Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ECS creates local volume even though rexray/ebs is specified #1052

Open
georgeshanti opened this issue Aug 25, 2020 · 0 comments
Open

ECS creates local volume even though rexray/ebs is specified #1052

georgeshanti opened this issue Aug 25, 2020 · 0 comments
Labels
Proposed Community submitted issue

Comments

@georgeshanti
Copy link

TL;DR: I'm trying to use a EBS volume in an ECS service using the rexray/ebs driver but ECS is starting the task with the 'local' driver.

I'm trying to create a ecs service that will use an existing EBS volume as a means of persistent storage. The image is 'Ghost', an open source blogging service. It stores images and other media like themes in the folder /var/lib/ghost/content. I created an EBS volume named loop-content and set the ECS Tasks volume driver to rexray/ebs but the container still gets started with the local driver.

Just to be sure the rexray/ebs driver worked, I started up an ubuntu image and mapped the volume to /loop-content and it worked fined. All the data that was on the volume was now accessible on the running ubuntu container.

Just so we're clear, I've done all the setup to make rexray work on the container instance because I was able to mount the EBS volume onto the ubuntu docker container and access all the data on it.

{
    "Parameters": {
        "GhostVolume": {
            "Type": "String",
            "Description": "Ghost content volume name"
        },
        "ClusterStackName": {
            "Type": "String",
            "Description": "ECS Cluster stack name"
        },
        "NetworkStackName": {
            "Type": "String",
            "Description": "Stack name of the Network"
        },
        "SSLCertificate": {
            "Type": "String",
            "Description": "SSL Certificate ARN"
        }
    },
    "Resources": {
        "Service": {
            "Type" : "AWS::ECS::Service",
            "Properties" : {
                "Cluster" : { "Fn::ImportValue": { "Fn::Sub": ["${ClusterStackName}:ClusterArn", { "ClusterStackName": { "Ref": "ClusterStackName" } } ] } },
                "DeploymentConfiguration" : {
                    "MaximumPercent" : 200,
                    "MinimumHealthyPercent" : 100
                },
                "DeploymentController" : {
                    "Type" : "ECS"
                },
                "DesiredCount" : 1,
                "HealthCheckGracePeriodSeconds" : 10,
                "LaunchType" : "EC2",
                "LoadBalancers" : [
                    {
                        "ContainerName" : "ghost_container",
                        "ContainerPort" : 2368,
                        "TargetGroupArn": { "Ref": "TargetGroup" }
                    }
                ],
                "Role" : { "Ref": "ServiceRole" },
                "TaskDefinition" : { "Ref": "Task" }
            },
            "DependsOn": [ "LoadBalancerListener", "TargetGroup", "Task", "ServiceRole" ]
        },

        "LoadBalancerListener": {
            "Type": "AWS::ElasticLoadBalancingV2::Listener",
            "Properties": {
                "DefaultActions": [
                    {
                        "Type": "forward",
                        "TargetGroupArn": { "Ref": "TargetGroup" }
                    }
                ],
                "LoadBalancerArn": { "Ref": "LoadBalancer" },
                "Port": 443,
                "Protocol": "HTTPS",
                "SslPolicy": "ELBSecurityPolicy-2016-08",
                "Certificates": [
                    { "CertificateArn" : { "Ref": "SSLCertificate" } }
                ]
            },
            "DependsOn": [ "LoadBalancer", "TargetGroup" ]
        },

        "TargetGroup": {
            "Type" : "AWS::ElasticLoadBalancingV2::TargetGroup",
            "Properties" : {
                "HealthCheckEnabled" : "true",
                "HealthCheckIntervalSeconds" : 30,
                "HealthCheckPath" : "/",
                "HealthCheckPort" : "traffic-port",
                "HealthCheckProtocol" : "HTTP",
                "HealthCheckTimeoutSeconds" : 5,
                "HealthyThresholdCount" : 2,
                "Name" : "ghost-target-group",
                "Protocol" : "HTTP",
                "Port": 8080,
                "TargetType" : "instance",
                "VpcId" : { "Fn::ImportValue": { "Fn::Sub": [ "${NetworkStackName}:Vpc", { "NetworkStackName": { "Ref": "NetworkStackName"} } ] } }
            }
        },

        "LoadBalancer" : {
            "Type" : "AWS::ElasticLoadBalancingV2::LoadBalancer",
            "Properties" : {
                "Name": { "Fn::Sub": [ "${StackName}-load-balance", { "StackName": { "Ref": "AWS::StackName" } } ] },
                "Subnets" : [
                    { "Fn::ImportValue": { "Fn::Sub": ["${NetworkStackName}:PublicSubnet1", { "NetworkStackName": { "Ref": "NetworkStackName" } } ] } },
                    { "Fn::ImportValue": { "Fn::Sub": ["${NetworkStackName}:PublicSubnet2", { "NetworkStackName": { "Ref": "NetworkStackName" } } ] } }
                ],
                "SecurityGroups": [
                    { "Ref": "SecurityGroup" }
                ],
                "Type": "application"
            },
            "DependsOn": [ "SecurityGroup" ]
        },

        "SecurityGroup": {
            "Type": "AWS::EC2::SecurityGroup",
            "Properties": {
                "VpcId": { "Fn::ImportValue" : { "Fn::Sub" : [ "${NetworkStackName}:Vpc", { "NetworkStackName": { "Ref": "NetworkStackName" } } ] } },
                "GroupDescription": "Security group for cluster instances",
                "SecurityGroupEgress": [
                    {
                        "CidrIp": "0.0.0.0/0",
                        "IpProtocol": "-1"
                    }
                ],
                "SecurityGroupIngress": [
                    {
                        "CidrIp": "0.0.0.0/0",
                        "IpProtocol": "tcp",
                        "FromPort": "443",
                        "ToPort": "443"
                    }
                ],
                "Tags": [ 
                    { "Key": "Name", "Value": { "Fn::Sub": [ "${StackName}-alb-secuirty-group", { "StackName": { "Ref": "AWS::StackName" } } ] } }
                ]
            }
        },

        "Task": {
            "Type": "AWS::ECS::TaskDefinition",
            "Properties" : {
                "Family": "loop-task",
                "ContainerDefinitions": [
                    {
                        "Name": "ghost_container",
                        "Environment": [
                            { "Name": "database__client", "Value": "mysql" },
                            { "Name": "database__connection__database", "Value": "*****" },
                            { "Name": "database__connection__host", "Value": "*****" },
                            { "Name": "database__connection__password", "Value": "*****" },
                            { "Name": "database__connection__user", "Value": "*****" },
                            { "Name": "mail__from", "Value": "*****" },
                            { "Name": "mail__options__auth__pass", "Value": "*****" },
                            { "Name": "mail__options__auth__user", "Value": "*****" },
                            { "Name": "mail__options__host", "Value": "smtp.gmail.com" },
                            { "Name": "mail__options__port", "Value": "465" },
                            { "Name": "mail__options__secure", "Value": "true" },
                            { "Name": "mail__options__service", "Value": "gmail" },
                            { "Name": "mail__transport", "Value": "SMTP" },
                            { "Name": "url", "Value": "*****" }
                        ],
                        "Image": "ghost:latest",
                        "Essential": "true",
                        "MountPoints": [
                            {
                                "ContainerPath": "/var/lib/ghost/content",
                                "SourceVolume": { "Ref": "GhostVolume" }
                            }
                        ],
                        "PortMappings": [
                            {
                                "ContainerPort": 2368,
                                "Protocol": "tcp"
                            }
                        ]
                    }
                ],
                "Cpu": "256",
                "Memory": "512",
                "NetworkMode": "bridge",
                "Volumes": [
                    {
                        "DockerVolumeConfiguration": {
                            "Autoprovision": "true",
                            "Scope" : "shared",
                            "Driver": "rexray/ebs",
                            "DriverOpts": {
                                "volumetype": "standard",
                                "size": 10
                            }
                        },
                        "Name" : { "Ref": "GhostVolume" }
                    }
                ]
            }
        },
        "ServiceRole":{
            "Type":"AWS::IAM::Role",
            "Properties":{
                "AssumeRolePolicyDocument":{
                    "Statement":[
                        {
                            "Effect":"Allow",
                            "Principal":{
                                "Service":[ "ecs.amazonaws.com" ]
                            },
                            "Action":[ "sts:AssumeRole" ]
                        }
                    ]
                },
                "Path":"/",
                "Policies":[
                    {
                        "PolicyName":"ecs-service",
                        "PolicyDocument":{
                            "Statement":[
                                {
                                    "Effect":"Allow",
                                    "Action":[
                                    "elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
                                    "elasticloadbalancing:DeregisterTargets",
                                    "elasticloadbalancing:Describe*",
                                    "elasticloadbalancing:RegisterInstancesWithLoadBalancer",
                                    "elasticloadbalancing:RegisterTargets",
                                    "ec2:Describe*",
                                    "ec2:AuthorizeSecurityGroupIngress"
                                    ],
                                    "Resource":"*"
                                }
                            ]
                        }
                    }
                ]
            }
        }
    }
}
@georgeshanti georgeshanti added the Proposed Community submitted issue label Aug 25, 2020
@georgeshanti georgeshanti changed the title [service] [request]: ECS creates local volume even though rexray/ebs is specified ECS creates local volume even though rexray/ebs is specified Aug 25, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Proposed Community submitted issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@georgeshanti