Aws ecs - alpha failed to connect itself locally

So we wanted to deploy dgrpah in our ecs cluster, we create a task definition like below


{
  "ipcMode": null,
  "executionRoleArn": "arn:aws:iam::my_account:role/my_role",
  "containerDefinitions": [
    {
      "dnsSearchDomains": null,
      "environmentFiles": null,
      "logConfiguration": {
        "logDriver": "awslogs",
        "secretOptions": null,
        "options": {
          "awslogs-group": "/ecs/my-task",
          "awslogs-region": "us-west-1",
          "awslogs-stream-prefix": "ecs"
        }
      },
      "entryPoint": null,
      "portMappings": [
        {
          "hostPort": 5080,
          "protocol": "tcp",
          "containerPort": 5080
        },
        {
          "hostPort": 6080,
          "protocol": "tcp",
          "containerPort": 6080
        }
      ],
      "command": [
        "dgraph",
        "zero",
        "--my=localhost:5080"
      ],
      "linuxParameters": null,
      "cpu": 256,
      "environment": [],
      "resourceRequirements": null,
      "ulimits": null,
      "dnsServers": null,
      "mountPoints": [
        {
          "readOnly": false,
          "containerPath": "/dgraph",
          "sourceVolume": "efs-volume"
        }
      ],
      "workingDirectory": null,
      "secrets": null,
      "dockerSecurityOptions": null,
      "memory": 512,
      "memoryReservation": null,
      "volumesFrom": [],
      "stopTimeout": null,
      "image": "public.ecr.aws/p8n8q2m1/dgraph:v21.03.1",
      "startTimeout": null,
      "firelensConfiguration": null,
      "dependsOn": null,
      "disableNetworking": null,
      "interactive": null,
      "healthCheck": null,
      "essential": true,
      "links": null,
      "hostname": null,
      "extraHosts": null,
      "pseudoTerminal": null,
      "user": null,
      "readonlyRootFilesystem": null,
      "dockerLabels": null,
      "systemControls": null,
      "privileged": null,
      "name": "zero"
    },
    {
      "dnsSearchDomains": null,
      "environmentFiles": null,
      "logConfiguration": {
        "logDriver": "awslogs",
        "secretOptions": null,
        "options": {
          "awslogs-group": "/ecs/my-task",
          "awslogs-region": "us-west-1",
          "awslogs-stream-prefix": "ecs"
        }
      },
      "entryPoint": null,
      "portMappings": [
        {
          "hostPort": 8081,
          "protocol": "tcp",
          "containerPort": 8081
        },
        {
          "hostPort": 9080,
          "protocol": "tcp",
          "containerPort": 9080
        }
      ],
      "command": [
        "dgraph",
        "alpha",
        "--my=localhost:7080",
        "--zero=localhost:5080",
        "--port_offset=1",
        "--security",
        "whitelist=0.0.0.0/0"
      ],
      "linuxParameters": null,
      "cpu": 256,
      "environment": [],
      "resourceRequirements": null,
      "ulimits": null,
      "dnsServers": null,
      "mountPoints": [
        {
          "readOnly": false,
          "containerPath": "/dgraph",
          "sourceVolume": "efs-volume"
        }
      ],
      "workingDirectory": null,
      "secrets": null,
      "dockerSecurityOptions": null,
      "memory": 512,
      "memoryReservation": null,
      "volumesFrom": [],
      "stopTimeout": null,
      "image": "public.ecr.aws/p8n8q2m1/dgraph:v21.03.1",
      "startTimeout": null,
      "firelensConfiguration": null,
      "dependsOn": null,
      "disableNetworking": null,
      "interactive": null,
      "healthCheck": null,
      "essential": true,
      "links": null,
      "hostname": null,
      "extraHosts": null,
      "pseudoTerminal": null,
      "user": null,
      "readonlyRootFilesystem": null,
      "dockerLabels": null,
      "systemControls": null,
      "privileged": null,
      "name": "alpha"
    }
  ],
  "placementConstraints": [],
  "memory": "1024",
  "taskRoleArn": null,
  "compatibilities": [
    "EC2",
    "FARGATE"
  ],
  "taskDefinitionArn": "arn:aws:ecs:us-west-1:my_account:task-definition/my-task:4",
  "family": "my-task",
  "requiresAttributes": [
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
    },
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "ecs.capability.execution-role-awslogs"
    },
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "ecs.capability.efsAuth"
    },
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "com.amazonaws.ecs.capability.docker-remote-api.1.19"
    },
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "ecs.capability.efs"
    },
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "com.amazonaws.ecs.capability.docker-remote-api.1.25"
    },
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
    },
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "ecs.capability.task-eni"
    }
  ],
  "pidMode": null,
  "requiresCompatibilities": [
    "FARGATE"
  ],
  "networkMode": "awsvpc",
  "cpu": "512",
  "revision": 4,
  "status": "ACTIVE",
  "inferenceAccelerators": null,
  "proxyConfiguration": null,
  "volumes": [
    {
      "fsxWindowsFileServerVolumeConfiguration": null,
      "efsVolumeConfiguration": {
        "transitEncryptionPort": null,
        "fileSystemId": "fs-xxxx",
        "authorizationConfig": null,
        "transitEncryption": null,
        "rootDirectory": "/"
      },
      "name": "efs-volume",
      "host": null,
      "dockerVolumeConfiguration": null
    }
  ]
} 

The tasks and servics are running, but I notice lots of messages in ecs logs reporting about alpha unable to call its port itself

I’m not really sure why it got refused when trying to hit its own port.

E0912 09:42:37.743519 14 groups.go:1181] Error during SubscribeForUpdates for prefix "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x15dgraph.graphql.schema\x00": error from client.subscribe: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial tcp 127.0.0.1:7080: connect: connection refused". closer err: <nil>

Any advice on this?

Thanks

if you are using this config, you should use 7081, 5081, and so on.

This happens cuz there’s no 7080 port there.

      "command": [
        "dgraph",
        "alpha",
        "--my=localhost:7080",
        "--zero=localhost:5080",
        "--port_offset=1",
        "--security",
        "whitelist=0.0.0.0/0"
      ],

we have the 7080 port when starting alpha here

you mean alpha should start with port 7081, 5081,…instead?

Yes. You should be aware of that flag. port_offset changes the default ports increasing or decreasing the default value.