If I set enforcement of IAM for localstack-pro, I get a permissions error when trying to deploy a stack;
version: "3.8"
services:
localstack:
container_name: "${LOCALSTACK_DOCKER_NAME-localstack_main}"
image: localstack/localstack-pro
ports:
- "127.0.0.1:4566:4566" # LocalStack Gateway
- "127.0.0.1:4510-4559:4510-4559" # external services port range
environment:
- DEBUG=${DEBUG-}
- LAMBDA_EXECUTOR=${LAMBDA_EXECUTOR-}
- DOCKER_HOST=unix:///var/run/docker.sock
- LOCALSTACK_API_KEY=GDiVANrxjg
- ENFORCE_IAM=1
volumes:
- "${LOCALSTACK_VOLUME_DIR:-./volume}:/var/lib/localstack"
- "/var/run/docker.sock:/var/run/docker.sock"
The given error is;
Building Assets Failed: Error: opensearch-dummy: Access to the specified resource is denied
This is in response to the command;
cdklocal deploy
It worsk as expected if ENFORCE-IAM=0
Q: Is there a default set of user credentials for localstack that allows me to deploy?
Related
I am trying to install PenPot using Portainer and Traefik. I have entered my docker-compose file into Portainer and created the stacks. In Traefik I have created a proxy network for the frontend of PenPot to connect to. On the back end I am using the default network for the backend of PenPot and the database to use. As far as I can tell (and I am just starting out with Docker, so I am trying to learn) everything looks to be set up correctly.
However when I look into the logs for backend PenPot, I see that it can't connect to the database. It fails with the following message:
FATAL: password authentication failed for user "penpot"
I have checked the password used and it is spelt correctly in both instances and the password doesn't use any special characters. I have gone over the settings multiple times and I can't for the life of me figure out why I am getting this error. Can I not have multiple networks? Am I missing something in my configuration?
This is my docker-compose file. Hopefully someone can point out the error that I am making.
version: "3.5"
networks:
default:
external: false
proxy:
external: true
volumes:
postgres_data:
assets_data:
services:
frontend:
image: "penpotapp/frontend:latest"
hostname: frontend.penpot
volumes:
- assets_data:/opt/data
depends_on:
- penpot-backend
- penpot-exporter
networks:
- default
- proxy
labels:
- traefik.enable=true
- traefik.docker.network=proxy
- traefik.constraint-label=proxy
- traefik.http.routers.penpot-http.rule=Host(`penpot.mydomain.com`)
- traefik.http.routers.penpot-http.entrypoints=http
- traefik.http.middlewares.penpot-https-redirect.redirectscheme.scheme=https
- traefik.http.routers.penpot-http.middlewares=penpot-https-redirect
- traefik.http.routers.penpot-https.rule=Host(`penpot.mydomain.com`)
- traefik.http.routers.penpot-https.entrypoints=https
- traefik.http.routers.penpot-https.tls=true
- traefik.http.routers.penpot-https.tls.certresolver=le
- traefik.http.services.penpot.loadbalancer.server.port=80
penpot-backend:
image: "penpotapp/backend:latest"
hostname: backend.penpot
volumes:
- assets_data:/opt/data
depends_on:
- postgres
- redis
environment:
## Standard database connection parameters (only postgresql is supported):
- POSTGRES_DB=penpot
- POSTGRES_USER=penpot
- POSTGRES_PASSWORD=penpot
## Redis is used for the websockets notifications.
- PENPOT_REDIS_URI=redis://penpot-redis/0
## Should be set to the public domain where penpot is going to be served.
- PENPOT_PUBLIC_URI=https://penpot.mydomain.com
## Feature flags.
- PENPOT_FLAGS=enable-registration enable-login disable-email-verification
## By default, files uploaded by users are stored in local
## filesystem. But it can be configured to store in AWS S3.
- PENPOT_ASSETS_STORAGE_BACKEND=assets-fs
- PENPOT_STORAGE_ASSETS_FS_DIRECTORY=/opt/data/assets
## Telemetry. When enabled, a periodical process will send anonymous
## data about this instance.
- PENPOT_TELEMETRY_ENABLED=false
## Email sending configuration. By default, emails are printed in the
## console, but for production usage is recommended to setup a real
## SMTP provider. Emails are used to confirm user registrations.
- PENPOT_SMTP_ENABLED=true
- PENPOT_SMTP_DEFAULT_FROM=Penpot <no-reply#mydomain.com>
- PENPOT_SMTP_DEFAULT_REPLY_TO=Penpot <no-reply#mydomain.com>
- PENPOT_SMTP_HOST=mail.mydomain.com
- PENPOT_SMTP_PORT=587
- PENPOT_SMTP_USERNAME=XXXX
- PENPOT_SMTP_PASSWORD=XXXX
- PENPOT_SMTP_TLS=true
- PENPOT_SMTP_SSL=false
networks:
- default
penpot-exporter:
image: "penpotapp/exporter:latest"
environment:
