Phil's ECS Notes - tooltwist/documentation GitHub Wiki

New EC2 Instance

Creating a new instance: http://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_container_instance.html

Unfortunately we can't (yet) use autoscaling to create new instances as required, because the following steps need to be performed when a new instance is created.

  1. Let the instance access configs.tooltwist.com, by adding it's IP address to the security group whitelist.

  2. Checkout the standard scripts

     cd ${HOME}  
 git clone http://[email protected]/r/ttutil.git

  3. Update ~/.bash_profile

     # Standard utilities  
 . ~/ttutil/bashrc

Log off and back on again.

  1. For each project, create the volumes.

     sudo mkdir /Configs-prod  
 cd /Configs-prod  
 git clone http://[email protected]/r/prod/drinkcircle.git

  2. Install the shared file system

     s3fs-fuse

Volumes

We use Docker volumes to provide the configuration to each container. We place these in /volumes-for-apps/project-name/mode/sub-project-name/site-conf where mode is devel, stage, prod, etc.

For example, the Drinkcircle project uses TEA, Crowdhound and TTAuth2 so needs these volumes on each EC2 instance in the Cluster:

$ cd /Configs-prod/crowdhound/staging
$ ls -la
total 0
drwxr-xr-x  4 philipcallender  staff  136 Aug 16 23:26 crowdhound
drwxr-xr-x  4 philipcallender  staff  136 Aug 16 23:26 drinkcircle
drwxr-xr-x  3 philipcallender  staff  102 Aug 16 23:26 tea
drwxr-xr-x  3 philipcallender  staff  102 Aug 16 23:26 ttauth2

You may notice that this is the same structure as the volumes folder provided by the development configs (e.g. ~/Configs/drinkcircle/dev/volumes). We download the configs used by ECS from configs.tooltwist.com.

Before the volumes can be downloaded, you need to install git:

$ sudo yum install git

and set your git permissions:

zzzz

Repository

Create a repository for your Docker images, using the Create Repository button on the Repositories page.

2016-09-08_20-18-49

Follow the instructions, and copy the login commands into the

Debugging

Unfortunately debugging ECS is not straightforward. Here a few links:

http://docs.aws.amazon.com/AmazonECS/latest/developerguide/troubleshooting.html

https://convox.com/blog/ecs-challenges/

Shortcuts

Most debugging of ECS involves logging on to the EC2 Instances.

To log in, you'll need to install a file ~/.ssh/phil-singapore.pem.

I added functions to my .bashrc file, to make it easy to log in to the ECS servers. Unfortunately the IP addresses are baked in, and will need to be updated if they change.

function login-ecs-dev-1 { ssh -i ~/.ssh/phil-singapore.pem [email protected] ; }
function login-ecs-dev-2 { ssh -i ~/.ssh/phil-singapore.pem [email protected] ; }

Pulling private docker images

My tasks would not run up tasks using images from hub.docker.com. To make this possible I added Docker credentials to /etc/ecs/ecs.config. see here for details.

Older Notes (may be obsolete)

These are my notes while experimenting with Amazon ECS.

Documentation Start Point: http://docs.aws.amazon.com/AmazonECS/latest/developerguide/Welcome.html - obsolete? Console: http://aws.amazon.com/cli/

Consoles: EC2 [VPC] (https://ap-southeast-1.console.aws.amazon.com/vpc/home?region=ap-southeast-1) [ECS] (https://ap-southeast-1.console.aws.amazon.com/ecs/home?region=ap-southeast-1)

Start example

https://ap-southeast-1.console.aws.amazon.com/ecs/home?region=ap-southeast-1#/firstRun

Run the 'first run' wizard, with default settings to start an example container.

  • It gave me a chance to download a permissions file, in my case philcal.pem. This needs to be copied to ~/.ssh and chmod 400 philcal.pem.

  • To access the server (AWS->Load Balancers->select one->description tab->DNS Name).

    In my case http://ec2contai-ecselast-2osll8hq9uv8-652856159.us-west-2.elb.amazonaws.com

  • To log in to the server instance (The Docker machine), (a) add an Elastic IP address, (b) assign it to the instance, (b) go to the instance and on the description tab click on the security group, and (c) add an inbound route for SSH to My IP.

    $ ssh -i ~/.ssh/philcal.pem ec2-user@<elastic IP address>

  • I pointed a DNS entry at the domain name of the ELB.

Using the ECS CLI

http://aws.amazon.com/cli/

Install the AWS Client

Check Python. Must be v2.6.5+.

$ python --version
Python 2.7.10

Check pip is installed. If not:
(http://stackoverflow.com/questions/17271319/installing-pip-on-mac-os-x)

$ sudo easy_install pip

Now install the AWS client:
(http://docs.aws.amazon.com/cli/latest/userguide/installing.html)
(http://docs.aws.amazon.com/general/latest/gr/rande.html)

$ sudo pip install awscli --ignore-installed six

$ aws configure
AWS Access Key ID [None]: xxxxxxxxxxx
AWS Secret Access Key [None]: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Default region name [None]: ap-southeast-1    (singapore)
Default output format [None]:

Install the aws-shell

This is like the aws command, but provides auto-complete when typing in commands.

$ sudo pip install aws-shell --upgrade --ignore-installed six

Read https://github.com/awslabs/aws-shell for information on how to use aws-shell.

Converting docker-compose.yml to ECS task file

(https://github.com/micahhausler/container-transform)
This command seems to have trouble running on OS X, but a Docker image can be used instead.

$ docker run --rm -i micahhausler/container-transform < docker-compose.yml

Useful Links

CLI Reference

(http://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_GetStarted.html)