No Docker config.json in Amazon Linux EC2 - linux

So in order to set up the amazon-ecr-credential-helper I need to add some lines to the .docker/config.json file in my EC2. When I try to run the script
echo "{ \"credHelpers\": { \"acc_id.dkr.ecr.acc_region.amazonaws.com\": \"ecr-login\" } }" > ~/.docker/config.json
I get an error -bash: /root/.docker/config.json: No such file or directory
Docker is installed, I'm using root user. This is an Amazon Linux EC2. Can someone please tell me what is wrong here? Doesn't Docker already create the .docker folder? Or is this something I need to do?
Some context: I intend to run this script as part of the EC2 Userdata, but have been facing issues, so trying to debug within the container first.
Any hints in the right direction would be highly appreciated.
Thanks!

"Doesn't Docker already create the .docker folder?"
No, Docker doesn't create a .docker folder in every user's home directory. You need to create that folder yourself.

Related

Read-only file system - LXC

I'm trying to demonstrate an ROP attack and keep getting a "Read-only file system" error on my LXC container.
I'm trying to execute the command:
echo "0" > /proc/sys/kernel/randomize_va_space
The following is returned:
bash: /proc/sys/kernel/randomize_va_space: Read-only file system
Any help is appreciated.
If this is still relevant, you can't change such settings in a Container. Docker doesn't allow this.
Docker does not support changing sysctls inside of a Container that also modify the host system.
Therefore you have to change the settings "outside" of your Container, on your host system.
Just run the same commands on your host system and then create your Container. The File randomize_va_space in your Container should automatically have your given value 0 in it!

How to provide 777 default permission on all files within a given Linux folder

I have a need to make any files that are created in the specific Linux directory to have 777 permission.
I would like to have all the users to be able to do Read, Write and Execute on all files under this folder. So what is the best way or Linux command to make it happen?
What I am doing is that I am spinning off two separate containers one for Nginx server and one for PHP:FPM app server to host Laravel 5.4 app.
Please consider the following scenario. I have a docker application container A (PHP:FPM) which is used to serve the web application files to docker container B (Nginx). Now when I access the website, I am delivering the web pages through the web container. Both the containers are within the same network and I share the volumes from my app container to my web container. But when the web container tries to read the files on the app container I get the error which is something like below:
The stream or file "/var/www/storage/logs/laravel.log" could not be
opened: failed to open stream: Permission denied
So I added RUN chmod -R 777 storage in my docker file.
However it is not solving the issue.
So I also tried using SGID to fix the issue by adding one more line in my dockerfile as RUN chmod -R ug+rwxs storage. Still it is not solving the issue of permission.
On a separate note, funny thing is that on my MAC Docker container this works without any issue ( I mean without adding chmod -R 777 to folder or using SGID for setting permission to a folder in my docker file). But when the same code is run on Linux AMI EC2 instance (Amazon AMI Linux EC2) ... the permission issue start to occur.
So how do I fix this ?
The solution is to launch both containers using the same user identified by the same uid. For instance you can choose root or any uid when running the container:
docker run --user root ...
Alternatively, you can switch to another user, before startup, inside your Dockerfile by adding the following before the CMD or ENTRYPOINT
USER root
I have solved it by figuring out user name under which cache files are created when someone access the application url . And then updating my dockerfile to include statement for SGID ownership for that user on the root of app folder where all source code resides (so all subfolder and files included later in whatever way ... at run-time sometime... are accessible from web container for that user) and then using chmod 777 permission on specific folders that needs to have chmod 777 permission.

How to set folder permissions for a particular container on Elastic Beanstalk

I have troubles setting permissions for a web folder on Elastic Beanstalk. I run multiple containers using custom docker images in one instance: apache-php, mysql, memcached, etc.. For the container "apache-php" I map a folder with my yii2 application to /var/www/html/.
When I manually make a bundle and do upload / deploy via Elastic Beanstalk console I sure have right permissions for the folder and everything works fine.
Now, when I deploy the app using "eb deploy", it drops all permissions and I get a server error and "The directory is not writable by the Web process: /var/www/html/backend/web/assets" in logs.
I can connect via ssh and set necessary permissions manually, but sure this is not convenient, since needs to be done every time I re-deploy the app.
So, my questions is what is the best way to automatically set permission for particular folder in particular container on Elastic Beanstalk?
Perhaps, I can use .ebextensions, but I didn't find how to run "container_commands" for particular container.
AWS EB Deployment starts your app in /var/app/ondeck
When deploying elastic beanstalk, your app is first unzipped into /var/app/ondeck/
Most likely, your local folder being deployed does not have the permissions you want on them.
If you need to make adjustments to your app, or the shell, during deployment, .ebextensions/*.config is the right place to do it.
Container commands should be run to that path
But keep in mind, that these commands will run EVERY time you deploy, whether needed or not, unless you use some method to test for pre-config.
container_commands:
08user_config:
test: test ! -f /opt/elasticbeanstalk/.preconfig-complete
command: |
echo "jail-me" > /home/ec2-user/.userfile
09writable_dirs:
command: |
chmod -R 770 /var/app/ondeck/backend/web/assets
chmod -R 770 /var/app/ondeck/[path]
99complete:
command: |
touch /opt/elasticbeanstalk/.preconfig-complete
files:
"/etc/profile.d/myalias.sh":
mode: "000644"
owner: root
group: root
content: |
alias webroot='cd /var/www/html/backend/web; ls -al --color;'
echo " ========== "
echo " The whole point of Elastic Beanstalk is that you shouldn't need to SSH into the server. "
echo " ========== "
Yes you should use ebextensions.
Create a folder in your app source root called .ebextensions. Create a file with a .config extension say 01-folder-permissions.config. Files are processed in lexicographical order of their name.
Contents of the file can be:
container_commands:
change_permissions:
command: chmod 777 /var/www/some-folder
Replace with appropriate folder and permissions. Read about container commands here.

