Hi I am using ECS to run Docker tasks in EC2 instances. The tasks are run in Java and are looking to write to a SQS. The problem is my EC2 instance does not seem to be able to make any HTTP requests - this is what the Java error is when trying to write to that SQS Queue:
Exception in thread "main" com.amazonaws.SdkClientException: Unable to execute HTTP request. failed: connect timed out
I have tested command line commands such as curl and the connection also times out in the task but works fine if I connect and run it on the EC2 instance the task is being run on.
The same code via ECS runs fine in Fargate.
My EC2 instances are in public subnets, have a public IP assigned to them and the security group that is assigned to these instance have the following rules Inbound and Outbound:
Does anybody have any ideas as to why the tasks in these EC2 instances always timeout on HTTP requests thanks.
Edit(Adding Dockerfile) -
DockerFile:
FROM alpine/git as clone
WORKDIR /app
RUN git clone https://GITLINK.git
FROM maven:3.5-jdk-8-alpine as build
WORKDIR /app
COPY --from=clone /app/aws_poll /app
RUN mvn package
FROM openjdk:8-jre-alpine
WORKDIR /app
COPY --from=build /app/target/aws-examples-1.0.jar /app
EXPOSE 8080
EXPOSE 443
EXPOSE 80
ENTRYPOINT ["sh", "-c"]
CMD ["java -jar aws-sqs-examples-1.0.jar"]
HEALTHCHECK --interval=25s --timeout=3s --retries=2 CMD ["java", "HealthCheck", "||", "echo", "HEALTH CHECK:FAILED"]
The EC2 Instance role has to be added as a resource that can use the SQS queue, in other words you need to modify the SQS Policy and add the EC2 instance role in the resource ARN, also make sure the instance role is allowed to talk to SQS by adding the relevant policy under IAM service.
Related
I created a eureka server microservice and a normal microservice , usually when I run both the service separately using STS tool service discovery and registration works fine , but whenever i tried to launch in docker that time registration fails.
Code is below -
Eureka Server
application.properties
spring.application.name=eureka-service
server.port=8761
eureka.client.register-with-eureka=false
eureka.client.fetch-registry=false
eureka.instance.hostname=eureka-service
eureka.instance.prefer-ip-address=true
eureka.server.wait-time-in-ms-when-sync-empty=0
Dockerfile
FROM openjdk:8
ADD target/SpringEureka-1.0.jar SpringEureka-1.0.jar
EXPOSE 8761
ENTRYPOINT ["java","-jar","SpringEureka-1.0.jar"]
Normal Microservice
application.properties
server.port: 8010
spring.application.name=eureka-client
eureka.client.register-with-eureka=true
eureka.client.fetch-registry= true
eureka.client.service-url.default-zone=http://localhost:8761/eureka/
eureka.client.proxy-host=localhost
eureka.instance.prefer-ip-address=true
Dockerfile
FROM openjdk:8
ADD target/HystrixTest-1.0.jar HystrixTest-1.0.jar
EXPOSE 8010
ENTRYPOINT ["java","-jar","HystrixTest-1.0.jar"]
Are you link the HystrixTest container to Eureka Server container?
You can get more detail in here: https://docs.docker.com/network/links/
The better question if you post docker-compose file or your cmd when starting the container.
I think everything that you did is all right you just need to enable the ports using the
docker run -P 8761:8761 <your_docker_image> command.
And change also the configuration from eureka.instance.hostname=eureka-service to eureka.instance.hostname=localhost
I have an instance of Nifi in docker on virtual machine with exposed ports: 8080 and 10000.
On thin instance i created a simple pipeline with output port named "flink" and i want to read this data using flink-nifi connector:
SiteToSiteClientConfig clientConfig = new SiteToSiteClient.Builder()
.url("http://vm-address:8080/nifi")
.portName("flink")
.requestBatchCount(100)
.buildConfig();
DataStream<NiFiDataPacket> nifi = environment.addSource(new NiFiSource(clientConfig));
nifi.map(new MapFunction<NiFiDataPacket, JsonNode>() {
#Override
public JsonNode map(NiFiDataPacket value) throws Exception {
return DataConverter.byte2Json(value.getContent());
}
}).print();
In this case i got error:
Exception in thread "main" org.apache.flink.runtime.client.JobExecutionException: java.net.UnknownHostException
If i add localAddress in config:
SiteToSiteClientConfig clientConfig = new SiteToSiteClient.Builder()
.url("http://vm-address:8080/nifi")
.localAddress(InetAddress.getByName("vm-address"))
.portName("flink")
.requestBatchCount(100)
.buildConfig();
I got this error:
Exception in thread "main" org.apache.flink.runtime.client.JobExecutionException: java.net.BindException: Cannot assign requested address: JVM_Bind
I run this code from local pc on windows and flink is started in standalone mode.
Also, i tried to run this directly on virtual machine but i got the same error.
In logs there is a lot of retries:
execchain.RetryExec: I/O exception (java.net.BindException) caught
when processing request to
/vm-address->{}->http://vm-address:8080: Cannot assign requested
address: JVM_Bind
Finally, solved it!
The problem was in my docker configuration. Firstly, i run nifi like this:
docker run --name nifi -p 8008:8080 -p 10000:10000 -d apache/nifi:1.7.1
The network, by default, was bridge. In this case my container has some random hostname and i don't communicate with container directly, but through the docker.
When i choose network=host:
docker run --name nifi --network host -d apache/nifi:1.7.1 everything goes well.
Probably, i could solve it another way (maybe, explicitly resolve container hostname), but this was the easiest way
I have two SpringBoot microservices M1(port 2002) and M2(port 2004)
M1 and M2 are communicating successfully if I run them using eclipse (run as Java Project or SpringBoot Project).
However, I want to communicate them using Docker container.
So I build images for both Microservices (M1 and M2) using the command:
docker build -f Dockerfile -t image_name .
And run the images using:
docker run -p 2004:2004 image_name
Note: I am exposing same port from docker as defined above
But the M1 and M2 are not able to communicate.
I am using RestTemplate
RestTemplate restTemplate = new RestTemplate();
ResponseEntity<Boolean> isUp = restTemplate.getForEntity("http://localhost:2002/apis/test",Boolean.class);
I am getting below exception :
I/O error on GET request for \"http://localhost:2002/apis/test\": Connection refused (Connection refused); nested exception is java.net.ConnectException: Connection refused (Connection refused)
However, If I call the other microservice using my machine's IP, It's communicating successfully
ResponseEntity<Boolean> isUp = restTemplate.getForEntity("http://XX.XX.XX.XXX:2002/apis/test",Boolean.class);
Can someone please tell if I am doing it write(using IP address) or there is another good approach to call one microservice from another using Docker?
Trying to communicate with the other container won't work with localhost.
You should create a custom bridged network, which will allow you to refer to the containers by name. And there is no need to publish the ports if you are only talking internally.
# create network
docker network create -d bridge mynet
# container 1
docker container run --network mynet --name container1 -d image_name
# container 2
docker container run --network mynet --name container2 -d some_other_image_name
The IP in code snippet can then be replaced with the name of the other container
RestTemplate restTemplate = new RestTemplate();
ResponseEntity<Boolean> isUp = restTemplate.getForEntity("http://container2:2002/apis/test",Boolean.class)
Alternately, you can also link the two containers together by --link. Assuming you want container1 as client to container2, you can use below:
sudo docker run --link container2 --name=container1 -d image_name
I have created an image out of my simple spring-boot application and set the port to 7000 for the tomcat , when I run the image and try to hit the service in my local I am not getting any response.
here are the contents of the dockerfile
FROM java:8
VOLUME /tmp
ADD /target/demo-1.0-SNAPSHOT.jar /app.jar
ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/app.jar"]
Am I missing something here ( I am new to docker and I just used the file in spring boot sample docker and created the image and stuck here.)
