Unable to run Heroku exec on a docker container - docker

I've followed the steps here (https://devcenter.heroku.com/articles/exec#enabling-docker-support) to install curl (curl 7.61.1 (x86_64-alpine-linux-musl) libcurl/7.61.1 LibreSSL/2.0.0 zlib/1.2.11 libssh2/1.8.0 nghttp2/1.32.0), python, bash, and openssh (OpenSSH_7.2p2-hpn14v4, OpenSSL 1.0.2p 14 Aug 2018). I've created the /app/.profile.d/heroku-exec.sh file in my container and added a sym link.
However, running heroku ps:exec -a my-app returns the following message:
Establishing credentials... error
! Could not connect to dyno!
! Check if the dyno is running with `heroku ps'
I've verified my application is in fact running (& has the runtime-heroku-exec feature enabled):
web (Free): /bin/sh -c exec\ java\ \$JAVA_OPTS\ -Dserver.port\=\$PORT\ -Djava.security.egd\=file:/dev/./urandom\ -jar\ /app.jar (1)
web.1: up 2018/09/30 09:34:55 -0600 (~ 4m ago)
I've verified that the heroku-exec.sh exists on my deployed container by doing heroku run -a my-app bash and cat /app/.profile.d/heroku-exec.sh
At this point, I'm not sure what to try in order to troubleshoot why heroku exec won't work on my container. Here's what my Dockerfile looks like in case there's something off with how I've put together my application:
FROM openjdk:8-jdk-alpine
RUN apk add --no-cache openssh-keygen
RUN apk add --no-cache openssh-client=7.2_p2-r5 --repository=http://dl-cdn.alpinelinux.org/alpine/v3.4/main --allow-untrusted
RUN apk add --no-cache openssh-sftp-server=7.2_p2-r5 --repository=http://dl-cdn.alpinelinux.org/alpine/v3.4/main --allow-untrusted
RUN apk add --no-cache openssh=7.2_p2-r5 --repository=http://dl-cdn.alpinelinux.org/alpine/v3.4/main --allow-untrusted
RUN apk add --no-cache curl
RUN apk add --no-cache bash
RUN apk add --update --no-cache python
RUN rm /bin/sh && ln -s /bin/bash /bin/sh
RUN adduser -D app-user
USER app-user
ARG JAR_FILE
ARG PORT
ARG HEROKU_FILE_NAME
COPY ${JAR_FILE} app.jar
COPY ${HEROKU_FILE_NAME} /app/.profile.d/heroku-exec.sh
ENV JAVA_OPTS -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=8000
HEALTHCHECK --interval=15m --timeout=10s --retries=3 --start-period=1m CMD curl --fail http://localhost:8080/restaurantscores/actuator/health || exit 1
CMD exec java $JAVA_OPTS -Dserver.port=$PORT -Djava.security.egd=file:/dev/./urandom -jar /app.jar

The "Using with Docker" section of the "Heroku Exec (SSH Tunneling)" documentation doesn't address Alpine usage.
Rather than using /app/.profile.d Alpine uses /etc/profile.d.
So change
COPY ${HEROKU_FILE_NAME} /app/.profile.d/heroku-exec.sh
to
COPY ${HEROKU_FILE_NAME} /etc/profile.d/heroku-exec.sh
Also ensure that heroku-exec.sh is executable. You can do this using chmod +x heroku-exec.sh.

I found that I had to additionally add a python symlink to my alpine-based dockerfile, to get it working:
ln -s /usr/bin/python3 /usr/bin/python
here is an example of a dockerfile, for deploying a very simple nginx application, that definitely works with heroku-exec (as of October 2020):
FROM alpine:latest
# install required packages
RUN apk add --no-cache --update python3 bash curl openssh nginx
# simplfy nginx config to enable ENV variable substitution
RUN echo 'server { listen PORT_NUMBER; }' > /etc/nginx/conf.d/default.conf \
&& mkdir /run/nginx
# add config required for HEROKU_EXEC
# ENV HEROKU_EXEC_DEBUG=1
RUN rm /bin/sh \
&& ln -s /bin/bash /bin/sh \
&& mkdir -p /app/.profile.d/ \
&& printf '#!/usr/bin/env bash\n\nset +o posix\n\n[ -z "$SSH_CLIENT" ] && source <(curl --fail --retry 7 -sSL "$HEROKU_EXEC_URL")\n' > /app/.profile.d/heroku-exec.sh \
&& chmod +x /app/.profile.d/heroku-exec.sh \
&& ln -s /usr/bin/python3 /usr/bin/python
# configure NGINX to listen on dynamic $PORT env variable supplied by Heroku.
CMD sed -i 's/PORT_NUMBER/'"$PORT"'/g' /etc/nginx/conf.d/default.conf; nginx -g 'daemon off;'

