terraform-ecs。注册的容器实例显示为0

Question

运行时terraform apply它创建一个集群，服务，ec2实例。但注册容器实例为0时，正在运行的任务数为0

我试图改变ecs.amazonaws.com到ec2.amazonaws.com但它抛出一个错误：

aws_ecs_service.nginx: InvalidParameterException: Unable to assume role and validate the listeners configured on your load balancer. Please verify that the ECS service role being passed has the proper permissions.

provider "aws" { 
     region = "us-east-1" 
    } 

    resource "aws_ecs_cluster" "demo" { 
     name = "demo" 
    } 

    resource "aws_iam_role" "ecs_elb" { 
     name = "ecs-elb" 
     assume_role_policy = <<EOF 
    { 
     "Version": "2008-10-17", 
     "Statement": [ 
     { 
      "Sid": "", 
      "Effect": "Allow", 
      "Principal": { 
      "Service": "ecs.amazonaws.com" 
      }, 
      "Action": "sts:AssumeRole" 
     } 
     ] 
    } 
    EOF 
    } 

    resource "aws_iam_policy_attachment" "ecs_elb" { 
     name = "ecs_elb" 
     roles = ["${aws_iam_role.ecs_elb.id}"] 
     policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole" 
    } 

    resource "aws_launch_configuration" "ecs_instance"{ 
     name_prefix = "ecs-instance-" 
     instance_type = "t2.micro" 
     image_id = "ami-4fffc834" 
    } 

    resource "aws_autoscaling_group" "ecs_cluster_instances"{ 
     availability_zones = ["us-east-1a"] 
     name = "ecs-cluster-instances" 
     min_size = 1 
     max_size = 1 
     launch_configuration = "${aws_launch_configuration.ecs_instance.name}" 
    } 

    resource "aws_ecs_task_definition" "nginx" { 
     family = "nginx" 
     container_definitions = <<EOF 
     [{ 
     "name": "nginx", 
     "image": "nginx", 
     "cpu": 1024, 
     "memory": 768, 
     "essential": true, 
     "portMappings": [{"containerPort":80, "hostPort":80}] 
     }] 
     EOF 
    } 

    resource "aws_ecs_service" "nginx" { 
     name = "nginx" 
     cluster = "${aws_ecs_cluster.demo.id}" 
     task_definition = "${aws_ecs_task_definition.nginx.arn}" 
     desired_count = 1 
     iam_role = "${aws_iam_role.ecs_elb.arn}" 
     load_balancer { 
      elb_name = "${aws_elb.nginx.id}" 
      container_name = "nginx" 
      container_port = 80 
     } 
    } 
    resource "aws_elb" "nginx" { 
     availability_zones = ["us-east-1a"] 
     name = "nginx" 
     listener { 
      lb_port = 80 
      lb_protocol = "http" 
      instance_port = 80 
      instance_protocol = "http" 
     } 
    } 

Answer 1

排除故障ECS问题，你可以按照下面的步骤。

1. 点击服务名称nginx，检查是否有任何任务处于pending状态。如果你看到，通常有很多stopped任务。

这意味着容器不健康。

1. 单击服务名称，事件，检查是否存在任何错误事件以帮助您执行故障排除。

2. 如果列表中有任何实例，请点击ECS instances。如果不是，则表示EC2实例未成功注册到ECS集群。

如果使用AWS ECS AMI，应该没问题。但是，如果你使用自己的AMI，你需要添加下面的userdata脚本

ECS-userdata.tpl

#!/bin/bash 
echo "ECS_CLUSTER=${ecs_cluster_name}" >> /etc/ecs/ecs.config 

更新terraform代码：

data "template_file" "ecs_user_data" { 

    template = "file("ecs-userdata.tpl") }" 

    vars { 
    ecs_cluster_name = "${var.ecs_cluster_name}" 
    } 
} 


resource "aws_launch_configuration" "demo" { 
    ... 
    user_data = "${data.template_file.ecs_user_data.rendered}" 
    ... 
} 

启用docker容器日志，最简单的方法是将日志发送到aws cloudwatch。

先加入以下资源。

resource "aws_cloudwatch_log_group" "app_logs" { 
    name    = "demo" 
    retention_in_days = 14 
} 

然后将下面的代码添加到任务定义中。

"logConfiguration": { 
    "logDriver": "awslogs", 
    "options": { 
    "awslogs-group": "${aws_cloudwatch_log_group.app_logs.name}", 
    "awslogs-region": "${var.region}" 
    } 
}, 

你申请变更后，去cloudwatch，日志，检查是否有任何错误日志。

到 ["ecs.amazonaws.com", "ec2.amazonaws.com"] "Principal": { "Service": ["ecs.amazonaws.com", "ec2.amazonaws.com"] },

变化IAM角色希望这些步骤是对你有帮助。

未来阅读：

Launching an Amazon ECS Container Instance