#docker (2019-01)

docker

All things docker Archive: https://archive.sweetops.com/docker/

2019-01-30

Bogdan avatar
Bogdan

how do you guys handle the ordered_placement_strategy in a ecs service module, from an input perspective (passing a list of maps or map) when passing several strategies? I couldn’t find an example in cloudposse ecs service modules

2019-01-28

tamsky avatar
tamsky

and here lies my error:

 => [4/4] RUN ssh-add -l:

\#9 0.397 Could not open a connection to your authentication agent.
------
rpc error: code = Unknown desc = executor failed running [/bin/sh -c ssh-add -l]: exit code: 2

RUN command should read RUN --mount=type=ssh ssh-add -l | tee /hello

tamsky avatar
tamsky

working build output from OSX:


\# ( export DOCKER_BUILDKIT=1 && docker build --ssh default -f Dockerfile.ssh . )
[+] Building 1.6s (10/10) FINISHED                                                                                             
 => [internal] load .dockerignore                                                                                         0.4s
 => => transferring context: 2B                                                                                           0.0s
 => [internal] load build definition from Dockerfile.ssh                                                                  0.7s
 => => transferring dockerfile: 41B                                                                                       0.0s
 => resolve image config for docker.io/docker/dockerfile:experimental                                                     0.0s
 => CACHED <docker-image://docker.io/docker/dockerfile:experimental>                                                        0.0s
 => [internal] load metadata for docker.io/library/alpine:latest                                                          0.0s
 => [1/4] FROM docker.io/library/alpine                                                                                   0.0s
 => CACHED [2/4] RUN apk add --no-cache openssh-client git                                                                0.0s
 => CACHED [3/4] RUN mkdir -p -m 0600 ~~/.ssh && ssh-keyscan github.com> > ~~.ssh/known_hosts                              0.0s
 => CACHED [4/4] RUN --mount=type=ssh ssh-add -l | tee /hello                                                             0.0s
 => exporting to image                                                                                                    0.0s
 => => exporting layers                                                                                                   0.0s
 => => writing image sha256:7dcdf95d6e1745d9c12ca89b2209fd58fe7417c93acb1e3e5ce35a20ff544b14                              0.0s
tamsky avatar
tamsky

/hello does get populated, so we finally have a cross platform solution for the agent

1
tamsky avatar
tamsky

and for folks who want to know more about how “Docker for Mac” works… I found this great, and very detailed, post about it:

1

2019-01-24

i5okie avatar
i5okie

oh thanks

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@i5okie let me know if you get that working. I haven’t tried it yet, but looks cool!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@tamsky have you tried this?

i5okie avatar
i5okie

reading right now

tamsky avatar
tamsky

I just upgraded my Docker Desktop on OSX to 2.0.0.2 to test this. The secrets file stuff works with “experimental features” enabled. The ssh_agent stuff, not so much.

tamsky avatar
tamsky
12:00:54 AM

experimental features flag

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

What happened when you tried using the SSH agent stuff?

tamsky avatar
tamsky

\# make ssh
export DOCKER_BUILDKIT=1
docker build --ssh default -f Dockerfile.ssh .
[+] Building 2.4s (9/9) FINISHED                                                                                               
 => [internal] load build definition from Dockerfile.ssh                                                                  0.0s
 => => transferring dockerfile: 334B                                                                                      0.0s
 => [internal] load .dockerignore                                                                                         0.0s
 => => transferring context: 2B                                                                                           0.0s
 => resolve image config for docker.io/docker/dockerfile:experimental                                                     1.0s
 => CACHED <docker-image://docker.io/docker/dockerfile:[email protected]:2220efe9582e00cd8f6bbee8f4566e34d7f0388c0e10f2>  0.0s
 => [internal] load metadata for docker.io/library/alpine:latest                                                          0.0s
 => [1/4] FROM docker.io/library/alpine                                                                                   0.0s
 => CACHED [2/4] RUN apk add --no-cache openssh-client git                                                                0.0s
 => CACHED [3/4] RUN mkdir -p -m 0600 ~~/.ssh && ssh-keyscan github.com> > ~~.ssh/known_hosts                              0.0s
 => ERROR [4/4] RUN ssh-add -l                                                                                            0.6s
------
 > [4/4] RUN ssh-add -l:

\#9 0.397 Could not open a connection to your authentication agent.
------
rpc error: code = Unknown desc = executor failed running [/bin/sh -c ssh-add -l]: exit code: 2
tamsky avatar
tamsky

https://github.com/mariusgrigaitis/docker-mac-ssh-auth-sock might be a workable hack for interactive use, but buildkit docker build can’t use that hack.

mariusgrigaitis/docker-mac-ssh-auth-sock

SSH_AUTH_SOCK socket forwarding for Docker for Mac - mariusgrigaitis/docker-mac-ssh-auth-sock

tamsky avatar
tamsky
Support for sharing unix sockets · Issue #483 · docker/for-mac

Expected behavior When mounting a directory containing unix sockets the sockets should function the same as they do on a Linux host. Actual behavior The socket is &#39;there&#39;, but non-functiona…

$SSH_AUTH_SOCK is not being forwarded to docker · Issue #410 · docker/for-mac

Expected behavior OSX ssh-agent socket is available (for mount) in containers $ docker run -it -v ${SSH_AUTH_SOCK}:${SSH_AUTH_SOCK} -e SSH_AUTH_SOCK=&quot;${SSH_AUTH_SOCK}&quot; –rm alpine:3.4 /bi…

tamsky avatar
tamsky

iheartradio[1] has gotten around this entire mess using multiple stages and ephemerally tagged local images:

  • download source docker run … ; docker commit using a different author’s ssh-agent forwarding hack[2]
  • followed by a final docker build which can build the source and do what it wants with the artifacts.

[1] https://github.com/iheartradio/docker-node [2] https://github.com/avsm/docker-ssh-agent-forward

iheartradio/docker-node

iHeartRadio’s Nodejs Dockerfiles. Contribute to iheartradio/docker-node development by creating an account on GitHub.

avsm/docker-ssh-agent-forward

Forward SSH agent socket into a container. Contribute to avsm/docker-ssh-agent-forward development by creating an account on GitHub.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

oh interesting using multistage like that

tamsky avatar
tamsky

also, for folks following along from home, here’s the “check if your setup is experimental”:


\# docker info | grep -i Experimental
Experimental: true
2

2019-01-23

i5okie avatar
i5okie

hey, question.. I have a git repo with submodules of our app repos. in this directory i’ve got docker-compose.yaml file.

Is it possible to use context to a git repo just for the Dockerfile, but when building make it use the local folder from submodule? I want to do docker-compose build app

  • get dockerfile / entrypoint file from repo
  • build image by copying things from submodule
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

ping me in a few hours if you don’t get a response

i5okie avatar
i5okie

ok

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Ok, so it sounds like you’re having trouble pulling submodules from private git repo inside of Docker?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

If so, see this:

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Build secrets and SSH forwarding in Docker 18.09 – Tõnis Tiigi – Medium attachment image

One of the complexities when using Dockerfiles has always been accessing private resources. If you need to access some private repository…

2019-01-03

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

docker hub is down

    keyboard_arrow_up