AWS recently announced AWS Fargate, a service to run containers without managing servers or clusters. If you were not asleep for the past years, you probably noticed that Docker had changed the way developers are working and the way some production servers are run.
But things are still very complicated in real life, and even if you run only containers, you still have to manage the underlying infrastructure. And I bet you already know that this is not a trivial task!
This is where AWS Fargate finds its sweet spot, aiming to be to the Docker world what the EC2 instances were for the early cloud adoption days: All you need is your Docker image, to configure the memory, CPU and define the network and IAM policies and Fargate runs your container. And all these come with resource-based pricing and per second billing. Easier said than done!
I am going to focus on running the container, but Fargate is natively integrated with Amazon Virtual Private Cloud, and Access Management (IAM), so you have to configure your own VPC if you don't have an existing one or if you don't want to run the default one. You also need to make sure your container is run with the right IAM role that provides permissions to make calls to AWS APIs on your behalf.
The HelloWorld Test: Running a Single Nuxeo Container
Follow these steps when you need to spin up a fast Nuxeo instance for demo purposes, for example.
In your AWS console, navigate to the ECS page.
1. Create a new Fargate cluster
(Ironically this first step contradicts a bit the very own Fargate motto: ”run containers without having to manage servers or clusters” :)
- Choose your cluster template, select powered by Fargate
- Define the cluster name and Create a new VPC for this cluster if you don’t already have one
2. Create a new task definition
- Choose Fargate as the launch type
- Choose the right execution roles. I am going to use the basic: ecsTaskExecutionRole
- Select “awsvpc” for the Network Mode. Every task created from this definition will get an elastic network interface, a primary private IP address, and an internal DNS hostname
- Configure the task size: Task memory (GB) and Task CPU (this is what you pay for on an on a per-second basis)
- Create a new Container definition
This is the minimal configuration, for more advanced configuration, check the Advanced Task Definition Parameters.
To define data volumes for our container, choose Add volume. I have already created an EBS volume, and I am only going to externalize the binary store to use this volume, as an example.
Now you have to go back to your container definition and configure Nuxeo to use this volume:
- Edit the container definition, and on the Advanced container configuration section add the NUXEO_BINARY_STORE env variable
- In the Storage and Logging, configure a mount point for the volume you defined previously.
- Click on Create, and now you should see your task definition on the Task Definitions page:
3. Run a new task to instantiate a container from your task definition or create a service
The easiest way to run a single stand-alone container is to select the HelloWorld task and from the Actions menu, choose RunTask.
Make sure you choose the cluster you created at step 1, and you configure the VPC and the security groups. Also, for a quick way to access your instance, make sure to select “Auto-assign public IP”.
After you click RunTask, you can navigate back to your cluster/tasks tab to see your task in provisioning, pending and finally running status. Click on the task ID in the list to get the details about your running task and access the logs.
Note that you also have the option to create a Service which starts and maintain the desired number of running tasks created from your task definition. This allows you to configure load balancing and auto-scaling as well and to perform rolling upgrades when your task definition changes.
How can I access my Nuxeo instance?
The “awsvpc” network mode configured in the task definition, gives ECS tasks the same networking properties as Amazon EC2 instances. If you selected the Auto Assign Public IP: ENABLED when running your task, you already have a public IP attached to your EIN. It’s just a bit tricky to find it, as it’s not displayed on the task, you have to navigate to the EIN from the task description page.
So using the public IP, I should be able to access my running Nuxeo instance, but it turns out that the following:
curl: (7) Failed to connect to 22.214.171.124 port 8080: Operation timed out.
The problem is that the security group attached to the EIN does not contain a rule for the port 8080 by default. You have to add it manually:
After that the basic health Check passes:
And I can access my Nuxeo instance:
How can I update my instance if I want to install a new marketplace package?
At this point, I am running a bare Nuxeo instance. It would be nice to have our awesome Nuxeo WebUI deployed as well.
To add a new marketplace package you need to create a new revision for your task definition and run a new task to replace the existing one.
- Go to Task Definitions/ Select HelloWorld task and Create new task revision.
- Update the container definition to pass the NUXEO_PACKAGES env variable.
If you run a stand-alone task, your only choice is to stop the running task and launch a new one from the updated revision.
After stopping and starting a new task, Nuxeo is now up and running again:
At this point, Fargate takes the pain of managing the clusters away, but it still comes with all the complexity of ECS configurations so it can be pretty cumbersome to get going.