ECS AnywhereがGAしました。おめでとうございます。
早速ですが、やってみました。
環境
Raspberry Pi 4 (8GB)
OS: Ubuntu 20.04(64bit)
OSクリーンインストール状態から始めます。
手順
cgroupsの有効化
/boot/firmware/cmdline.txtの1行目の末尾にcgroup_enable=memory cgroup_memory=1を追加します。
- net.ifnames=0 dwc_otg.lpm_enable=0 console=serial0,115200 console=tty1 root=LABEL=writable rootfstype=ext4 elevator=deadline rootwait fixrtc
+ net.ifnames=0 dwc_otg.lpm_enable=0 console=serial0,115200 console=tty1 root=LABEL=writable rootfstype=ext4 elevator=deadline rootwait fixrtc cgroup_enable=memory cgroup_memory=1
保存したら再起動します。
Externalインスタンスの登録
マネジメントコンソールで行います。
まずはクラスターを作成します。
ネットワーキングのみを選択
クラスター名を入力。VPCは作成しなくてOKです。
クラスターができました。
ECSインスタンスタブを選択し、Externalインスタンスの登録ボタンをクリック
特に入力は変えなくてOKです。
するとコマンドが表示されるのでコピーします。
コピーしたコマンドをRaspberry Piで実行するのですが、root権限が必要なので、&& bashのところを&& sudo bashに置き換えて実行します。
curl --proto "https" -o "/tmp/ecs-anywhere-install.sh" "https://amazon-ecs-agent.s3.amazonaws.com/ecs-anywhere-install-latest.sh" && sudo bash /tmp/ecs-anywhere-install.sh --region "ap-northeast-1" --cluster "ECSAnywhere" --activation-id "xxxxxxxx" --activation-code "xxxxxxxx"
すると、以下のものがすべてインストールされます。一発です。
- AWS Systems Manager Agent
- Amazon ECS コンテナエージェント
- Docker
コンソール出力
ubuntu@ubuntu:~$ curl --proto "https" -o "/tmp/ecs-anywhere-install.sh" "https://amazon-ecs-agent.s3.amazonaws.com/ecs-anywhere-install-latest.sh" && sudo bash /tmp/ecs-anywhere-install.sh --region "ap-northeast-1" --cluster "ECSAnywhere" --activation-id "xxxxxxxx" --activation-code "xxxxxxxx"
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 19369 100 19369 0 0 18859 0 0:00:01 0:00:01 --:--:-- 18859
Running ECS install script on ubuntu 20.04
###
ubuntu
##########################
# Trying to Update apt repos ...
Hit:1 http://ports.ubuntu.com/ubuntu-ports focal InRelease
Get:2 http://ports.ubuntu.com/ubuntu-ports focal-updates InRelease [114 kB]
Get:3 http://ports.ubuntu.com/ubuntu-ports focal-backports InRelease [101 kB]
Get:4 http://ports.ubuntu.com/ubuntu-ports focal-security InRelease [114 kB]
Fetched 328 kB in 3s (124 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
Reading package lists... Done
Building dependency tree
Reading state information... Done
curl is already the newest version (7.68.0-1ubuntu2.5).
curl set to manually installed.
The following additional packages will be installed:
libjq1 libonig5
The following NEW packages will be installed:
jq libjq1 libonig5
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 291 kB of archives.
After this operation, 1022 kB of additional disk space will be used.
Get:1 http://ports.ubuntu.com/ubuntu-ports focal/universe arm64 libonig5 arm64 6.9.4-1 [134 kB]
Get:2 http://ports.ubuntu.com/ubuntu-ports focal-updates/universe arm64 libjq1 arm64 1.6-1ubuntu0.20.04.1 [107 kB]
Get:3 http://ports.ubuntu.com/ubuntu-ports focal-updates/universe arm64 jq arm64 1.6-1ubuntu0.20.04.1 [49.6 kB]
Fetched 291 kB in 2s (156 kB/s)
debconf: unable to initialize frontend: Dialog
debconf: (Dialog frontend requires a screen at least 13 lines tall and 31 columns wide.)
debconf: falling back to frontend: Readline
Selecting previously unselected package libonig5:arm64.
