Windows containers are still in beta state on AWS ECS, but it’s fun to try them out. AWS already has a Full Windows 2016 AMI with containers support. But I wanted to try something more interesting. Windows nanoserver is what I was looking at. It’s designed specifically for tasks such as running as container hosts in a cluster. AWS also has a nanoserver AMI, but I ran into issues very quickly.
The nanoserver AMI doesn’t have the containers feature and docker installed. The go to method for building AMIs on AWS is to use packer. But unfortunately, packer doesn’t talk to nanoserver just yet. So I had to resort to write a (very basic) powershell script to create the nanoserver AMI with containers and docker configured.
Once this was done, I realized that ECS agent wouldn’t run on nanoserver because of stuff that’s missing in nanoserver, and which the ECS agent expects to be there. Fortunately, it wasn’t that much, and it was only in the powershell scripts. I patched the scripts, and repackaged the agent, and put it on S3. Now in my userdata, I have the following:
<powershell>
# Set agent env variables for the Machine context (durable)
Set-Item -Path env:\ECS_CLUSTER -Value “${ECSCluster}”
Set-Item -Path env:\ECS_ENABLE_TASK_IAM_ROLE -Value “true”
Set-ItemProperty -Path ‘HKLM:\System\CurrentControlSet\Control\Session Manager\Environment’ -Name ECS_CLUSTER –Value “${ECSCluster}”
Set-ItemProperty -Path ‘HKLM:\System\CurrentControlSet\Control\Session Manager\Environment’ -Name ECS_ENABLE_TASK_IAM_ROLE –Value “true”$agentVersion = ‘v1.15.0’
$agentZipUri = “https://s3.path.to.ecs.agent/ecs-agent-windows-$agentVersion.zip”### — Nothing user configurable after this point —
$ecsExeDir = “$env:ProgramFiles\Amazon\ECS”
$zipFile = “$env:TEMP\ecs-agent.zip”### Get the files from S3
Invoke-RestMethod -OutFile $zipFile -Uri $agentZipUri## Put the executables in the executable directory.
Expand-Archive -Path $zipFile -DestinationPath $ecsExeDir -Forcecd $ecsExeDir
.\amazon-ecs-agent.ps1
</powershell>
<persist>true</persist>
And then I get this host reporting to my ECS cluster!
The only caveat is that a nanoserver host can only run nanoserver containers. It *can* run windowsservercore containers, but only in Hyper-V mode, which is unsupported on EC2.