要使用 ECS,需要先有 Cluster,然後才在 Cluster 中建立 Containers,在 Container 中才去開 task 運行服務
Create Cluster
先到 ECS 的介面,選擇 Cluster 去建立一個新的 Cluster,Cluster name 輸入完以後可以直接建立
不填寫其他項目的話勾選 Create an empty cluster
如此會建立一個不含任何 container instance 的 cluster
如果建立的不是 empty cluster,則預設會建立個 EC2 instance 到這個 cluster
可以發現後面也是用到 CloudFormation 來建構基礎架構
Launch Container Instance into cluster
http://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_container_instance.html
這裡我們直接到 EC2 console 去建立一個 instance,其中在 Step 3: Configure Instance Details 的地方:
1. 在 IAM 選 ecsInstanceRole
2. 在下面的 Advanced Details 設定 User data
#!/bin/bash
echo ECS_CLUSTER=[CLUSTER_NAME] >> /etc/ecs/ecs.config # 不可以寫成 ecs_config 喔!這邊只要一個地方寫錯,就會自動變成開到 default cluster (原本沒有 default cluster 就會自動建立一個),而不是我們自己開的 cluster
- Windows 的話是:
shell
<powershell>
Import-Module ECSTools
Initialize-ECSAgent -Cluster ‘[CLUSTER_NAME]’ -EnableTaskIAMRole
</powershell>接著就一路 launch
NOTICE 1
etc/ecs/ecs.confog 這是 Optimized Linux 已經開好的檔案[由安裝 ecs-init 建立),使用別的 AMI 建立的 instance 沒有這個檔案,所以如果是其他 AMI 得話這步驟可以跳過,啟動 instance 後在 `sudo start ecs`[1] 之前再自己去建立並且填入資料
NOTICE 2
正常來說應該這樣就會在 Cluster 那邊見到有一個 Registered Container instances 了,但是卻沒有
Troubleshooting 的方式我們可以先 ssh 進去這個 instance
照理來說應該已經註冊了
我們去看 /var/log/ecs/ecs-init.log
bash
[ec2-user@ip-172–31–20–243 ~]$ cat /var/log/ecs/ecs-init.log
2017–11–21T09:07:12Z [INFO] Starting Amazon EC2 Container Service Agent
2017–11–21T09:07:14Z [INFO] Agent exited with code 1
2017–11–21T09:07:14Z [INFO] Container name: /ecs-agent
2017–11–21T09:07:14Z [INFO] Removing existing agent container ID: 3c5290616ea532736f2d8d02465b223a0d148eea4741b3453b7381f3ff563f26
2017–11–21T09:07:14Z [INFO] Starting Amazon EC2 Container Service Agent
2017–11–21T09:07:15Z [INFO] Agent exited with code 1
2017–11–21T09:07:15Z [INFO] Container name: /ecs-agent
2017–11–21T09:07:15Z [INFO] Removing existing agent container ID: 2f946d1903237e5380387032faef443e6a649e11f1066e7bceb7257420321949
2017–11–21T09:07:15Z [INFO] Starting Amazon EC2 Container Service Agent
2017–11–21T09:07:15Z [INFO] Agent exited with code 1
2017–11–21T09:07:15Z [INFO] Container name: /ecs-agent
2017–11–21T09:07:15Z [INFO] Removing existing agent container ID: 7d68f5125d14e73b820ce1eeef48f933c564e6ced416512ce7728ee61154ce2c
2017–11–21T09:07:15Z [INFO] Starting Amazon EC2 Container Service Agent
2017–11–21T09:07:16Z [INFO] Agent exited with code 1
2017–11–21T09:07:16Z [INFO] Container name: /ecs-agent
2017–11–21T09:07:16Z [INFO] Removing existing agent container ID: 8f69f81fa411317e28864da8a536b031cc2cc1bfbc6936400eb8e8b44abed603
2017–11–21T09:07:16Z [INFO] Starting Amazon EC2 Container Service Agent
.
.
.
可以發現一直是以 code 1 結束 (return 0 才是正常結束),接著我們去看 agent log:
$ [ec2-user@ip-172–31–20–243 ~]$ cat /var/log/ecs/ecs-agent.log.2017–11–21–09
For verbose messaging see aws.Config.CredentialsChainVerboseErrors
2017–11–21T09:11:50Z [INFO] Registering Instance with ECS
2017–11–21T09:11:50Z [ERROR] Could not register: NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors
2017–11–21T09:11:50Z [CRITICAL] Could not create cluster: NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors
2017–11–21T09:11:50Z [ERROR] Error registering: NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors
2017–11–21T09:11:51Z [INFO] Loading configuration
2017–11–21T09:11:51Z [INFO] Loading state! module=”statemanager”
2017–11–21T09:11:51Z [INFO] Event stream ContainerChange start listening…
2017–11–21T09:11:51Z [WARN] Error getting valid credentials (AKID ): NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors
2017–11–21T09:11:51Z [INFO] Registering Instance with ECS
2017–11–21T09:11:51Z [ERROR] Could not register: NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors
2017–11–21T09:11:51Z [CRITICAL] Could not create cluster: NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors
2017–11–21T09:11:51Z [ERROR] Error registering: NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors
.
.
.一直都是 CredntialsChainVerboseErrors,就知道是權限沒有給,要到 EC2 去 Attach IAM Role `ecsInstancerole`
attach 後 cluster 那邊馬上就會更新了
NOTICE 3
如果是用一般的 AMI 起的 EC2 instance,到了 attach IAM role 完還是會沒有出現在 ECS cluster 中,這就是為什麼推薦使用 ECS optimized AMI 的原因
EC2 instance 要成為 Container instance 跑在 ECS 能管得到的 cluster 上,需要再 instance 中安裝 ECS agent,因為這個 AMI 已經安裝好 ECS agent,這樣你就不需要自己安裝 agent 了
**Use non-ECS optimized Amazon Linux AMI 起 Instance 加入 Cluster 完整步驟**
參考 Install ECS agent (both Amazon Linux or non-Amazon Linux) — https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-install.html
1. 以一般方式起 Instance
2. 到 EC2 console 將 ecsInstanceRole 這個 IAM policy attach 到這個 instance
3. 連線進入這個 EC2 instance
4. sudo yum install -y ecs-init
5. touch /etc/ecs/ecs.config,然後 vim /etc/ecs/ecs.config 並且填入 ECS_CLUSTER=<指定的 cluster name>
6. sudo service docker start
7. sudo start ecs
NOTICE 4
Windows 的 EC2 instance 註冊到 Cluster 需要一段時間 (5~10 min)
ecsInstanceRole IAM Role
{
“Version”: “2012–10–17”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: [
“ecs:CreateCluster”,
“ecs:DeregisterContainerInstance”,
“ecs:DiscoverPollEndpoint”,
“ecs:Poll”,
“ecs:RegisterContainerInstance”,
“ecs:StartTelemetrySession”,
“ecs:Submit*”,
“ecr:GetAuthorizationToken”,
“ecr:BatchCheckLayerAvailability”,
“ecr:GetDownloadUrlForLayer”,
“ecr:BatchGetImage”,
“logs:CreateLogStream”,
“logs:PutLogEvents”
],
“Resource”: “*”
}
]
}