Failing make cloud-config.yml file in coreOS

There was not any cloud-config file in my coreOS, so I made one myself as below:
#cloud-config
hostname: coreos
ssh_authorized_keys:
-ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAgU0+1JMi9jzAiHSTu9GL4eNX0KzP5E5lN/0dczRcLF+uX4NSO9DCUUIlkGDml70aXrIHhawfR/TSz1YEkJeZDwWyRKgNeqTGXax1HncLF9kHaWxn7At34qmfWdu54zvtfhZVOV2FKWMC0A8hizkFY+LPV8rkM1Hjoik2f8FZ491ucy8Lygrtd0ZWDPBp/EyqG90JwHF6lEZanhq/2vVPTJdJtLelpdr0Ouvw132r3ex7tm76nj+T10DOsGntNfNr/VD8Z1UD2sRxG9JgWgVHVjYzfy5ISCQwvbYG6DZG+e33SxZb5Ch9B5h8vCaRgsA1DX1K+rdp5fxCF5h1VkxaMQ== rsa-key-20151214
But it did not work when I tried to log in with putty through ssh key, also got error when logged in
" server refused our key "
and
" Failed Units: 1
system-cloudinit#usr-share-oem-cloud\x2dconfig.yml.service "
Well I am confused about this cloud-config.
What should I do to make right one to work?
If anyone knows about coreOS, Please help me
The answer to your question depends on what type of CoreOS system you are running.
Also, from your question it isn't clear how you tried to set your system's cloud config.
If this is a bare metal install (you used the coreos-install tool to install to a physical system), you should have a cloud config file at /var/lib/coreos-install/user_data. user_data is your cloud config file here. It should have been created from the cloud-config.yml that was provided when running coreos-install.
For most of the other types of systems (CDROM/USB, PXE, vmWare, etc.) the cloud config file is usually part of the environment and read during every boot.
You can find the locations of the cloud config file for other CoreOS system types here.
If you didn't provide a cloud config during install, or in the environment you can use the following command to load a custom cloud config file:
sudo coreos-cloudinit --from-file=/home/core/cloud-config.yaml
of course you need to have command line access to do that. just in case you don't have console access yet, you can use the coreos.autologin Kernel parameter when you boot to skip login on the console.
You can validate your cloud-config at coreos.com/validate. I'm not sure that's what is failing here, but check it out if you keep running into issues.
Validater suggests this works? but maybe it's 3 parts?
#cloud-config
hostname: coreos
ssh_authorized_keys: ["-ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAgU0+1JMi9jzAiHSTu9GL4eNX0KzP5E5lN/0dczRcLF+uX4NSO9DCUUIlkGDml70aXrIHhawfR/TSz1YEkJeZDwWyRKgNeqTGXax1HncLF9kHaWxn7At34qmfWdu54zvtfhZVOV2FKWMC0A8hizkFY+LPV8rkM1Hjoik2f8FZ491ucy8Lygrtd0ZWDPBp/EyqG90JwHF6lEZanhq/2vVPTJdJtLelpdr0Ouvw132r3ex7tm76nj+T10DOsGntNfNr/VD8Z1UD2sRxG9JgWgVHVjYzfy5ISCQwvbYG6DZG+e33SxZb5Ch9B5h8vCaRgsA1DX1K+rdp5fxCF5h1VkxaMQ== rsa-key-20151214"]

Jenkins error on building command?

I am new to Jenkins, starting now.
I see the following errors here.
Building in workspace /var/lib/jenkins/workspace/GIF_DECODER
[GIF_DECODER] $ /bin/bash /tmp/hudson3370393570271110742.sh
/tmp/hudson3370393570271110742.sh: line 2: cd: /home/joshis1/Data/E-Drive/Blog/Ready_to_post/Ubuntu/GIF_Decoder_LINUX: Permission denied
/var/lib/jenkins/workspace/GIF_DECODER
I have given the build commands as the following. This is under execute shell.
#!/bin/bash
cd /home/joshis1/Data/E-Drive/Blog/Ready_to_post/Ubuntu/GIF_Decoder_LINUX
pwd
make clean
make everything
I am not understanding what is the issue here? Looks to be a permission year. I have jenkins in sudoers list. I don't why it looks for /var/lib/jenkins/workspace/GIF_Decoder.
I see the jenkins page under - http://:8080/job/GIF_DECODER/configure
How can I setup the hostname so that instead of localhost I have some meaningful name? Please help. Also, what is the best document/video to start with Jenkins for linux users? How to debug Jenkins issue seen? How can I instantiate a build by sending an email?
I am not understanding what is the issue here?
It's a permission error. It looks like your jenkins user does not have permissions for /home/joshis1/Data/E-Drive/Blog/Ready_to_post/Ubuntu/GIF_Decoder_LINUX
How can I setup the hostname so that instead of localhost I have some meaningful name?
Try the hostname of your server in the URL. e.g. http://myserver:8080/job/GIF_DECODER/configure
Also, what is the best document/video to start with Jenkins for linux users?
I expect that you have a basic understanding of how linux works. This is important on how to configure your jenkins and write the necessary build steps. The most basic information you will find on http://jenkins-ci.org and basic installation https://wiki.jenkins-ci.org/display/JENKINS/Installing+Jenkins
How to debug Jenkins issue seen?
That depends ...
... on the issue. If you have build problems check the console output of the job first. In addition, Jenkins writes its logfiles into the jenkins home directory.
How can I instantiate a build by sending an email?
Check out the mail commander plugin

Resources