Docker: Getting started with Docker Machine (AWS)

By | 12/04/2016

Introduction

In this post, we experimented a bit with Docker Machine and Virtualbox. We were able to successfully launch a docker host on Virtualbox. It would be interesting to try this now also on AWS. Note that for this post, I’m assuming you already have an AWS account.

Getting all info from AWS

You will need to gather some information from AWS:

  • your AWS Access Key ID
  • your AWS Secret Access Key
  • your region in which you want to launch your instance
  • your VPC id for that region

Getting AWS Access Key and Secret Access Key

In your AWS console, go to ‘Identity & Access Management’, then either create a user or click on an existing user (I’m assuming the latter). When you select the user, go to ‘User Actions’ and then ‘Manage Access Keys’. Create your security credentials and download them (they will only be displayed once).

Then, go to your local machine (in my case the MAC) and create a file ~/.aws/credentials with the following content:

   
[default]
    aws_access_key_id = **access_key**
    aws_secret_access_key = **secret_key**

Of course, change the placeholders with the value of your own credentials.

Getting your AWS region

By default, the AWS driver creates new instances in region us-east-1 (North Virginia). As I live in Europe, I prefer something closes. You can do this by specifying a different region by using the –amazonec2-region flag. For that, you will need to know the official name for your region. The easiest is to go to here and check under ‘Available Regions’.

Getting your AWS VPC ID

AWS creates your EC2 instances (by default) in a default VPC. So you will also need that one. To do so, go to your region (in my case Ireland (eu-west-1) and go to the VPC dashboard. Click on the VPC and take a note of the VPC-ID. Again, you will need this one later on.

Using Docker Machine

We did quite some preparation work, time has come now to get started with the docker-machine command. We will create an docker ready EC2 instance in the Ireland region. Do this as follows:

WAUTERW-M-G007:~ wauterw$ docker-machine create --driver amazonec2 --amazonec2-vpc-id vpc-93c6ddf6 --amazonec2-region eu-west-1 aws-docker1
Running pre-create checks...
Creating machine...
(aws-docker1) Launching instance...
Waiting for machine to be running, this may take a few minutes...
Detecting operating system of created instance...
Waiting for SSH to be available...
Detecting the provisioner...
Provisioning with ubuntu(systemd)...
Installing Docker...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...
Checking connection to Docker...
Docker is up and running!
To see how to connect your Docker Client to the Docker Engine running on this virtual machine, run: docker-machine env aws-docker1

Wait about a minute or 2 and you will see that an EC2 instance with name aws-docker1 is spawning on AWS. Let me show a screenshot in case you don’t believe me.
docker-machine1
The whole process takes about a minute or 5 before the docker-machine command is finished completely installing docker on the host, etc…

Experimenting with Docker Machine

WAUTERW-M-G007:~ wauterw$ docker-machine ls
NAME          ACTIVE   DRIVER       STATE     URL                         SWARM   DOCKER    ERRORS
aws-docker1   -        amazonec2    Running   tcp://54.229.47.72:2376             v1.11.0
default       -        virtualbox   Running   tcp://192.168.99.100:2376           v1.11.0

When you create a new machine, your command shell automatically connects to it. In case this is not so, you’ll have to run eval $(docker-machine env aws-docker1). How I got that one? See below…

WAUTERW-M-G007:~ wauterw$ docker-machine env aws-docker1
export DOCKER_TLS_VERIFY="1"
export DOCKER_HOST="tcp://54.229.47.72:2376"
export DOCKER_CERT_PATH="/Users/wauterw/.docker/machine/machines/aws-docker1"
export DOCKER_MACHINE_NAME="aws-docker1"
# Run this command to configure your shell:
# eval $(docker-machine env aws-docker1)

From now on, every docker command you will supply is running on the AWS host called ‘aws-docker1’. Let’s try things a bit…

WAUTERW-M-G007:~ wauterw$ docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
03f4658f8b78: Pull complete
a3ed95caeb02: Pull complete
Digest: sha256:8be990ef2aeb16dbcb9271ddfe2610fa6658d13f6dfb8bc72074cc1ca36966a7
Status: Downloaded newer image for hello-world:latest

Hello from Docker.

So we ran a container on our AWS host. Sure? Let’s see inside the AWS host. From your local MAC, do the following:

WAUTERW-M-G007:~ wauterw$ docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                      PORTS               NAMES
93c035403e68        hello-world         "/hello"            50 seconds ago      Exited (0) 49 seconds ago                       distracted_austin

The clearly refers to our hello-world example.

SSH into the AWS instance

If you look at the AWS console, you will see that the instance aws-docker1 has a keypair called ‘aws-docker1’. The issue is that you cannot download it. If you browse through keypairs, it’s clear that there is no option to download keypairs that have been generated previously. So how to get into the instance then? Luckily docker-machine has an ‘ssh’ subcommand that allows us to get access to the instance.

WAUTERW-M-G007:app wauterw$ docker-machine ssh aws-docker1

We can also stop the ‘aws-docker1’ host on AWS. To do that, issue the following command:

WAUTERW-M-G007:~ wauterw$ docker-machine stop aws-docker1
Stopping "aws-docker1"...
Machine "aws-docker1" was stopped.

If you then go to your AWS console, you’ll see the instance was stopped.

Obviously, we’re also able to remove a remote docker host. Do the following:

WAUTERW-M-G007:~ wauterw$ docker-machine rm aws-docker1
About to remove aws-docker1
Are you sure? (y/n): y
Successfully removed aws-docker1

You will then see that the ‘aws-docker1’ host on AWS is in terminated state.

Leave a Reply

Your email address will not be published. Required fields are marked *