Need to mount EFS drive on ECS Cluster automatically on launch of container instances. Is it possible with Clusters generated with the Wizard or do I need to create an AutoScaling group?
How to modify an Amazon ECS Cluster and use custom UserData to mount EFS
amazon ec2amazon-ecsamazon-efs
Related Solutions
I suspect this is port related, as it's fairly standard that things in a cluster need to communicate. The two articles below should answer this question for you. It seems to me the following are probably required
- Amazon ECS agent ports 51678 and 51679 (protocol unspecified)
- TCP 2376 and 2377 (docker)
- TCP / UDP 7946 (docker)
- UDP 4789 (docker)
- Ephemeral ports 49153 to 65535 (protocol unspecified)
Note that I know little about ECS and have simply done a couple of Google searches and read documentation. ECS is based on Docker so I looked at that. Some experimentation will be required.
Digital Ocean has a good article on Docker Ports.
TCP port 2376 for secure Docker client communication. This port is required for Docker Machine to work. Docker Machine is used to orchestrate Docker hosts. TCP port 2377. This port is used for communication between the nodes of a Docker Swarm or cluster. It only needs to be opened on manager nodes. TCP and UDP port 7946 for communication among nodes (container network discovery). UDP port 4789 for overlay network traffic (container ingress networking).
Then the Amazon documentation mentions some of the same ports.
The default ephemeral port range is 49153 to 65535, and this range is used for Docker versions prior to 1.6.0. For Docker version 1.6.0 and later, the Docker daemon tries to read the ephemeral port range from /proc/sys/net/ipv4/ip_local_port_range; if this kernel parameter is unavailable, the default ephemeral port range is used. You should not attempt to specify a host port in the ephemeral port range, because these are reserved for automatic assignment. In general, ports below 32768 are outside of the ephemeral port range.
The default reserved ports are 22 for SSH, the Docker ports 2375 and 2376, and the Amazon ECS container agent ports 51678 and 51679. Any host port that was previously specified in a running task is also reserved while the task is running (after a task stops, the host port is released).The current reserved ports are displayed in the remainingResources of DescribeContainerInstances output, and a container instance may have up to 100 reserved ports at a time, including the default reserved ports (automatically assigned ports do not count toward the 100 reserved ports limit).
Note that as per Wikipedia and comments below the ephemeral port range may need to be expanded.
Modify the lunch configuration to restart docker service right after mounting EFS. Then only ECS will use the mounted EFS as volume. Otherwise it will use the original directory (mount will be ignored).
#!/bin/bash
echo ECS_CLUSTER=prodcluster >> /etc/ecs/ecs.config
sudo yum install -y nfs-utils
sudo stop ecs
sudo mkdir /home/ec2-user/web_file_uploads
sudo chmod 777 /home/ec2-user/web_file_uploads
sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 fs-abcdef.efs.ap-southeast-2.amazonaws.com:/ /home/ec2-user/web_file_uploads
sudo service docker restart
sudo start ecs
Note: ECS service will stop after restarting docker service as ECS Agent runs inside docker. You need to start ECS Service afterwards.
Best Answer
A ECS Cluster is a logical grouping of hosts and does not cause any hosts to be provisioned. You probably want an autoscale group for that, in which case you'd probably configure the host via userdata / cloud-init to mount the EFS volume at bootup.