ECS/Fargate container definition command arguments

3
votes

We are trying to start a fargate container on AWS ECS. In the container definition we have 

"command": [
        "/bin/bash",
        "-c",
        "\"envsubst < /etc/nginx/conf.d/default.conf.template > /etc/nginx/conf.d/default.conf && exec nginx -g 'daemon off;'\""
      ]

I also tried:

"command": [
        "/bin/bash",
        "-c",
        "envsubst < /etc/nginx/conf.d/default.conf.template > /etc/nginx/conf.d/default.conf && exec nginx -g 'daemon off;'"
      ]

Using docker run, we would successfully use:

docker run -p 8000:80 -e "VAR1=somevalue" -d nginx-sample:latest /bin/bash -c "envsubst < /etc/nginx/conf.d/default.conf.template > /etc/nginx/conf.d/default.conf && exec nginx -g 'daemon off;'"

And in kubernetes world (which also works):

 containers:
      env:
      - name: VAR1
        value: "somevalue"
      command: ["/bin/bash"]
      args: ["-c", "envsubst < /etc/nginx/conf.d/default.conf.template > /etc/nginx/conf.d/default.conf && exec nginx -g 'daemon off;'"]

We cannot get this to work so far in AWS Fargate. It's not clear to me how we should pass the arguments in a valid way. The containers appear to exit before being able to start but there are no obvious log messages, so it's not entirely clear why. I think it's something I'm doing wrong with the syntax in the way the command arguments to /bin/bash -c are being passed.

2
bashdockeramazon-ecsaws-fargatedocker-run

2 Answers

3
votes

In the end the right syntax (well at least one that worked well for us) was:

"command": [
        "/bin/bash",
        "-c",
        "envsubst < /etc/nginx/conf.d/default.conf.template > /etc/nginx/conf.d/default.conf && exec nginx -g 'daemon off;'"
      ],

Our real issue actually turned out to be that we had defined a container health check along the lines of:

"healthCheck": {
        "retries": 5,
        "command": [
          "CMD-SHELL",
          "curl --fail http://localhost/health || exit 1"
        ],
        "timeout": 10,
        "interval": 30,
        "startPeriod": 30
      },

And we forgot to verify that curl was actually installed inside the container. We took it for granted that it'd be there, but in the nginx:latest image, it is not - I presume rightly so for smaller size and smaller attack surface as an exploit vector. We ended up just installing curl in our Dockerfile, after that all was well.

0
votes

Try this approach

"entryPoint": [
        "/bin/bash",
        "-c"
      ],
"command": [
        "envsubst < /etc/nginx/conf.d/default.conf.template > /etc/nginx/conf.d/default.conf && exec nginx -g 'daemon off;'"
      ],

This worked for us when we had to do something like this.

In our case, we used entryPoint to force the container to ignore the base image command. Then gave an additional command in command arry.

If not I believe, ECS uses base image CMD(CMD ["nginx", "-g", "daemon off;"]) and run anything in command array on top of that. I'm just speculating this; as I can't make sense why the other way just don't work.