从 ECS 访问 EFS - 错误：无法访问数据目录：mkdir /bitnami/etcd/data：只读文件系统

我正在尝试使用 CDK 部署带有 ECS 和附加的 EFS 的 etcd 映像。 在我们的堆栈中，我们有一个 EFS 和一个具有所有配置的 ECS 集群。 ECS 以 root 身份运行。

部署我们的堆栈时，成功部署了所有资源，但在配置服务时陷入了最后一部分。

这是我的堆栈：

// Volume
const fileSystem = new FileSystem(this, fileSystemName, {
  fileSystemName: fileSystemName,
  vpc,

  encrypted: false,
});

fileSystem.connections.allowDefaultPortFromAnyIpv4('open');

// Role
const executionRole = new Role(this, `${id}-role`, {
  assumedBy: new ServicePrincipal('ecs-tasks.amazonaws.com'),
});
executionRole.attachInlinePolicy(
  new Policy(this, `${id}-policy`, {
    statements: [
      new PolicyStatement({
        effect: Effect.ALLOW,
        actions: ['SES:*'],
        resources: ['*'],
      }),
    ],
  }),
);

// taskDefinition
const taskDefinition = new FargateTaskDefinition(this, `${id}-task`, {
  executionRole,
  volumes: [
    {
      name: volumeName,
      efsVolumeConfiguration: {
        fileSystemId: fileSystem.fileSystemId,
      },
    },
  ],
});

// container
const ct = taskDefinition.addContainer(`${id}-td`, {
  interactive: true,
  pseudoTerminal: true,
  image: ContainerImage.fromEcrRepository(
    Repository.fromRepositoryName(this, `${id}-etcd-repo`, imageName),
    imageTag,
  ),
  containerName: ETCD_NAME,
  portMappings: [{ containerPort: 2379 }],
  environment: {
    ETCD_LISTEN_CLIENT_URLS: 'http://0.0.0.0:2379',
    ETCD_ADVERTISE_CLIENT_URLS: 'http://0.0.0.0:2379',
    ALLOW_NONE_AUTHENTICATION: 'yes',
    ETCD_ENABLE_V2: 'true',
  },
  logging: LogDriver.awsLogs({
    streamPrefix: `${id}-log`,
    mode: AwsLogDriverMode.NON_BLOCKING,
    logRetention: RetentionDays.TWO_WEEKS,
  }),
});
ct.addMountPoints({
  containerPath: '/bitnami/etcd',
  readOnly: false,
  sourceVolume: volumeName,
});

// Policies
const efsMount = new PolicyStatement({
  actions: [
    'elasticfilesystem:ClientRootAccess',
    'elasticfilesystem:ClientWrite',
    'elasticfilesystem:ClientMount',
    'elasticfilesystem:DescribeMountTargets',
    'elasticfilesystem:DescribeFileSystems',
  ],
  resources: ['*'],
});
taskDefinition.addToTaskRolePolicy(efsMount);

// Service
const svc = new ApplicationLoadBalancedFargateService(this, `${id}-svc`, {
  serviceName: `${id}-svc`,
  cluster,
  listenerPort: 2379,
  enableExecuteCommand: true,
  publicLoadBalancer: true,
  loadBalancerName: `${id}-lb`,
  domainZone: zone,
  securityGroups: [securityGroup],
  taskDefinition,
});

fileSystem.connections.allowFrom(svc.service, fsPort, 'allow access directly to service');

留言：

0m ==> Initializing etcd
0m ==> Generating etcd config file using env variables
0m ==> There is no data from previous deployments
0m ==> Starting etcd in background
0m ==> ** etcd setup finished! **
0m ==> ** Starting etcd **
... load many env vars

{
    "level": "info",
    "ts": "2024-11-20T12:09:14.017673Z",
    "caller": "embed/etcd.go:311",
    "msg": "starting an etcd server",
    "etcd-version": "3.5.17",
    "git-sha": "507c0de",
    "go-version": "go1.22.9",
    "go-os": "linux",
    "go-arch": "amd64",
    "max-cpu-set": 2,
    "max-cpu-available": 2,
    "member-initialized": false,
    "name": "default",
    "data-dir": "/bitnami/etcd/data",
    "wal-dir": "",
    "wal-dir-dedicated": "",
    "member-dir": "/bitnami/etcd/data/member",
    "force-new-cluster": false,
    "heartbeat-interval": "100ms",
    "election-timeout": "1s",
    "initial-election-tick-advance": true,
    "snapshot-count": 100000,
    "max-wals": 5,
    "max-snapshots": 5,
    "snapshot-catchup-entries": 5000,
    "initial-advertise-peer-urls": [
        "http://localhost:2380"
    ],
    "listen-peer-urls": [
        "http://localhost:2380"
    ],
    "advertise-client-urls": [
        "http://0.0.0.0:2379"
    ],
    "listen-client-urls": [
        "http://0.0.0.0:2379"
    ],
    "listen-metrics-urls": [],
    "cors": [
        "*"
    ],
    "host-whitelist": [
        "*"
    ],
    "initial-cluster": "default=http://localhost:2380",
    "initial-cluster-state": "new",
    "initial-cluster-token": "etcd-cluster",
    "quota-backend-bytes": 2147483648,
    "max-request-bytes": 1572864,
    "max-concurrent-streams": 4294967295,
    "pre-vote": true,
    "initial-corrupt-check": false,
    "corrupt-check-time-interval": "0s",
    "compact-check-time-enabled": false,
    "compact-check-time-interval": "1m0s",
    "auto-compaction-mode": "periodic",
    "auto-compaction-retention": "0s",
    "auto-compaction-interval": "0s",
    "discovery-url": "",
    "discovery-proxy": "",
    "downgrade-check-interval": "5s"
}

{
    "level": "info",
    "ts": "2024-11-20T12:09:14.020038Z",
    "caller": "embed/etcd.go:378",
    "msg": "closing etcd server",
    "name": "default",
    "data-dir": "/bitnami/etcd/data",
    "advertise-peer-urls": [
        "http://localhost:2380"
    ],
    "advertise-client-urls": [
        "http://0.0.0.0:2379"
    ]
}

{
    "level": "info",
    "ts": "2024-11-20T12:09:14.020290Z",
    "caller": "embed/etcd.go:380",
    "msg": "closed etcd server",
    "name": "default",
    "data-dir": "/bitnami/etcd/data",
    "advertise-peer-urls": [
        "http://localhost:2380"
    ],
    "advertise-client-urls": [
        "http://0.0.0.0:2379"
    ]
}

# Error message
{
    "level": "warn",
    "ts": "2024-11-20T10:48:23.675544Z",
    "caller": "etcdmain/etcd.go:146",
    "msg": "failed to start etcd",
    "error": "cannot access data directory: mkdir /bitnami/etcd/data: read-only file system"
}

如有任何帮助，我们将不胜感激。

谢谢，