个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
28
4
我使用 Terraform 通过 Fargate 部署容器。
我遇到了这个错误:
CannotPullContainerError: Error response from daemon: Get https://xxxxxxxxx.dkr.ecr.us-east-2.amazonaws.com/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
terraform 部署成功通过。
这个镜像只是 nginx (dockerfile):
FROM nginx:latest
WORKDIR /
COPY ./nginx.conf /etc/nginx/nginx.conf
nginx.conf:
user nginx;
worker_processes 4;
events { worker_connections 1024; }
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
server {
listen 80;
if ($host ~ ^(?!www\.)(?<domain>.+)$) {
return 301 $scheme://www.$domain$request_uri;
}
location / {
add_header Content-Type text/plain;
return 200 "<H1>Nginx works!</H1>";
}
}
}
我不明白为什么 aws 说它无法得到回应。网址没问题。我可以下载此镜像并在我的计算机上运行容器。
那为什么呢?问题出在哪里?
我的地形:
data "aws_iam_role" "ecs_task_execution_role" {
name = "ecsTaskExecutionRole"
}
resource "aws_ecs_cluster" "cluster" {
name = "${var.app}-ecs-cluster"
}
data "aws_iam_policy_document" "ecs_service_role" {
statement {
effect = "Allow"
actions = ["sts:AssumeRole"]
principals {
type = "Service"
identifiers = ["ecs.amazonaws.com"]
}
}
}
data "aws_iam_policy_document" "ecs_service_policy" {
statement {
effect = "Allow"
resources = ["*"]
actions = [
"elasticloadbalancing:Describe*",
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
"ec2:Describe*",
"ec2:AuthorizeSecurityGroupIngress"
]
}
}
resource "aws_iam_role_policy" "ecs_service_role_policy" {
name = "ecs_service_role_policy"
policy = "${data.aws_iam_policy_document.ecs_service_policy.json}"
role = "${aws_iam_role.ecs_role.id}"
}
resource "aws_iam_role" "ecs_role" {
name = "ecs_role"
assume_role_policy = "${data.aws_iam_policy_document.ecs_service_role.json}"
}
resource "aws_ecs_task_definition" "nginx" {
family = "nginx-${var.app}"
network_mode = "awsvpc"
requires_compatibilities = ["FARGATE"]
cpu = "256"
memory = "512"
execution_role_arn = "${aws_iam_role.ecs_execution_role.arn}"
task_role_arn = "${aws_iam_role.ecs_execution_role.arn}"
container_definitions = <<DEFINITION
[
{
"image": "xxxxxx.dkr.ecr.us-east-2.amazonaws.com/org/prod/www-nginx:latest",
"memory": 300,
"name": "nginx-...-prod-www",
"networkMode": "awsvpc",
"essential": true,
"portMappings": [
{
"containerPort": 80,
"hostPort": 80
}
],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/xx-ecs-...-prod/nginx",
"awslogs-region": "us-east-2",
"awslogs-stream-prefix": "web"
}
}
}
]
DEFINITION
}
resource "aws_cloudwatch_log_group" "nginx" {
name = "/ecs-${var.app}/nginx"
}
resource "aws_ecs_service" "web" {
name = "nginx-${var.app}"
task_definition = "${aws_ecs_task_definition.nginx.family}:${max("${aws_ecs_task_definition.nginx.revision}", "${aws_ecs_task_definition.nginx.revision}")}"
desired_count = 2
launch_type = "FARGATE"
cluster = "${aws_ecs_cluster.cluster.id}"
network_configuration {
subnets = [aws_subnet.demo-private-1.id, aws_subnet.demo-private-2.id, aws_subnet.demo-private-3.id]
