terraform-ecs.注册的容器实例显示为 0 [英] terraform-ecs. Registered container instance is showing 0
问题描述
在运行 terraform apply 时,它正在创建一个集群、服务、ec2 实例.但是注册的容器实例为0,运行任务数为0.
On running terraform apply it is creating a cluster, service, ec2 instance. But Registered container instances is 0, running tasks count is 0.
我尝试将 ecs.amazonaws.com 更改为 ec2.amazonaws.com 但它抛出错误:
I tried changing ecs.amazonaws.com to ec2.amazonaws.com but it is throwing an error:
aws_ecs_service.nginx:InvalidParameterException:无法承担角色并验证负载均衡器上配置的侦听器.请验证所传递的 ECS 服务角色是否具有适当的权限.
aws_ecs_service.nginx: InvalidParameterException: Unable to assume role and validate the listeners configured on your load balancer. Please verify that the ECS service role being passed has the proper permissions.
provider "aws" {
region = "us-east-1"
}
resource "aws_ecs_cluster" "demo" {
name = "demo"
}
resource "aws_iam_role" "ecs_elb" {
name = "ecs-elb"
assume_role_policy = <<EOF
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "ecs.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
EOF
}
resource "aws_iam_policy_attachment" "ecs_elb" {
name = "ecs_elb"
roles = ["${aws_iam_role.ecs_elb.id}"]
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole"
}
resource "aws_launch_configuration" "ecs_instance"{
name_prefix = "ecs-instance-"
instance_type = "t2.micro"
image_id = "ami-4fffc834"
}
resource "aws_autoscaling_group" "ecs_cluster_instances"{
availability_zones = ["us-east-1a"]
name = "ecs-cluster-instances"
min_size = 1
max_size = 1
launch_configuration = "${aws_launch_configuration.ecs_instance.name}"
}
resource "aws_ecs_task_definition" "nginx" {
family = "nginx"
container_definitions = <<EOF
[{
"name": "nginx",
"image": "nginx",
"cpu": 1024,
"memory": 768,
"essential": true,
"portMappings": [{"containerPort":80, "hostPort":80}]
}]
EOF
}
resource "aws_ecs_service" "nginx" {
name = "nginx"
cluster = "${aws_ecs_cluster.demo.id}"
task_definition = "${aws_ecs_task_definition.nginx.arn}"
desired_count = 1
iam_role = "${aws_iam_role.ecs_elb.arn}"
load_balancer {
elb_name = "${aws_elb.nginx.id}"
container_name = "nginx"
container_port = 80
}
}
resource "aws_elb" "nginx" {
availability_zones = ["us-east-1a"]
name = "nginx"
listener {
lb_port = 80
lb_protocol = "http"
instance_port = 80
instance_protocol = "http"
}
}
推荐答案
以下是一些检查 AWS 控制台的建议:
Here are few suggestions to check in AWS Console:
确保您使用的是 Amazon ECS- 优化的 AMI.
基本上这些实例,一旦你以 root 登录,它们应该有 start ecs 命令.
Basically these instances, once you login as root, they should have start ecs command.
地形示例:
data "aws_ami" "ecs_ami" {
most_recent = true
owners = ["amazon"]
filter {
name = "name"
values = ["amzn-ami-*-amazon-ecs-optimized"]
}
}
检查 EC2 是否已启动.
Check whether EC2 are spinned up.
检查 ECS 代理是否正在 EC2 实例上运行.
Check whether ECS agent is running on the EC2 instances.
- 以
root身份登录 EC2 实例. - 运行
docker ps并检查ecs-agent容器是否正在运行. - 否则通过
start ecs或restart ecs手动启动.
- Login to EC2 instance as
root. - Run
docker psand check for whetherecs-agentcontainer is running. - Otherwise start manually by
start ecsorrestart ecs.
注意:如果您没有 docker、start 或 restart 命令,则您没有使用 ECS 优化AMI.
Note: If you don't have docker, start or restart command, you're not using ECS-optimized AMI.
当实例终止时.
- 验证 ECS 代理是否仍在运行(检查上面的内容).
- 使用启动配置时,请检查您的用户数据脚本是否有错误.此外,它将正确的集群添加到
/etc/ecs/ecs.configECS 配置文件.然后启动 ECS 代理(start ecs). - 通过导航到 EC2 运行实例仪表板,选择终止的实例,在实例设置(菜单)中获取系统日志,然后向下滚动到底部看到任何明显的问题.实例终止后,日志会保留一段时间.
- 检查 ECS 日志 (
tail -f/var/log/ecs/*). - 请参阅:为什么我的 Amazon ECS 代理被列为断开连接?.
- 检查:如何找到 EC2 自动扩展组健康检查"的原因?失败?(不涉及负载平衡器)
- Verify that ECS agent is still running (check above).
- When using Launch Configurations, check your user data script for errors. Also, that it adds the right cluster to
/etc/ecs/ecs.configECS config file. And it starts ECS agent (start ecs). - Check system logs of terminated instances by navigating to EC2 Running Instances Dashboard, selecting terminated instance, Get System Log in Instance Settings (menu), then scroll down to the bottom to see any obvious issues. The logs are kept for a while after instance is terminated.
- Check the ECS logs (
tail -f /var/log/ecs/*). - See: Why is my Amazon ECS agent listed as disconnected?.
- Check: How do I find the cause of an EC2 autoscaling group "health check" failure? (no load balancer involved)
一旦实例运行了 ECS 代理,请确保将它们分配到正确的集群中.例如
Once instances have ECS agent running, make sure you assigned them into the right cluster. E.g.
root# cat /etc/ecs/ecs.config
ECS_CLUSTER=demo
注意正在运行的 EC2 实例的 IAM 角色,然后确保 AmazonEC2ContainerServiceforEC2Role 策略附加到该角色.
Note the IAM role of the running EC2 instance, then make sure that AmazonEC2ContainerServiceforEC2Role policy is attached to that role.
在该集群角色的信任关系选项卡中,确保向该角色授予对 EC2 提供商的访问权限.示例角色信任策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
地形示例:
data "aws_iam_policy_document" "instance" {
provider = "aws.auto-scale-group"
statement {
effect = "Allow"
actions = ["sts:AssumeRole"]
principals {
type = "Service"
identifiers = ["ec2.amazonaws.com"]
}
}
}
请参阅:IAM 中 AssumeRolePolicyDocument 的用途是什么?.
您还需要 aws_iam_instance_profile 和 aws_iam_role,例如
You also need aws_iam_instance_profile and aws_iam_role, e.g.
resource "aws_iam_instance_profile" "instance" {
provider = "aws.auto-scale-group"
name = "myproject-profile-instance"
role = "${aws_iam_role.instance.name}"
lifecycle {
create_before_destroy = true
}
}
resource "aws_iam_role" "instance" {
provider = "aws.auto-scale-group"
name = "myproject-role"
path = "/"
assume_role_policy = "${data.aws_iam_policy_document.instance.json}"
lifecycle {
create_before_destroy = true
}
}
现在,您的集群应该可以使用了.
Now, your cluster should be ready to go.
相关:
这篇关于terraform-ecs.注册的容器实例显示为 0的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