# Don't touch it; this uses internal docker network to
# communicate with the frontend.
- PENPOT_PUBLIC_URI=http://frontend.penpot
networks:
- default
postgres:
image: "postgres:14"
restart: always
stop_signal: SIGINT
environment:
- POSTGRES_INITDB_ARGS=--data-checksums
- POSTGRES_DB=penpot
- POSTGRES_USER=penpot
- POSTGRES_PASSWORD=penpot
volumes:
- postgres_data:/var/lib/postgresql/data
networks:
- default
redis:
image: redis:7
restart: always
networks:
- default
I have localstack running on a Kali Linux box. I have added an aws S3 service. I can access the service using:
aws --endpoint-url=http://localhost:4566 s3 ls
if I try the same command using the machines IP address I get a message:
Could not connect to the endpoint URL: "http://10.xxx.xxx.xxx:4566/"
My docker-compose.yaml file looks like:
version: "3.8"
services:
localstack:
container_name: "${LOCALSTACK_DOCKER_NAME-localstack_main}"
image: localstack/localstack
ports:
- "127.0.0.1:4566:4566" # LocalStack Gateway
- "127.0.0.1:4510-4559:4510-4559" # external services port range
- "127.0.0.1:53:53" # DNS config (only required for Pro)
- "127.0.0.1:53:53/udp" # DNS config (only required for Pro)
- "127.0.0.1:443:443" # LocalStack HTTPS Gateway (only required for Pro)
environment:
- DEBUG=${DEBUG-}
- PERSISTENCE=${PERSISTENCE-}
- LAMBDA_EXECUTOR=${LAMBDA_EXECUTOR-}
- LOCALSTACK_API_KEY=${LOCALSTACK_API_KEY-} # only required for Pro
- DOCKER_HOST=unix:///var/run/docker.sock
- HOSTNAME_EXTERNAL-localstack
volumes:
- "${LOCALSTACK_VOLUME_DIR:-./volume}:/var/lib/localstack"
- "/var/run/docker.sock:/var/run/docker.sock"
networks:
default:
external: true
name: localstack
I am not sure how to tell localstack to be available by the machine's IP address instead of just localhost.
Thank in advance for the help.:
I am running multiple docker containers. I want to invoke a graphql Hasura api running on a docker container from a node js application running on another container. I am unable to use same url - (http:///v1/graphql) that I use to access the Hasura api for accessing from node js application.
I tried http://localhost/v1/graphql but that is not also working.
The following is the docker compose file for Hasura graphql
version: '3.6'
services:
postgres:
image: postgis/postgis:12-master
restart: always
volumes:
- db_data:/var/lib/postgresql/data
environment:
POSTGRES_PASSWORD: <postgrespassword>
pgadmin:
image: dpage/pgadmin4
restart: always
depends_on:
- postgres
ports:
- 5050:80
## you can change pgAdmin default username/password with below environment variables
environment:
PGADMIN_DEFAULT_EMAIL: <email>
PGADMIN_DEFAULT_PASSWORD: <pass>
graphql-engine:
image: hasura/graphql-engine:v1.3.0-beta.3
depends_on:
- "postgres"
restart: always
environment:
# database url to connect
HASURA_GRAPHQL_DATABASE_URL: postgres://postgres:postgrespassword#postgres:5432/postgres
# enable the console served by server
HASURA_GRAPHQL_ENABLE_CONSOLE: "true" # set "false" to disable console
## uncomment next line to set an admin secret key
HASURA_GRAPHQL_ADMIN_SECRET: <secret>
HASURA_GRAPHQL_UNAUTHORIZED_ROLE: anonymous
HASURA_GRAPHQL_JWT_SECRET: '{ some secret }'
command:
- graphql-engine
- serve
caddy:
image: abiosoft/caddy:0.11.0
depends_on:
- "graphql-engine"
restart: always
ports:
- "80:80"
- "443:443"
volumes:
- ./Caddyfile:/etc/Caddyfile
- caddy_certs:/root/.caddy
volumes:
db_data:
caddy_certs:
The caddy file has the following configuration:
# replace :80 with your domain name to get automatic https via LetsEncrypt
:80 {
proxy / graphql-engine:8080 {
websocket
}
}
What is the api end point I should be using from another docker container (not present in this docker-compose) to access the hasura api? From browser I use http://#ipaddress /v1/graphql.
What is the configuration of caddy actually do here?
Hi I'm new to using docker for development. I'm trying to communicate from frontend (react) to the backend (express.js) here.
I have enabled cors as well, I'm getting an error saying net::ERR_NAME_NOT_RESOLVED when trying to fetch from the back end using the url http://backend:4001,
but it's working when I use the docker internal IPAddress, like: http://172.18.0.3:4001.
Following is my docker-compose.yml file.
Please advise on getting this working, thanks.
version: "3"
services:
backend:
build: ./api
volumes:
- ./api:/usr/src/api
ports:
- 6002:4001
depends_on:
- database
database:
image: mongo:4.0.15-xenial
ports:
- 27018:27017
frontend:
build: ./app
volumes:
- ./app:/usr/src/app
ports:
- 6001:3000
links:
- backend
depends_on:
- backend
It will not work, because your browser(internet client) is not part of docker stack network, you have to configure you frontend service to connect to http://localhost:6002 instead of http://backend:4001
Goal
We would like to create a development environment where we can run the latest versions of our registry, uaa and gateway on a server. We would then like to develop and run (in or outside docker) a microservice locally. This microservice should then be configured to connect and communicate to the other server.
Test setup
I have now generated a docker-compose via the jhipster sub-generator for our gateway, uaa and registry. I then tried to start the microservice i'm currently working on via gradlew, build it via gradlew dockerBuild and start the app.yml. I also tried to change the hostname in app.yml to localhost, 127.0.0.1 and the IP of the registries docker container.
My results
If hostname is jhipster-registry: unknownhostexception. Most likely because the applications are started in different docker-compose files.
If hostname is localhost or 127.0.0.1: http://127.0.0.1:8761/config/application/prod/master connection refused. Changing to Perhaps some more configuration is required?
If the hostname is the ip of the registry docker container: After the jhipster logo in the terminal no other output is given. But the application never stops due to an exception.
Files
docker-compose.yml (registry, uaa & gateway)
version: '2'
services:
mygateway-app:
image: mygateway
environment:
- SPRING_PROFILES_ACTIVE=prod,swagger
- EUREKA_CLIENT_SERVICE_URL_DEFAULTZONE=http://admin:$${jhipster.registry.password}#jhipster-registry:8761/eureka
- SPRING_CLOUD_CONFIG_URI=http://admin:$${jhipster.registry.password}#jhipster-registry:8761/config
- SPRING_DATASOURCE_URL=jdbc:mysql://mygateway-mysql:3306/mygateway?useUnicode=true&characterEncoding=utf8&useSSL=false
- JHIPSTER_SLEEP=30
- JHIPSTER_REGISTRY_PASSWORD=admin
ports:
- 8080:8080
depends_on:
- "mygateway-mysql"
- "myuaa-app"
mygateway-mysql:
image: mysql:5.7.20
environment:
- MYSQL_USER=root
- MYSQL_ALLOW_EMPTY_PASSWORD=yes
- MYSQL_DATABASE=mygateway
command: mysqld --lower_case_table_names=1 --skip-ssl
--character_set_server=utf8mb4 --explicit_defaults_for_timestamp
myuaa-app:
image: myuaa
environment:
- SPRING_PROFILES_ACTIVE=prod,swagger
- EUREKA_CLIENT_SERVICE_URL_DEFAULTZONE=http://admin:$${jhipster.registry.password}#jhipster-registry:8761/eureka
- SPRING_CLOUD_CONFIG_URI=http://admin:$${jhipster.registry.password}#jhipster-registry:8761/config
- SPRING_DATASOURCE_URL=jdbc:mysql://myuaa-mysql:3306/myuaa?useUnicode=true&characterEncoding=utf8&useSSL=false
- JHIPSTER_SLEEP=30
- JHIPSTER_REGISTRY_PASSWORD=admin
depends_on:
- "myuaa-mysql"
- "jhipster-registry"
myuaa-mysql:
image: mysql:5.7.20
environment:
- MYSQL_USER=root
- MYSQL_ALLOW_EMPTY_PASSWORD=yes
- MYSQL_DATABASE=myuaa
command: mysqld --lower_case_table_names=1 --skip-ssl
--character_set_server=utf8mb4 --explicit_defaults_for_timestamp
jhipster-registry:
extends:
file: jhipster-registry.yml
service: jhipster-registry
app.yml (microservice)
version: '2'
services:
myservice-app:
image: myservice
environment:
# - _JAVA_OPTIONS=-Xmx512m -Xms256m
- SPRING_PROFILES_ACTIVE=prod,swagger
- EUREKA_CLIENT_SERVICE_URL_DEFAULTZONE=http://admin:$${jhipster.registry.password}#localhost:8761/eureka
- SPRING_CLOUD_CONFIG_URI=http://admin:$${jhipster.registry.password}#localhost:8761/config
- SPRING_DATASOURCE_URL=jdbc:mysql://myservice-mysql:3306/myservice?useUnicode=true&characterEncoding=utf8&useSSL=false
- JHIPSTER_SLEEP=10 # gives time for the JHipster Registry to boot before the application
- JHIPSTER_REGISTRY_PASSWORD=admin
myservice-mysql:
extends:
file: mysql.yml
service: myservice-mysql
# jhipster-registry:
# extends:
# file: jhipster-registry.yml
# service: jhipster-registry
# environment:
# - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_TYPE=native
# - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_SEARCH_LOCATIONS=file:./central-config/docker-config/