Channels
announcements
ask-marvin
best-practices-coordination-plane
data-ecosystem
data-tricks-and-tips
events
find-a-prefect-job
geo-bay-area
geo-berlin
geo-boston
geo-chicago
geo-colorado
geo-dc
geo-israel
geo-japan
geo-london
geo-nyc
geo-seattle
geo-texas
gratitude
introductions
marvin-in-the-wild
pacc-clearcover-june-12-2023
pacc-may-31-2023
ppcc-may-16-2023
prefect-ai
prefect-aws
prefect-azure
prefect-cloud
prefect-community
prefect-contributors
prefect-dbt
prefect-docker
prefect-gcp
prefect-getting-started
prefect-integrations
prefect-kubernetes
prefect-recipes
prefect-server
prefect-ui
random
show-us-what-you-got
Title
d
Daniel Ross
03/05/2022, 8:50 PMHello Prefect community,
I upgraded from 0.14.22 to 0.15.13 and containers are no longer launching. I'm deployed on ECS and I can see a ConnectTimeOutError that is preventing the tasks from coming up. This is the error in question:
requests.exceptions.ConnectionError: HTTPConnectionPool(host='127.0.0.1', port=4200): Max retries exceeded with url: /graphql (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f1911c36d90>: Failed to establish a new connection: [Errno 111] Connection refused'))host_ip = "my.ip.goes.here"
host_port = "4200"
host = "http://${server.host_ip}"
port = "4200"
endpoint = "${server.host}:${server.port}"
[server.ui]
apollo_url = "<http://my.ip.goes.here:4200/graphql>"
[cloud]
api = "${${backend}.endpoint}"
endpoint = "<https://api.prefect.io>"
graphql = "${cloud.api}/graphql":discourse: 1
k
Kevin Kho
03/05/2022, 8:59 PMHow did you start server on 0.15.13?
prefect server startI think you might just need the
exposed
Daniel Ross
03/05/2022, 9:02 PMYes. External db is specified and the --expose flag has been added as well.
The start command looks more or less like this:
prefect server start -d --postgres-url "postgresql:goes/here" --exposek
Kevin Kho
03/05/2022, 9:09 PMAh ok there is a. lot going on in the
config.toml[server]
endpoint = "YOUR_MACHINES_PUBLIC_IP:4200/graphql"Also just making sure you can see the UI at
http://*YOUR_MACHINES_PUBLIC_IP*:8080d
Daniel Ross
03/05/2022, 9:12 PMYeah, no issue accessing the UI
k
Kevin Kho
03/05/2022, 9:12 PMOk yeah you are right I think it’s just the endpoint. Pretty weird cuz nothing around this changed.
d
Daniel Ross
03/05/2022, 9:14 PMOk. I will adjust the endpoint and simplify the config a bit.
Quick question, do I need re-register the flow once this is done, or will this be passed in after a server restart?
New config looks like this:
backend = "server"
[server]
endpoint = "my.ip.goes.here:4200/graphql"
[server.ui]
apollo_url = "<http://my.ip.goes.here:4200/graphql>"
[cloud]
api = "${${backend}.endpoint}"
endpoint = "<https://api.prefect.io>"k
Kevin Kho
03/05/2022, 9:34 PMIf your flow is already in the database, I think no, but registering the flow is a good test to see if your endpoint is set correctly. The above was not meant for the Server config. This was local machine config was is connecting to the server
Server config can just be
[server]
[server.ui]
apollo_url = "<http://YOUR_MACHINES_PUBLIC_IP:4200/graphql>"I think you server config was already fine if you could access the UI remotely though. I think it’s just your agent/flows that can’t connect right? You just need to change the endpoint on the local machine, not the server.
d
Daniel Ross
03/05/2022, 9:43 PMI am using ECSRun, so in this case, is the local machine the container/task? That does seem to be a problem, but I am not sure why the endpoint won't propagate from the ECS task definition to the ECS task itself.
k
Kevin Kho
03/05/2022, 9:47 PMWell I guess first question is if local run works, and if it does, then you need the env variables in the ECSRun container. How is the endpoint set on the ECS task definition?
A LocalRun test would just confirm for us everything is working well and the server is healthy
:upvote: 1
d
Daniel Ross
03/05/2022, 9:57 PMThe task definition that gets submitted to ECSRun looks more re less like this:
"networkMode": "awsvpc",
"cpu": "1024",
"memory": "2048",
"containerDefinitions": [
{
"name": "flow",
"environment": [
{
"name": "PREFECT__CLOUD__API",
"value": "<http://my.ip.goes.here:4200>"
},
],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "my-log-group",
"awslogs-region": "my-region",
"awslogs-create-group": "true",
"awslogs-stream-prefix": "flow_name"
}
}
}
]
},
run_task_kwargs = {
"networkConfiguration": {
"awsvpcConfiguration": {
"subnets": [
subnet_a
],
"securityGroups": [
sg_a
],
"assignPublicIp": "ENABLED"
}
}
}k
Kevin Kho
03/05/2022, 10:03 PMAh I see what you mean. Maybe you need:
PREFECT__BACKEND: "server"You can try setting:
PREFECT__BACKEND: "server"
PREFECT__SERVER__ENDPOINT: <YOUR-IP>:4200d
Daniel Ross
03/05/2022, 10:12 PMSure. Just made the changes to the registration script. It will take a couple of minutes to run through.
The PREFECT__SERVER__ENDPOINT environment variable made it in with the correct value, and the PREFECT__BACKEND variable remained set to "server", but I'm still getting the same error.
k
Kevin Kho
03/05/2022, 10:31 PMJust making sure, you still see 127.0.0.1 as host right? If so, at that point I would just encourage the env variables be set in the container to be sure
But I mean if server endpoint makes it in, that should be it you need because you override this. I am pretty confused why it’s still 127.0.0.1. Just checking you don’t have anything configured on the run config side?
d
Daniel Ross
03/05/2022, 10:35 PMYeah, 127.0.0.1 is still showing. I just added the environment variable to the part of the registration script that handles the flow storage. Re-registering now.
The run config is just a basic call to ECSRun() with the task definition passed in.
Does the config file take precedence over environment variables? I am wondering if there is a config file that is causing the issue here. During the registration process I can see that the following variable is set while building the flow storage image:
PREFECT__USER_CONFIG_PATH='/opt/prefect/config.toml'a
Anna Geller
03/05/2022, 11:59 PMDoes the config file take precedence over environment variables?No, env variables take precedence over
config.toml/graphql"containerDefinitions": [
{
"name": "flow",
"environment": [
{
"name": "PREFECT__CLOUD__API",
"value": "<http://some_ip:4200/graphql>"
},
{
"name": "PREFECT__BACKEND",
"value": "server"
},
],{
"family": "prefectFlow",
"requiresCompatibilities": [
"FARGATE"
],
"networkMode": "awsvpc",
"cpu": "512",
"memory": "1024",
"taskRoleArn": "arn:aws:iam::123456789:role/prefectTaskRole",
"executionRoleArn": "arn:aws:iam::123456789:role/prefectECSAgentTaskExecutionRole",
"containerDefinitions": [
{
"name": "flow",
"image": "prefecthq/prefect:0.15.3-python3.8",
"essential": true,
"environment": [
{
"name": "AWS_RETRY_MODE",
"value": "adaptive"
},
{
"name": "AWS_MAX_ATTEMPTS",
"value": "10"
},
{
"name": "PREFECT__CLOUD__AGENT__AUTH_TOKEN",
"value": ""
},
{
"name": "PREFECT__CLOUD__API",
"value": "<http://some_ip:4200/graphql>"
},
{
"name": "PREFECT__BACKEND",
"value": "server"
}
],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/ecs/prefectFlow",
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "ecs",
"awslogs-create-group": "true"
}
}
}
]
}If the above doesn't work, can you provide a bit more background on your setup?
So far I understood:
1. You run your Server instance on some VM, probably on an EC2 instance - correct?
2. You have an ECS Agent - does it run as an ECS service or just as a local process on that same EC2 instance that you use to run your Server?
3. How did you register the flow that failed?
4. Can you share your storage and run_config definition?
d
Daniel Ross
03/06/2022, 12:18 AMThanks Anna. I'll try your suggestion now. In the mean time, some answers to your questions ...
1. Yes. The Prefect server is installed on an EC2 instance.
2. The ECS Agent runs as a local process on the same EC2 instance that runs the server.
3. The flow is registered through a Python script that composes the flow. It reads in the script, specifies a run config and storage, and then registers it.
4. This is what the storage looks like:
Docker(registry_url="<http://awsacctid.dkr.ecr.region.amazonaws.com|awsacctid.dkr.ecr.region.amazonaws.com>",
base_image=base_image,
files=image_files, # the files that should be copied to the image
image_name="prefect-flow-storage", # using this as image name to allow only one ECR repo to be made
image_tag=f"{slugify(flow_name)}-{idempotency_key}", # using this as the image tag to ensure efficient storage of flows, only one stored image per flow version
env_vars={
# append top level directory to PYTHONPATH
"PYTHONPATH": "$PYTHONPATH:/",
"PREFECT__CLOUD__API": "<http://172.31.73.239:4200>",
"PREFECT_SERVER__ENDPOINT":"<http://172.31.73.239:4200>"
})ECSRun(
task_definition = {
"networkMode": "awsvpc",
"cpu": "1024",
"memory": "2048",
"containerDefinitions": [
{
"name": "flow",
"environment": [
{
"name": "PREFECT__BACKEND",
"value": "server"
},
{
"name": "PREFECT__CLOUD__API",
"value": "<http://my-ip-here:4200/graphql>"
},
],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "my log group",
"awslogs-region": "my region",
"awslogs-create-group": "true",
"awslogs-stream-prefix": flow_name
}
}
}
]
},
run_task_kwargs = {
"networkConfiguration": {
"awsvpcConfiguration": {
"subnets": [
subnet_a
],
"securityGroups": [
security_group_b
],
"assignPublicIp": "ENABLED"
}
}
}
)In the script I am looking at, the task and execution role ARNs are defined on a FargateCluster which is provided to a DaskExecutor, which in turn is assigned as the executor for the flow.