Related

connection refused when using dockerfile to pull git repository

Local setup for kubernetes: Mac OS
Docker for desktop >> kubernetes >> traefik >> Gitea
The gitea is installed in the cluster and exposed as clusterIP service ingresses through treafik which is accessible at http://gitea.local. Everything is butter smooth till here.
The pain:
Now i am creating a dockerfile and using a docker build to build an image. This dockerfile is trying to clone a repository from http://gitea.local. The problem is i am getting connection refused all the times.
RUN mkdir -p apps sites/assets/css \
&& cd apps \
&& git clone http://gitea.local/inviadmin/testing.git
Then i simply tried RUN curl http://gitea.local from inside dockerfile just to debug and got the same:
curl: (7) Failed to connect to gitea.local port 80: Connection refused
if i curl google.com from dockerfile its working. Any help is strongly appreciated.
Dockerfile:
# syntax = docker/dockerfile:1.0-experimental
FROM bitnami/python:3.7-prod
ENV NVM_DIR=/root/.nvm
ENV NODE_VERSION=12.18.3
ENV PATH="/root/.nvm/versions/node/v${NODE_VERSION}/bin/:${PATH}"
RUN install_packages wget \
&& wget https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.3/install.sh \
&& chmod +x install.sh \
&& ./install.sh \
&& . "$NVM_DIR/nvm.sh" && nvm install ${NODE_VERSION} \
&& nvm use v${NODE_VERSION} && npm install -g yarn
RUN install_packages \
# when using ssh
git openssh-client openssh-server iputils-ping
#git
ARG GIT_BRANCH=master
#RUN ping host.docker.internal
RUN mkdir -p apps sites/assets/css \
&& cd apps \
&& git clone http://gitea.local/inviadmin/test.git --branch $GIT_BRANCH
FROM nginx:latest
COPY --from=0 /home/test/sample/sites /var/www/html/
COPY --from=0 /var/www/error_pages /var/www/
COPY build/nginx/nginx-default.conf.template /etc/nginx/conf.d/default.conf.template
COPY build/entry/docker-entrypoint.sh /
RUN apt-get update && apt-get install -y rsync && apt-get clean \
&& echo "#!/bin/bash" > /rsync \
&& chmod +x /rsync
VOLUME [ "/assets" ]
ENTRYPOINT ["/docker-entrypoint.sh"]
CMD ["nginx", "-g", "daemon off;"]
I tested your dockerfile and here's the outcome
Since the only part you were having issue was the git pull, i chose to use the following lines only.
Notice from the build that how adding entry to the /etc/hosts took effect for the following commands.
If the issue still persists then i suggest you start looking into the gitea container's logs.

