gpt4 book ai didi

amazon-web-services - 将efs音量添加到ecs fargate

转载 作者:行者123 更新时间:2023-12-03 14:31:36 25 4
gpt4 key购买 nike

我想将EFS与fargate一起使用,但是在任务启动时出现此错误:

ResourceInitializationError: failed to invoke EFS utils commands to set up EFS volumes: stderr: Failed to resolve "fs-xxxxx.efs.eu-west-1.amazonaws.com" - check that your file system ID is correct
我已经检查了文件系统ID,它是正确的...如何获得有关此错误的更多信息?
可能与安全组有关吗?
这是我与terraform一起使用的代码,我为两个可用性区域使用了两个安装点:
resource "aws_efs_file_system" "efs_apache" {
}

resource "aws_efs_mount_target" "efs-mount" {
count = 2

file_system_id = aws_efs_file_system.efs_apache.id
subnet_id = sort(var.subnet_ids)[count.index]
security_groups = [aws_security_group.efs.id]
}

resource "aws_efs_access_point" "efs-access-point" {
file_system_id = aws_efs_file_system.efs_apache.id
}

resource "aws_security_group" "efs" {
name = "${var.name}-efs-sg"
description = "Allow traffic from self"
vpc_id = var.vpc_id

egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}

ingress {
from_port = 2049
to_port = 2049
protocol = "tcp"
security_groups = [aws_security_group.fargate_sg.id]
}
}
这是fargate服务:
resource "aws_ecs_task_definition" "task_definition" {
family = var.name
requires_compatibilities = ["FARGATE"]
network_mode = "awsvpc"
execution_role_arn = aws_iam_role.task_execution_role.arn
task_role_arn = aws_iam_role.task_role.arn
cpu = var.cpu
memory = var.memoryHardLimit
volume {
name = "efs-apache"

efs_volume_configuration {
file_system_id = aws_efs_file_system.efs_apache.id
root_directory = "/"
transit_encryption = "ENABLED"

authorization_config {
access_point_id = aws_efs_access_point.efs-access-point.id
iam = "ENABLED"
}
}
}

depends_on = [aws_efs_file_system.efs_apache]

container_definitions = <<EOF
[
{
"name": "${var.name}",
"image": "${data.aws_caller_identity.current.account_id}.dkr.ecr.${data.aws_region.current.name}.amazonaws.com/${lower(var.project_name)}_app:latest",
"memory": ${var.memoryHardLimit},
"memoryReservation": ${var.memorySoftLimit},
"cpu": ${var.cpu},
"essential": true,
"command": [
"/bin/sh -c \"/app/start.sh"
],
"entryPoint": [
"sh",
"-c"
],
"mountPoints": [
{
"containerPath": "/var/www/sites_json",
"sourceVolume": "efs-apache",
"readOnly": false
}
],
"portMappings": [
{
"containerPort": ${var.docker_container_port},
"hostPort": ${var.docker_container_port}
}
],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "${var.name}-Task-LogGroup",
"awslogs-region": "${data.aws_region.current.name}",
"awslogs-stream-prefix": "ecs"
}
}
}
]
EOF
}
我该如何解决?

最佳答案

确保已在VPC中启用DNS解析和DNS主机名。由于EFS依赖于DNS主机名来解析连接,因此需要启用这两个选项。因为互联网上的大多数文档都将重点放在了此错误的安全组上,所以这让我陷入了一段时间。
terraform AWS提供程序资源aws_vpc默认情况下会设置enable_dns_hostnames = false,因此您需要将其显式设置为true。您的Terraform VPC配置应如下所示:

resource "aws_vpc" "main" {
cidr_block = "10.255.248.0/22"
enable_dns_hostnames = true
}

关于amazon-web-services - 将efs音量添加到ecs fargate,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/64432002/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com