ex.
flow.executor = DaskExecutor(
cluster_class=fargate_cluster,
adapt_kwargs={"minimum": 1, "maximum": 10})a
Anna Geller
03/06/2022, 1:10 AMThe configuration for your FargateCluster is something completely different than what you need to configure for your flow run, because Dask spins up a completely new cluster for your task run execution, but for the flow run execution you still need to set the roles either on the agent or on the flow’s run config.
Some issues are still unaddressed in the code you shared - here are how I would “correct” it:
1. set base image explicitly to ensure you use the correct version compatible with your server (perhaps you set it right but you didn’t share what version you set)
2. PREFECT__CLOUD__API needs /graphql at the end
3. I believe you need to set your image on ECS run as well
Docker(registry_url="<http://awsacctid.dkr.ecr.region.amazonaws.com|awsacctid.dkr.ecr.region.amazonaws.com>",
base_image="prefecthq/prefect:0.15.3-python3.8",
files=image_files, # the files that should be copied to the image
image_name="prefect-flow-storage", # using this as image name to allow only one ECR repo to be made
image_tag=f"{slugify(flow_name)}-{idempotency_key}", # using this as the image tag to ensure efficient storage of flows, only one stored image per flow version
env_vars={
# append top level directory to PYTHONPATH
"PYTHONPATH": "$PYTHONPATH:/",
"PREFECT__CLOUD__API": "<http://172.31.73.239:4200/graphql>",
"PREFECT_SERVER__ENDPOINT":"<http://172.31.73.239:4200/graphql>"
})ECSRun(image=f"{AWS_ACCOUNT_ID}.<http://dkr.ecr.us-east-1.amazonaws.com/{your_image_name}:{your_image_tag}|dkr.ecr.us-east-1.amazonaws.com/{your_image_name}:{your_image_tag}>", # from your Docker storage definition
task_definition = {
"networkMode": "awsvpc",
"cpu": "1024",
"memory": "2048",
"containerDefinitions": [
{
"name": "flow",
"environment": [
{
"name": "PREFECT__BACKEND",
"value": "server"
},
{
"name": "PREFECT__CLOUD__API",
"value": "<http://my-ip-here:4200/graphql>"
},
],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "my log group",
"awslogs-region": "my region",
"awslogs-create-group": "true",
"awslogs-stream-prefix": flow_name
}
}
}
]
},
run_task_kwargs = {
"networkConfiguration": {
"awsvpcConfiguration": {
"subnets": [
subnet_a
],
"securityGroups": [
security_group_b
],
"assignPublicIp": "ENABLED"
}
}
}
):upvote: 1
d
Daniel Ross
03/06/2022, 1:19 AMThanks a ton Anna! I'll work through this material.
I just wanted to post a quick follow up in case anyone reading this is interested in the outcome.
The problem was fixed. I reverted the config and registration processes back to their original states, and for troubleshooting purposes, and restarted Prefect with a temporary Postgres container for the DB. That worked. If I reattached to my external Postgres it failed.
When the process was working (with the temporary Postgres container) the PREFECT__CLOUD__API environment variable was properly set on the ECS task. When the process was broken (using the original external Postgres) the PREFECT__CLOUD__API environment variable was not properly set (it assumed a default - http://127.0.0.1:4200/graphql - value).
In the end the problem was resolved by creating a new Postgres database for the backend. It came at the cost of losing my stored history, schedules, etc., and was far from elegant. But it was effective.
Final note. I am not entirely sure why this worked. I assumed that it was a Prefect version conflict caused by something stuck in the database. Out of curiosity I intentionally built my flow storage image on 0.14.19 and tried running the flow. It worked, and the logs included a warning on the version mismatch. I upgraded the flow storage back to 0.15.13 to match the server, and it continued to work, but without the warning. So it seems a little more complicated than a straight-forward version mismatch.
k
Kevin Kho
03/07/2022, 2:11 PMThanks for the detailed write-up. I can’t comprehend why this would work though. Glad you have a working setup now though
a
Anna Geller
03/07/2022, 4:08 PMThanks for sharing 🙏 - what was missing was probably running database migration! I should have thought about that, sorry. Next time you should be able to run migration using prefect server CLI - check CLI docs or --help for details.
d
Daniel Ross
03/07/2022, 4:18 PMThanks 🙏 to both of you for your assistance on this issue!