Run Python scripts on command line running Docker images

I built a docker image using Dockerfile with Python and some libraries inside (no my project code inside). In my local work dir, there are some scripts to be run on the docker. So, here what I did
$ cd /path/to/my_workdir
$ docker run -it --name test -v `pwd`:`pwd` -w `pwd` my/code:test python src/main.py --config=test --results-dir=/home/me/Results
The command python src/main.py --config=test --results-dir=/home/me/Results is what I want to run inside the Docker container.
However, it returns,
/home/docker/miniconda3/bin/python: /home/docker/miniconda3/bin/python: cannot execute binary file
How can I fix it and run my code?
Here is my Dockerfile
FROM nvidia/cuda:10.1-cudnn7-runtime-ubuntu18.04
MAINTAINER Me <me#me.com>
RUN apt update -yq && \
apt install -yq curl wget unzip git vim cmake sudo
RUN adduser --disabled-password --gecos '' docker && \
adduser docker sudo && \
echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
USER docker
WORKDIR /home/docker/
RUN chmod a+rwx /home/docker/ && \
wget https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh && \
bash Miniconda3-latest-Linux-x86_64.sh -b && rm Miniconda3-latest-Linux-x86_64.sh
ENV PATH /home/docker/miniconda3/bin:$PATH
Run pip install absl-py==0.5.0 atomicwrites==1.2.1 attrs==18.2.0 certifi==2018.8.24 chardet==3.0.4 cycler==0.10.0 docopt==0.6.2 enum34==1.1.6 future==0.16.0 idna==2.7 imageio==2.4.1 jsonpickle==1.2 kiwisolver==1.0.1 matplotlib==3.0.0 mock==2.0.0 more-itertools==4.3.0 mpyq==0.2.5 munch==2.3.2 numpy==1.15.2 pathlib2==2.3.2 pbr==4.3.0 Pillow==5.3.0 pluggy==0.7.1 portpicker==1.2.0 probscale==0.2.3 protobuf==3.6.1 py==1.6.0 pygame==1.9.4 pyparsing==2.2.2 pysc2==3.0.0 pytest==3.8.2 python-dateutil==2.7.3 PyYAML==3.13 requests==2.19.1 s2clientprotocol==4.10.1.75800.0 sacred==0.8.1 scipy==1.1.0 six==1.11.0 sk-video==1.1.10 snakeviz==1.0.0 tensorboard-logger==0.1.0 torch==0.4.1 torchvision==0.2.1 tornado==5.1.1 urllib3==1.23
USER docker
ENTRYPOINT ["/bin/bash"]
Try making the file executable before running it.
as John mentioned to do in the dockerfile
FROM python:latest
COPY src/main.py /usr/local/share/
RUN chmod +x /usr/local/share/src/main.py #<-**--- just add this also
# I have some doubts about the pathing
CMD ["/usr/local/share/src/main.py", "--config=test --results-dir=/home/me/Results"]
You can run a python script in docker by adding this to your docker file:
FROM python:latest
COPY src/main.py /usr/local/share/
CMD ["src/main.py", "--config=test --results-dir=/home/me/Results"]

Docker cron job

I need to schedule some cron jobs in docker/kubernetes environment, which will make some external service calls using curl commands. I was trying to use plain alpine:3.6 image but it doesn't have curl.
Any suggestion what base image will be good for this purpose? Also, it will be helpful if there are some examples.
Prepare your own docker image which will includes packages you need or just use something like this https://github.com/aylei/kubectl-debug
I am able to run curl as cronjob job using alpine image as
FROM alpine:3.6
RUN apk --no-cache add curl bash
RUN apk add --no-cache tzdata
ENV TZ=Asia/Kolkata
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ /etc/timezone
RUN mkdir -p /var/log/cron \
&& touch /var/log/cron/cron.log \
&& mkdir -m 0644 -p /etc/cron.d
ADD curlurl /etc/crontabs/root
CMD bash -c "crond -L /var/log/cron/cron.log && tail -F /var/log/cron/cron.log"
#ENTRYPOINT /bin/bash
Where curlurl is having simple curl command as cron job
* * * * * /usr/bin/curl http://dummy.restapiexample.com/api/v1/employees >> /var/log/cron/cron.log
# Leave one blank line below or cron will fail
This is working fine . But now I have tried to make alpine base image with push in private repo to avoid downloading every time. But it stopped working. How can i debug why cron job is not running anymore. Below is the way I have used.
BaseImage
FROM alpine:3.6
RUN apk --no-cache add curl bash
RUN apk add --no-cache tzdata
ENTRYPOINT /bin/bash
Docker for curl
FROM my/alpine:3.6
ENV TZ=Asia/Kolkata
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ /etc/timezone
RUN mkdir -p /var/log/cron \
&& touch /var/log/cron/cron.log \
&& mkdir -m 0644 -p /etc/cron.d
ADD curlurl /etc/crontabs/root
CMD bash -c "crond -L /var/log/cron/cron.log && tail -F /var/log/cron/cron.log"
After making it like this I am not able to get any cron output . Any suggestion on how can I debug it.

can't run helm command in container

I built a docker image to run helm in container.
FROM alpine:edge
ARG HELM_VERSION=2.9.0
ENV URL="https://storage.googleapis.com/kubernetes-helm/helm-v${HELM_VERSION}-linux-amd64.tar.gz"
RUN apk add --no-cache curl && \
curl -L ${URL} |tar xvz && \
cp linux-amd64/helm /usr/bin/helm && \
chmod +x /usr/bin/helm && \
rm -rf linux-amd64 && \
apk del curl
WORKDIR /apps
ENTRYPOINT ["helm"]
CMD ["--help"]
I have put kubeconfig to default path ~/.kube/config, and I am fine to run helm commands locally
But when run helm command within container, i got below error:
$ docker run -ti --rm -v ~/.kube:/root/.kube -v $(pwd):/apps helm list
Error: Get https://xxxx.yl4.us-west-2.eks.amazonaws.com/api/v1/namespaces/kube-system/pods?labelSelector=app%3Dhelm%2Cname%3Dtiller: dial tcp 10.xxx.7.xxx:443: i/o timeout
Anything I can check?
Updates
Tried next day, it works without any changes.

Unable to start container from jenkins

In Jenkins I installed Docker build step plugin.
In Jenkins, created job and in it, executed docker command selected build image. The image is created using the Dockerfile.The Dockerfile is :
FROM ubuntu:latest
#OS Update
RUN apt-get update
RUN apt-get -y install git git-core unzip python-pip make wget build-essential python-dev libpcre3 libpcre3-dev libssl-dev vim nano net-tools iputils-ping supervisor curl supervisor
WORKDIR /home/wipro
#Mongo Setup
RUN curl -O http://downloads.mongodb.org/linux/mongodb-linux-x86_64-3.0.2.tgz && tar -xzvf mongodb-linux-x86_64-3.0.2.tgz && cd mongodb-linux-x86_64-3.0.2/bin && cp * /usr/bin/
#RUN mongod --dbpath /home/azureuser/CI_service/data/ --logpath /home/azureuser/CI_service/log.txt --logappend --noprealloc --smallfiles --port 27017 --fork
#Node Setup
#RUN curl -O https://nodejs.org/dist/v0.12.7/node-v0.12.7.tar.gz && tar -xzvf node-v0.12.7.tar.gz && cd node-v0.12.7
#RUN cd /opt/node-v0.12.7 && ./configure && make && make install
#RUN cp /usr/local/bin/node /usr/bin/ && cp /usr/local/bin/npm /usr/bin/
RUN wget https://nodejs.org/dist/v0.12.7/node-v0.12.7-linux-x64.tar.gz
RUN cd /usr/local && sudo tar --strip-components 1 -xzf /home/wipro/node-v0.12.7-linux-x64.tar.gz
RUN npm install forever -g
#CI SERVICE
ADD prod /home//
ADD servicestart.sh /home/
RUN chmod +x /home/servicestart.sh
COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
CMD ["sh", "/home/servicestart.sh"]
EXPOSE 80
EXPOSE 27017
Then I tried to create the container and container is created.
When I tried to start the container, the container is not running.
When I checked with command:
docker ps -a
, it shows status as created only.
Its not in running or Exited state.
The output of docker ps -a is:
docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8ac762c4dc84 d85c2d90be53 "sh /home/servi" 15 hours ago Created hungry_liskov
7d8864940515 d85c2d90be53 "sh /home/servi" 16 hours ago Created ciservice
How to start the container using jenkins?
It depends on your container main command (ENTRPOINT + CMD)
A created state (for non data-volume container) means the main command failed to execute.
Try a docker logs <container_id> to see if there is any error message recorded.
CMD ["sh", "/home/servicestart.sh"] should be:
CMD ["/home/servicestart.sh"]
(The default ENTRYPOINT for Ubuntu should be ["sh", "-c"], so no need to repeat an "sh")

Resources