(Reading database ... 99449 files and directories currently installed.)
Preparing to unpack .../libonig5_6.9.4-1_arm64.deb ...
Unpacking libonig5:arm64 (6.9.4-1) ...
Selecting previously unselected package libjq1:arm64.
Preparing to unpack .../libjq1_1.6-1ubuntu0.20.04.1_arm64.deb ...
Unpacking libjq1:arm64 (1.6-1ubuntu0.20.04.1) ...
Selecting previously unselected package jq.
Preparing to unpack .../jq_1.6-1ubuntu0.20.04.1_arm64.deb ...
Unpacking jq (1.6-1ubuntu0.20.04.1) ...
Setting up libonig5:arm64 (6.9.4-1) ...
Setting up libjq1:arm64 (1.6-1ubuntu0.20.04.1) ...
Setting up jq (1.6-1ubuntu0.20.04.1) ...
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for libc-bin (2.31-0ubuntu9.2) ...
# ok
##########################
##########################
# Trying to install ssm agent ...
##########################
# Trying to verify the signature of amazon-ssm-agent package ...
/usr/bin/gpg
8108A07A9EBE248E3F1C63F254F4F56E693ECA21
gpg: key 54F4F56E693ECA21: 1 signature not checked due to a missing key
gpg: key 54F4F56E693ECA21: public key "SSM Agent <ssm-agent-signer@amazon.com>" imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: no ultimately trusted keys found
gpg: Signature made Tue May 18 03:08:59 2021 JST
gpg: using RSA key 54F4F56E693ECA21
gpg: Good signature from "SSM Agent <ssm-agent-signer@amazon.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 8108 A07A 9EBE 248E 3F1C 63F2 54F4 F56E 693E CA21
amazon-ssm-agent GPG verification passed. Install the amazon-ssm-agent.
# ok
##########################
Selecting previously unselected package amazon-ssm-agent.
(Reading database ... 99466 files and directories currently installed.)
Preparing to unpack .../tmp.e4bnFizWPA/ssm-agent.deb ...
Preparing for install
-> Systemd detected
active
Failed to stop amazon-ssm-agent.service: Unit amazon-ssm-agent.service not loaded.
Unpacking amazon-ssm-agent (3.0.1209.0-1) ...
Setting up amazon-ssm-agent (3.0.1209.0-1) ...
Starting agent
Created symlink /etc/systemd/system/multi-user.target.wants/amazon-ssm-agent.service → /lib/systemd/system/amazon-ssm-agent.service.
##########################
# Trying to Register SSM agent ...
Error occurred fetching the seelog config file path: open /etc/amazon/ssm/seelog.xml: no such file or directory
Initializing new seelog logger
New Seelog Logger Creation Complete
2021-06-02 21:47:09 WARN Could not read InstanceFingerprint file: InstanceFingerprint does not exist.
2021-06-02 21:47:09 INFO No initial fingerprint detected, generating fingerprint file...
2021-06-02 21:47:10 INFO Successfully registered the instance with AWS SSM using Managed instance-id: mi-0068c2b106f3423e5
SSM agent has been registered.
# ok
##########################
# ok
##########################
##########################
# Trying to install docker from docker repos ...
Reading package lists... Done
Building dependency tree
Reading state information... Done
ca-certificates is already the newest version (20210119~20.04.1).
ca-certificates set to manually installed.
software-properties-common is already the newest version (0.98.9.5).
software-properties-common set to manually installed.
The following NEW packages will be installed:
apt-transport-https gnupg-agent
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 6936 B of archives.
After this operation, 207 kB of additional disk space will be used.
