terraform-ecs.已注册的容器实例显示为0 [英] terraform-ecs. Registered container instance is showing 0
问题描述
在运行terraform apply时,它正在创建集群,服务,ec2实例.但是已注册的容器实例为0,正在运行的任务计数为0.
On running terraform apply it is creating a cluster, service, ec2 instance. But Registered container instances is 0, running tasks count is 0.
我尝试将ecs.amazonaws.com更改为ec2.amazonaws.com,但是它抛出错误:
I tried changing ecs.amazonaws.com to ec2.amazonaws.com but it is throwing an error:
aws_ecs_service.nginx:InvalidParameterException:无法担当角色并无法验证在负载均衡器上配置的侦听器.请确认所传递的ECS服务角色具有适当的权限.
aws_ecs_service.nginx: InvalidParameterException: Unable to assume role and validate the listeners configured on your load balancer. Please verify that the ECS service role being passed has the proper permissions.
provider "aws" {
region = "us-east-1"
}
resource "aws_ecs_cluster" "demo" {
name = "demo"
}
resource "aws_iam_role" "ecs_elb" {
name = "ecs-elb"
assume_role_policy = <<EOF
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "ecs.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
EOF
}
resource "aws_iam_policy_attachment" "ecs_elb" {
name = "ecs_elb"
roles = ["${aws_iam_role.ecs_elb.id}"]
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole"
}
resource "aws_launch_configuration" "ecs_instance"{
name_prefix = "ecs-instance-"
instance_type = "t2.micro"
image_id = "ami-4fffc834"
}
resource "aws_autoscaling_group" "ecs_cluster_instances"{
availability_zones = ["us-east-1a"]
name = "ecs-cluster-instances"
min_size = 1
max_size = 1
launch_configuration = "${aws_launch_configuration.ecs_instance.name}"
}
resource "aws_ecs_task_definition" "nginx" {
family = "nginx"
container_definitions = <<EOF
[{
"name": "nginx",
"image": "nginx",
"cpu": 1024,
"memory": 768,
"essential": true,
"portMappings": [{"containerPort":80, "hostPort":80}]
}]
EOF
}
resource "aws_ecs_service" "nginx" {
name = "nginx"
cluster = "${aws_ecs_cluster.demo.id}"
task_definition = "${aws_ecs_task_definition.nginx.arn}"
desired_count = 1
iam_role = "${aws_iam_role.ecs_elb.arn}"
load_balancer {
elb_name = "${aws_elb.nginx.id}"
container_name = "nginx"
container_port = 80
}
}
resource "aws_elb" "nginx" {
availability_zones = ["us-east-1a"]
name = "nginx"
listener {
lb_port = 80
lb_protocol = "http"
instance_port = 80
instance_protocol = "http"
}
}
推荐答案
这里有一些建议可以登录 AWS Console :
Here are few suggestions to check in AWS Console:
-
确保您使用的是 Amazon ECS优化的AMI .
基本上,这些实例一旦以root登录,它们应该具有start ecs命令.
Basically these instances, once you login as root, they should have start ecs command.
Terraform示例:
Terraform example:
data "aws_ami" "ecs_ami" {
most_recent = true
owners = ["amazon"]
filter {
name = "name"
values = ["amzn-ami-*-amazon-ecs-optimized"]
}
}
检查EC2是否已启动.
Check whether EC2 are spinned up.
检查ECS代理是否正在EC2实例上运行.
Check whether ECS agent is running on the EC2 instances.
- 以
root身份登录到EC2实例. - 运行
docker ps并检查ecs-agent容器是否正在运行. - 否则,由
start ecs或restart ecs手动启动.
- Login to EC2 instance as
root. - Run
docker psand check for whetherecs-agentcontainer is running. - Otherwise start manually by
start ecsorrestart ecs.
注意:如果您没有docker,start或restart命令,则说明您未使用ECS优化的AMI.
Note: If you don't have docker, start or restart command, you're not using ECS-optimized AMI.
实例终止时.
- 验证ECS代理仍在运行(请检查上面).
- 使用启动配置时,请检查您的用户数据脚本中是否有错误.此外,它将正确的群集添加到
/etc/ecs/ecs.configECS配置文件中.然后启动ECS代理(start ecs). - 通过导航到 EC2运行实例仪表板,选择终止的实例,在实例设置"(菜单)中选择"获取系统日志",来检查终止的实例的系统日志,然后向下滚动至看到任何明显的问题.实例终止后,日志会保留一段时间.
- 检查ECS日志(
tail -f /var/log/ecs/*). - 请参阅:为什么我的Amazon ECS代理被列为断开连接?.
- 检查:如何找到导致EC2自动伸缩组运行状况检查"的原因?失败? (不涉及负载平衡器)
- Verify that ECS agent is still running (check above).
- When using Launch Configurations, check your user data script for errors. Also, that it adds the right cluster to
/etc/ecs/ecs.configECS config file. And it starts ECS agent (start ecs). - Check system logs of terminated instances by navigating to EC2 Running Instances Dashboard, selecting terminated instance, Get System Log in Instance Settings (menu), then scroll down to the bottom to see any obvious issues. The logs are kept for a while after instance is terminated.
- Check the ECS logs (
tail -f /var/log/ecs/*). - See: Why is my Amazon ECS agent listed as disconnected?.
- Check: How do I find the cause of an EC2 autoscaling group "health check" failure? (no load balancer involved)
一旦实例运行了 ECS代理,请确保已将它们分配到正确的集群中.例如
Once instances have ECS agent running, make sure you assigned them into the right cluster. E.g.
root# cat /etc/ecs/ecs.config
ECS_CLUSTER=demo
Note the IAM role of the running EC2 instance, then make sure that AmazonEC2ContainerServiceforEC2Role policy is attached to that role.
在该群集角色的 信任关系 选项卡中,确保将对EC2提供程序的访问权限授予该角色.示例角色信任策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
Terraform示例:
Terraform example:
data "aws_iam_policy_document" "instance" {
provider = "aws.auto-scale-group"
statement {
effect = "Allow"
actions = ["sts:AssumeRole"]
principals {
type = "Service"
identifiers = ["ec2.amazonaws.com"]
}
}
}
请参阅: IAM中AssumeRolePolicyDocument的用途是什么?.
您还需要aws_iam_instance_profile和aws_iam_role,例如
resource "aws_iam_instance_profile" "instance" {
provider = "aws.auto-scale-group"
name = "myproject-profile-instance"
role = "${aws_iam_role.instance.name}"
lifecycle {
create_before_destroy = true
}
}
resource "aws_iam_role" "instance" {
provider = "aws.auto-scale-group"
name = "myproject-role"
path = "/"
assume_role_policy = "${data.aws_iam_policy_document.instance.json}"
lifecycle {
create_before_destroy = true
}
}
现在,您的集群应该已准备就绪.
Now, your cluster should be ready to go.
相关:
这篇关于terraform-ecs.已注册的容器实例显示为0的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
