将 efs 卷添加到 ecs fargate [英] Add efs volume to ecs fargate
问题描述
我想将 EFS 与 Fargate 一起使用,但在任务启动时出现此错误:
I want use EFS with fargate but I have this error when the task start:
ResourceInitializationError: failed to invoke EFS utils commands to set up EFS volumes: stderr: Failed to resolve "fs-xxxxx.efs.eu-west-1.amazonaws.com" - check that your file system ID is correct
我已经检查了文件系统 ID,它是正确的...如何获得有关此错误的更多信息?会不会和安全组有关?
I have checked the file system ID, it is corrects...how can I have more info about this error? Could it be related to the security groups?
这是我在 terraform 中使用的代码,我为两个可用区使用了两个挂载点:
This is the code that I use with terraform, I use two mount points for the two availability zones:
resource "aws_efs_file_system" "efs_apache" {
}
resource "aws_efs_mount_target" "efs-mount" {
count = 2
file_system_id = aws_efs_file_system.efs_apache.id
subnet_id = sort(var.subnet_ids)[count.index]
security_groups = [aws_security_group.efs.id]
}
resource "aws_efs_access_point" "efs-access-point" {
file_system_id = aws_efs_file_system.efs_apache.id
}
resource "aws_security_group" "efs" {
name = "${var.name}-efs-sg"
description = "Allow traffic from self"
vpc_id = var.vpc_id
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 2049
to_port = 2049
protocol = "tcp"
security_groups = [aws_security_group.fargate_sg.id]
}
}
这是 Fargate 服务:
this is the fargate service:
resource "aws_ecs_task_definition" "task_definition" {
family = var.name
requires_compatibilities = ["FARGATE"]
network_mode = "awsvpc"
execution_role_arn = aws_iam_role.task_execution_role.arn
task_role_arn = aws_iam_role.task_role.arn
cpu = var.cpu
memory = var.memoryHardLimit
volume {
name = "efs-apache"
efs_volume_configuration {
file_system_id = aws_efs_file_system.efs_apache.id
root_directory = "/"
transit_encryption = "ENABLED"
authorization_config {
access_point_id = aws_efs_access_point.efs-access-point.id
iam = "ENABLED"
}
}
}
depends_on = [aws_efs_file_system.efs_apache]
container_definitions = <<EOF
[
{
"name": "${var.name}",
"image": "${data.aws_caller_identity.current.account_id}.dkr.ecr.${data.aws_region.current.name}.amazonaws.com/${lower(var.project_name)}_app:latest",
"memory": ${var.memoryHardLimit},
"memoryReservation": ${var.memorySoftLimit},
"cpu": ${var.cpu},
"essential": true,
"command": [
"/bin/sh -c "/app/start.sh"
],
"entryPoint": [
"sh",
"-c"
],
"mountPoints": [
{
"containerPath": "/var/www/sites_json",
"sourceVolume": "efs-apache",
"readOnly": false
}
],
"portMappings": [
{
"containerPort": ${var.docker_container_port},
"hostPort": ${var.docker_container_port}
}
],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "${var.name}-Task-LogGroup",
"awslogs-region": "${data.aws_region.current.name}",
"awslogs-stream-prefix": "ecs"
}
}
}
]
EOF
}
我该如何解决?
推荐答案
确保您已在 VPC 中启用 DNS 解析和 DNS 主机名.EFS 需要启用这两个选项才能工作,因为它依赖 DNS 主机名来解析连接.这让我停留了一段时间,因为 Internet 上的大多数文档都关注此错误的安全组.
Make sure you have enabled DNS Resolution and DNS hostnames in your VPC. EFS needs both these options enabled to work since it relies on the DNS hostname to resolve the connection. This had me stuck for a while since most documentation on the internet focuses on the security groups for this error.
terraform AWS 提供商资源 aws_vpc 默认设置 enable_dns_hostnames = false,因此您需要将其显式设置为 true.您的 terraform VPC 配置应如下所示:
The terraform AWS provider resource aws_vpc sets enable_dns_hostnames = false by default, so you'll need to explicitly set it to true. Your terraform VPC config should look something like this:
resource "aws_vpc" "main" {
cidr_block = "10.255.248.0/22"
enable_dns_hostnames = true
}
这篇关于将 efs 卷添加到 ecs fargate的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
