Kev’s Blog – Page 132 – Kev's Development Toolbox

June 4, 2017April 28, 2019

Deploying Docker Containers to AWS EC2 Container Service (ECS)

I’ve spent a lot of time playing with Docker containers locally for various personal projects, but haven’t spent much time deploying them to the cloud. I did look at IBM Bluemix a while back, and their web console and toolset was a pretty good developer experience. I’m curious about how OpenShift Online is evolving into a container based service as I’ve deployed many personal projects to OpenShift, and it has to be my favorite PaaS for features, ease of use, and cost.

AWS is the obvious leader in this space, and despite playing with a few EC2 services during the developer free year, I hadn’t tried yet to deploy Docker Containers there.

AWS’s Docker support is EC2 Container Service, or ECS.

To get started:

Install the AWS CLI: http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html

On the Mac I installed this easily with ‘brew install awscli’, which was much simpler than installing Python and PIP per the official instructions (see here).

Create an AWS user in AWS IAM for authenticating between your local Docker install and with ECS (this user is used instead of your master Amazon account credentials).

Run ‘aws configure’ locally and add secret key credentials from when you created your admin user in IAM

Follow through the step in the ECS Getting Stared guide here: https://console.aws.amazon.com/ecs/home?region=us-east-1#/firstRun

To summarize the steps in the getting started guide:

From the ECS Control Panel, create a Docker Image Repository: https://console.aws.amazon.com/ecs/home?region=us-east-1#/repositories
Connect your local Docker client with your Docker credentials in ECS:
```
aws ecr get-login --region us-east-1
```
Copy and paste the docker login command from the previous step, this will log you in for 24 hours
Tag your image locally ready to push to your ECS repository – use the repo URI from the first step:

docker tag imageid ecs-repo-uri

The example command in the docs looks like this:

docker tag e9ae3c220b23 aws_account_id.dkr.ecr.region.amazonaws.com/repository-name

For the last param, the tag name, use the ECS Docker Repo URI when you created the repo.

Push the image to your ECS repo with (where image-tag-name is the same as the tag name above):

docker push image-tag-name

Docker images are run on ECS using a task config. You can create with the web ui (https://console.aws.amazon.com/ecs/home?region=us-east-1#/taskDefinitions), or manually create as a json file. If you create from the web ui you can copy the json from the configured task as a template for another task.

Before you can run a task, you need to create a Cluster, using the web ui: https://console.aws.amazon.com/ecs/home?region=us-east-1#/clusters

Run your task specifying the EC2 cluster to run on:

aws ecs run-task –task-definition task-def-name –cluster cluster-name

If you omit the –cluster param, you’ll see this error

Error: "An error occurred (ClusterNotFoundException) when calling the RunTask operation: Cluster not found."

To check cluster status:

aws ecs describe-clusters --cluster cluster-name

Ensure you have an inbound rule on your EC2 security to allow incoming requests to the exposed port on your container (e.g. TCP 80 for incoming web traffic).

Next up: deploying a single container is not particularly useful. Next I’m going to take a look at adding Netflix Eureka for discovery of other deployed services in containers.

May 24, 2017

Building and running a Packet Radio Winlink solution in a Docker container, on a Raspberry Pi

Running Packet Radio apps in a Docker container, on a Raspberry Pi? Are you mad I hear you ask?Isn’t it hard enough to get ax25 and Packet Radio up and running on the Pi anyway? Having done this a few times already, this was my thinking, and I had the crazy idea that encapsulating most of the config and setup in Dockerfiles to build preconfigured containers might be an idea worth exploring.

Installing and configuring ax25 for the Raspberry Pi and Winlink clients that use ax25 like paclink-unix or PAT can be done and work well, but the steps, as for example documented in this comprehensive guide for building and installing paclink-unix which span several pages of instructions – this can be daunting even for those more familiar with building and installing apps from source on Linux.

Since the steps are well documented, I wondered if they could be captured in a Dockerfile to automate building a self-contained and ready to run Docker container.

tldr; The short story

I did eventually did get this working building ax25 from source and using Pat, but it took me down a rabbit hole for several hours. Skip to the end if you just want to find out how to build and run the completed Docker containers.

