gpt4 book ai didi

amazon-web-services - 在 AWS ECS 上的 Docker 镜像中运行 CloudWatch 代理失败

转载 作者:行者123 更新时间:2023-12-02 18:26:48 28 4
gpt4 key购买 nike

请理解我对 Docker 和 AWS 比较陌生。

目标是创建一个运行 Apache 和 PHP 以及基本 Laravel 应用程序的 AWS ECS 实例。我想运行 CloudWatch 代理以将所有日志发送到 CloudWatch(Apache 的访问和错误日​​志、PHP 的错误日志和 Laravel 日志)。

我知道这可能不是“最佳实践”(欢迎提供提示),但我现在的理念是“首先让它发挥作用,然后让它变得漂亮”:-)

我的 Dockerfile:

FROM amazonlinux:latest

# Update/Install
RUN yum update -y && \
# Install PHP & epel
amazon-linux-extras install -y php7.3 epel && \
# Install
yum install -y \
# Install apache
httpd \
# Install tools for CloudWatch
collectd statsd \
# Install supervisor
supervisor \
# Install cloudwatch agent
https://s3.amazonaws.com/amazoncloudwatch-agent/amazon_linux/amd64/latest/amazon-cloudwatch-agent.rpm && \
# Clean install data
yum clean metadata && \
yum -y clean all && \
rm -rf /var/cache/yum

# PHP Settings
RUN sed -i \
'/<Directory \"\/var\/www\/html\">/,/<\/Directory>/ s/AllowOverride None/AllowOverride All/' \
/etc/httpd/conf/httpd.conf

# Remove default html folder
RUN rm -rf /var/www/html

# Configure supervisor
COPY supervisord.conf /etc/supervisord.conf

# Configure CloudWatch agent
COPY amazon-cloudwatch-agent.json /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json

# Add source to image
ADD . /var/www/aws

RUN chown -R apache:apache /var/www && ln -s /var/www/aws/public /var/www/html

# Expose port 80
EXPOSE 80

# Start supervisor
CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisord.conf"]

我的主管.conf

[supervisord]
nodaemon=true

[program:httpd]
priority=1
command=/usr/sbin/apachectl -D FOREGROUND
autorestart=true
username=apache

[program:php]
priority=2
command=/usr/sbin/php-fpm
autorestart=true

[program:cloudformation]
priority=10
command=/opt/aws/amazon-cloudwatch-agent/bin/start-amazon-cloudwatch-agent
autorestart=true

我的 cloudwatch 配置:

{
"agent": {
"metrics_collection_interval": 60,
"region": "eu-europe-1",
"logfile": "/opt/aws/amazon-cloudwatch-agent/logs/amazon-cloudwatch-agent.log",
"debug": false,
"run_as_user": "cwagent"
},
"logs": {
"logs_collected": {
"files": {
"collect_list": [
{
"file_path": "/var/log/php-fpm/www-error.log",
"log_group_name": "aws-docker",
"log_stream_name": "{instance_id}"
}
]
}
}
}
}

基本上,这可以作为运行 Laravel 应用程序的 docker 镜像正常工作。我现在遇到的唯一问题是 CloudWatch 代理。它在 ECS 中的容器上启动,但无法运行并显示以下消息:

2020/02/22 13:39:28 I! 2020/02/22 13:39:28 E! ec2metadata is not available
I! Detected the instance is OnPrem
2020/02/22 13:39:28 Reading json config file path: /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json ...
Valid Json input schema.
I! Detecting runasuser...
2020/02/22 13:39:28 E! Credentials path is not set while runasuser is not root
2020/02/22 13:39:28 I! AmazonCloudWatchAgent Version 1.237768.0.
2020/02/22 13:39:28 Configuration validation first phase failed. Agent version: 1.237768.0. Verify the JSON input is only using features supported by this version.
2020/02/22 13:39:28 I! Return exit error: exit code=1
2020/02/22 13:39:28 E! Cannot translate JSON config into TOML, ERROR is exit status 1

首先,我不明白为什么显示消息 ec2metadata is not available。该容器在 ECS 上运行,因此它应该可用(据我了解)。

第二条消息 配置验证第一阶段失败。代理版本:1.237768.0。验证 JSON 输入仅使用此版本支持的功能。。据我所知,配置应该没问题。

我认为我的角色也还可以,因为容器确实会向 CloudWatch 发送日志。

我做错了什么?

最佳答案

以下是我如何将其打败。我们在我们的 Docker 容器中使用了一个非常轻量级的 Ubuntu 子集,它没有 systemctl 或 System V init,CloudWatch Agent 似乎是为此而设计的。您可以直接运行 start-amazon-cloudwatch-agent(如 this answer 提到的),但它并不那么流畅。

代理想要积极管理 /opt/aws/amazon-cloudwatch-agent 树的所有者/组。 (a) 如果您以 root 身份启动它并在配置中使用 "runasuser": "cwagent",那么它会拒绝使用 AWS config/creds (Credentials path is not set 上面提到的),并且它保释。 (b) 如果你用 "runasuser": "cwagent" 作为 cwagent 启动它,那么它会提示说它不能改变一堆东西的所有权(甚至虽然它已经为 cwagent 所有),但它保释了。 (c) 但是,如果您以 cwagent 启动它并且在配置中包含 "runasuser",它会提示,但确实如此启动并执行它的操作。

Verify the JSON input is only using features supported by this version. 消息是代理在遇到问题时所说的内容。它似乎与配置无关(这很好)。

这是我的具体情况:

# Dockerfile

ADD ./files /tmp
# [...]
RUN curl -o /tmp/amazon-cloudwatch-agent.deb 'https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb' \
&& dpkg -i /tmp/amazon-cloudwatch-agent.deb \
&& rm -f /tmp/amazon-cloudwatch-agent.deb \
&& usermod -a -G www-data cwagent \
&& chgrp -R www-data /var/log/nginx \
&& chmod g+s /var/log/nginx \
&& chown -R cwagent:cwagent /opt/aws/amazon-cloudwatch-agent \
&& install -o cwagent -g cwagent -m 700 -d /home/cwagent \
&& install -o cwagent -g cwagent -m 700 -d /home/cwagent/.aws \
&& install -o cwagent -g cwagent -m 600 /tmp/cloudwatch.config /home/cwagent/.aws/config \
&& install -o cwagent -g cwagent -m 600 /tmp/cloudwatch.credentials /home/cwagent/.aws/credentials \
&& install -o cwagent -g cwagent -m 755 /tmp/cloudwatch-agent.json /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.d/default \
&& mv /tmp/99_cloudwatch.init /etc/my_init.d/
# /etc/my_init.d/99_cloudwatch.init

#!/bin/sh
su cwagent -c "nohup /opt/aws/amazon-cloudwatch-agent/bin/start-amazon-cloudwatch-agent >/tmp/cwagent.out 2>&1 &"
exit 0
// cloudwatch-agent.json

{
"agent": {
"region": "us-east-1",
"debug": false
},
"logs": {
"logs_collected": {
"files": {
"collect_list": [
{
"file_path": "/var/log/nginx/access.log",
"log_group_name": "our-app",
"log_stream_name": "nginx-access",
"timestamp_format": "[%d/%b/%Y:%H:%M:%S %z]"
},
{
"file_path": "/var/log/nginx/error.log",
"log_group_name": "our-app",
"log_stream_name": "nginx-error",
"timezone": "UTC",
"timestamp_format": "%Y/%m/%d %H:%M:%S"
}
]
}
}
}
}

关于amazon-web-services - 在 AWS ECS 上的 Docker 镜像中运行 CloudWatch 代理失败,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/60361366/

28 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com