Apart from publishing the port from docker as mentioned by #Van0SS you need to create a port forwarding rule as well.
Open virtualbox and Navigate to VM -> Settings -> Network -> Advanced -> Port forwarding
Create a new rule:
Name : <Anything - Purpose of port>
Protocol: TCP
HostIP: 127.0.0.1
Host port: 7000
Guest Port: 7000
Not sure that it is only one problem, but at least you have to publish your port in docker. To do so run the container with flag:
-p 7000:7000
Try access on :7000 port.
You need to add:
EXPOSE: 7000
to your docker file, and keep an eye on the console log info when running the docker image to see on which port your app is being served.
Useful Ref:
https://www.youtube.com/watch?v=FlSup_eelYE
Best of luck!
I have a new Spring Boot application that I just finished and am trying to deploy it to Docker. Inside the container the application works fine. It uses ports 9000 for user facing requests and 9100 for administrative tasks like health checks. When I start a docker instance and try to access port 9000 I get the following error:
curl: (56) Recv failure: Connection reset by peer
After a lot of experimentation (via curl), I confirmed in with several different configurations that the application functions fine inside the container, but when I try to map ports to the host it doesn't connect. I've tried starting it with the following commands. None of them allow me to access the ports from the host.
docker run -P=true my-app
docker run -p 9000:9000 my-app
The workaround
The only approach that works is using the --net host option, but this doesn't allow me to run more than one container on that host.
docker run -d --net=host my-app
Experiments with ports and expose
I've used various versions of the Dockerfile exposing different ports such as 9000 and 9100 or just 9000. None of that helped. Here's my latest version:
FROM ubuntu
MAINTAINER redacted
RUN apt-get update
RUN apt-get install openjdk-7-jre-headless -y
RUN mkdir -p /opt/app
WORKDIR /opt/app
ADD ./target/oauth-authentication-1.0.0.jar /opt/app/service.jar
ADD config.properties /opt/app/config.properties
EXPOSE 9000
ENTRYPOINT java -Dext.properties.dir=/opt/app -jar /opt/app/service.jar
Hello World works
To make sure I can run a Spring Boot application, I tried Simplest-Spring-Boot-MVC-HelloWorld and it worked fine.
Netstat Results
I've used netstat to do port scans from the host and from the container:
From the host
root#my-docker-host:~# nmap 172.17.0.71 -p9000-9200
Starting Nmap 6.40 ( http://nmap.org ) at 2014-11-14 19:19 UTC Nmap
scan report for my-docker-host (172.17.0.71)
Host is up (0.0000090s latency).
Not shown: 200 closed ports
PORT STATE SERVICE
9100/tcp open jetdirect
MAC Address: F2:1A:ED:F4:07:7A (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 1.48 seconds
From the container
root#80cf20c0c1fa:/opt/app# nmap 127.0.0.1 -p9000-9200
Starting Nmap 6.40 ( http://nmap.org ) at 2014-11-14 19:20 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000070s latency).
Not shown: 199 closed ports
PORT STATE SERVICE
9000/tcp open cslistener
9100/tcp open jetdirect
Nmap done: 1 IP address (1 host up) scanned in 2.25 seconds
The container is using Ubuntu
The hosts I've replicated this are Centos and Ubuntu.
This SO question seems similar but had very few details and no answers, so I thought I'd try to document my scenario a bit more.
I had a similar problem, in which specifying a host IP address as '127.0.0.1' wouldn't properly forward the port to the host.
Setting the web server's IP to '0.0.0.0' fixes the problem
eg - for my Node app - the following doesn't work
app.listen(3000, '127.0.0.1')
Where as the following does work:
app.listen(3000, '0.0.0.0')
Which I guess means that docker, by default, is exposing 0.0.0.0:containerPort -> local port
You should run with docker run -P to get the ports to map automatically to the same values to set in the Dockerfile.. Please see http://docs.docker.com/reference/run/#expose-incoming-ports