search

rxue / dictionary

Practice in Java EE
1 stars 0 forks source link

sub-task of #89 : upload the release to aws by means of ECS with Fargate #90

Open rxue opened 1 year ago

rxue commented 1 year ago

Met with java.net.SocketException when trying to start for the first time:

2023-01-21 23:59:20at java.base/java.lang.Thread.run(Thread.java:834)
2023-01-21 23:59:20Caused by: java.net.SocketException: Permission denied
2023-01-21 23:59:20at java.base/sun.nio.ch.Net.bind0(Native Method)
2023-01-21 23:59:20at java.base/sun.nio.ch.Net.bind(Net.java:455)
2023-01-21 23:59:20at java.base/sun.nio.ch.Net.bind(Net.java:447)
2023-01-21 23:59:20at java.base/sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:227)
2023-01-21 23:59:20at java.base/sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:80)
2023-01-21 23:59:20at org.jboss.xnio.nio@3.8.4.Final//org.xnio.nio.NioXnioWorker.createTcpConnectionServer(NioXnioWorker.java:178)
2023-01-21 23:59:20at org.jboss.xnio@3.8.4.Final//org.xnio.XnioWorker.createStreamConnectionServer(XnioWorker.java:310)
2023-01-21 23:59:20at org.wildfly.extension.undertow@25.0.0.Final//org.wildfly.extension.undertow.HttpListenerService.startListening(HttpListenerService.java:119)
2023-01-21 23:59:20at org.wildfly.extension.undertow@25.0.0.Final//org.wildfly.extension.undertow.ListenerService.start(ListenerService.java:202)
2023-01-21 23:59:20... 8 more

Clue for the error found by means of Google: https://repost.aws/questions/QU1bCV9wT4T5iBrrP1c2ISfg/container-cannot-bind-to-port-80-running-as-non-root-user-on-ecs-fargate

rxue commented 1 year ago

Base on the suggestion in the given https://repost.aws/questions/QU1bCV9wT4T5iBrrP1c2ISfg/container-cannot-bind-to-port-80-running-as-non-root-user-on-ecs-fargate , the kernel parameter net.ipv4.ip_unprivileged_port_start is probably the root cause of the error. So in order to prove the correctness, I would have to have access to the server started with Fargate.

Learning resource for accessing to the server started with Fargate :

Summary

NOTE: based on the learning resources above, a task IAM role with a specific policy is needed when creating the task definition. However, since starting a container through the Get started wizard does not include the task role fill-in field, access to the container started by means of Get started wizard is next to impossible.

So in order to create a container with Fargate and have access to it, there are the following cheat sheet steps:

  1. create a task IAM role with the policy mentioned in https://www.youtube.com/watch?v=wNN5N1_ZTN4
  2. create a cluster for the container in AWS Console > ECS
  3. Create new Task Definition with Fargate launch type. IMPORTANT to select the aforementioned created role in the Task role drop-down list 3.1 click Add container to add a container with the wizard