Latest Docker.tmpl defective? UserData section not executing?

Docker for AWS
1

Expected behavior

that UserData is executed in the docker AWS cloudformation template

Actual behavior

no joy

Additional Information

Aws1 and Ga2 refer to the suffix on (Manager|Node)LaunchConfig keys in
the template file
the Ga2 version of Docker.tmpl worked as expected
although not included in this stuff, edits to add an additional disk, while
working on the Ga2 version, failed on the Aws1 version

Steps to reproduce the behavior

execute this:

curl -o Docker.tmpl https://editions-us-east-1.s3.amazonaws.com/aws/stable/Docker.tmpl

####place this in a file and execute it:

 #! /usr/bin/env python3

import os
import sys
import json

with open('Docker.tmpl', 'r') as F: jso = json.load(F)

def edit(txta):
    for i, s in enumerate(txta):
        if type(s) != type(u""): continue
        if s.startswith('#!/bin/sh'):
            txta.insert(i+1, '\n')
            txta.insert(i+1, 'export TESTENV=testvalue\n')
            txta.insert(i+1, 'mkdir -p /var/data/tmp\n')
            txta.insert(i+1, '\n')
            return

up   = jso['Resources']['ManagerLaunchConfigAws1']['Properties']
txta = up['UserData']['Fn::Base64']['Fn::Join'][1]
edit(txta)

up = jso['Resources']['NodeLaunchConfigAws1']['Properties']
txta = up['UserData']['Fn::Base64']['Fn::Join'][1]
edit(txta)

with open('Docker.json', 'w') as F: json.dump(jso, F)

####use the console to create a stack. select this file. on the specify details page enter:
Stack name to whatever you wish
change number of swarm managers and workers if you wish
enter the SSH key to use
click on next
on options page click on next
on review page check acknowledgement and click on create

####when cloudformation stack shows status ‘CREATE_COMPLETE’ place this in a file and execute it:

 #! /usr/bin/env python3
import os
import sys
import boto3

def collectinstances(io):
    instances=[]
    for r in io['Reservations']:
        for i in r['Instances']:
            if i['State']['Name'] == 'terminated':
                continue
            instances.append(i)
    return instances

def genconfig(instances):
    manager = None
    config=[]
    malias = 'SwarmManager'
    for i in instances:
        for s in i['SecurityGroups']:
            if s['GroupName'].find('Manager') != -1:
                manager = i['PublicDnsName']
                config.append('# AWS Docker 1.13 Swarm Manager')
                config.append('Host %s' % malias)
                config.append('Hostname %s' % manager)
                config.append('User docker')
    nodi=0

    pcpfx = 'ProxyCommand ssh -q -W %h:%p'
    for i in instances:
        for s in i['SecurityGroups']:
            if s['GroupName'].find('Node') != -1:
                config.append('# AWS Docker 1.13 Swarm Node')
                config.append('Host SwarmNode%d' % nodi)
                config.append('Hostname %s' % i['PrivateDnsName'])
                config.append('User docker')
                config.append('%s docker@%s' % (pcpfx, manager) )
                nodi = nodi + 1
    with open('config', 'w') as F:
        F.write('\n'.join(config)) 


def main():
    ec2c = boto3.client('ec2')
    io = ec2c.describe_instances()
    instances = collectinstances(io)
    if len(instances) != 0:
        genconfig(instances)

main()

####use the config file to access the instance containers and check that
TESTENV is not set and that
/var/data/tmp does not exist

2

Anyone know how the UserData in the CloudFormation template for Docker for AWS works?

I’ve noticed:

  1. paths used in the script are not on the machine when you login
  2. there is no log of the script running
  3. adding lines to the script have no affect, they are not executed

So what is the point of that script, does it run at all, when and how does it function when the paths are not on the machine when you login.

3

The docs fill in part of the story:

Note : Access to Docker for AWS and Azure happens through a shell container that itself runs on Docker.

What are the Editions containers running after deployment?
shell This is our shell/ssh container. When you SSH into an instance, you’re actually in this container.

Is there any way to get access to the host OS outside of this shell container?

I’m currently testing a script update to UserData in CloudFormation template, looks like the only method will be via docker exec --privileged -u 1001 shell-aws /bin/sh -c "...", but the terminal created via this behaves very differently to the one of my ssh client.