Get:1 http://ports.ubuntu.com/ubuntu-ports focal-updates/universe arm64 apt-transport-https all 2.0.5 [1704 B]
Get:2 http://ports.ubuntu.com/ubuntu-ports focal-updates/universe arm64 gnupg-agent all 2.2.19-3ubuntu2.1 [5232 B]
Fetched 6936 B in 1s (9656 B/s)
debconf: unable to initialize frontend: Dialog
debconf: (Dialog frontend requires a screen at least 13 lines tall and 31 columns wide.)
debconf: falling back to frontend: Readline
Selecting previously unselected package apt-transport-https.
(Reading database ... 99487 files and directories currently installed.)
Preparing to unpack .../apt-transport-https_2.0.5_all.deb ...
Unpacking apt-transport-https (2.0.5) ...
Selecting previously unselected package gnupg-agent.
Preparing to unpack .../gnupg-agent_2.2.19-3ubuntu2.1_all.deb ...
Unpacking gnupg-agent (2.2.19-3ubuntu2.1) ...
Setting up apt-transport-https (2.0.5) ...
Setting up gnupg-agent (2.2.19-3ubuntu2.1) ...
OK
Get:1 https://download.docker.com/linux/ubuntu focal InRelease [41.0 kB]
Hit:2 http://ports.ubuntu.com/ubuntu-ports focal InRelease
Get:3 https://download.docker.com/linux/ubuntu focal/stable arm64 Packages [9060 B]
Hit:4 http://ports.ubuntu.com/ubuntu-ports focal-updates InRelease
Hit:5 http://ports.ubuntu.com/ubuntu-ports focal-backports InRelease
Hit:6 http://ports.ubuntu.com/ubuntu-ports focal-security InRelease
Fetched 50.1 kB in 2s (20.1 kB/s)
Reading package lists... Done
Hit:1 https://download.docker.com/linux/ubuntu focal InRelease
Hit:2 http://ports.ubuntu.com/ubuntu-ports focal InRelease
Hit:3 http://ports.ubuntu.com/ubuntu-ports focal-updates InRelease
Hit:4 http://ports.ubuntu.com/ubuntu-ports focal-backports InRelease
Hit:5 http://ports.ubuntu.com/ubuntu-ports focal-security InRelease
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
docker-ce-rootless-extras pigz slirp4netns
Suggested packages:
cgroupfs-mount | cgroup-lite
The following NEW packages will be installed:
containerd.io docker-ce docker-ce-cli docker-ce-rootless-extras pigz slirp4netns
0 upgraded, 6 newly installed, 0 to remove and 0 not upgraded.
Need to get 84.2 MB of archives.
After this operation, 398 MB of additional disk space will be used.
Get:1 https://download.docker.com/linux/ubuntu focal/stable arm64 containerd.io arm64 1.4.6-1 [21.9 MB]
Get:2 http://ports.ubuntu.com/ubuntu-ports focal/universe arm64 pigz arm64 2.4-1 [47.8 kB]
Get:3 http://ports.ubuntu.com/ubuntu-ports focal/universe arm64 slirp4netns arm64 0.4.3-1 [69.2 kB]
Get:4 https://download.docker.com/linux/ubuntu focal/stable arm64 docker-ce-cli arm64 5:20.10.6~3-0~ubuntu-focal [37.1 MB]
Get:5 https://download.docker.com/linux/ubuntu focal/stable arm64 docker-ce arm64 5:20.10.6~3-0~ubuntu-focal [16.8 MB]
Get:6 https://download.docker.com/linux/ubuntu focal/stable arm64 docker-ce-rootless-extras arm64 5:20.10.6~3-0~ubuntu-focal [8268 kB]
Fetched 84.2 MB in 13s (6713 kB/s)
debconf: unable to initialize frontend: Dialog
debconf: (Dialog frontend requires a screen at least 13 lines tall and 31 columns wide.)
debconf: falling back to frontend: Readline
Selecting previously unselected package pigz.
(Reading database ... 99495 files and directories currently installed.)