security_groups = [aws_security_group.lb_sg.id]
}
load_balancer {
target_group_arn = aws_alb_target_group.nginx.id
container_name = "nginx-${var.app}"
container_port = "80"
}
depends_on = ["aws_alb_target_group.nginx", "aws_iam_role_policy.ecs_service_role_policy"]
}
resource "aws_alb_target_group" "nginx" {
name = "nginx-${var.app}"
port = 80
protocol = "HTTP"
vpc_id = aws_vpc.demo-tf.id
depends_on = [aws_alb.demo_eu_alb]
target_type = "ip"
stickiness {
type = "lb_cookie"
cookie_duration = 86400
}
health_check {
# path = "/health"
path = "/"
healthy_threshold = 2
unhealthy_threshold = 10 # 2 # 10
timeout = 60 # 5 # 60
interval = 300 # 8 # 300
matcher = "200,301,302"
}
}
resource "aws_alb" "demo_eu_alb" {
name = "eu-alb-${var.app}"
subnets = [aws_subnet.demo-private-1.id, aws_subnet.demo-private-2.id, aws_subnet.demo-private-3.id]
security_groups = [aws_security_group.lb_sg.id]
enable_http2 = "true"
idle_timeout = 600
}
output "alb_output" {
value = aws_alb.demo_eu_alb.dns_name
}
resource "aws_security_group" "lb_sg" {
description = "controls access to the application ELB"
vpc_id = aws_vpc.demo-tf.id
name = "ELB-${var.app}"
ingress {
protocol = "tcp"
from_port = 80
to_port = 80
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
protocol = "tcp"
from_port = 443
to_port = 443
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = [
"0.0.0.0/0",
]
}
}
resource "aws_alb_listener" "front_end" {
load_balancer_arn = aws_alb.demo_eu_alb.id
port = "80"
protocol = "HTTP"
default_action {
type = "redirect"
redirect {
port = "443"
protocol = "HTTPS"
status_code = "HTTP_301"
}
}
}
resource "aws_alb_listener" "alb_front_https" {
load_balancer_arn = "${aws_alb.demo_eu_alb.arn}"
port = "443"
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-TLS-1-2-Ext-2018-06"
certificate_arn = "${aws_iam_server_certificate.lb_cert.arn}"
default_action {
target_group_arn = "${aws_alb_target_group.nginx.arn}"
type = "forward"
}
}
resource "aws_iam_server_certificate" "lb_cert" {
name = "lb_cert-${var.app}"
certificate_body = "${file("./www.____.com/cert.pem")}"
private_key = "${file("./www.____.com/privkey.pem")}"
certificate_chain = "${file("./www.____.com/chain.pem")}"
}
resource "aws_iam_role" "ecs_execution_role" {
name = "ecs_task_execution_role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "ecs-tasks.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
EOF
}
resource "aws_iam_policy" "ecs_permissions" {
name = "my_ecs_permissions"
description = "Permissions to enable CT"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Action": [
"ecs:CreateCluster",
"ecs:DeregisterContainerInstance",
"ecs:DiscoverPollEndpoint",
"ecs:Poll",
"ecs:RegisterContainerInstance",
"ecs:StartTelemetrySession",
"ecs:Submit*",
"ecs:StartTask",
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "*"
}
]
}
EOF
}
resource "aws_iam_role_policy_attachment" "ecs_attachment" {
role = aws_iam_role.ecs_execution_role.name
policy_arn = aws_iam_policy.ecs_permissions.arn
}
### VPC
### Network
# Internet VPC
resource "aws_vpc" "demo-tf" {
cidr_block = "172.21.0.0/16"
instance_tenancy = "default"
enable_dns_support = "true"
enable_dns_hostnames = "true"
enable_classiclink = "false"
tags = {
Name = "vpc-${var.app}"
}
}
# Subnets
resource "aws_subnet" "demo-public-1" {
vpc_id = aws_vpc.demo-tf.id
cidr_block = "172.21.10.0/24"
map_public_ip_on_launch = "true"
availability_zone = "us-east-2a"
tags = {
Name = "public-1-${var.app}"
}
}
resource "aws_subnet" "demo-public-2" {
vpc_id = aws_vpc.demo-tf.id
cidr_block = "172.21.20.0/24"
map_public_ip_on_launch = "true"
availability_zone = "us-east-2b"
tags = {
Name = "public-2-${var.app}"
}
}
resource "aws_subnet" "demo-public-3" {
vpc_id = aws_vpc.demo-tf.id
cidr_block = "172.21.30.0/24"
map_public_ip_on_launch = "true"
availability_zone = "us-east-2c"
tags = {
Name = "public-3-${var.app}"
}
}
resource "aws_subnet" "demo-private-1" {
vpc_id = aws_vpc.demo-tf.id
cidr_block = "172.21.40.0/24"
map_public_ip_on_launch = "false"
availability_zone = "us-east-2a"
tags = {
Name = "private-1-${var.app}"
}
}
resource "aws_subnet" "demo-private-2" {
vpc_id = aws_vpc.demo-tf.id
cidr_block = "172.21.50.0/24"
map_public_ip_on_launch = "false"
availability_zone = "us-east-2b"
tags = {
Name = "private-2-${var.app}"
}
}
resource "aws_subnet" "demo-private-3" {
vpc_id = aws_vpc.demo-tf.id
cidr_block = "172.21.60.0/24"
map_public_ip_on_launch = "false"
availability_zone = "us-east-2c"
tags = {
Name = "private-3-${var.app}"
}
}
# Internet GW
resource "aws_internet_gateway" "demo-gw" {
vpc_id = aws_vpc.demo-tf.id
tags = {
Name = "IG-${var.app}"
}
}
# route tables
resource "aws_route_table" "demo-private" {
vpc_id = aws_vpc.demo-tf.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.demo-gw.id
}
tags = {
Name = "private-1-${var.app}"
}
}
# route tables
resource "aws_route_table" "demo-public" {
vpc_id = aws_vpc.demo-tf.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.demo-gw.id
}
tags = {
Name = "public-1-${var.app}"
}
}
# route associations public
resource "aws_route_table_association" "demo-public-1-a" {
subnet_id = aws_subnet.demo-public-1.id
route_table_id = aws_route_table.demo-public.id
}
resource "aws_route_table_association" "demo-public-2-a" {
subnet_id = aws_subnet.demo-public-2.id
route_table_id = aws_route_table.demo-public.id
}
resource "aws_route_table_association" "demo-public-3-a" {
subnet_id = aws_subnet.demo-public-3.id
route_table_id = aws_route_table.demo-public.id
}
# route associations private
resource "aws_route_table_association" "demo-private-1-a" {
subnet_id = aws_subnet.demo-private-1.id
route_table_id = aws_route_table.demo-private.id
}
resource "aws_route_table_association" "demo-private-2-a" {
