AWS discovery does not support AWS ECS service (?) #11
Comments
|
Hi @gsaslis , Thanks for the offer. We always appreciate community contributions. 👏 So you want to have a new config like where hazelcast-aws module does directly call My question is who is providing |
|
Hey @mesutcelik! Thanks - and yeah, sure! So, according to the AWS docs about IAM Task Roles, this whole URL (including the The env var is named If we go by this, we don't really need extra configuration to be added to hazelcast.xml, etc. In fact, I'm not even sure we need the I like the "self-discovery" side of this approach, if I may call it that, as it ties in very nicely with the containers / microservices / etc. world, but I'm not sure if I'm missing some other downside here... |
|
I just included Let me summarize what is needed... In case of none of those following parameters defined in hazelcast.xml, there should be some chain of actions to get security credentials.
hazelcast-aws should probably try following actions to get the credentials
Is this what you have in mind? |
|
@mesutcelik yeah I guess this sounds about right... If I understand correctly (2) is already supported, so I'll get working on a PR for (1) and (3), if that's ok? |
|
number 2 is only supported if you provide |
|
@mesutcelik got it - thanks! |
|
@mesutcelik looking at https://github.com/hazelcast/hazelcast-aws/blob/master/src/main/java/com/hazelcast/aws/impl/DescribeInstances.java#L78, it seems that (2) is supported when someone declares Am I missing sth else? |
|
right that is supported but only in case I assume you are gonna implement the logic where none of the following is defined in the config.
|
|
yep! Thanks for the feedback!! |
|
fixed by #14 |
|
Is it possible to cluster multiple members hosted in containers on the same ECS container instance? Regardless, are there particular steps required to properly configure ECS/the tasks to support Hazelcast (e.g. port mapping)? |
|
@mhurne according to #18 (comment) this is not possible atm. |
|
This thread and your PR, @gsaslis, have been interesting reads as I dig into this issue myself. Regarding the limitation that multiple cluster nodes can't run on the same ECS host; I'm wondering if anyone has attempted to use the (new since this thread) |
|
@mpataki You may be interested in https://github.com/commercehub-oss/hazelcast-discovery-amazon-ecs, though there are not published releases. |
|
Very cool - I'll keep an eye on this. Thanks! |
|
@mhurne
|
|
Thanks for that information, @leszko . We actually built our own solution to the problem in the form of a custom discovery strategy, the source code of which is available at https://github.com/commercehub-oss/hazelcast-discovery-amazon-ecs . It's been working well for us. It doesn't require use of "host" networking (though that should work too); we use it with "bridge" networking. We previously discussed contributing the solution to Hazelcast with @mesutcelik , @googlielmo . We got as far as open sourcing the code at the previously linked to GitHub project. |
|
Hi @mhurne and @leszko ! Do we have any news about multiple containers per EC2 Instance in ECS? I saw that https://github.com/commercehub-oss/hazelcast-discovery-amazon-ecs is not open. How to run multiple hazelcast containers per EC2 Instance in ECS? Thanks! |
|
Hi @laurocesar, I've moved on from working with Hazelcast, so unfortunately I'm not in a position to lend you a hand. But best of luck! |
I've been struggling to get AWS discovery to work within docker containers (the official hazelcast docker containers) deployed on AWS ECS.
I've narrowed this down to the fact that this library only supports EC2 IAM roles, and does not support the credentials scheme defined by
task definition rolesin AWS ECS.The problem is that the
getKeysFromIamRolemethod in theDescribeInstancesclass - defined here - does not support looking up IAM roles for AWS ECS tasks.These use a slightly different scheme, as is documented here.
I am happy to help with a PR for this, but, as an entirely new contributor, I would like to know your thoughts on whether you think this should come in the form of a different configuration in the
hazelcast.xml, etc., or whether we should simply extend theDescribeInstancesclass to also attempt looking up for an IAM task role, in case it can't find the regular EC2 IAM role.The text was updated successfully, but these errors were encountered: