downloading the remote file. The error
message, if any, is reproduced below. Please fix this error and try
again.


この時、以下のリンク先に上がっている不具合に遭遇したので
http://qiita.com/kotatsu360/items/554da271d6935622254b

$ sudo mv /opt/vagrant/embedded/bin/curl{,.bak}

で直す。

CentOS7のVM作成、起動

$ vagrant box add centos7 https://github.com/CommanderK5/packer-centos-template/releases/download/0.7.2/vagrant-centos-7.2.box
==> box: Box file was not detected as metadata. Adding it directly...
==> box: Adding box 'centos7' (v0) for provider: 
    box: Downloading: https://github.com/CommanderK5/packer-centos-template/releases/download/0.7.2/vagrant-centos-7.2.box
==> box: Successfully added box 'centos7' (v0) for 'virtualbox'!
$ vagrant box list
centos7 (virtualbox, 0)
$ cd Vagrant/CentOS7
$ vagrant init centos7
A `Vagrantfile` has been placed in this directory. You are now
ready to `vagrant up` your first virtual environment! Please read
the comments in the Vagrantfile as well as documentation on
`vagrantup.com` for more information on using Vagrant.
$ vagrant up
$ vagrant status
Current machine states:

default                   running (virtualbox)

The VM is running. To stop this VM, you can run `vagrant halt` to
shut it down forcefully, or you can run `vagrant suspend` to simply
suspend the virtual machine. In either case, to restart it again,
simply run `vagrant up`.
CentOS7 15:35:21 $ vagrant ssh
[vagrant@ip-10-0-2-15 ~]$ vim

VM(Dockerホスト)の環境設定

必要なソフトを入れておく。

$ sudo yum install vim git ruby docker ansible

Gitの設定等を実施。

$ sudo systemctl start docker
$ sudo systemctl enable docker

このままでは一般ユーザでdocker deamonとの通信ができない。

$ docker version
Client:
 Version:         1.10.3
 API version:     1.22
 Package version: docker-common-1.10.3-46.el7.centos.14.x86_64
 Go version:      go1.6.3
 Git commit:      cb079f6-unsupported
 Built:           Fri Sep 16 13:24:25 2016
 OS/Arch:         linux/amd64
Cannot connect to the Docker daemon. Is the docker daemon running on this host?

sudo付きだとOK。

$ sudo docker version
Client:
 Version:         1.10.3
 API version:     1.22
 Package version: docker-common-1.10.3-46.el7.centos.14.x86_64
 Go version:      go1.6.3
 Git commit:      cb079f6-unsupported
 Built:           Fri Sep 16 13:24:25 2016
 OS/Arch:         linux/amd64

Server:
 Version:         1.10.3
 API version:     1.22
 Package version: docker-common-1.10.3-46.el7.centos.14.x86_64
 Go version:      go1.6.3
 Git commit:      cb079f6-unsupported
 Built:           Fri Sep 16 13:24:25 2016
 OS/Arch:         linux/amd64

以下のリンク先に述べられている手順でsudoなしで使えるようにする。
http://jetglass.hatenablog.jp/entry/2015/10/19/182052

$ sudo groupadd docker
$ sudo gpasswd -a vagrant docker

Amazon Linuxのコンテナイメージをダウンロード

awscliツールを使うのでインストールし、awsのアクセス情報を設定する。

$ pip install awscli
$ aws configure
AWS Access Key ID [None]: <アクセスキーID>
AWS Secret Access Key [None]: <アクセスキー>
Default region name [None]: ap-northeast-1
Default output format [None]: json

awsのユーザにAmazonEC2ContainerRegistryReadOnly管理ポリシーをつけておく必要がある。これがないと以下のエラーになる。

$ aws ecr get-login --region us-west-2 --registry-ids 137112412989

An error occurred (AccessDeniedException) when calling the GetAuthorizationToken operation:
$ aws ecr get-login --region us-west-2 --registry-ids 137112412989
docker login -u AWS -p <Password> -e none https://137112412989.dkr.ecr.us-west-2.amazonaws.com

