Add option to open TTY

[k2nr]

Right now there is no way to open TTY of a container that is launched by ECS agent. I need this option to run an interactive container inside our ECS cluster.
Specifically, I want to run rails console in our production cluster. Currently we do this by ssh'ing into the container instance and run docker run -it ... directly but this approach has several problems:

• Now that ECS supports per-task IAM role, we also want an interactive container to be associated with the task IAM role
• Our task definition is quite complex (volumes, network configurations, "sidekick containers" along with the main rails server container, etc...) so it is hard to emulate the TD configuration if we use docker run -it inside the container instance

So what we want to do with this tty option is: run ECS task with TTY, ssh into the container instance then docker attach to the container

[richardpen]

@k2nr Currently ECS doesn't support opening TTY for containers using task definition. But you can still launch your task in ECS, then ssh into your instance and use docker exec to attach to the container.

[clumsysnake]

@aaithal @richardpen do you know the roadmap for interactive tasks?

Had a thought that if there was an API call for createTask which would just call docker create, attaching and running via ssh would be way less hacky then what we have now, where you create a task with a process that never dies and then hope that you later remember to stop the container.

OR if there was a way of calling docker run commands as root directly on the container instance that we could be assured behaved the same as calling runTask from the API. I also use task IAM roles to fetch s3 config, and have task definition config that I want to be assured is the same between my interactive containers and app server containers. Maybe e.g. aws ecs run-local-container -it <task_definition>.

Of course the ideal scenario is just something like heroku run. Maybe you need your own ECS cli tool :)

[panga]

+1

[ryansch]

I have a working proof of concept for running rails console with an embedded tmux server. I'm working on a command line tool to launch it with RunTask, find the private ip of the instance to ssh to (through our bastion), ssh to that instance, and run a skinny docker container that just hosts tmux attach.

[jgangemi]

are there any plans to support this? i want to gpg sign commits in the container and my builds fail with this error:

gpg: cannot open tty `/dev/tty': No such device or address

[mwarkentin]

@richardpen Another issue with doing it via docker exec is that doesn't run your ENTRYPOINT command. We're using it to set up some specific environment variables, which causes a problem.

[jgangemi]

is there any potential forward motion on this? i'd still like to use the service but want the tty option.

[bithavoc]

You have the following labels per docker container running in your EC2 Container Instance:

"Labels": {
                "com.amazonaws.ecs.cluster": "testclusty",
                "com.amazonaws.ecs.container-name": "hello",
                "com.amazonaws.ecs.task-arn": "arn:aws:ecs:us-west-2:586687105316:task/019ee91b-3d29-4872-a7cf-9f730d7d607e",
                "com.amazonaws.ecs.task-definition-family": "testhello",
                "com.amazonaws.ecs.task-definition-version": "2"
            }

You just need to ssh to one of the instances where the task currently lives and do and replace the name of the container(in my case is hello) and run it as:

sudo docker exec -ti `docker ps -q -f 'label=com.amazonaws.ecs.container-name=hello'` /bin/sh

That opens a terminal inside the container, it works with a ruby on rails image as well:

sudo docker exec -ti `docker ps -q -f 'label=com.amazonaws.ecs.container-name=hello'` bundle exec rake db:migrate

[panga]

@bithavoc in real world we shouldn't have access to instance SSH, just the container :)

[bithavoc]

@panga true, what I posted is a walk-around I guess

[jgangemi]

i just took another look on the aws side of things and it doesn't appear this is an option in the task definition either, so i'm wondering if this is possible w/o that.

[bithavoc]

is not possible to tty @jgangemi , you can still do docker exec though

[ejholmes]

Just adding my +1 for ECS supporting something like this. We have a feature in Empire for running attached processes (just like heroku run), however, it has to go entirely through Docker in order to set the Tty and OpenStdin flags when creating the container. If you could specify these flags in the ContainerDefinition, then attaching to a container started by ECS would be possible, and we could just use the RunTask api (which we'd like to use, so that AWS Roles for ECS tasks will work within these containers).

[revmischa]

I would really like a way to run an ECS container with a TTY

[bithavoc]

Gave up on this, switched to Rancher and never looked back

[r1w1s1]

+1

[hSATAC]

+1

[Tensho]

+1

[awsfanatic]

+1

[kwent]

+1

[sharanyad]

You can now add tty and interactive options to your containers in your task definition. You can add these new options in the AWS Console now, and they'll be available in the AWS CLI and SDKs soon.

[jgangemi]

only took 2 plus years, but hey, better late then never!!!!

[ellenthsu]

Congrats team!

[leshik]

@sharanyad so how one could attach from CLI to interactive tasks then?