subnet_id = aws_subnet.demo-private-2.id
route_table_id = aws_route_table.demo-private.id
}
resource "aws_route_table_association" "demo-private-3-a" {
subnet_id = aws_subnet.demo-private-3.id
route_table_id = aws_route_table.demo-private.id
}
最佳答案
可能的原因是无法访问互联网以执行您在 Fargate 中的任务。
具体来说,您在 aws_ecs_service 中使用:
network_configuration {
subnets = [aws_subnet.demo-private-1.id, aws_subnet.demo-private-2.id, aws_subnet.demo-private-3.id]
security_groups = [aws_security_group.lb_sg.id]
}
但是,它没有指定 assign_public_ip ,默认情况下为 false。随后,您在 Fargate 上的任务没有公共(public) ip 并且无法访问 ECR 服务,导致观察到超时。
请注意,即使您添加了公共(public) ip,也可能有其他原因与您的 vpc 或其他设置相关,我尚未验证。
关于amazon-web-services - aws 地形错误 CannotPullContainerError : Error response from daemon - but the image url is valid,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/63087002/
28
4
0
我正在使用 choronos,它建议使用 start/stop 命令开始停止,如下所示 开始计时 停止计时 但是,我正在编写 puppet manifest,它只适用于下面的服务命令。 服务计时开始
来历及作用 services.exe进程程序文件是由微软公司为其发布的Windows操作系统定义的一个系统进程,常见于Windows 2000/XP/Vista/2007等系统中,被描述为服务和控
我一直在尝试使用installutil:installutil /u GSIS.FileMoverService.exe安装Windows服务。 我得到的输出是: Uninstalling assem
如果一个域有多个团队和多个 Web 应用程序,那么注册 Service Worker 来管理整个站点的最佳建议是什么?具有范围的顶级服务 worker /或子域中的多个服务 worker ?由于一个域
我已经在 eclipse 中创建了企业项目。动态web项目和ejb项目对企业项目有借鉴意义。当我运行管理员(企业项目)运行时选择 wildfly 服务器 18。我收到以下错误。谁能告诉我我错过了什么。
我已经使用 apache-cxf-2.7.4 创建了一个 Web 服务。我进入了我的项目中制作的类(class)。我的项目中的库是: math3-commons-3.2.jar XStream-1.4
我在域中的 Virtual Box 中运行集群计算机,默认情况下服务在 Network 服务下运行,服务一直停止,事件日志中出现以下错误。 请从下面的错误日志中查找错误详细信息。任何帮助都会很棒。 L
在我的应用程序中,用户可以在 map 上发布事件。应用程序的入口点是一个无状态的 web api 服务。为了在内部代表用户,我想要一个用户服务。我应该何时使用 Reliable Stateful Ac
当我尝试运行在WIX中创建的安装程序时,出现以下错误消息: “服务'Report Generator Service'(报告生成器服务)无法启动。请验证您是否具有启动系统服务的足够特权”。 我已经在这
尝试使用 cloudformation 创建 ECS 服务(在 Fargate 上)但出现错误: Invalid service in ARN (Service: AmazonECS; Status
我正在编写一个简单的Windows服务,该服务每个月向所有员工发送一封电子邮件。我的问题是,完成后如何停止自我?我是该领域的新手,请帮帮我。非常感谢。 它将部署在服务器上以每月运行。我没有开始做这件事
有谁知道是否有办法在 service worker 中获取此号码或日期: 将我的服务 worker 缓存命名为 cache-1182 会很方便或 cache-20171127171448 我想在安装事
我想开始使用 Azure Service Fabric 技术。 我按照this document工作并安装最新的SDK。安装后,我打开 PowerShell(“以管理员身份运行”)命令行窗口并写入这些
我在使用 whenever gem 时遇到了一些问题。我创建了一个 rake 任务,当我自己启动它时它工作得很好但是当我在日志中收到以下消息时尝试自动执行它: ActiveRecord::Statem
我想在 service fabric 集群中为两个不同的 web 应用程序(webpi/website)共享 http/80 端口,应用程序必须有 2 个不同的主机名: mywebapi.com 和
我创建了一个使用 MongoDB 实现 hibernate OGM 的应用程序。它在 Eclipse 中运行得很好,但是,当我构建一个 fat jar 并尝试运行它时,出现以下错误: Exceptio
我有一个 Selenium Python 测试套件。它开始运行,但几分钟后抛出以下错误: Exception AttributeError: "'Service' object has no attr
我按照此链接的说明进行操作:https://www.thegeekdiary.com/centos-rhel-7-how-to-make-custom-script-to-run-automatica
我在 ubuntu 下的 jboss 上部署了简单的“HelloWorld”Web 服务。 我创建了简单的客户端,但我无法让它工作。每次运行客户端时,我都会收到 NullPointerExceptio
我正在尝试为我的网站使用后台定期同步。我正在使用 localhost 并在 1*1000 毫秒时注册 periodicsync 事件,但这根本不会触发。 我看过这个demo ,但即使我将该网站安装为应
我是一名优秀的程序员,十分优秀!