New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ECSRun
fails with boto InvalidParameterException
needs awsvpc network mode
#4243
Comments
Additional info reported at https://prefect-community.slack.com/archives/CL09KU1K7/p1615830767346000 latest task definition
with 0.14.6
|
From what I can tell the task definition submitted to ECS for 0.14.12 differs significantly from the task definition submitted for versions < 0.14.12. Given this simple flow:
Here is the task definition for 0.14.11 submitted by the Agent via boto3:
Here is the task definition for 0.14.12 submitted by the Agent via boto3:
The most significant changes in my view are the missing execution role and task role arns and compatibilities section. From what I can tell, if the executionRoleArn is not populated the compatibilities section automatically complied by ECS will only have "EC2" as an option. Submitting an executionRoleArn, even a phony one will get ECS to add "FARAGE" to the compatibilities section. I can work-around this issue by manually adding a task definition to the run config as shown below:
Please note that the task execution role specified above DOES NOT EXIST, yet works. In addition, there was some question about how the ECS/Fargate cluster was created. Originally we had created the cluster manually via the CLI. We did update our cluster definition to include the FARGATE and FARGATE_SPOT capacity providers and we added a default capacity provider strategy. None of those changes made any difference. We also went back and created a new cluster using the "Getting Started" UI flow from the AWS console. This also didn't make any difference. Lastly, on a lark, we changed our task execution role to be exactly "ecsTaskExecutionRole" thinking there might be some magic in the naming and that also didn't make any difference. To be complete with information here is our Agent Dockerfile:
Here is the agent.py:
Here is the ECS cluster description:
|
* Update CDK * Upgrade CDK * Add Dockerfile for ECS Agent * Add base bakery stack to deploy a cluster with 1 ECS agent running * Add instructions on creating RUNNER TOKEN secret pre-deployment * Upgrade prefect, add example flow * Refactor out permissions for ecs tasks into a specific role * Add ECS Run as we need to specify the image ECS users * Begin to add DaskExecutor to Flow - Need to build a image with Dask deps * Split out agent and worker docker images * Import container from ecr repository that is pre-populated * Migrate ECSRun to use dynamic task definition ref PrefectHQ/prefect/issues/4243 * Install dev deps via make due to pipenv locking bugs. Temporary hack. * Include dask-cloudprovider dependencies in worker image. * Stack role and export updates to support a DaskExecutor in test Flow. * Inclued agent label environment variable for deployment. * Initial test flow to validate DaskExecutor functionality. * Add additional bucket for processing cache and target output. * Add full zarr transform flow and move test flows to flow_test directory. * Include deps for transform_flow to avoid pipenv locking issue. * Add necessary dependencies for transform_flow execution by Dask workers. * Move test flows to flow_test. * Include local path for importing Flow tasks. * Fix linting issues. * Consolidate stack output value retrieval. * Move dev dependencies into Pipfile. * Propagate stack and flow tags to dynamically created ECS tasks. * Pin version of Github Actions ubuntu to support pipenv install. * Update directory paths for linting. * isort linting fixes. * Black formatting fixes. * Pin dependencies used by test flows. * Include detailed descriptions of new environment variables. * Update ids and stack exports to correctly use identifier in formatting. * Remove legacy comments from test flows and flow utils. * Add pre-commit hooks for linting and direct fixes. * Linting and formatting fixes to conform to pre-commit specs. Co-authored-by: Ciaran Evans <ciaran@developmentseed.org>
Opened from the Prefect Public Slack Community
leeca.jinlee: Hello all, trying out the latest Prefect version
0.14.12
Running into this error when attempting to run a flow using ECS agent and ECSRun:
botocore.errorfactory.InvalidParameterException: An error occurred (InvalidParameterException) when calling the RunTask operation: Task definition does not support launch_type FARGATE.
I have a working config for prefect agent that executes the flow without errors. However, this involves creating a
task-definitions.yaml
:task-definitions.yaml
The flow runs without errors, so the error is not due to IAM permissions.
However, when running the ECS Agent using the
--task-role-arn
and--execution-role-arn
CLI args, I run into the above-mentioned error. I have also tried running Prefect agent using--launch-type FARGATE
, which I believe is the default and does not need to be specified, but this does not work too.I have also tried to pass in
task_role_arn
andexecution_role_arn
into the ECSRun() function within my flow, and ran into the same error.Is there any way to run ECS Agent using CLI args without using the task-definition file?
leeca.jinlee: In the AWS docs for Task Definition, under <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-networkmode|Network Mode>, it says:
> If you are using the Fargate launch type, the
awsvpc
network mode is required.However, it does not seem that there is a cli arg to pass to
prefect agent ecs start
.I have also tried passing in a
networkConfiguration
dict torun_task_kwargs
arg in ECSRun():Still running into the same error. Seems that the agent needs to know about
awsvpc
as the network mode, but there doesn't seem to be a way to tell it without using a task definitions filemichael054: Hey <@U01AYG8QZ4Y>, thanks for the thorough explanation. I'm going to open an issue for this in the Prefect Core repo as this looks like it may need a PR to address. <@ULVA73B9P> open "
ECSRun
fails with botoInvalidParameterException
needs awsvpc network mode"Original thread can be found here.
The text was updated successfully, but these errors were encountered: