AWS ECS容器不能指定区域
首先,我使用服务器环境:
- sever:django + nginx + uwsgi
- 云:docker+ AWS ECS
- 日志logging:AWS CloudWatch日志服务+了望塔第三方应用程序
这是项目代码
https://github.com/byunghyunpark/django-log-test
题
我正在使用django第三方应用程序来使用AWS Cloudwatch日志服务。 如果我将日志处理程序设置为了望塔并将泊坞窗图像上传到ECS服务并运行任务,它仍将返回500错误。
500错误如果您检查日志
/tmp/uwsgi.log
*** Operational MODE: single process *** DEBUG = False DEV = False TEST = False LMS_MESSAGE = False STATIC_S3 = True DJANGO_LOG_LEVEL = INFO Traceback (most recent call last): File "/usr/lib/python3.5/logging/config.py", line 558, in configure handler = self.configure_handler(handlers[name]) File "/usr/lib/python3.5/logging/config.py", line 731, in configure_handler result = factory(**kwargs) File "/usr/local/lib/python3.5/dist-packages/watchtower/__init__.py", line 78, in __init__ self.cwl_client = (boto3_session or boto3).client("logs") File "/usr/local/lib/python3.5/dist-packages/boto3/__init__.py", line 83, in client return _get_default_session().client(*args, **kwargs) File "/usr/local/lib/python3.5/dist-packages/boto3/session.py", line 263, in client aws_session_token=aws_session_token, config=config) File "/usr/local/lib/python3.5/dist-packages/botocore/session.py", line 836, in create_client client_config=config, api_version=api_version) File "/usr/local/lib/python3.5/dist-packages/botocore/client.py", line 70, in create_client verify, credentials, scoped_config, client_config, endpoint_bridge) File "/usr/local/lib/python3.5/dist-packages/botocore/client.py", line 224, in _get_client_args verify, credentials, scoped_config, client_config, endpoint_bridge) File "/usr/local/lib/python3.5/dist-packages/botocore/args.py", line 45, in get_client_args endpoint_url, is_secure, scoped_config) File "/usr/local/lib/python3.5/dist-packages/botocore/args.py", line 103, in compute_client_args service_name, region_name, endpoint_url, is_secure) File "/usr/local/lib/python3.5/dist-packages/botocore/client.py", line 297, in resolve service_name, region_name) File "/usr/local/lib/python3.5/dist-packages/botocore/regions.py", line 122, in construct_endpoint partition, service_name, region_name) File "/usr/local/lib/python3.5/dist-packages/botocore/regions.py", line 135, in _endpoint_for_partition raise NoRegionError() botocore.exceptions.NoRegionError: You must specify a region. During handling of the above exception, another exception occurred: Traceback (most recent call last): File "./mysite/wsgi.py", line 16, in <module> application = get_wsgi_application() File "/usr/local/lib/python3.5/dist-packages/django/core/wsgi.py", line 13, in get_wsgi_application django.setup(set_prefix=False) File "/usr/local/lib/python3.5/dist-packages/django/__init__.py", line 22, in setup configure_logging(settings.LOGGING_CONFIG, settings.LOGGING) File "/usr/local/lib/python3.5/dist-packages/django/utils/log.py", line 75, in configure_logging logging_config_func(logging_settings) File "/usr/lib/python3.5/logging/config.py", line 795, in dictConfig dictConfigClass(config).configure() File "/usr/lib/python3.5/logging/config.py", line 566, in configure '%r: %s' % (name, e)) ValueError: Unable to configure handler 'watchtower': You must specify a region. unable to load app 0 (mountpoint='') (callable not found or import error) *** no app loaded. going in full dynamic mode *** *** uWSGI is running in multiple interpreter mode *** spawned uWSGI master process (pid: 22) spawned uWSGI worker 1 (pid: 33, cores: 1) --- no python application found, check your startup logs for errors --- [pid: 33|app: -1|req: -1/1] 123.212.195.148 () {40 vars