Using AWS CodePipeline and setting a Source, Build and passing taskdef.json and appspec.yaml as artifacts, the deployment action Amazon ECS (Blue/Green) will fail with the error:
STRING_VALUE can not be converted to an Integer
This error does not specify where this error happens and therefore it is not possible to fix.
For reference, the files look like this:
# appspec.yaml
version: 0.0
Resources:
- TargetService:
Type: AWS::ECS::Service
Properties:
TaskDefinition: <TASK_DEFINITION>
LoadBalancerInfo:
ContainerName: "my-project"
ContainerPort: 3000
// taskdef.json
{
"family": "my-project-web",
"taskRoleArn": "arn:aws:iam::1234567890:role/ecsTaskRole-role",
"executionRoleArn": "arn:aws:iam::1234567890:role/ecsTaskExecutionRole-web",
"networkMode": "awsvpc",
"cpu": "256",
"memory": "512",
"containerDefinitions":
[
{
"name": "my-project",
"memory": "512",
"image": "01234567890.dkr.ecr.us-east-1.amazonaws.com/my-project:a09b7d81",
"environment": [],
"secrets":
[
{
"name": "APP_ENV",
"valueFrom": "arn:aws:secretsmanager:us-east-1:1234567890:secret:web/my-project-NBcsLj:APP_ENV::"
},
{
"name": "PORT",
"valueFrom": "arn:aws:secretsmanager:us-east-1:1234567890:secret:web/my-project-NBcsLj:PORT::"
},
{
"name": "APP_NAME",
"valueFrom": "arn:aws:secretsmanager:us-east-1:1234567890:secret:web/my-project-NBcsLj:APP_NAME::"
},
{
"name": "LOG_CHANNEL",
"valueFrom": "arn:aws:secretsmanager:us-east-1:1234567890:secret:web/my-project-NBcsLj:LOG_CHANNEL::"
},
{
"name": "APP_KEY",
"valueFrom": "arn:aws:secretsmanager:us-east-1:1234567890:secret:web/my-project-NBcsLj:APP_KEY::"
},
{
"name": "APP_DEBUG",
"valueFrom": "arn:aws:secretsmanager:us-east-1:1234567890:secret:web/my-project-NBcsLj:APP_DEBUG::"
}
],
"essential": true,
"logConfiguration":
{
"logDriver": "awslogs",
"options":
{
"awslogs-group": "",
"awslogs-region": "",
"awslogs-stream-prefix": ""
}
},
"portMappings":
[
{
"hostPort": 3000,
"protocol": "tcp",
"containerPort": 3000
}
],
"entryPoint": [ "web" ],
"command": []
}
],
"requiresCompatibilities": [ "FARGATE", "EC2" ],
"tags":
[
{
"key": "project",
"value": "my-project"
}
]
}
Any insights on this issue are highly appreciated!
Please refer to the following guide that outlines the supported data type for each parameter: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html. It appears that you've provided a string where an integer is expected.
If I was to guess, looking at the above, the value for memory under containerDefinitions should be an integer not a string: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#container_definition_memory
Related
When deploying Task in ECS Cluster with a public repo Docker Hub, the task always Stopped with this error in the Task Container:
Stopped reason
Cannotpullcontainererror:
pull image manifest has been retried 5 time(s):
failed to resolve ref docker.io/username/repo:
failed to do request:
Head "https://registry-1.docker.io/v2/username/repo/manifests/latest":
dial tcp 44.205.64.79:443: i/o timeout
This is my Task Definition:
{
"taskDefinitionArn": "arn:aws:ecs:ap-southeast-1:...:task-definition/taskname_task:6",
"containerDefinitions": [
{
"name": "containername_container",
"image": "username/repo",
"cpu": 0,
"links": [],
"portMappings": [
{
"name": "containername_container-8888-tcp",
"containerPort": 8888,
"hostPort": 8888,
"protocol": "tcp",
"appProtocol": "http"
}
],
"essential": true,
"entryPoint": [],
"command": [],
"environment": [],
"environmentFiles": [],
"mountPoints": [],
"volumesFrom": [],
"secrets": [],
"dnsServers": [],
"dnsSearchDomains": [],
"extraHosts": [],
"dockerSecurityOptions": [],
"dockerLabels": {},
"ulimits": [],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-create-group": "true",
"awslogs-group": "/ecs/taskname_task",
"awslogs-region": "ap-southeast-1",
"awslogs-stream-prefix": "ecs"
},
"secretOptions": []
},
"systemControls": []
}
],
"family": "taskname_task",
"taskRoleArn": "arn:aws:iam::...:role/ecsTaskExecutionRole",
"executionRoleArn": "arn:aws:iam::...:role/ecsTaskExecutionRole",
"networkMode": "awsvpc",
"revision": 6,
"volumes": [],
"status": "ACTIVE",
"requiresAttributes": [
{
"name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
},
{
"name": "ecs.capability.execution-role-awslogs"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.19"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.17"
},
{
"name": "com.amazonaws.ecs.capability.task-iam-role"
},
{
