1

我设法关注https://aws.amazon.com/blogs/compute/amazon-ecs-and-docker-volume-drivers-amazon-ebs/ 并使用 rex-ray Docker 在 ECS 上运行我的基于容器的服务音量插件。通过使用登录到 Docker 容器,我可以看到我的服务正在卷内生成数据docker exec -it <id> /bin/sh

主机 EC2 实例上是否有可以检查该数据的位置?rex-ray 卷是否安装在主机实例的任何位置?

我正在运行一个单节点 ECS 集群。我使用了以下任务定义。我在卷下的主机中声明了 sourcePath,但在主机容器上看不到任何输出目录。

{
"ipcMode": null,
"executionRoleArn": null,
"containerDefinitions": [
    {
        "dnsSearchDomains": null,
        "environmentFiles": null,
        "logConfiguration": {
            "logDriver": "awslogs",
            "secretOptions": null,
            "options": {
                "awslogs-group": "/ecs/xxxxx",
                "awslogs-region": "us-east-1",
                "awslogs-stream-prefix": "ecs"
            }
        },
        "entryPoint": null,
        "portMappings": [],
        "command": null,
        "linuxParameters": null,
        "cpu": 0,
        "environment": [
            {
                "name": "save_path",
                "value": "/outputs"
            },
            {
                "name": "watchdog_limit",
                "value": "60"
            },
            {
                "name": "max_records_per_file",
                "value": "14400"
            }
        ],
        "resourceRequirements": null,
        "ulimits": null,
        "dnsServers": null,
        "mountPoints": [
            {
                "readOnly": null,
                "containerPath": "/outputs",
                "sourceVolume": "rexray_volume"
            }
        ],
        "workingDirectory": null,
        "secrets": null,
        "dockerSecurityOptions": null,
        "memory": null,
        "memoryReservation": 300,
        "volumesFrom": [],
        "stopTimeout": null,
        "image": "xxxxxxxxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/xxxxxxxxx:1.1",
        "startTimeout": null,
        "firelensConfiguration": null,
        "dependsOn": null,
        "disableNetworking": null,
        "interactive": null,
        "healthCheck": null,
        "essential": true,
        "links": null,
        "hostname": null,
        "extraHosts": null,
        "pseudoTerminal": null,
        "user": null,
        "readonlyRootFilesystem": null,
        "dockerLabels": null,
        "systemControls": null,
        "privileged": null,
        "name": "Datafeed"
    }
],
"memory": null,
"taskRoleArn": null,
"family": "Xxxxxxxx",
"pidMode": null,
"requiresCompatibilities": [
    "EC2"
],
"networkMode": null,
"cpu": null,
"inferenceAccelerators": [],
"proxyConfiguration": null,
"volumes": [
    {
        "fsxWindowsFileServerVolumeConfiguration": null,
        "efsVolumeConfiguration": null,
        "name": "rexray_volume",
        "host": {
            "sourcePath": "/outputs"
        },
        "dockerVolumeConfiguration": {
            "autoprovision": true,
            "scope": "shared",
            "driver": "rexray/ebs",
            "driverOpts": {
                "volumetype": "gp3",
                "size": "20"
            }
        }
    }
],
"placementConstraints": [],
"tags": []

}

4

2 回答 2

2

我设法访问了这些文件。该设备已安装到/var/lib/docker/plugins文件夹内的路径。

这可以使用命令来识别lsblk。由于设备已经挂载,因此无法再次将其挂载到其他位置,但是,您可以创建 --bind 挂载到更方便的位置。

sudo mount --bind /var/lib/docker/plugins/xxxxxx/propagated-mount/volumes/rexray_vol outputs/

我确实需要 su 才能访问这些文件。如果您有更好的解决方案,请告诉我。

于 2021-03-14T21:21:55.867 回答
0

SSH 进入 EC2 实例并运行lsblk命令找到 ECS 服务容器的数据目录。

如果您想知道如何创建指定 IOPS 和加密的 gp3 卷,以下是任务定义示例:

resource "aws_ecs_task_definition" "postgres" {
  container_definitions    = ...
  family                   = "Postgres"
  requires_compatibilities = ["EC2"]
  network_mode             = "bridge"

  volume {
    name = "rexray_volume"

    docker_volume_configuration {
      scope         = "shared"
      autoprovision = false
      driver        = "rexray/ebs"
      driver_opts = {
        volumetype    = "gp3"
        size          = 20
        iops          = 3000
        encrypted     = true
        encryptionkey = "arn:aws:kms:us-east-1:111111111111:key/11111111-1111-1111-1111-11111111"
      }
    }
  }
}
于 2022-01-17T15:56:31.867 回答