search

aws / amazon-ssm-agent

An agent to enable remote management of your EC2 instances, on-premises servers, or virtual machines (VMs).
https://aws.amazon.com/systems-manager/
Apache License 2.0
1.05k stars 323 forks source link

Docker image? #135

Open jmreicha opened 5 years ago

jmreicha commented 5 years ago

I'm looking at running this on CoreOS which doesn't provide a package manager. Are there any plans for a Docker image installation?

dimaAmz commented 5 years ago

Thank you for request. There are currently no plans for Docker image installation yet. Why are you looking at running the agent in a container rather than on the host?

jmreicha commented 5 years ago

For me, it's just easier to deal with containers on systems that don't have a package manager.

dimaAmz commented 5 years ago

It's not something we are working on, but we'll keep this issue open to track the request for future.

yrsurya commented 5 years ago

EKS worker nodes doesn't provide ssm agent by default . It would be nice if we can get an official image so that we can run as a daemonset on nodes. https://github.com/awslabs/amazon-eks-ami/issues/127

ajhool commented 4 years ago

I'm really surprised that a docker image isn't a priority for SSM Agent. As we move to immutable infrastructure, we plan on simply spinning up containers to execute admin tasks in private subnets. For instance, we might have a container that executes a database migration on an RDS instance in the private subnet. Ideally, we could spin up the container and use SSM agent to access the container while we execute the various commands that we need.

It seems like AWS is providing as many managed/containerized services as possible, so a question like "Why are you looking at running the agent in a container rather than on the host?" is a surprising one to hear -- many of AWS' services only have a container

A docker build for ssm agent would immediately provide value to us and obviate the need to manage ec2 instances -- we could operate entirely on Fargate/ECS, which would make backend infrastructure management incredibly simple

BrianMaldo commented 4 years ago

@ajhool The docker file (if you were to build from source) will look like this (see code below).

Some quick things to note:

  1. The WORKDIR. This is the go workspace directory tree. Check out issue here.
  2. The golang version 1.11.13. If you use a newer version of golang the build will give you "go vet" errors. The newer versions of golang will cause issues like this.
  3. The gofmt and goimports. The build was failing because of gofmt (see here) and goimport. Running the gofmt and goimports commands per problem file is deliberate. I attempted to do this at a higher directory level but that broke the build.
FROM golang:1.11.13-alpine3.10 as build

WORKDIR /workspace/src/github.com/aws/
RUN apk -Uv add --no-cache bash git make \
    && git clone --depth 1 https://github.com/aws/amazon-ssm-agent.git \
    && cd amazon-ssm-agent \
    && gofmt -w ./agent/agentlogstocloudwatch/cloudwatchlogspublisher/cloudwatchlogs_publisher_test.go \
    && gofmt -w ./agent/rip/riputil.go \
    && gofmt -w ./agent/s3util/riputil.go \
    && gofmt -w ./agent/session/datachannel/datachannel.go \
    && go get golang.org/x/tools/cmd/goimports \
    && goimports -w ./agent/crypto/mocks/IBlockCipher.go \
    && goimports -w ./agent/health/mocks/IHealthCheck.go \
    && goimports -w ./agent/hibernation/mocks/IHibernate.go \
    && goimports -w ./agent/plugins/configurepackage/birdwatcher/facade/mocks/BirdwatcherFacade.go \
    && goimports -w ./agent/s3util/riputil.go \
    && goimports -w ./agent/session/communicator/mocks/IWebSocketChannel.go \
    && goimports -w ./agent/session/controlchannel/mocks/IControlChannel.go \
    && goimports -w ./agent/session/datachannel/mocks/IDataChannel.go \
    && goimports -w ./agent/session/plugins/sessionplugin/mocks/ISessionPlugin.go \
    && goimports -w ./agent/session/service/mocks/service.go \
    && make build
ChristianHartTE commented 4 years ago

@BrianMaldo your docker file doesn't seem to be working anymore. I got the following error:

Run 'go vet'
# runtime/cgo
exec: "gcc": executable file not found in $PATH
make: *** [makefile:39: checkstyle] Error 2

I added gcc to the apk add command and then got the following error:

Run 'go vet'
# runtime/cgo
_cgo_export.c:3:10: fatal error: stdlib.h: No such file or directory
 #include <stdlib.h>
          ^~~~~~~~~~
compilation terminated.
make: *** [makefile:39: checkstyle] Error 2
adamhathcock commented 4 years ago

I'm also of the mindset we need SSM Agent in Docker. I'd like to use it as a Bastion to access VPC internals, not necessarily the deployed applications Docker.

I see the initial use-case is for "pet" EC2 Instances instead of cattle containers or instances. However, bastions are still needed and they fall into the "pet" category. Having a pet dockerized bastion in Fargate is the dream.

ipmb commented 4 years ago

Here's a working Dockerfile https://gist.github.com/ipmb/a8213fb459c27178f88dda7149c35be2

yrsurya commented 4 years ago

Nice ! Any official helm chart for this so we can run on each EKS clusters?

On Tue, Mar 31, 2020 at 12:47 PM Peter Baumgartner notifications@github.com wrote:

Here's a working Dockerfile https://gist.github.com/ipmb/a8213fb459c27178f88dda7149c35be2

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/aws/amazon-ssm-agent/issues/135#issuecomment-606744456, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADVDHUKU2XHTHS2POZXXHGTRKINA3ANCNFSM4GBXGCHQ .

-- Thanks & Regards surya (510-574-6780)

SpootyMcSpoot commented 3 years ago

Any update on a docker image for this?

malcolm061990 commented 1 year ago

Any update?