"name": "ecs.capability.extensible-ephemeral-storage"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
},
{
"name": "ecs.capability.task-eni"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.29"
}
],
"placementConstraints": [],
"compatibilities": [
"EC2",
"FARGATE"
],
"requiresCompatibilities": [
"FARGATE"
],
"cpu": "1024",
"memory": "2048",
"ephemeralStorage": {
"sizeInGiB": 21
},
"runtimePlatform": {
"cpuArchitecture": "X86_64",
"operatingSystemFamily": "LINUX"
},
"registeredAt": "...",
"registeredBy": "arn:aws:iam::...:root",
"tags": [
{
"key": "ecs:taskDefinition:createdFrom",
"value": "ecs-console-v2"
},
{
"key": "ecs:taskDefinition:stackId",
"value": "arn:aws:cloudformation:ap-southeast-1:...:stack/ECS-Console-V2-TaskDefinition-.../..."
}
]
}
I'm new to ECS and AWS also. I have try the request https://registry-1.docker.io/v2/username/repo/manifests/latest in the error of Task Container above and received this:
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"repository","Class":"","Name":"username/repo","Action":"pull"}]}]}
Is it about the request docker.io configured? I have done a lot of research but not figure anything out.
You can use Dockerhub image from within Amazon ECS Tasks
The format of Dockerhub image would be [registry-url]/[namespace]/[image]:[tag], you do not need registry-url for Dockerhub as the docker client assumes Dockerhub if one is not specified
Alternatively Docker official images should be present on ECR public in addition to Dockerhub so you can reference the ECR public repositories instead from within the ECS Tasks
Now Fargate uses the awsvpc network mode so essentially there are two options to run the task in Fargate:
If the task is being run inside a public subnet, then Auto assign Public IP must be enabled and we need to ensure that public subnet route table has Internet Gateway for internet connectivity to be able to pull the container image from public docker repository
If the task is being run from a private subnet then Auto assign Public IP must be disabled and we need to ensure that private subnet route table has an associated NAT Gateway allowing the task inside private subnet to pull the container image from public docker repository
After lots of tries, I have solved the problem by changing App environment from FARGATE to EC2 and the Network mode from awsvpc to bridge. Although this is not what my beginning intention to use FARGATE but it's solved the problem as well.
And I still don't know what, why, and how the problem has been caused and solved. Help me know.
This is my Task Definition in EC2:
{
"taskDefinitionArn": "arn:aws:ecs:ap-southeast-1:...:task-definition/taskname_task:16",
"containerDefinitions": [
{
"name": "containername_container",
"image": "username/repo",
"cpu": 0,
"links": [
"aws-otel-collector"
],
"portMappings": [
{
"name": "containername_container-8888-tcp",
"containerPort": 8888,
"hostPort": 8888,
"protocol": "tcp",
"appProtocol": "http"
}
],
"essential": true,
"entryPoint": [],
"command": [],
"environment": [],
"environmentFiles": [],
"mountPoints": [],
"volumesFrom": [],
"secrets": [],
"dnsServers": [],
"dnsSearchDomains": [],
"extraHosts": [],
"dockerSecurityOptions": [],
"dockerLabels": {},
"ulimits": [],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-create-group": "true",
"awslogs-group": "/ecs/taskname_task",
"awslogs-region": "ap-southeast-1",
"awslogs-stream-prefix": "ecs"
},
"secretOptions": []
},
"systemControls": []
}
],
"family": "taskname_task",
"executionRoleArn": "arn:aws:iam::...:role/ecsTaskExecutionRole",
"networkMode": "bridge",
"revision": 16,
"volumes": [],
"status": "ACTIVE",
"requiresAttributes": [
{
"name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
},
{
"name": "ecs.capability.execution-role-awslogs"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.19"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.17"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.29"
}
],
"placementConstraints": [],
"compatibilities": [
"EC2"
],
"requiresCompatibilities": [
"EC2"
],
"cpu": "1024",
"memory": "922",
"runtimePlatform": {
"cpuArchitecture": "X86_64",
"operatingSystemFamily": "LINUX"
},
"registeredAt": "...",
"registeredBy": "arn:aws:iam::...:root",
"tags": [
{
"key": "ecs:taskDefinition:createdFrom",
"value": "ecs-console-v2"
},
{
"key": "ecs:taskDefinition:stackId",
"value": "arn:aws:cloudformation:ap-southeast-1:...:stack/ECS-Console-V2-TaskDefinition-.../..."
