Running a Docker container with --privileged #1
Comments
|
Amazon ECS does not currently support Docker’s privileged mode. Since the Elastic Beanstalk multi-container Docker platform relies on ECS to do the orchestration, there is currently no way to do this. We have submitted this feature request to the Amazon ECS team. |
|
ECS DOES support the privileged flag now. However Elasticbeanstalk still DOES NOT. For ECS You specify it in the task definition: http://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#container_definition_security |
|
I ended out solving this using a hack approach - but it works. This is likely to change since the EB build/setup scripts ( |
|
Unfortunately that hack does not work on newer versions of the multi-container solution stack. I have created a gist over here with an ebextension hack that goes farther than the one you posted and it works with all docker multi-container solution stacks. https://gist.github.com/therealjessesanford/5a012218889831926169 |
|
Wow, looks fantastic! Thanks for sharing! 👍 |
|
Hopefully amazon elasticbeanstalk team will get their act together and implement this feature which has existed for months in the ecs agent. |
|
Hey I posted this on SO as well. Can you possibly vote it up so others can find it? http://stackoverflow.com/questions/33902337/is-it-possible-to-launch-privileged-docker-containers-on-amazon-elasticbeanstalk/33902338#33902338 |
|
Thank you so much for sharing this. Can't understand what AWS is waiting for supporting privileged and capabilities in container |
|
No problem @sylwit! I had to spend hours creating testing and getting that working correctly by deploying hundreds of machines and tailing the eb logs over and over again. It is a hack though so it might not work in the future. Hopefully the release that breaks it will be the release that implements privileged containers/capabilities! |
|
Also I have hacked together a version that allows for mapped udp listener ports. For some reason elastic beanstalk assumes all ports are tcp even if you specify otherwise in your task definition. I imagine it's the same lack of engineering man power keeping it from being implemented as the privileged container issue. I will put up another gist soon with the udp port fix and post a link here and on that SO post. |
|
Elastic Beanstalk recently added support for the missing task definition flags to the multicontainer platform. |
|
@abhiksingh was there an official announcement anywhere? |
|
@abhiksingh don't find anything about that announcement. Where did you see that ? It would be a nice move for AWS |
|
Hi guys (@abhiksingh @jessesanford @sylwit), I can confirm that Elastic Beanstalk now supports mounting privileged containers and it works. Please see this answer for more details. |
|
It's not working for me but I use single container. My json file looks like this: But my container is not run in privileged mode |
|
Any update on making this work for single container EB environments? |
|
+1 trying to understand how to make this privileged config work with eb and docker... |
|
+1 |
I am following this example to run two websites on the same Elastic Beanstalk instance from two different Docker containers - exactly as the example shows. However, in one of my Docker containers, I mount a cifs drive from another AWS Windows fileserver. This works great when I build the Docker locally and run it with the
--privilegedflag. Only I can't figure out if this is supported with Elastic Beanstalk.I need to know if AWS supports running one of the dockers (or both) with
--privilegedpermissions?I have seen a hacky way to do it (which works great) for a single Docker container here (http://stackoverflow.com/questions/28267419/how-can-i-run-a-docker-container-in-aws-elastic-beanstalk-with-non-default-run-p), but this obviously doesn't apply to the multi-docker mode.
The text was updated successfully, but these errors were encountered: