search

eddmann / serverless-fargate

Maintain long-running Fargate ECS tasks within your Serverless project
53 stars 22 forks source link

Deployment stuck for service. #28

Closed tw1t611 closed 4 months ago

tw1t611 commented 2 years ago

The deployment is stuck on service. Manual stack termination is needed. (No build error) The project is rather small, so the build time should not be the problem. Docker container builds and runs locally.

image

serverless.yml

org: timpolyma
app: birdzview
service: birdzview-fargate
frameworkVersion: "3"

provider:
  name: aws
  runtime: python3.9
  region: eu-central-1
  ecr:
    images:
      python:
        path: ./
        file: Dockerfile

  vpc:
    securityGroupIds:
      - sg-0eb255c25b712fdbb
    subnetIds:
      - subnet-040f87d755d60af0d

fargate:
  memory: "4GB"
  cpu: 2048
  logGroupName: fargate-log-group
  tasks:
    daily:
      image: python

plugins:
  - serverless-fargate

Dockerfile

FROM python:3.9-bullseye

RUN useradd -ms /bin/bash user
USER user
WORKDIR /home/user
ENV PATH="/home/user/.local/bin:${PATH}"
ENV PYTHONPATH="/home/user/"

ARG YOUR_ENV
ENV YOUR_ENV=${YOUR_ENV} \
  PYTHONFAULTHANDLER=1 \
  PYTHONUNBUFFERED=1 \
  PYTHONHASHSEED=random \
  PIP_NO_CACHE_DIR=off \
  PIP_DISABLE_PIP_VERSION_CHECK=on \
  PIP_DEFAULT_TIMEOUT=100 \
  POETRY_VERSION=1.0.0

RUN pip install poetry
COPY --chown=user:user . .
RUN poetry config virtualenvs.create false \
  && poetry install --no-dev --no-interaction --no-ansi

CMD ["python", "src/main.py"]

error

Deploying birdzview-fargate to stage dev (eu-central-1, "default" provider)

✖ Stack birdzview-fargate-dev failed to deploy (1804s)
Warning: Publication to Serverless Dashboard errored with:
            The security token included in the request is expired
Environment: linux, node 16.11.0, framework 3.22.0, plugin 6.2.2, SDK 4.3.2
Credentials: Serverless Dashboard, "default" provider (https://app.serverless.com/timpolyma/apps/birdzview/birdzview-fargate/dev/eu-central-1/providers)
Docs:        docs.serverless.com
Support:     forum.serverless.com
Bugs:        github.com/serverless/serverless/issues

Error:
The security token included in the request is expired
tw1t611 commented 2 years ago

PS: It works when adding schedule.

fargate:
  memory: "4GB"
  cpu: 2048
  logGroupName: fargate-log-group
  tasks:
    daily:
      image: python
      service:
        spot: true
      schedule: "rate(1 minute)"

The container is supposed to be triggered by a lambda. So I would need it without the schedule option.

joeydebreuk commented 2 years ago

I have the same issue.

Works:

fargate:
  tasks:
    process-updates:
      image: my-image
      memory: '2GB'
      cpu: 512
      schedule: rate(10 minutes)

Forever in create:

fargate:
  tasks:
    process-updates:
      image: my-image
      memory: '2GB'
      cpu: 512
      service:
        desiredCount: 1
jliebrand commented 1 year ago

I think I'm seeing a similar problem - since this has been open since last year, is this still being looked at?

kelonye commented 1 year ago

https://stackoverflow.com/a/66802973

Need to enable assignPublicIp if using an ECR image + public subnet due to a recent AWS update. Or attach a NAT gateway or ECR VPC endpoint if private (more expensive).