}
]
}
I'm trying to create an ArangoDB cluster in ECS using the default arangodb/arangodb-starter container but when I start my ECS Task, I'm getting an error saying that /usr/sbin/arangod was not found.
I pulled the arangodb/arangodb-starter image locally using docker pull and then I tagged it according to the push commands from ECR, I pushed it to ECR and I created an ECS Task (Fargate) for it. I created a service in ECS to start that task and the container starts, but the ECS Service logs show this error:
|INFO| Starting arangodb version 0.15.5, build 7832707 component=arangodb
[ERROR| Cannot find arangod (expected at /usr/sbin/arangod). component=arangodb
How to solve this:
1 - Install ArangoDB locally or run the ArangoDB starter in docker. (see README for details).
I started the exact same container by tag locally and it works. Why doesn't it work in ECS?
edit The ECS Task definition is in the snippet below:
{
"taskDefinitionArn": "arn:aws:ecs:eu-west-1:123456789:task-definition/dev-arangodb-server:1",
"containerDefinitions": [
{
"name": "dev-arangodb-server",
"image": "123456789.dkr.ecr.eu-west-1.amazonaws.com/arangodb:latest",
"cpu": 0,
"links": [],
"portMappings": [
{
"containerPort": 8529,
"hostPort": 8529,
"protocol": "tcp"
}
],
"essential": true,
"entryPoint": [],
"command": [],
"environment": [
{
"name": "ARANGO_ROOT_PASSWORD",
"value": "password"
}
],
"environmentFiles": [],
"mountPoints": [
{
"sourceVolume": "storage",
"containerPath": "/mnt/storage",
"readOnly": false
}
],
"volumesFrom": [],
"secrets": [],
"dnsServers": [],
"dnsSearchDomains": [],
"extraHosts": [],
"dockerSecurityOptions": [],
"dockerLabels": {},
"ulimits": [],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-create-group": "true",
"awslogs-group": "/ecs/dev-arangodb-server",
"awslogs-region": "eu-west-1",
"awslogs-stream-prefix": "ecs"
},
"secretOptions": []
},
"systemControls": []
}
],
"family": "dev-arangodb-server",
"taskRoleArn": "arn:aws:iam::123456789:role/dev-aws-ecs-ecr-power-user",
"executionRoleArn": "arn:aws:iam::123456789:role/ecsTaskExecutionRole",
"networkMode": "awsvpc",
"revision": 1,
"volumes": [
{
"name": "storage",
"host": {}
}
],
"status": "ACTIVE",
"requiresAttributes": [
{
"name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
},
{
"name": "ecs.capability.execution-role-awslogs"
},
{
"name": "com.amazonaws.ecs.capability.ecr-auth"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.19"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.17"
},
{
"name": "com.amazonaws.ecs.capability.task-iam-role"
},
{
"name": "ecs.capability.execution-role-ecr-pull"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
},
{
"name": "ecs.capability.task-eni"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.29"
}
],
"placementConstraints": [],
"compatibilities": [
"EC2",
"FARGATE"
],
"requiresCompatibilities": [
"FARGATE"
],
"cpu": "1024",
"memory": "3072",
"runtimePlatform": {
"cpuArchitecture": "X86_64",
"operatingSystemFamily": "LINUX"
},
"registeredAt": "2022-11-03T08:43:25.264Z",
"registeredBy": "arn:aws:iam::123456789:user/MY_USER",
"tags": [
{
"key": "ecs:taskDefinition:createdFrom",
"value": "ecs-console-v2"
},
{
"key": "ecs:taskDefinition:stackId",
"value": "arn:aws:cloudformation:eu-west-1:123456789:stack/ECS-Console-V2-TaskDefinition-e1519bf7-ff78-423a-951d-2bc8d79242ec/925d88d0-5b53-11ed-97a3-066ee48e3b9b"
}
]
}
I tested on my cluster and seems like that image is not running with default options like yours task definition. That image is not documented so we don't know how to start it correctly
Please try this official image and do the same process. Remember the environment, or you will face this issue.
error: database is uninitialized and password option is not specified
You need to specify one of ARANGO_ROOT_PASSWORD, ARANGO_ROOT_PASSWORD_FILE, ARANGO_NO_AUTH and ARANGO_RANDOM_ROOT_PASSWORD
I'm working through an AWS Python tutorial, module 2.
I'm at the point Section C, where I have to create a task definition by filling in some REPLACE_ME values in a json file.
{
"family": "mythicalmysfitsservice",
"cpu": "256",
"memory": "512",
"networkMode": "awsvpc",
"requiresCompatibilities": [
"FARGATE"
],
"executionRoleArn": "REPLACE_ME_ECS_SERVICE_ROLE_ARN",
"taskRoleArn": "REPLACE_ME_ECS_TASK_ROLE_ARN",
"containerDefinitions": [
{
"name": "MythicalMysfits-Service",
"image": "REPLACE_ME_IMAGE_TAG_USED_IN_ECR_PUSH",
"portMappings": [
{
"containerPort": 8080,
"protocol": "http"
}
],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "mythicalmysfits-logs",
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "awslogs-mythicalmysfits-service"
}
},
"essential": true
}
]
}
There are three variables I'm not sure where to get the values:
"REPLACE_ME_ECS_SERVICE_ROLE_ARN",
"REPLACE_ME_ECS_TASK_ROLE_ARN",
"REPLACE_ME_IMAGE_TAG_USED_IN_ECR_PUSH"
Before this step, in steps A and B, I create-cluster, but the output of that doesn't indicate obvious values to me:
$ aws ecs create-cluster --cluster-name MythicalMysfits-Cluster
{
"cluster": {
"clusterArn": "arn:aws:ecs:us-east-1:002847010850:cluster/MythicalMysfits-Cluster",
"clusterName": "MythicalMysfits-Cluster",
"status": "ACTIVE",
"registeredContainerInstancesCount": 0,
"runningTasksCount": 0,
"pendingTasksCount": 0,
"activeServicesCount": 0,
"statistics": [],
"tags": [],
"settings": [
{
"name": "containerInsights",
"value": "disabled"
}
],
"capacityProviders": [],
"defaultCapacityProviderStrategy": []
}
}
The only value I suspect I might know is, "REPLACE_ME_IMAGE_TAG_USED_IN_ECR_PUSH" which i could take from docker push 002847010850.dkr.ecr.us-east-1.amazonaws.com/mythicalmysfits/service when I pushed a docker image to the Elastic Compute Repository
So I made a guess and used the "clusterArn" value for both REPLACE_ME's, and the original image tag for the third but
$ aws ecs register-task-definition --cli-input-json file://~/environment/aws-modern-application-workshop/module-2/aws-cli/task-definition.json
An error occurred (ClientException) when calling the RegisterTaskDefinition operation: Role is not valid
This is the json I fed it:
{
"family": "mythicalmysfitsservice",
"cpu": "256",
"memory": "512",
"networkMode": "awsvpc",
"requiresCompatibilities": [
"FARGATE"
],
"executionRoleArn": "arn:aws:ecs:us-east-1:002847010850:cluster/MythicalMysfits-Cluster",
"taskRoleArn": "arn:aws:ecs:us-east-1:002847010850:cluster/MythicalMysfits-Cluster",
"containerDefinitions": [
{
"name": "MythicalMysfits-Service",
"image": "002847010850.dkr.ecr.us-east-1.amazonaws.com/mythicalmysfits/service",
"portMappings": [
{
"containerPort": 8080,
"protocol": "http"
}
],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "mythicalmysfits-logs",
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "awslogs-mythicalmysfits-service"
}
},
"essential": true
}
]
}
Can anyone advise where I'm going wrong here? This tutorial is pretty lousy -- just a bunch of incantations, very brittle, and no obvious forum discussions to work through it.
Marcin's suggestion of an answer caused me to to rethink and look at a JSON output from earlier in the tutorial.
aws cloudformation describe-stacks --stack-name MythicalMysfitsCoreStack gives a pile of key/value pairs and both REPLACE_ME_ECS_SERVICE_ROLE_ARN REPLACE_ME_ECS_TASK_ROLE_ARN OutputValues are inside there.
Then the procedure works.
i am trying to override the CPU Units for a ECS Task in the RunTask method of the SDK.
Task Definition
{
"ipcMode": null,
"executionRoleArn": "arn:aws:iam::111459517389:role/ecsTaskExecutionRole",
"containerDefinitions": [
{
...,
"portMappings": [
{
"hostPort": 80,
"protocol": "tcp",
"containerPort": 80
},
...
