Channels
pacc-may-31-2023
prefect-ai
pacc-clearcover-june-12-2023
marvin-in-the-wild
data-ecosystem
geo-israel
pacc-june-14-2023
geo-japan
pacc-london-2023
prefect-cloud
ppcc-may-16-2023
prefect-azure
prefect-docker
prefect-recipes
gratitude
geo-nyc
geo-bay-area
geo-boston
geo-london
geo-dc
geo-chicago
geo-berlin
geo-texas
geo-seattle
geo-colorado
prefect-community
data-tricks-and-tips
prefect-aws
prefect-gcp
introductions
find-a-prefect-job
prefect-dbt
random
events
ask-marvin
show-us-what-you-got
prefect-getting-started
prefect-integrations
prefect-contributors
best-practices-coordination-plane
announcements
prefect-server
prefect-ui
prefect-kubernetes
Title
e
Emma Willemsma
10/01/2020, 8:15 PMHey everyone, my teammate @Zaid Naji and I are trying to run flows using the Fargate agent. We're getting this error when we try to run a flow:
An error occurred (InvalidParameterException) when calling the RegisterTaskDefinition operation: Invalid 'cpu' setting for task.["prefect","agent","start","fargate","cpu=256","memory=1024","networkConfiguration=$NETWORK_CONFIGURATION"],cpun
nicholas
10/01/2020, 8:17 PMHi @Emma Willemsma - I think that setting should be a string itself, so
cpu="256"The same with
memorye
Emma Willemsma
10/01/2020, 8:20 PMOh is this a docs issue then? We were following this as an example: https://docs.prefect.io/orchestration/agents/fargate.html#prefect-cli-using-kwargs
n
nicholas
10/01/2020, 8:25 PMAh it looks like that might be incorrect, can you give it a try with them as strings and report back? If so we can update the documentation
e
Emma Willemsma
10/02/2020, 2:36 PMWe're having a really hard time making this work. We're running the agent as a Fargate service, and we've tried a bunch of variants (with and without quotes and and escape characters) for the
cpuentryPoint["prefect","agent","start","fargate","cpu=\"256\"","memory=\"1024\"","networkConfiguration=$NETWORK_CONFIGURATION"],👀 1
d
Dylan
10/02/2020, 2:43 PMWhat are acceptable CPU values for Fargate? We’re on GCP but I’ll do my best to help
Looks like 256 is an acceptable value
And it’s not working as a number or as a string?
e
Emma Willemsma
10/02/2020, 2:45 PMYeah we've tried it both ways
j
josh
10/02/2020, 2:46 PMJust jumping in here 🙂 did you happen to try
"cpu='256'"s
Spencer
10/02/2020, 2:47 PMHi, I'm using the Fargate Agent for my runs. I found that using the ENV is the only way to configure it reliably. The Agent won't load some configurations from arguments due to oversight in the code.
I resorted to using ENV for almost all of it.
My entrypoint is
["prefect", "agent", "start", "fargate", "enable_task_revisions=true"]PREFECT__BACKEND: server
PREFECT__CLOUD__AGENT__AGENT_ADDRESS: <http://127.0.0.1:8080>
PREFECT__CLOUD__AGENT__LABELS: '["s3-flow-storage"]'
executionRoleArn: ecs-task-execution-role
memory: 512
cpu: 256
networkConfiguration: ${NETWORK_CONFIGURATION}
taskRoleArn: prefect-agent-role
containerDefinitions_logConfiguration: ${LOG_CONFIGURATION}
cluster: ${CLUSTER_NAME}e
Emma Willemsma
10/02/2020, 2:49 PMAh, good to know
Ok thanks, we'll give this a try!
🙏 1
j
josh
10/02/2020, 2:53 PMI think I might know why this is failing from the CLI! It’s most likely due to some parsing mismatch. When passing in cpu and memory we don’t evaluate the literal value because the agent assumes it’s being passed in as a string. However when passing it in from the CLI entrypoint like above it seems as if it is interpreting it as an integer! (which is fine for every other kwargs except cpu and memory because their literal value is being interpolated)
https://github.com/PrefectHQ/prefect/blob/master/src/prefect/agent/fargate/agent.py#L327
I’m going to put together a fix for this 🙂
😀 1
s
Spencer
10/02/2020, 2:55 PMThe entire
_parse_kwargsj
josh
10/02/2020, 2:56 PMOh yes it is big time and we actually have a way cleaner path forward with a new RunConfig pattern we are introducing 🙂
🤝 2
PR for fix: https://github.com/PrefectHQ/prefect/pull/3423
👍 2
👏 2
e
Emma Willemsma
10/02/2020, 6:19 PM@Spencer thanks for the help, we finally got our Fargate agent working using your suggestion 🙂
🙌 2
z
Zaid Naji
10/02/2020, 7:18 PMHi thanks guys for the support. So we are running into an interesting issue. When passing the executionRoleArn and taskRoleArn to the agent, it will not pass them to the flow tasks it will pass its own task and execution roles to them. Is that intended? Given that the prefect agent is deployed on ecs itself as a service
s
Spencer
10/02/2020, 7:29 PMIt is intended; the task/execution roles for the flows are configured in the
FargateTaskEnvironmentz
Zaid Naji
10/02/2020, 7:29 PMAh prefect thank you 🙏
s
Spencer
10/02/2020, 7:30 PMThe task and execution roles that you configured before are solely for the flow boot task (which starts the flow run)
I found it to be a bit tricky to cleanly attach the environment to the flows; so I wrote an internal deployment library that will crawl the files, gather all the flows (essentially imports each file and pulls out all module attributes of type
prefect.FlowFargateTaskEnvironmentS3Storagez
Zaid Naji
10/02/2020, 7:34 PMGot it thanks. So we have to provision the flow roles separately
And attach them to the flow and register
s
Spencer
10/02/2020, 7:35 PMYeah
z
Zaid Naji
10/02/2020, 7:36 PMCool thanks 🙏
s
Spencer
10/02/2020, 7:37 PMThe Fargate agent is a bit funny to host on ECS because its runtime will be running on ECS (polling the API). It will spawn a task on ECS that will download the configuration from the API; which will then spawn another task the will run your flow.
Agent polling -> Intermediate task (flow run) -> Your flow executing
👍 1
z
Zaid Naji
10/02/2020, 8:16 PMIs there documentation to show us how to add the flow role arns before registering them?
s
Spencer
10/02/2020, 8:41 PMYou just specify them in the
FargateTaskEnvironmenttaskRoleArnexecutionRoleArnIf using a custom docker image for the tasks, you need to specify it in the metadata field too
My FargateTaskEnvironment looks something like:
FargateTaskEnvironment(
# Task Definition
family=task_definition_name,
taskRoleArn=settings.task_role_arn,
executionRoleArn=settings.execution_role_arn,
cpu=settings.cpu,
memory=settings.memory,
containerDefinitions=[
{
"name": "flow-container",
"image": "image",
"command": [],
"environment": [],
"essential": True,
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": settings.awslogs_group,
"awslogs-region": settings.awslogs_region,
"awslogs-stream-prefix": settings.awslogs_stream_prefix,
},
},
}
],
networkMode="awsvpc",
requiresCompatibilities=["FARGATE"],
# Task Run
cluster=settings.cluster_name,
region=aws_settings.region,
taskDefinition=task_definition_name,
launch_type="FARGATE",
networkConfiguration={
"awsvpcConfiguration": {
"assignPublicIp": "ENABLED"
if settings.assign_public_ip
else "DISABLED",
"subnets": settings.subnets,
}
},
metadata={"image": image},
)z
Zaid Naji
10/03/2020, 4:31 PMThank you for the example. When we pass the container definition like this the fargate agent is not picking it up after registering the flow and it complains about missing parameters.
After checking your above comment on the ECS deployment of the agent now I get what’s happening. The initial env variables are for the task that pulls the flow config not the flow definition itself. Do you suggest a better deployment model for the fargate agent?
s
Spencer
10/03/2020, 5:13 PMI host the Fargate Agent on Fargate myself 🤷♂️ it works for me
The containerDefinitions in the
FargateTaskEnvironmentz
Zaid Naji
10/03/2020, 5:41 PMSo in our use case, we need to pass different roles to the flow tasks. We don’t want the agent to forward its role to the flow tasks.
I guess it will only pass its own roles and that might not work for us
s
Spencer
10/03/2020, 6:01 PMOh wow, OK. Using a different role per flow would be a bit cumbersome. I think you'd have a construct a separate
FargateTaskEnvironmenttaskRoleArnThe task that pulls down the flow from the API uses the task role from the agent configuration. I'm not sure what to call that launching task 🤷♂️
z
Zaid Naji
10/03/2020, 6:24 PMOh so the task that pulls the config gets passed the role from the agent. What about the flow task itself (that runs the flow)?
Yea we have a single tenancy requirement which demands each customer to have their isolated environment. Our other option would be to delegate executions to something like AWS batch or Databricks and the prefect task would not have direct access to customer data.
s
Spencer
10/03/2020, 7:11 PMThe flow task itself should use the FargateTaskEnvironment ARNs
I'm not sure how you could have the roles be dynamically applied in the flows.. Perhaps you can specify a dynamic role that the task should assume within the task code? Having a root role that can only
sts:AssumeRoleAssumeRoleCredentialsProviderz
Zaid Naji
10/03/2020, 7:49 PMFair thanks for the suggestion. Will look at the different strategies and get back to you.
a
ale
10/05/2020, 1:38 PMHi @Spencer!
Regarding this https://prefect-community.slack.com/archives/C014Z8DPDSR/p1601671347075000?thread_ts=1601583340.049800&cid=C014Z8DPDSR
How do you specify taskRoleArn and taskExecutionRoleArn in the metadata field?
s
Spencer
10/05/2020, 1:39 PMThis comment is referring to using a custom docker container for your flow execution; you specify this in the FargateTaskEnvironment's metadata field
metadata={"image": ...}a
ale
10/05/2020, 1:40 PMOk, thank you! 👍