Preparing to unpack .../0-pigz_2.4-1_arm64.deb ...
Unpacking pigz (2.4-1) ...
Selecting previously unselected package containerd.io.
Preparing to unpack .../1-containerd.io_1.4.6-1_arm64.deb ...
Unpacking containerd.io (1.4.6-1) ...
Selecting previously unselected package docker-ce-cli.
Preparing to unpack .../2-docker-ce-cli_5%3a20.10.6~3-0~ubuntu-focal_arm64.deb ...
Unpacking docker-ce-cli (5:20.10.6~3-0~ubuntu-focal) ...
Selecting previously unselected package docker-ce.
Preparing to unpack .../3-docker-ce_5%3a20.10.6~3-0~ubuntu-focal_arm64.deb ...
Unpacking docker-ce (5:20.10.6~3-0~ubuntu-focal) ...
Selecting previously unselected package docker-ce-rootless-extras.
Preparing to unpack .../4-docker-ce-rootless-extras_5%3a20.10.6~3-0~ubuntu-focal_arm64.deb ...
Unpacking docker-ce-rootless-extras (5:20.10.6~3-0~ubuntu-focal) ...
Selecting previously unselected package slirp4netns.
Preparing to unpack .../5-slirp4netns_0.4.3-1_arm64.deb ...
Unpacking slirp4netns (0.4.3-1) ...
Setting up slirp4netns (0.4.3-1) ...
Setting up containerd.io (1.4.6-1) ...
Created symlink /etc/systemd/system/multi-user.target.wants/containerd.service → /lib/systemd/system/containerd.service.
Setting up docker-ce-cli (5:20.10.6~3-0~ubuntu-focal) ...
Setting up pigz (2.4-1) ...
Setting up docker-ce-rootless-extras (5:20.10.6~3-0~ubuntu-focal) ...
Setting up docker-ce (5:20.10.6~3-0~ubuntu-focal) ...
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /lib/systemd/system/docker.service.
Created symlink /etc/systemd/system/sockets.target.wants/docker.socket → /lib/systemd/system/docker.socket.
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for systemd (245.4-4ubuntu3.6) ...
# ok
##########################
##########################
# Trying to install ecs agent ...
##########################
# Trying to verify the signature of amazon-ecs-init package ...
/usr/bin/gpg
/usr/bin/dirmngr
gpg: key BCE9D9A42D51784F: 1 signature not checked due to a missing key
gpg: key BCE9D9A42D51784F: public key "Amazon ECS <ecs-security@amazon.com>" imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: no ultimately trusted keys found
gpg: Signature made Wed May 26 04:16:16 2021 JST
gpg: using RSA key 50DECCC4710E61AF
gpg: Good signature from "Amazon ECS <ecs-security@amazon.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: F34C 3DDA E729 26B0 79BE AEC6 BCE9 D9A4 2D51 784F
Subkey fingerprint: D64B B6F9 0CF3 77E9 B5FB 346F 50DE CCC4 710E 61AF
amazon-ecs-init GPG verification passed. Install amazon-ecs-init.
# ok
##########################
Reading package lists... Done
Building dependency tree
Reading state information... Done
Note, selecting 'amazon-ecs-init' instead of '/tmp/tmp.8WtkjJcLTy/amazon-ecs-init-latest.arm64.deb'
The following NEW packages will be installed:
amazon-ecs-init
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/11.8 MB of archives.
After this operation, 67.8 MB of additional disk space will be used.
Get:1 /tmp/tmp.8WtkjJcLTy/amazon-ecs-init-latest.arm64.deb amazon-ecs-init arm64 1.52.2-2 [11.8 MB]
debconf: unable to initialize frontend: Dialog
debconf: (Dialog frontend requires a screen at least 13 lines tall and 31 columns wide.)
debconf: falling back to frontend: Readline
Selecting previously unselected package amazon-ecs-init.
(Reading database ... 99742 files and directories currently installed.)