],
"command": null,
"linuxParameters": null,
"cpu": 256, # CONTAINER CPU Units (default)
"environment": [
{
"name": "ECS_IMAGE_PULL_BEHAVIOR",
"value": "prefer-cached"
}
],
"ulimits": null,
...
"name": "some-job-container"
}
],
"placementConstraints": [],
"memory": "8192", # TASK SIZE
"taskRoleArn": "arn:aws:iam::111459517389:role/ecsTaskExecutionRole",
"compatibilities": [
"EC2",
"FARGATE"
],
"taskDefinitionArn": "arn:aws:ecs:eu-west-3:111459517389:task-definition/some-definition:7",
"family": "some-job-dev",
"requiresAttributes": [
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
},
...
],
"pidMode": null,
"requiresCompatibilities": [
"FARGATE"
],
"networkMode": "awsvpc",
"cpu": "4096", # TASK SIZE
"revision": 7,
"status": "ACTIVE",
"inferenceAccelerators": null,
"proxyConfiguration": null,
"volumes": []
}
And here's the RunTask parameters
{
"taskDefinition":"some-job-dev",
"cluster":"some-cluster",
"overrides":{
"containerOverrides":[
{
"name":"some-job-container",
"command":[
"kosmos",
"segmentation-queue"
],
"cpu":4092,
"memory":8192
}
]
},
"networkConfiguration":{
"awsvpcConfiguration":{
"assignPublicIp":"ENABLED",
"subnets":[
"subnet-789",
"subnet-456",
"subnet-123"
]
}
}
}
When i run a task with these parameters, the memory of the container gets correctly overridden, but not the CPU.
I am following the ECS Documentation and still it doesn't work, am i missing something here ?
Notes:
My task launch type is Fargate
I had a similar issue, and its intermittent. Were you able to solve it?
I see you are passing values as an int, for me specifying them as a string helped.
I have the need to find the hostname of my ECS task via the CLI, which according to the Amazon documentation should be available via the CLI:
https://docs.aws.amazon.com/cli/latest/reference/ecs/describe-task-definition.html
However, when I run the describe-task-definition it is not returning the information:
> aws ecs describe-task-definition --task-definition my-test-task:1
{
"taskDefinition": {
"status": "ACTIVE",
"networkMode": "bridge",
"family": "my-test-task",
"placementConstraints": [],
"requiresAttributes": [
{
"name": "com.amazonaws.ecs.capability.ecr-auth"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.21"
}
],
"volumes": [
{
"host": {
"sourcePath": "/opt/cf/rails-app/public/"
},
"name": "ruby-on-rails-public-volume"
}
],
"taskDefinitionArn": "arn:aws:ecs:us-east-1:accountId:task-definition/my-test-task:1",
"containerDefinitions": [
{
"memoryReservation": 1024,
"environment": [
{
"name": "DATABASE_HOSTNAME",
"value": "hostname"
},
{
"name": "PUMA_WORKERS",
"value": "2"
},
{
"name": "RAILS_ENV",
"value": "staging"
},
{
"name": "DATABASE_NAME",
"value": "ruby-on-rails"
},
{
"name": "DEBIAN_FRONTEND",
"value": "noninteractive"
},
{
"name": "PORT",
"value": "8080"
},
{
"name": "LANG",
"value": "en_US.UTF-8"
},
{
"name": "DATABASE_PASSWORD",
"value": "cf"
},
{
"name": "DATABASE_USER",
"value": "cf"
},
{
"name": "PUMA_MAX_THREADS",
"value": "6"
}
],
"name": "my-test-task",
"mountPoints": [
{
"sourceVolume": "ruby-on-rails-public-volume",
"containerPath": "/opt/cf/rails-app/public/"
}
],
"image": "accountId.dkr.ecr.us-east-1.amazonaws.com/cf/rails:latest",
"cpu": 1024,
"portMappings": [
{
"protocol": "tcp",
"containerPort": 8080,
"hostPort": 8080
}
],
"command": [
"puma",
"-C",
"config/puma.rb"
],
"essential": true,
"volumesFrom": []
}
],
"revision": 1
}
}
I am not sure what I need to do to get that value included. I confirmed I am running the latest CLI.
Thanks!
First of all the hoostname is not defined to task definition. Its defined to container definition inside task definition. Secondly, There is no default hostname, You have to explicitly define the hostname in the container definition while creating task definition revision. By default, it uses container id as the hostname.