in 738 bytes} [Mon Jun 5 10:43:13 2017] GET / => generated 21 bytes in 0 msecs (HTTP/1.1 500) 2 headers in 83 bytes (0 switches on core 0) --- no python application found, check your startup logs for errors --- [pid: 33|app: -1|req: -1/2] 123.212.195.148 () {40 vars in 756 bytes} [Mon Jun 5 10:43:13 2017] GET /favicon.ico => generated 21 bytes in 0 msecs (HTTP/1.1 500) 2 headers in 83 bytes (0 switches on core 0) --- no python application found, check your startup logs for errors --- [pid: 33|app: -1|req: -1/3] 54.167.97.82 () {36 vars in 515 bytes} [Mon Jun 5 11:22:42 2017] GET / => generated 21 bytes in 0 msecs (HTTP/1.1 500) 2 headers in 83 bytes (0 switches on core 0) --- no python application found, check your startup logs for errors --- [pid: 33|app: -1|req: -1/4] 91.196.50.33 () {38 vars in 613 bytes} [Mon Jun 5 12:03:20 2017] GET /testproxy.php => generated 21 bytes in 0 msecs (HTTP/1.1 500) 2 headers in 83 bytes (0 switches on core 0) --- no python application found, check your startup logs for errors --- [pid: 33|app: -1|req: -1/5] 123.212.195.148 () {40 vars in 738 bytes} [Mon Jun 5 14:01:04 2017] GET / => generated 21 bytes in 0 msecs (HTTP/1.1 500) 2 headers in 83 bytes (0 switches on core 0) --- no python application found, check your startup logs for errors --- [pid: 33|app: -1|req: -1/6] 123.212.195.148 () {40 vars in 756 bytes} [Mon Jun 5 14:01:04 2017] GET /favicon.ico => generated 21 bytes in 0 msecs (HTTP/1.1 500) 2 headers in 83 bytes (0 switches on core 0) --- no python application found, check your startup logs for errors --- [pid: 33|app: -1|req: -1/7] 123.212.195.148 () {42 vars in 769 bytes} [Mon Jun 5 14:06:48 2017] GET / => generated 21 bytes in 0 msecs (HTTP/1.1 500) 2 headers in 83 bytes (0 switches on core 0) --- no python application found, check your startup logs for errors --- [pid: 33|app: -1|req: -1/8] 123.212.195.148 () {44 vars in 809 bytes} [Mon Jun 5 14:06:48 2017] GET /favicon.ico => generated 21 bytes in 0 msecs (HTTP/1.1 500) 2 headers in 83 bytes (0 switches on core 0) --- no python application found, check your startup logs for errors --- [pid: 33|app: -1|req: -1/9] 123.212.195.148 () {42 vars in 769 bytes} [Mon Jun 5 14:06:49 2017] GET / => generated 21 bytes in 0 msecs (HTTP/1.1 500) 2 headers in 83 bytes (0 switches on core 0) --- no python application found, check your startup logs for errors --- [pid: 33|app: -1|req: -1/10] 123.212.195.148 () {44 vars in 809 bytes} [Mon Jun 5 14:06:49 2017] GET /favicon.ico => generated 21 bytes in 0 msecs (HTTP/1.1 500) 2 headers in 83 bytes (0 switches on core 0) --- no python application found, check your startup logs for errors --- [pid: 33|app: -1|req: -1/11] 123.212.195.148 () {42 vars in 769 bytes} [Mon Jun 5 14:06:49 2017] GET / => generated 21 bytes in 0 msecs (HTTP/1.1 500) 2 headers in 83 bytes (0 switches on core 0)
在创build任务定义时,任务IAMangular色已分配给pipe理员。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "*", "Resource": "*" } ] }
但是,容器仍然不与凭据交谈。
如果我将日志处理程序更改为默认(控制台),nginx服务器将正常工作。 如果我在本地运行docker docker run -v $ HOME / .aws: /root/.aws --rm -it -p 9090: 80 image_name ,nginx将正常工作,并且日志logging将正常工作在Cloudwatch日志中服务。
只有在ECS环境中validation失败。
除了IAMangular色,我还需要做其他设置吗?
我不喜欢这个..作为一个临时决议,
当我build立docker时,我使用Dockerfile ARGvariables传递了凭证信息。 我删除了任务IAM。
Dockerfile的代码是这样的
ARG AWS_ACCESS_KEY_ID ARG AWS_SECRET_ACCESS_KEY ARG AWS_DEFAULT_REGION ENV AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} \ AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} \ AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION}