Add wait_for_steady_state attribute to aws_ecs_service

[mmdriley]

This allows for cases where the old and new service tasks have different resource dependencies -- for example, an old S3 bucket or database -- and the old resources should only be deleted once all old service tasks that depended on it are gone.

In the case that I hit, our service relied on an auxiliary aws_ecs_task_definition that became inactive while there were still service tasks that expected to use it with RunTask. Now we can set wait_for_steady_state and know the old task definition will stay alive as long as it's needed.

This also allows authors to make the success of their deployment conditional on the success of the service update.

To the extent possible, I modeled this after the logic of aws ecs wait services-stable. That includes the definition of "stable" as well as the timeout (10m).

Fixes #3107

[mmdriley]

Using a bool state as a string feels a bit weird, but there's precedent:

https://github.com/terraform-providers/terraform-provider-aws/blob/490897d8f64608a336ab43564c5dfe681509b213/aws/resource_aws_network_interface.go#L205-L208

I considered returning the service state or "STABLE", but then we're relying on ECS never introducing another state.

[mmdriley]

I wanted to write an acceptance test for when this is true, but I couldn't come up with a reliable, repeatable way to test we weren't hitting a race condition.

This would also be the first test case that required container instances (or which used Fargate and was locked to us-east-1).

I have verified manually that this waits for a new deployment to finish.

[tomelliff]

What race conditions were you thinking of?

I would have thought that you could simply create an ECS service in one step (using your wait_for_steady_state to make sure it doesn't complete until there is a task running somewhere) and then another step that increases the desired_count and then another step that changes the task definition by setting an environment variable or something.

Creating container instances shouldn't be difficult, I'd just use the latest ECS optimised AMI and set the user data so that it joins the ECS cluster you create for the acceptance test.

[mmdriley]

The race condition I have in mind is the one we hit without this flag: in the case where the to-be-replaced ECS service definition references a resource that will be deleted, Terraform and ECS race and Terraform can delete the resource while there are still tasks referencing it.

The problem is finding a test that would reliably fail when this flag is unset and reliably pass when it is. The test you describe would pass without this flag, right?

The best idea I have for testing this is a service binary that takes N minutes to start responding to healthchecks, then verify that service update takes at least N minutes. Not great, and for small N it's entirely possible the test would pass without this flag if service update were slow.

[borgstrom]

If we create an ALB and Target Group then the acceptance test can be something as simple as launching busybox sleep 600 in that service.

Since it will never pass health checks the service will never become stable.

[tomelliff]

Was just thinking about working on this because I have a service that needs to have finished deploying before I invalidate cache on Cloudfront so thanks for picking this up. I've added a few comments on things I might have approached differently.

[tomelliff]

Any reason you're not just using https://docs.aws.amazon.com/sdk-for-go/api/service/ecs/#ECS.WaitUntilServicesStable here?

[tomelliff]

You probably also want a configurable timeout period here. Although I can't see it in the Go SDK the botocore link lower down shows a 600s total wait time (15s * 40 attempts) which seems like a reasonable default.

[mmdriley]

Any reason you're not just using https://docs.aws.amazon.com/sdk-for-go/api/service/ecs/#ECS.WaitUntilServicesStable here?

It seemed more in keeping with the Terraform code to use StateChangeConf, especially since that code has more elaborate and configurable timeout logic than the AWS SDK -- which will help implementing configurable timeouts, as you describe.

$ grep -R . -e "\.WaitUntil" --exclude './vendor/*'
./aws/resource_aws_ebs_snapshot.go:	err := conn.WaitUntilSnapshotCompleted(req)
./aws/resource_aws_iam_instance_profile.go:	err = iamconn.WaitUntilInstanceProfileExists(waiterRequest)

Although I can't see it in the Go SDK the botocore link lower down shows a 600s total wait time (15s * 40 attempts) which seems like a reasonable default.

That's exactly where I got 10 * time.Minute from above. :)

[tomelliff]

What race conditions were you thinking of?

I would have thought that you could simply create an ECS service in one step (using your wait_for_steady_state to make sure it doesn't complete until there is a task running somewhere) and then another step that increases the desired_count and then another step that changes the task definition by setting an environment variable or something.

Creating container instances shouldn't be difficult, I'd just use the latest ECS optimised AMI and set the user data so that it joins the ECS cluster you create for the acceptance test.

[mmdriley]

Thanks for the comments!

[mmdriley]

The race condition I have in mind is the one we hit without this flag: in the case where the to-be-replaced ECS service definition references a resource that will be deleted, Terraform and ECS race and Terraform can delete the resource while there are still tasks referencing it.

The problem is finding a test that would reliably fail when this flag is unset and reliably pass when it is. The test you describe would pass without this flag, right?

The best idea I have for testing this is a service binary that takes N minutes to start responding to healthchecks, then verify that service update takes at least N minutes. Not great, and for small N it's entirely possible the test would pass without this flag if service update were slow.

[mmdriley]

Any reason you're not just using https://docs.aws.amazon.com/sdk-for-go/api/service/ecs/#ECS.WaitUntilServicesStable here?

It seemed more in keeping with the Terraform code to use StateChangeConf, especially since that code has more elaborate and configurable timeout logic than the AWS SDK -- which will help implementing configurable timeouts, as you describe.

$ grep -R . -e "\.WaitUntil" --exclude './vendor/*'
./aws/resource_aws_ebs_snapshot.go:	err := conn.WaitUntilSnapshotCompleted(req)
./aws/resource_aws_iam_instance_profile.go:	err = iamconn.WaitUntilInstanceProfileExists(waiterRequest)

Although I can't see it in the Go SDK the botocore link lower down shows a 600s total wait time (15s * 40 attempts) which seems like a reasonable default.

That's exactly where I got 10 * time.Minute from above. :)

[mmdriley]

Despite claiming to wait on creates and updates, my implementation previously only waited on updates. Sorry about that! I've updated the PR.

[mmdriley]

We've seen a problem on create where the ECS service seems to have disappeared due to eventual consistency, similar to the problem addressed in 7551f92. Change coming.

[mmdriley]

Now updated with code to handle stale reads. Ready for review.

[bitbrain]

Any news on this? Having wait_for_steady_state in Terraform would be helpful, especially for deployment pipelines.

[bgiorgini]

Is this trying to implement similar concept like this AWS cli? https://docs.aws.amazon.com/cli/latest/reference/ecs/wait/services-stable.html
Is there any news on this PR? I also think this will be very helpful for deployment pipelines.

[tomelliff]

@bgiorgini yep, exactly like that.

As a workaround for now I'm using a null resource to shell out to the ECS waiter:

resource "null_resource" "wait_for_service_deploy" {
  triggers {
    task_definition = "${aws_ecs_service.web_service.task_definition}"
  }

  provisioner "local-exec" {
    command = "aws ecs wait services-stable --services ${aws_ecs_service.web_service.name} --cluster ${var.cluster_name} --region ${data.aws_region.current.name}"
  }
}

[PaulAtkins]

Thanks for the workaround @tomelliff!

We found when testing that the ecs wait services-stable command works slightly differently to the ECS service stable event message, and doesn't wait for new tasks to become healthy in a ALB.

So we added a second null_resource using elbv2 wait target-in-service with a trigger on the first one & the task definition.

The triggers cause Terraform to only run elbv2 wait target-in-service after service-stable completes, and prevents the task definition being destroyed until the new instances are healthy. (one downside is that an apply will fail if existing Targets aren't already healthy)

resource "null_resource" "wait_for_service_deploy" {
  triggers {
    task_definition = "${aws_ecs_service.web_service.task_definition}"
  }

  provisioner "local-exec" {
    command = "aws ecs wait services-stable --services ${aws_ecs_service.web_service.name} --cluster ${var.cluster_name} --region ${data.aws_region.current.name}"
  }
}


resource "null_resource" "wait_for_service_alb_healthy" {
  triggers {
    task_definition = "${aws_ecs_service.web_service.task_definition}"
    service_stable = "${null_resource.wait_for_service_deploy.id}"
  }

  provisioner "local-exec" {
    command = "aws elbv2 wait target-in-service --target-group-arn ${aws_alb_target_group.web_service_tg.arn} --region ${data.aws_region.current.name}"
  }
}

[tomelliff]

In my experience it does seem to catch when a service is fundamentally unhealthy (container is missing something so it fails to properly start) and this fails our deployment CI jobs when it happens.

What is unfortunate is that if another deployment happens that still doesn't fix things then it seems to return as stable despite the new task definition still being broken. This seems to happen the majority of the time with back to back failing deploys and it will also usually stop the original healthy tasks then. Oddly this isn't 100% reproducible and sometimes ECS keeps the original healthy tasks running until a new task definition is genuinely healthy.

I'm not sure what's exactly happening in these situations but they're rare enough for us that I've not really looked into it other than a cursory glance when alerting points out 0 tasks are running. And it's not been an issue for us because deploy failures always get flushed out in staging because we aren't yet (maybe never) just going straight to production.

[derickson82]

I've been looking for this exact feature, and would love to use this instead of the work around. Any clue when this will be ready?

I'd be happy to help. Let me know if there is anything I can do to help finish this.

[mmdriley]

If this gets attention from the Terraform folks I can probably try to help shepherd it through, but otherwise I've pretty much forgotten about it.

To be practically deployable, this probably needs to allow configurable timeouts to accommodate large service deployments that will take a long time to update.

[tomelliff]

@mmdriley first passes on a feature normally add the minimal thing to get it working and then if people have a requirement for something else (eg for needing to wait more than 10 minutes for an insanely slow starting service to start) then it can be made configurable in a follow up PR.

@bflad any chance this can get a review? Got a few people interested in it and we've had a couple of issues raised looking for this functionality.

[anGie44]

added b/c DescribeServices was throwing was unable to place a task because no container instance met all of its requirements. Reason: No Container Instances were found in your cluster but a new error persists: was unable to place a task because no container instance met all of its requirements. Reason: No Container Instances were found in your capacity provider. I originally followed these instructions https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_container_instance.html but was hitting the first error.

[anGie44]

required for the task to reach RUNNING state -- else task throws error CannotPullContainerError: Error response from daemon:Get https://registry-name/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

[anGie44]

required to run task else receives the error CannotPullContainerError and task reaches STOPPED state

[anGie44]

Output of added tests:

--- PASS: TestAccAWSEcsService_withLaunchTypeFargateAndWaitForSteadyState (188.43s)
--- PASS: TestAccAWSEcsService_withLaunchTypeFargateAndUpdateWaitForSteadyState (212.50s)

Output of pre-existing tests:

--- PASS: TestAccAWSEcsService_withEcsClusterName (83.90s)
--- PASS: TestAccAWSEcsService_withDeploymentValues (91.25s)
--- PASS: TestAccAWSEcsService_withPlacementStrategy_Type_Missing (1.69s)
--- PASS: TestAccAWSEcsService_withDeploymentController_Type_External (95.34s)
--- PASS: TestAccAWSEcsService_disappears (106.82s)
--- PASS: TestAccAWSEcsService_withDeploymentMinimumZeroMaximumOneHundred (111.37s)
--- PASS: TestAccAWSEcsServiceDataSource_basic (113.75s)
--- PASS: TestAccAWSEcsService_withUnnormalizedPlacementStrategy (118.03s)
--- PASS: TestAccAWSEcsService_withARN (127.97s)
--- PASS: TestAccAWSEcsService_withForceNewDeployment (128.12s)
--- PASS: TestAccAWSEcsService_basicImport (128.57s)
--- PASS: TestAccAWSEcsService_withFamilyAndRevision (137.70s)
--- PASS: TestAccAWSEcsService_withIamRole (154.10s)
--- PASS: TestAccAWSEcsService_withMultipleCapacityProviderStrategies (163.97s)
--- PASS: TestAccAWSEcsService_withPlacementConstraints_emptyExpression (71.78s)
--- PASS: TestAccAWSEcsService_withPlacementConstraints (78.70s)
--- PASS: TestAccAWSEcsService_withDaemonSchedulingStrategy (57.36s)
--- PASS: TestAccAWSEcsService_withDaemonSchedulingStrategySetDeploymentMinimum (57.95s)
--- PASS: TestAccAWSEcsService_withRenamedCluster (213.87s)
--- PASS: TestAccAWSEcsService_withPlacementStrategy (134.03s)
--- PASS: TestAccAWSEcsService_withReplicaSchedulingStrategy (93.96s)
--- PASS: TestAccAWSEcsService_withCapacityProviderStrategy (244.64s)
--- PASS: TestAccAWSEcsService_withLaunchTypeEC2AndNetworkConfiguration (127.50s)
--- PASS: TestAccAWSEcsService_ManagedTags (84.81s)
--- PASS: TestAccAWSEcsService_withLaunchTypeFargate (156.91s)
--- PASS: TestAccAWSEcsService_withLaunchTypeFargateAndPlatformVersion (157.19s)
--- PASS: TestAccAWSEcsService_withLbChanges (272.96s)
--- PASS: TestAccAWSEcsService_healthCheckGracePeriodSeconds (282.99s)
--- PASS: TestAccAWSEcsService_Tags (120.85s)
--- PASS: TestAccAWSEcsService_withAlb (296.80s)
--- PASS: TestAccAWSEcsService_withDeploymentController_Type_CodeDeploy (302.03s)
--- PASS: TestAccAWSEcsService_withServiceRegistries_container (164.96s)
--- PASS: TestAccAWSEcsService_withServiceRegistries (180.50s)
--- PASS: TestAccAWSEcsService_withMultipleTargetGroups (361.04s)
--- PASS: TestAccAWSEcsService_PropagateTags (215.32s)

[bflad]

Looks good! 🚀

[ghost]

This has been released in version 3.13.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!