1. 首页
  2. 问答
  3. 不能在ECS实例

不能在ECS实例

2017-02-21 57 views
0

我有这样的UserData在configurationConfig资源在我cloudformation模板安装EFS:不能在ECS实例

"UserData":{ "Fn::Base64" : { 
      "Fn::Join" : ["", [ 
       "#!/bin/bash -xv\n", 
       "yum -y update\n", 
       "yum -y install aws-cfn-bootstrap\n", 
       "yum -y install awslogs jq\n", 
       "#Install NFS client\n", 
       "yum -y install nfs-utils\n", 
       "#Install pip\n", 
       "yum -y install python27 python27-pip\n", 
       "#Install awscli\n", 
       "pip install awscli\n", 
       "#Upgrade to the latest version of the awscli\n", 
       "#pip install --upgrade awscli\n", 
       "#Add support for EFS to the CLI configuration\n", 
       "aws configure set preview.efs true\n", 
       "#Get region of EC2 from instance metadata\n", 
       "EC2_AVAIL_ZONE=`curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone`\n", 
       "EC2_REGION=",{ "Ref": "AWS::Region"} ,"\n", 
       "mkdir /efs-tmp/\n", 
       "chown -R ec2-user:ec2-user /efs-tmp/\n", 
       "DIR_SRC=$EC2_AVAIL_ZONE.",{ "Fn::FindInMap" : [ "FileSystemMap", {"Ref" : "EnvParam"}, "FileSystemID"] },".efs.$EC2_REGION.amazonaws.com\n", 
       "DIR_TGT=/efs-tmp/\n", 
       "touch /home/ec2-user/echo.res\n", 
       "echo ",{ "Fn::FindInMap" : [ "FileSystemMap", {"Ref" : "EnvParam"}, "FileSystemID"] }," >> /home/ec2-user/echo.res\n", 
       "echo $EC2_AVAIL_ZONE >> /home/ec2-user/echo.res\n", 
       "echo $EC2_REGION >> /home/ec2-user/echo.res\n", 
       "echo $DIR_SRC >> /home/ec2-user/echo.res\n", 
       "echo $DIR_TGT >> /home/ec2-user/echo.res\n", 
       "#Mount EFS file system\n", 
       "mount -t nfs4 -o vers=4.1 $DIR_SRC:/ $DIR_TGT >> /home/ec2-user/echo.res\n", 
       "#Backup fstab\n", 
       "cp -p /etc/fstab /etc/fstab.back-$(date +%F)\n", 
       "echo -e \"$DIR_SRC:/ $DIR_TGT nfs4 nfsvers=4.1 0 0 | tee -a /etc/fstab\n", 
         "docker ps\n", 
       "service docker stop\n", 
       "service docker start\n", 
       "/opt/aws/bin/cfn-init -v", 
       "   --stack ", { "Ref": "AWS::StackName" }, 
       "   --resource ContainerInstances", 
       "   --region ", { "Ref" : "AWS::Region" },"\n", 
       "service awslogs start\n", 
       "chkconfig awslogs on\n" 
      ]]}

这里是安全组ECS容器:

"EcsSecurityGroup":{ 
    "Type" : "AWS::EC2::SecurityGroup", 
    "Properties" : { 
     "GroupDescription" : "ECS SecurityGroup", 
     "SecurityGroupIngress" : [ 
     { 
      "IpProtocol" : "tcp", 
      "FromPort" : "2049", 
      "ToPort" : "2049", 
      "CidrIp" : {"Ref" : "CIDRVPC"} 
     }, 
     { 
      "IpProtocol" : "tcp", 
      "FromPort" : "22", 
      "ToPort" : "22", 
      "CidrIp" : "0.0.0.0/0" 
     } 
     ], 
     "SecurityGroupEgress" : [ 
     { 
      "IpProtocol" : "-1", 
      "FromPort" : "-1", 
      "ToPort" : "-1", 
      "CidrIp" : "0.0.0.0/0" 
     } 
     ], 
     "VpcId":{ "Ref":"VpcId" } 
    } 
    },

后运行模板,我ssh进入实例,等待userdata完成执行,然后我在/var/log/cloud-init-ouptut.log找到这个错误:

mount.nfs4: Connection timed out

而且,/etc/fstab文件不包含装配线。 而我无法访问文件系统,因为创建的EFS文件夹是空的。

请告诉我这里的问题在哪里?

来源

2017-02-21 Somar

回答

1

确保您创建EFS安全组,并允许在入口规则的EC2安全:

"EfsSecurityGroup": { 
     "Properties": { 
      "GroupDescription": "EFS security group", 
      "SecurityGroupIngress": [ 
       { 
        "FromPort": 2049, 
        "IpProtocol": "tcp", 
        "SourceSecurityGroupId": { 
         "Ref": "YOUR_EC2_SECURITY_GROUP" 
        }, 
        "ToPort": 2049 
       }, 
      ], 
      "Tags": [ 
       { 
        "Key": "Application", 
        "Value": { 
         "Ref": "AWS::StackName" 
        } 
       }, 
       { 
        "Key": "Name", 
        "Value": "efs-sg" 
       } 
      ], 
      "VpcId": { 
       "Ref": "YOUR_VPC_ID" 
      } 
     }, 
     "Type": "AWS::EC2::SecurityGroup" 
    }

确保EFS mountarget存在:

"EFSMountTargetYourAZ": { 
     "Properties": { 
      "FileSystemId": "EFS_id", 
      "SecurityGroups": [ 
       { 
        "Ref": "EFS_SECURITY_GROUP" 
       } 
      ], 
      "SubnetId": { 
       "Ref": "SUBNET_ID" 
      } 
     }, 
     "Type": "AWS::EFS::MountTarget" 
    },

来源

2017-02-21 16:50:35 Gigapalmer

+0

在您的EC2安全组,你不应该具有用于EFS的端口2049的入口规则,则应该创建一个efs安全组,并将该ec2安全性作为该端口2049上的SourceSecurityGroupId。 – Gigapalmer

1

  1. 有一个错字在这条线在脚本中,(失踪关闭\")这是造成尝试写入到/etc/fstab失败:

    echo -e \"$DIR_SRC:/ $DIR_TGT nfs4 nfsvers=4.1 0 0 | tee -a /etc/fstab\n",

    这应该阅读:

    echo -e \"$DIR_SRC:/ $DIR_TGT nfs4 nfsvers=4.1 0 0\" | tee -a /etc/fstab\n",

  2. 您需要确保指定的可用区中存在AWS::EFS::MountTarget资源。否则,尝试使用DNS名称安装文件系统将无法正确解析。有关更多文档,请参阅Mounting File SystemsAWS::EFS::FileSystem

来源

2017-02-21 16:44:47 wjordan

相关问题

 相关问题