To improve security, ContainerOS does not allow you to directly log on to Elastic Compute Service (ECS) instances and does not support SSH logon. If you want to log on to ECS instances to manage containers, you must enable and log on to the administrative container. This topic describes the operations that you can perform on the administrative container of ContainerOS.
Prerequisites
- The Cloud Assistant client is installed on the ECS instance. To manage the administrative container, you must install the Cloud Assistant client and call specific API operations. For more information about how to install and use the Cloud Assistant client, see Install the Cloud Assistant client and Overview.
- The logon type of the ECS instance or the cluster must be set to Key Pair. You can log on to the administrative container only by using key pairs. This means that you must set the logon type to Key Pair when you create the instance or cluster. If you do not specify Key Pair as the logon type when you create the instance, you can associate a key pair with the instance after the instance is created. For more information about how to associate a key pair with an ECS instance, see Unbind an SSH key pair.
- Traffic on port 22 is allowed by the security group. Otherwise, you cannot log on to the ECS instance by using Workbench. For more information about how to configure a security group to allow traffic on a port, see Overview.
Background information
Compared with hosts, the administrative container is provided with more software packages. You can also use the software package manager YUM to install the required software. In the administrative container, you can view information about system processes, networks, and system configurations. In addition, the administrative container also provides commands that you can use to log on to the host from the container. This logon method is similar to the method when you log on to the instance by using Workbench.
Enter the host environment
What to do next
After you enter the host environment, you can run the exit
command to exit the host environment. If you run the exit
command again, you can exit the administrative container. The administrative container
is still enabled and running after you exit the container. You can reconnect to the
container by using SSH and then disable, restart, and delete the container by using
relevant commands.
- Disable the administrative container:
lifseacli container stop
- Restart the administrative container:
lifseacli container restart
Note If you associate a new key pair with or disassociate the key pair from the instance after you start the administrative container, you must restart the container for the change to take effect. - Delete the administrative container:
lifseacli container rm
Notice After you delete the administrative container, the software that you install and the files that you save in the container are also deleted. If you restart the administrative container, a new container environment is used. Do not save business-critical data in the administrative container. - Query the status of the administrative container:
lifseacli container status
FAQ
What do I do if the following error occurs when I connect to the administrative container: UNPROTECTED PRIVATE KEY FILE!?
Symptom
The following error occurs when you connect to the administrative container.
Cause
The private key file can be accessed by other users.
Solution
Run the chmod 400 <ssh-private-key.pem>
command to change the permissions on the private key file. Replace <ssh-private-key.pem>
with the name of your private key file.