serverless-fargate icon indicating copy to clipboard operation
serverless-fargate copied to clipboard

Published 20 hours ago verified publisher icon eddmann

Deployment stuck for service.

Open tw1t611 opened this issue 2 years ago • 4 comments

The deployment is stuck on service. Manual stack termination is needed. (No build error) The project is rather small, so the build time should not be the problem. Docker container builds and runs locally.

image

serverless.yml

org: timpolyma
app: birdzview
service: birdzview-fargate
frameworkVersion: "3"

provider:
  name: aws
  runtime: python3.9
  region: eu-central-1
  ecr:
    images:
      python:
        path: ./
        file: Dockerfile

  vpc:
    securityGroupIds:
      - sg-0eb255c25b712fdbb
    subnetIds:
      - subnet-040f87d755d60af0d

fargate:
  memory: "4GB"
  cpu: 2048
  logGroupName: fargate-log-group
  tasks:
    daily:
      image: python

plugins:
  - serverless-fargate

Dockerfile

FROM python:3.9-bullseye

RUN useradd -ms /bin/bash user
USER user
WORKDIR /home/user
ENV PATH="/home/user/.local/bin:${PATH}"
ENV PYTHONPATH="/home/user/"

ARG YOUR_ENV
ENV YOUR_ENV=${YOUR_ENV} \
  PYTHONFAULTHANDLER=1 \
  PYTHONUNBUFFERED=1 \
  PYTHONHASHSEED=random \
  PIP_NO_CACHE_DIR=off \
  PIP_DISABLE_PIP_VERSION_CHECK=on \
  PIP_DEFAULT_TIMEOUT=100 \
  POETRY_VERSION=1.0.0

RUN pip install poetry
COPY --chown=user:user . .
RUN poetry config virtualenvs.create false \
  && poetry install --no-dev --no-interaction --no-ansi


CMD ["python", "src/main.py"]

error

Deploying birdzview-fargate to stage dev (eu-central-1, "default" provider)

✖ Stack birdzview-fargate-dev failed to deploy (1804s)
Warning: Publication to Serverless Dashboard errored with:
            The security token included in the request is expired
Environment: linux, node 16.11.0, framework 3.22.0, plugin 6.2.2, SDK 4.3.2
Credentials: Serverless Dashboard, "default" provider (https://app.serverless.com/timpolyma/apps/birdzview/birdzview-fargate/dev/eu-central-1/providers)
Docs:        docs.serverless.com
Support:     forum.serverless.com
Bugs:        github.com/serverless/serverless/issues

Error:
The security token included in the request is expired

tw1t611 avatar Aug 31 '22 14:08 tw1t611

PS: It works when adding schedule.

fargate:
  memory: "4GB"
  cpu: 2048
  logGroupName: fargate-log-group
  tasks:
    daily:
      image: python
      service:
        spot: true
      schedule: "rate(1 minute)"

The container is supposed to be triggered by a lambda. So I would need it without the schedule option.

tw1t611 avatar Aug 31 '22 15:08 tw1t611

I have the same issue.

Works:

fargate:
  tasks:
    process-updates:
      image: my-image
      memory: '2GB'
      cpu: 512
      schedule: rate(10 minutes)

Forever in create:

fargate:
  tasks:
    process-updates:
      image: my-image
      memory: '2GB'
      cpu: 512
      service:
        desiredCount: 1

joeydebreuk avatar Sep 15 '22 14:09 joeydebreuk

I think I'm seeing a similar problem - since this has been open since last year, is this still being looked at?

jliebrand avatar Apr 03 '23 14:04 jliebrand

https://stackoverflow.com/a/66802973

Need to enable assignPublicIp if using an ECR image + public subnet due to a recent AWS update. Or attach a NAT gateway or ECR VPC endpoint if private (more expensive).

kelonye avatar May 03 '23 14:05 kelonye