Preparing to unpack .../amazon-ecs-init-latest.arm64.deb ...
Unpacking amazon-ecs-init (1.52.2-2) ...
Setting up amazon-ecs-init (1.52.2-2) ...
Processing triggers for man-db (2.9.1-1) ...
Created symlink /etc/systemd/system/multi-user.target.wants/ecs.service → /lib/systemd/system/ecs.service.
# ok
##########################
##########################
# Trying to wait for ECS agent to start ...
Ping ECS Agent registered successfully! Container instance arn: "arn:aws:ecs:ap-northeast-1:781749372177:container-instance/ECSAnywhere/f99e1d60193d4cd19ecc2322fd1ecee6"
You can check your ECS cluster here https://console.aws.amazon.com/ecs/home?region=ap-northeast-1#/clusters/ECSAnywhere
# ok
##########################
##########################
This script installed three open source packages that all use Apache License 2.0.
You can view their license information here:
- ECS Agent https://github.com/aws/amazon-ecs-agent/blob/master/LICENSE
- SSM Agent https://github.com/aws/amazon-ssm-agent/blob/master/LICENSE
- Docker engine https://github.com/moby/moby/blob/master/LICENSE
##########################
ubuntu@ubuntu:~$
上手くインストールが完了したら、マネジメントコンソール上にも反映されます。
動作確認
タスク定義
| 項目 | 設定 |
|---|---|
| タスク定義名 | ECSAnywhereTask |
| タスクロール | なし |
| ネットワークモード | |
| タスクの実行 IAM ロール | 新しいロールの作成 |
| タスクメモリ (MiB) | 1024 |
| タスク CPU (単位) | 1024 |
- コンテナ定義
| 項目 | 設定 |
|---|---|
| コンテナ名 | nginx |
| イメージ | public.ecr.aws/nginx/nginx:latest |
| ポートマッピング(ホストポート) | 8080 |
| ポートマッピング(コンテナポート) | 80 |
| ポートマッピング(プロトコル) | TCP |
サービス
| 項目 | 設定 |
| 起動タイプ | EXTERNAL |
| タスク定義 | ECSAnywhereTask |
| クラスター |ECSAnywhere |
| サービス名 |ECSAnywhereService |
| サービスタイプ | REPLICA |
| タスクの数 | 1 |
確認
しばらくするとRaspberry Pi上でNginxのコンテナが起動します。
ubuntu@ubuntu:~$ sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d42fbca6b6cd public.ecr.aws/nginx/nginx:latest "/docker-entrypoint.…" 39 seconds ago Up 34 seconds 0.0.0.0:8080->80/tcp, :::8080->80/tcp ecs-ECSAnywhereTask-1-nginx-a2deaad28eebc9ac7d00
6e70d61f8efd amazon/amazon-ecs-agent:latest "/agent" 28 minutes ago Up 28 minutes (healthy) ecs-agent
ubuntu@ubuntu:~$
Raspberry PiのIPアドレスを指定してブラウザでも表示が確認できました。
試しにコンテナを止めてみます。
ubuntu@ubuntu:~$ sudo docker stop d42fbca6b6cd
d42fbca6b6cd
ubuntu@ubuntu:~$ sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6e70d61f8efd amazon/amazon-ecs-agent:latest "/agent" 30 minutes ago Up 30 minutes (healthy) ecs-agent
ubuntu@ubuntu:~$
しばらくすると、再度起動します。
ubuntu@ubuntu:~$ sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c3594d839b73 public.ecr.aws/nginx/nginx:latest "/docker-entrypoint.…" 18 seconds ago Up 12 seconds 0.0.0.0:8080->80/tcp, :::8080->80/tcp ecs-ECSAnywhereTask-1-nginx-be9dbc97f4b1bd8daa01
6e70d61f8efd amazon/amazon-ecs-agent:latest "/agent" 30 minutes ago Up 30 minutes (healthy) ecs-agent
ubuntu@ubuntu:~$
いいですね!