The Longer Explanation

I could not get ax25 to work self-contained in it’s own Docker container, as I ran into issues either accessing my serial device connected to my TNC Pi from inside the Container, and/or creating an ax0 interface when running kissattach.

If you expose the serial port on the Raspberry Pi to the Container running paclink-unix:

docker run -it --device=/dev/ttyAMA0 rpi-paclink

… When trying kissattach in the container it gives:

kissattach: Error setting line discipline: TIOCSETD: Operation not permitted

Are you sure you have enabled MKISS support in the kernel

or, if you made it a module, that the module is loaded?

Alternatively, starting with –privileged:

docker run -it --privileged  -v /dev/ttyAMA0:/dev/ttyAMA0  rpi-paclink

gives:

sudo kissattach /dev/ttyAMA0 1

kissattach: SIOCSIFMTU: No such device

I was initially trying to get this working because I wanted to run paclink-unix for Winlink email. Part of this app when you run the make script it will create wl2kserial and wl2ktelnet, but not wl2kax25. I had already run into this before, as it seems it doesn’t compile unless it has a later version of the ax25 stack compiled from source.

I changed gears and looked for how you could share an up and running ax25 stack from the Docker host, and it turns out this is easy to do, you just pass the –network=host param, and then ax0 appears in your network interfaces in your container.

The next issue I ran into is that configuring postfix as your email transport take some effort. bazaudi.com have a very detailed set of instructions, but I couldn’t get it working for outgoing email. It was working for incoming via wl2ktelnet and wl2kax25, but only for receiving emails and not sending. Time to try something else.

Installing and configuring Pat in a Container

I tried to get Pat working once before – I think I had it working on either a Debian or Ubuntu box, but couldn’t get it working on Raspbian on a Pi. I decided to try it again in this setup, and reusing the base image with ax25 already compiled from source, it was actually very easy to get Pat up and running.

This is dependent on having ax25 installed and configure on the host Pi OS, and the shared to the container with –network=host. I know, this seems redundant, but this is the only way I managed to get this working.

My base image for Raspbian including ax25 built form source is here: https://github.com/kevinhooke/DockerRPiAX25FromSource

To build the image passing in the parameterized value for your callsign (passing your callsign in place of ‘yourcall’):

docker build --build-param MYCALL=yourcall -t rpi-ax25 .

Next build an image containing Pat, based on the image we just built – the source for this Dockerfile is here: https://github.com/kevinhooke/DockerRPiPATWinlink.git

Build this image with:

docker build --build-arg MYCALL=yourcall --build-arg MYCALLSSID=yourcall-1 
    --build-arg MYLOC=AA11aa --build-arg WINLINKPASS=yourwlpass 
    -t rpi-wl-pat .

Now to start it up remember we’re relying on an ax25 connection from the host, and we’re going to share it with the guest container. My TNC-Pi board connected to my Raspberry Pi is available on serial device as /dev/ttyAMA0, so I start up my ax0 port like:

sudo kissattach /dev/ttyAMA0 1 10.1.1.1

Next, run the container as a daemon, share the host networking, and expose port 8080 so we can access the Pat webapp:

docker run -d –network=host -p 8080:8080 rpi-wl-pat

Now let’s fire up the webapp:

Looks good, this is the Pat inbox. Let’s send a test email to myself – this is going to be sent using Packet over 2m VHF via my local Winlink gateway, AG6QO-10. I have this preconfigured in my Pat config file. You can configure this yourself before creating the rpi-wl-pat image:

Remember the Pat webapp that we’re interacting with here is running in a Docker container, on a Raspberry Pi. I just happen to be accessing it remotely from my Mac. For mobile operation or out in the field, you could attach a touchscreen to the Pi and connect a keyboard and mouse too.

To send my email over RF to the Winlink gateway, click Action, then Connect:

In the Pat status window we now see a log of the Packet exchange between my station and AG6QO-10 via BERR37:

A few seconds later the email arrives in my gmail inbox:

If I reply to the email in gmail, it will go back over the Winlink network, and be waiting for me when I connect to the Winlink gateway again over RF. Let’s give that a go in Pat – select Action and Connect, we connect to AG6QO0-10 again over 2m VHF, and now the reply is in my inbox in Pat: