我一直在嘗試使用 cli 將簡單的 docker 映像部署到 AWS ElasticBeanstalk eb,但由於以下錯誤,我無法在 ECS 中啟動 docker 服務:
參考格式無效:儲存庫名稱必須小寫
我的Dockerrun.aws.json文件:
{
"AWSEBDockerrunVersion": 2,
"containerDefinitions": [
{
"name": "ipsec-vpn-server",
"image": "hwdsl2/ipsec-vpn-server:latest",
"essential": true,
"memory": 128,
"portMappings": [
{
"hostPort": 500,
"containerPort": 500
},
{
"hostPort": 4500,
"containerPort": 4500
}
]
}
]
}
我的.ebignore
# Only keep Dockerrun.aws.json
*
!Dockerrun.aws.json
我將AWSElasticBeanstalkMulticontainerDocker角色附加到aws-elasticbeanstalk-service-role:
aws --profile my-profile-name \
iam attach-role-policy \
policy-arn arn:aws:iam::aws:policy/AWSElasticBeanstalkMulticontainerDocker \
--role-name aws-elasticbeanstalk-service-role
我創造了這樣的 aws eb 環境:
export VPN_USER="some_secret_user"
export VPN_PASSWORD="some_secret_password"
export VPN_IPSEC_PSK="some_secret_ipsec_psk"
eb create vpn-example \
--profile my-profile-name \
--region us-east-1 \
--platform multi-container-docker-17.09.1-ce-\(generic\) \
--envvars VPN_USER=${VPN_USER} \
--envvars VPN_PASSWORD=${VPN_PASSWORD} \
--envvars VPN_IPSEC_PSK=${VPN_IPSEC_PSK} \
--cname some-vpn-example-domain
環境確實創建正確,但正如您所看到的,它並不健康;)
環境創建運行一段時間,創建負載平衡器等。
單擊單一任務時,我會看到以下內容:
地位:
已停止(CannotPullContainerError:API 錯誤 (400):無效)
詳細狀態原因:
CannotPullContainerError:API 錯誤 (400):引用格式無效:儲存庫名稱必須小寫
最新事件在 Elastic beanstalk 環境中顯示以下警告:
環境健康狀況已從「惡化」轉變為「嚴重」。命令在所有實例上均失敗。 ELB 運作狀況故障或不適用於所有執行個體。
eb logs根本沒有輸出。
containerDefinitions我在s中沒有使用任何大寫字母image。我發現的唯一奇怪的事情是Image任務中的一列,該列說明了Dockerrun.aws.json我期望它在哪裡hwdsl2/ipsec-vpn-server(我認為)。
我還認為這將是一項服務而不是一項任務。任何幫助將不勝感激。
我似乎找不到讀取日誌的方法。我從頭開始再次嘗試,命令日誌eb create如下:
WARNING: The Multi-container Docker platform requires additional ECS permissions. Add the permissions to the aws-elasticbeanstalk-ec2-role or use your own instance profile by typing "-ip {profile-name}".
For more information see: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_docker_ecs.html#create_deploy_docker_ecs_role
Creating application version archive "app-xxxx-xxxxxx_xxxxxx".
Uploading example-vpn/app-xxxx-xxxxxx_xxxxxx.zip to S3. This may take a while.
Upload Complete.
Environment details for: vpn-dev-01
Application name: example-vpn
Region: us-east-1
Deployed Version: app-xxxx-xxxxxx_xxxxxx
Environment ID: e-mtwbaums2n
Platform: arn:aws:elasticbeanstalk:us-east-1::platform/Multi-container Docker running on 64bit Amazon Linux/2.9.0
Tier: WebServer-Standard-1.0
CNAME: example-vpn-SNIP.us-east-1.elasticbeanstalk.com
Updated: 2018-03-22 18:55:03.173000+00:00
Printing Status:
INFO: createEnvironment is starting.
INFO: Using elasticbeanstalk-us-east-1-xxxxxxxxxxxx as Amazon S3 storage bucket for environment data.
INFO: Created security group named: sg-SNIP
INFO: Created security group named: awseb-e-SNIP
INFO: Created load balancer named: awseb-e-SNIP
INFO: Created Auto Scaling launch configuration named: awseb-e-SNIP
INFO: Created Auto Scaling group named: awseb-SNIP
INFO: Waiting for EC2 instances to launch. This may take a few minutes.
INFO: Created Auto Scaling group policy named: arn:aws:autoscaling:us-east-1:SNIP
INFO: Created Auto Scaling group policy named: arn:aws:autoscaling:us-east-1:SNIP
INFO: Created CloudWatch alarm named: awseb-e-SNIP
INFO: Created CloudWatch alarm named: awseb-e-SNIP
ERROR: Failed to start ECS task: arn:aws:ecs:us-east-1:xxxxxxxxxxxx:task/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx is STOPPED.
ERROR: ECS task stopped due to: Essential container in task exited. (ipsec-vpn-server: )
ERROR: Failed to start ECS task: arn:aws:ecs:us-east-1:xxxxxxxxxxxx:task/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx is STOPPED.
ERROR: Failed to start ECS task after retrying 2 times.
ERROR: [Instance: i-xxxxxxxxxxxxxxxxx] Command failed on instance. Return code: 1 Output: trying 2 times.' --severity ERROR
+ exit 1.
Hook /opt/elasticbeanstalk/hooks/appdeploy/enact/03start-task.sh failed. For more detail, check /var/log/eb-activity.log using console or EB CLI.
INFO: Command execution completed on all instances. Summary: [Successful: 0, Failed: 1].
ERROR: Create environment operation is complete, but with errors. For more information, see troubleshooting documentation.
我再次嘗試使用不同的 docker 映像nginx:latest,服務啟動了,所以我遇到的問題是hwdsl2/ipsec-vpn-server:latest直接地。我又試了一次,但在本地:
docker pull hwdsl2/ipsec-vpn-server:latest
eb local run --debug
它向我展示了錯誤:
ipsecvpnserver_1 | Error: This Docker image must be run in privileged mode.
ipsecvpnserver_1 |
ipsecvpnserver_1 | For detailed instructions, please visit:
ipsecvpnserver_1 | https://github.com/hwdsl2/docker-ipsec-vpn-server
ipsecvpnserver_1 |
elasticbeanstalk_ipsecvpnserver_1 exited with code 1
elasticbeanstalk 中的日誌並不總是易於閱讀。我將此添加到Dockerrun.aws.json:
"privileged": true,
現在,它在運行時確實在本地成功啟動eb local run,但在雲端中仍然失敗。