terraform-ecs。注册的容器实例显示为0
问题描述:
运行时terraform apply
它创建一个集群,服务,ec2实例。但注册容器实例为0时,正在运行的任务数为0terraform-ecs。注册的容器实例显示为0
我试图改变ecs.amazonaws.com
到ec2.amazonaws.com
但它抛出一个错误:
aws_ecs_service.nginx: InvalidParameterException: Unable to assume role and validate the listeners configured on your load balancer. Please verify that the ECS service role being passed has the proper permissions.
provider "aws" {
region = "us-east-1"
}
resource "aws_ecs_cluster" "demo" {
name = "demo"
}
resource "aws_iam_role" "ecs_elb" {
name = "ecs-elb"
assume_role_policy = <<EOF
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "ecs.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
EOF
}
resource "aws_iam_policy_attachment" "ecs_elb" {
name = "ecs_elb"
roles = ["${aws_iam_role.ecs_elb.id}"]
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole"
}
resource "aws_launch_configuration" "ecs_instance"{
name_prefix = "ecs-instance-"
instance_type = "t2.micro"
image_id = "ami-4fffc834"
}
resource "aws_autoscaling_group" "ecs_cluster_instances"{
availability_zones = ["us-east-1a"]
name = "ecs-cluster-instances"
min_size = 1
max_size = 1
launch_configuration = "${aws_launch_configuration.ecs_instance.name}"
}
resource "aws_ecs_task_definition" "nginx" {
family = "nginx"
container_definitions = <<EOF
[{
"name": "nginx",
"image": "nginx",
"cpu": 1024,
"memory": 768,
"essential": true,
"portMappings": [{"containerPort":80, "hostPort":80}]
}]
EOF
}
resource "aws_ecs_service" "nginx" {
name = "nginx"
cluster = "${aws_ecs_cluster.demo.id}"
task_definition = "${aws_ecs_task_definition.nginx.arn}"
desired_count = 1
iam_role = "${aws_iam_role.ecs_elb.arn}"
load_balancer {
elb_name = "${aws_elb.nginx.id}"
container_name = "nginx"
container_port = 80
}
}
resource "aws_elb" "nginx" {
availability_zones = ["us-east-1a"]
name = "nginx"
listener {
lb_port = 80
lb_protocol = "http"
instance_port = 80
instance_protocol = "http"
}
}
答
排除故障ECS问题,你可以按照下面的步骤。
- 点击服务名称
nginx
,检查是否有任何任务处于pending
状态。如果你看到,通常有很多stopped
任务。
这意味着容器不健康。
单击服务名称,事件,检查是否存在任何错误事件以帮助您执行故障排除。
如果列表中有任何实例,请点击
ECS instances
。如果不是,则表示EC2实例未成功注册到ECS集群。
如果使用AWS ECS AMI,应该没问题。但是,如果你使用自己的AMI,你需要添加下面的userdata脚本
ECS-userdata.tpl
#!/bin/bash
echo "ECS_CLUSTER=${ecs_cluster_name}" >> /etc/ecs/ecs.config
更新terraform代码:
data "template_file" "ecs_user_data" {
template = "file("ecs-userdata.tpl") }"
vars {
ecs_cluster_name = "${var.ecs_cluster_name}"
}
}
resource "aws_launch_configuration" "demo" {
...
user_data = "${data.template_file.ecs_user_data.rendered}"
...
}
- 启用docker容器日志,最简单的方法是将日志发送到aws cloudwatch。
- 变化IAM角色希望这些步骤是对你有帮助。
先加入以下资源。
resource "aws_cloudwatch_log_group" "app_logs" {
name = "demo"
retention_in_days = 14
}
然后将下面的代码添加到任务定义中。
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "${aws_cloudwatch_log_group.app_logs.name}",
"awslogs-region": "${var.region}"
}
},
你申请变更后,去cloudwatch
,日志,检查是否有任何错误日志。
-
到
["ecs.amazonaws.com", "ec2.amazonaws.com"]
"Principal": { "Service": ["ecs.amazonaws.com", "ec2.amazonaws.com"] },
未来阅读:
没有任务在挂起/停止状态。云手表中也没有生成日志。 –
服务中的事件:服务nginx无法放置任务,因为没有容器实例满足其所有要求。原因:在群集中找不到容器实例。有关更多信息 –
好的,这意味着没有ec2实例被添加到该ecs集群。 'ami-4fffc834'属于AWS ecs镜像,如果你使用自己的AMI镜像,你需要自定义'user-data'来启动它自己添加到ecs集群 – BMW