Docker ubuntu构建在ec2

时间:2017-08-19 23:21:45

标签: ubuntu docker amazon-ec2

了解有关Docker的更多信息。想在ec2实例上做我的工作。认为本教程是一个很好的起点: Docker Basics。当我尝试从Dockerfile构建docker镜像时,我在运行apt-get update -y时遇到错误。

最初认为不受支持的ubuntu版本(12.04)是一个如此更新的问题,引用了最新版本(17.04)以及与apt-update相关的错误(如下)。

更新:我在非ec2机器上运行了步骤,并在apt-update阶段获得了不同的输出,因此我认为ec2配置中的某些内容会干扰网络连接。

任何帮助表示赞赏。控制台输出如下:

ec2 docker build --no-cache -t moikaturns/amazon-ecs-sample .
Sending build context to Docker daemon   363 kB
Step 1/12 : FROM ubuntu:17.04
 ---> bde41be8de8c
Step 2/12 : RUN apt-get update -y
 ---> Running in d8132cda2e2a
Err:1 http://security.ubuntu.com/ubuntu zesty-security InRelease
  Cannot initiate the connection to security.ubuntu.com:80 (2001:67c:1560:8001::14). - connect (101: Network is unreachable) [IP: 2001:67c:1560:8001::14 80]
Err:2 http://archive.ubuntu.com/ubuntu zesty InRelease
  Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1360:8001::21). - connect (101: Network is unreachable) [IP: 2001:67c:1360:8001::21 80]
Err:3 http://archive.ubuntu.com/ubuntu zesty-updates InRelease
  Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1360:8001::21). - connect (101: Network is unreachable) [IP: 2001:67c:1360:8001::21 80]
Err:4 http://archive.ubuntu.com/ubuntu zesty-backports InRelease
  Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1360:8001::21). - connect (101: Network is unreachable) [IP: 2001:67c:1360:8001::21 80]
Reading package lists...
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/zesty/InRelease  Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1360:8001::21). - connect (101: Network is unreachable) [IP: 2001:67c:1360:8001::21 80]
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/zesty-updates/InRelease  Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1360:8001::21). - connect (101: Network is unreachable) [IP: 2001:67c:1360:8001::21 80]
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/zesty-backports/InRelease  Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1360:8001::21). - connect (101: Network is unreachable) [IP: 2001:67c:1360:8001::21 80]
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/zesty-security/InRelease  Cannot initiate the connection to security.ubuntu.com:80 (2001:67c:1560:8001::14). - connect (101: Network is unreachable) [IP: 2001:67c:1560:8001::14 80]
W: Some index files failed to download. They have been ignored, or old ones used instead.
 ---> 6aa041d69aec
Removing intermediate container d8132cda2e2a
Step 3/12 : RUN apt-get install -y git curl apache2 php5 libapache2-mod-php5 php5-mcrypt php5-mysql
 ---> Running in 1b807c9fd593
Reading package lists...
Building dependency tree...
Reading state information...
E: Unable to locate package git
E: Unable to locate package curl
E: Unable to locate package apache2
E: Unable to locate package php5
E: Unable to locate package libapache2-mod-php5
E: Unable to locate package php5-mcrypt
E: Unable to locate package php5-mysql
The command '/bin/sh -c apt-get install -y git curl apache2 php5 libapache2-mod-php5 php5-mcrypt php5-mysql' returned a non-zero code: 100

Dockerbuild脚本运行时获取的/etc/resolve.conf的内容。它是系统生成的,来自主机(我添加了谷歌DNS)。 Dockerfile脚本的输出确认运行脚本的上下文中的内容:

Step 2/13 : RUN cat /etc/resolv.conf
 ---> Running in 68b494d1fcdb
; generated by /sbin/dhclient-script
search eu-west-1.compute.internal
nameserver 172.31.0.2
nameserver 8.8.8.8

在ec2实例上运行它但是我无法在Dockerfile脚本中运行它(因为ubuntu没有安装curl而且由于网络问题我无法运行apt-get来安装任何东西):

ec2 curl ipinfo.io
{
  "ip": "52.17.159.7",
  "hostname": "ec2-52-17-159-7.eu-west-1.compute.amazonaws.com",
  "city": "Dublin",
  "region": "Leinster",
  "country": "IE",
  "loc": "53.3389,-6.2595",
  "org": "AS16509 Amazon.com, Inc."
}

1 个答案:

答案 0 :(得分:1)

通过为docker指定一个不同的网络来使用/ bind to(另一个名为'host'的替代方案,而不是我认为是默认选项'bridge'),发现了如何使其工作。我无法解释为什么一个有效,另一个无法解释我的网络知识不是很好。

这篇文章促使我尝试Docker container networking。它描述了docker创建的三个“默认网络”。调用docker时,可以选择要绑定的特定网络。我认为'none'字面意思是没有网络。我试过'桥'并且出现了相同的症状。我尝试了'主机'并实现了互联网连接(apt-get update工作),ergo回答了我的问题。

输出命令以列出可用于docker的网络:

ec2 docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
4d37091ae99e        bridge              bridge              local
cab1b88f8084        host                host                local
592bd8b26a6a        none                null                local

在运行docker build时指定一个网络(--network switch是关键),apt-get update的输出是我的证据,改变是有效的:

ec2 docker build --network host --no-cache -t moikaturns/amazon-ecs-sample .
Sending build context to Docker daemon 363.5 kB
Step 1/3 : FROM ubuntu:17.04
 ---> bde41be8de8c
Step 2/3 : RUN cat /etc/resolv.conf
 ---> Running in 62447e6613d6
; generated by /sbin/dhclient-script
search eu-west-1.compute.internal
nameserver 172.31.0.2
 ---> 7456dd87e8eb
Removing intermediate container 62447e6613d6
Step 3/3 : RUN apt-get update -y
 ---> Running in 19c5ba6e2a21
Get:1 http://security.ubuntu.com/ubuntu zesty-security InRelease [89.2 kB]
Get:2 http://archive.ubuntu.com/ubuntu zesty InRelease [243 kB]
Get:3 http://archive.ubuntu.com/ubuntu zesty-updates InRelease [89.2 kB]
...
Get:21 http://archive.ubuntu.com/ubuntu zesty-backports/main amd64 Packages [1438 B]
Fetched 24.2 MB in 3s (7702 kB/s)
Reading package lists...
 ---> bcf0a72ac69e
Removing intermediate container 19c5ba6e2a21
Successfully built bcf0a72ac69e

还发现这对Amazon Web Services (AWS) EC2 example

很有用 
docker run -it ubuntu bash

告诉docker启动交互式bash shell。可以交互式地观察网络困难,而不是运行Dockerfile脚本。令人沮丧的是它是一个最小的ubuntu并没有安装像ping这样的基本工具。由于apt-get install无法正常运行,因此可以安装它们以尝试进行大量调查。

指定使用泊坞窗运行的网络可启用网络功能:

docker run --network=host -it ubuntu bash

感谢所有回答我问题的人。

RCA :在用aws跟进之后,一位代表友好地协助诊断出错了(该教程在vanilla ec2实例上工作正常)。原因被追溯到我添加到ec2实例的iptables规则:

sudo /sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080

它将入站端口80重定向到内部端口8080.显然,它已经扰乱了Docker创建的iptables条目(不知何故)。如果我删除这个规则,vanilla教程可以在我的ec2实例上运行(所有iptables规则都是将端口80路由到8080,我可以使用代理,例如nginx)。

相关问题
最新问题