Requirement: Docker Engine should be installed (Follow instruction here).
$ sudo -i # curl -L "https://github.com/docker/compose/releases/download/1.11.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose # chmod +x /usr/local/bin/docker-compose # exit $ docker-compose --version docker-compose version: 1.10.0
Check the latest reference here.
On Linux:
$ curl -L https://github.com/docker/machine/releases/download/v0.9.0/docker-machine-`uname -s`-`uname -m` >/tmp/docker-machine && chmod +x /tmp/docker-machine && sudo cp /tmp/docker-machine /usr/local/bin/docker-machine
Check the latest reference here.
For Windows just install Windows Toolbox or Docker for Windows.
$ docker run -p 8080:8080 \ -p 50000:50000 -d \ -v /home/ec2-user/jenkins/var/jenkins_home:/var/jenkins_home jenkins
Replace /home/ec2-user/jenkins with a location where you want to put the backup file and 3b809ef3fe51 with the right container id.
$ docker run --rm --volumes-from 3b809ef3fe51 \ -v /home/ec2-user/jenkins:/backup alpine \ tar --exclude=workspace -cvf /backup/jenkins-home.tar /var/jenkins_home
$ ssh -f -N -i sangahdev.key -L *:9001:125.141.221.126:80 [email protected]
$ ssh -f -N -i sangahdev.key -L 2345:localhost:2376 [email protected]
$ docker run --rm -it -p 9091:8080 \ --name registry-web \ --link registry-srv \ -e REGISTRY_URL=http://registry-srv:5000/v2 \ -e REGISTRY_NAME=localhost:5000 \ -e REGISTRY_TRUST_ANY_SSL=true \ -e REGISTRY_BASIC_AUTH="" \ -e REGISTRY_READONLY=false \ --network registry_default \ hyper/docker-registry-web
# check first if is empty with:
sudo file -s /dev/xvdf /dev/xvdf: data
# ONLY IF return data, create the partition with the following command:
$ sudo mkfs -t ext4 /dev/xvdf
# create mount point:
$ mkdir /data
# backup fstab:
$ sudo cp /etc/fstab /etc/fstab.orig
# add a new line to fstab:
/dev/xvdf /data ext4 defaults,nofail 0 2
$ curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip" $ unzip awscli-bundle.zip $ ./awscli-bundle/install -b ~/bin/aws
$ aws s3 rm s3://disco-bucket/jenkins --recursive
Note
This is useful if you need to start a task into a well defined instance.
$ aws ecs start-task --task-definition=jenkins:1 --cluster=disco-cluster --container-instances=2c2d50c8-360f-45fb-a32c-f722ba5820a0
In order to restart the docker daemon, use the following command:
$ sudo service cgconfig restart $ sudo service docker start
Important
After attaching a new volume to an instance and mounting the volume, you need to restart the docker daemon in order to mount an host directory located in that volume, otherwise you will see a really strange situation!
The container might not see the new mounted volume instead it will read and write inside the folder under the mounted volume, as a result, the container and the host will see different files and folders and you might even get some Permission denied inside the container.
Because we are going to use a private registry to pull our images we need to add some variables to the ecs container before it start, so to tell him, that he should login with the credentials we gave him against our private registry. (reference: http://docs.aws.amazon.com/AmazonECS/latest/developerguide/private-auth.html)
- First we save an ecs configuration file on an S3 bucket. So create a file ecs.config and it should look like this:
ECS_ENGINE_AUTH_TYPE=dockercfg ECS_ENGINE_AUTH_DATA={"auths": { "dev.sangah.com:5043": { "auth": "[user:pwd in base64 format]" } } ECS_CLUSTER=disco-clusterMake sure you replace the cluster name with the right one and you put a valid auth key. You can use the following command to retrieve our credentials to replace into the above variables:
$ cat ~/.docker/config.json
Save the file into the S3 bucket:
$ aws s3 ecs.config s3://disco-bucket/ecs.config
We need to add a policy to our ec2 role, so just follow the instructions here http://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html#ecs-config-s3 and go to the point 'Storing Container Instance Configuration in Amazon S3'.
Add the following script to the Instance User Data, just select the instance, stop it and go to
Action->Instance Settings->View/Change User Data, and put this script, replacingyour_bucket_namewith the right name:#!/bin/bash yum install -y aws-cli aws s3 cp s3://your_bucket_name/ecs.config /etc/ecs/ecs.config
First create a cluster
SSH to the instance machine and type:
$ sudo yum install -y ecs-init $ sudo yum install docker $ sudo service docker start $ sudo start ecs
Test if the ecs agent has been installed and attached to the cluster with:
$ curl http://localhost:51678/v1/metadata
$ openssl genrsa -aes256 -out ca-key.pem 4096 $ openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem
export HOST=dev.sangah.com
$ openssl genrsa -out server-key.pem 4096 $ openssl req -subj "/CN=$HOST" -sha256 -new -key server-key.pem -out server.csr $ echo subjectAltName = DNS:$HOST,IP:203.239.21.121,IP:127.0.0.1 > extfile.cnf $ openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem \ -CAcreateserial -out server-cert.pem -extfile extfile.cnf
$ openssl genrsa -out key.pem 4096 $ openssl req -subj '/CN=client' -new -key key.pem -out client.csr $ echo extendedKeyUsage = clientAuth > extfile.cnf $ openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem \ -CAcreateserial -out cert.pem -extfile extfile.cnf
At the end of the process you should have 6 files:
ca-key.pem(0600)ca.pem(0644)server-key.pem(0600)server-cert.pem(0644)client-key.pem(0600)client-cert.pem(0644)
Important
The ca-key should be put in a safe place (with this key you can generate other client certificate)
Copy the required files into docker config folder:
$ cp -v ca.pem /etc/docker && \ cp -v server-key.pem /etc/docker && \ cp -v server-cert.pem /etc/docker
Check the docker config file /etc/default/docker and change the docker options as below:
DOCKER_OPTS=' -H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock --storage-driver aufs --tlsverify --tlscacert /etc/docker/ca.pem --tlscert /etc/docker/server-cert.pem --tlskey /etc/docker/server-key.pem --label provider=generic