成功するとdocker loginのコマンドが返ってくるので、それを実行。

$ docker login -u AWS -p <Password> -e none https://137112412989.dkr.ecr.us-west-2.amazonaws.com
Flag --email has been deprecated, will be removed in 1.13.
Login Succeeded

docker pullする。

$ docker pull 137112412989.dkr.ecr.us-west-2.amazonaws.com/amazonlinux:latest
latest: Pulling from amazonlinux

e2daa1633485: Pull complete 
Digest: sha256:939657b06a824c58f1532b104ba423c0c5efc16552c01427d96e9da20f8b2680
Status: Downloaded newer image for 137112412989.dkr.ecr.us-west-2.amazonaws.com/amazonlinux:latest

Dockerfileを用意。

これをベースにSSHログインできるimageを作るDockerfileを用意。

以下のリンク先を参考にさせてもらった。
http://cross-black777.hatenablog.com/entry/2014/06/15/163130

FROM 137112412989.dkr.ecr.us-west-2.amazonaws.com/amazonlinux

# set yum repository mirror for jp
RUN yum -y install yum-plugin-fastestmirror
RUN sed -ri 's/#include_only=.nl,.de,.uk,.ie/include_only=.jp/g' /etc/yum/pluginconf.d/fastestmirror.conf

# install packages
RUN yum -y update
RUN yum -y install vim
RUN yum -y install passwd openssh openssh-server openssh-clients sudo iproute

# create users
RUN useradd embulk
RUN passwd -f -u embulk

# setup sudoers
RUN echo "embulk ALL=(ALL) ALL" >> /etc/sudoers.d/embulk

# setup SSH
RUN mkdir -p /home/embulk/.ssh; chown embulk /home/embulk/.ssh; chmod 700 /home/embulk/.ssh
ADD authorized_keys /home/embulk/.ssh/authorized_keys
RUN chown embulk /home/embulk/.ssh/authorized_keys
RUN chmod 600 /home/embulk/.ssh/authorized_keys

# setup sshd config
RUN sed -ri 's/#PermitRootLogin yes/PermitRootLogin yes/g' /etc/ssh/sshd_config
RUN sed -ri 's/UsePAM yes/#UsePAM yes/g' /etc/ssh/sshd_config
RUN sed -ri 's/#UsePAM no/UsePAM no/g' /etc/ssh/sshd_config

RUN /etc/init.d/sshd start

EXPOSE 22
CMD ["/sbin/init"]

SSH接続用の準備

Dockerfileで使うSSHの鍵を作る。

$ mkdir keys
$ ssh-keygen
$ cp keys/id_rsa.pub authorized_keys

コンテナ作成

$ docker build -t docker/amzlinux .
$ docker images
REPOSITORY                                                 TAG                 IMAGE ID            CREATED             SIZE
docker/amzlinux                                            latest              d2aa393e0b47        49 seconds ago      548.8 MB
137112412989.dkr.ecr.us-west-2.amazonaws.com/amazonlinux   latest              feee9aea7094        2 weeks ago         328.3 MB
$ docker run -d --name <コンテナ名> --hostname <ホスト名> docker/amzlinux

ログインしてみる。

$ ssh -i keys/id_rsa embulk@172.17.0.2

       __|  __|_  )
       _|  (     /   Amazon Linux AMI
      ___|\___|___|

https://aws.amazon.com/amazon-linux-ami/2016.09-release-notes/

余談。Docker for Macを諦めた理由。

Docker for macだとホストからコンテナにpingが飛ばない。

I cannot ping my containers
Unfortunately, due to limitations in macOS, we’re unable to route traffic to containers, and from containers back to the host.

https://docs.docker.com/docker-for-mac/networking/

http://stackoverflow.com/questions/39216830/how-could-i-ping-my-docker-container-from-my-host

もう一つ別のコンテナを立ててそこからなら通信ができる。

これ以外にもDocker for Mac特有の事情にハマりそうだったので、諦めてLinux上をDockerホストとする方針に変更した。

以上。

bwtakacy
お仕事:データリサーチエンジニア 技術:C/Java/Python, PostgreSQL/Hadoop/Spark/TreasureData, 機械学習, DeepLearning
Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
Comments
No comments
Sign up for free and join this conversation.
If you already have a Qiita account
Why do not you register as a user and use Qiita more conveniently?
You need to log in to use this function. Qiita can be used more conveniently after logging in.
You seem to be reading articles frequently this month. Qiita can be used more conveniently after logging in.
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
ユーザーは見つかりませんでした