Snippets for Debugging Docker

A lot can go wrong with Docker, especially once your Dockerfile starts to get complex. Here are a few snippets that I’ve found helpful for debugging Docker while working with Amazon ECS.

Connect to a Docker Container

To run a shell inside a Docker container, first identify the CONTAINER_ID:

docker ps

Then, execute an interactive bash shell:

docker exec -i -t <CONTAINER_ID> /bin/bash

Get Docker Container IP

When troubleshooting, it helps to be able to connect to your Container from the Cluster Instance- to do this, you’ll need to figure out the IP address of the Container image. Assuming you know the CONTAINER_ID (explained above):

docker inspect --format '{{ .NetworkSettings.IPAddress }}' <CONTAINER_ID>

StackOverflow

AWS Lambda and iam:PassRole

I ran into this error while running the AWS Lambda CLI for the first time:

aws lambda create-function \
  --region us-east-1 \
  --function-name ProcessDynamoDBStream 
  --zip-file fileb://ProcessDynamoDBStream.js.zip \
  --handler ProcessDynamoDBStream.lambda_handler \
  --runtime nodejs \
  --role arn:aws:iam::<XXX>:role/<YYY>

A client error (AccessDeniedException) occurred when calling the CreateFunction operation: User: arn:aws:iam::<XXX>:user/<YYY> is not authorized to perform: iam:PassRole on resource: arn:aws:iam::<XXX>:role/<YYY>

When you run the create-function script, your machine creates resources that the PowerUser IAM role does not supply. To fix this, create a new policy and attach it to your machine’s IAM user.

{
  "Version": "2012-10-17",
  "Statement": [{
    "Effect": "Allow",
    "Action": [
      "iam:PassRole"
    ],
    "Resource": "*"
  }]
}

Run the script again and you should be fine.

Docker NodeJS OS X Tutorial- Failed to connect to localhost

If you follow the NodeJS Docker tutorial, you’ll probably end up seeing this error if you don’t know exactly what you’re doing:

curl: (7) Failed to connect to localhost port 49160: Connection refused

The error occurs because OS X Docker runs a VM layer, which in turn contains the Docker containers. Any references you see to localhost when running docker commands is relative to the VM layer, not your OS X machine.

So to fix this, instead of navigating to localhost:<port>, you need to navigate to the IP that points to your Docker VM.

docker-machine ls

The URL for your default machine (if you’re following along with the tutorial) should look like:

tcp://192.168.99.2376

So to access your container, you combine the two to end up with a URL like:

http://192.168.99.2376:49160

Navigate to that in your browser, or use curl:

curl -i http://192.168.99.2376:49160

and you should see your result, and be able to continue on with the tutorial.

StackOverflow Reference

Stop and Remove all Docker Containers

The command docker rmi <image name> will fail if the image is currently running inside one of your active Docker containers. The command will fail on the first container it sees, so if you’ve managed to start up a handful of them it can be a tedious process to docker stop <containerID> and docker rm <containerID> each one, re-running to find the next failing container.

This command will stop and remove all Docker containers (not scoped to a single image name though).

docker stop $(docker ps -a -q)
docker rm $(docker ps -a -q)

Reference