Setting up Docker and Docker Compose on AWS
For most of my Docker development, I use William Yeh's Docker-enabled Vagrant boxes, but for Amazon Web Services I quite often find myself on a default Amazon Linux AMI which doesn't come as readily set up out of the box. The default Amazon Linux AMI comes with Docker in its repositories, but you don't get Docker Compose.
It's pretty easy to get everything working the way I like it, though.
Firstly, log in to your box. I'm going to use the default ec2-user for this, but if you have another user substitute that instead.
Docker
Install Docker by issuing a sudo yum install -y docker
. This will give you a Docker install, but if you try to interact with it (without being root) you'll get this message:
Get http:///var/run/docker.sock/v1.19/containers/json: dial unix /var/run/docker.sock: no such file or directory. Are you trying to connect to a TLS-enabled daemon without TLS?
There are two ways of fixing this:
The easy, secure way
Run sudo
(for a single command) or sudo -i
(for an interactive shell) before you work with Docker or Docker Compose. Docker runs as root, and it's possible to get a root shell on the host system just by running Docker commands. Requiring sudo
to interact with it limits the ability for rogue programs to cause serious damage, and also acts as a reminder that you're about to take on great power and great responsibility.
The still-easy, insecure way
If you're just running a development box which you plan to trash after you've finished, though, the constant need for sudo
can get irritating. This is easy to fix - all you need is to add your user to the docker group (which gets created as part of the package install). Note that being in this group gives you root-level permissions, without needing to enter a password.
sudo gpasswd -a ec2-user docker
sudo service docker restart
newgrp docker
This adds the user to the group, restarts the Docker service (not a problem because you're only going to take the insecure route on a development box, right?) and then logs you in to the new group so you don't have to log out and log in to get the new permissions.
Don't do this on a production box. It's bad juju.
Docker Compose
Compose doesn't come in the default Docker package, but it's easy to install. To install version 1.5.1 (the latest at the time of writing), run the following:
curl -L https://github.com/docker/compose/releases/download/1.5.1/docker-compose-`uname -s`-`uname -m` > docker-compose
sudo chown root docker-compose
sudo mv docker-compose /usr/local/bin
sudo chmod +x /usr/local/bin/docker-compose
I do this a bit differently to the official docs but I found this more reliable in the case you can't write to /usr/local/bin, without requiring everything to be done in a root interactive shell.
If you're not so keen on installing an arbitrary binary on your system and would prefer to build from source, the repository is at https://github.com/docker/compose and either way you can check for new releases on https://github.com/docker/compose/releases
Image public domain