Command Executor¶
Command Executor provides a functionality to run operators in various environment like Docker.
sh>, py>, and rb> support Command Executor.
Supported environments are AWS ECS (Elastic Container Service), Docker, and local.
Kubernetes is under development.
For example, if you define a task with sh>, the task runs in local. If you add configuration for Docker, the task is executed in a docker container.
You can switch environment to run a task without changing task definition.
Currently, ECS is default Command Executor. If there is no valid configuration for ECS, fallback to Docker. If there is no valid configuration for Docker, fallback to local.
ECS¶
Setup¶
The following is an example configuration for ECS Command Executor.
agent.command_executor.ecs.name = digdag-test
agent.command_executor.ecs.digdag-test.access_key_id = <ACCESS KEY>
agent.command_executor.ecs.digdag-test.secret_access_key = <SECRET KEY>
agent.command_executor.ecs.digdag-test.launch_type = FARGATE
agent.command_executor.ecs.digdag-test.region = us-east-1
agent.command_executor.ecs.digdag-test.subnets = subnet-NNNNN
agent.command_executor.ecs.digdag-test.max_retries = 3
agent.command_executor.ecs.temporal_storage.type = s3
agent.command_executor.ecs.temporal_storage.s3.bucket = <Bucket>
agent.command_executor.ecs.temporal_storage.s3.endpoint = s3.amazonaws.com
agent.command_executor.ecs.temporal_storage.s3.credentials.access-key-id = <ACCESS KEY>
agent.command_executor.ecs.temporal_storage.s3.credentials.secret-access-key = <SECRET KEY>
Each sub keys of agent.command_executor are as follows:
| key | description |
|---|---|
| ecs.name | ECS Cluster name. The value <name> is used as the key of following configuration |
| ecs.<name>.access_key_id | (Optional)AWS access key for ECS. The key needs permissions for ECS and CloudWatch. If it is not specified, other credentials are used for authorization. |
| ecs.<name>.secret_access_key | (Optional)AWS secret key |
| ecs.<name>.launch_type | The launch type of container. FARGATE or EC2 |
| ecs.<name>.region | AWS region |
| ecs.<name>.subnets | AWS subnet |
| ecs.<name>.max_retries | Number of retry for AWS client |
| ecs.<name>.use_environment_file | (Optional) whether use environmentFiles or environment when setting variables to ECS. Default value is false |
Following keys are for configuration of temporal storage with AWS S3.
| key | description |
|---|---|
| ecs.temporal_storage.type | The bucket type. s3 for AWS S3 |
| ecs.temporal_storage.s3.bucket | Bucket name |
| ecs.temporal_storage.s3.endpoint | The end point URL for S3 |
| ecs.temporal_storage.s3.credentials.access-key-id | (Optional) AWS access key for the bucket |
| ecs.temporal_storage.s3.credentials.secret-access-key | (Optional) AWS secret key |
The ways of authorizing to ECS cluster, tasks and S3 temporal storage.¶
DefaultAWSCredentialsProviderChain besides AWS access key and secret can be used as a credential for connecting with ECS on version 0.10.5 or above . As a result of that, if ecs.<name>.access_key_id is not specified, digdag server looks for one of the credentials described in the document.
Digdag server uses the same credentials when connecting with S3 temporal storage, thus if ecs.temporal_storage.s3.credentials.access-key-id is not specified, digdag server also looks for credentials same as ECS.
How to use from workflow¶
In workflow definition, there are two ways to set a task on ECS.
Set ecs.task_definition_arn¶
_export:
ecs:
task_definition_arn: "arn:aws:ecs:us-east-1:..."
+task1:
py>: ...
Set docker.image¶
_export:
docker:
image: "digdag/digdag-python:3.7"
+task1:
py>: ...
You need to set a tag digdag.docker.image in the task definition.
ECS Command Executor try to search the tagged task definition.
(This way lists and check all task definitions until found and take long time to run the task. See issue #1488)
Docker¶
Setup¶
No configuration is required to use Docker Command Executor.
How to use from workflow¶
The following is an example workflow definition for Docker Command Executor.
_export:
docker:
image: "python:3.7"
docker: "/usr/local/bin/docker"
run_options: [ "-m", "1G" ]
pull_always: true
selinux: true
+task1:
py>: ...
The sub keys in docker are as follows.
| key | description |
|---|---|
| image | Docker image |
| docker | Docker command. default is docker |
| run_options | Arguments to be passed to docker run1 |
| pull_always | Digdag caches the docker image. If you want to pull the image always, set to true. Default is false |
| selinux | Set to true when using SELinux. Default is false |
You can build a docker image to be used with build parameter.
_export:
docker:
image: "azul/zulu-openjdk:8"
docker: "/usr/local/bin/docker"
run_options: [ "-m", "1G" ]
build:
- apt-get -y update
- apt-get -y install software-properties-common
build_options:
- --build-arg var1=test1
+task1:
py>: ...
Docker Command Executor generates a Dockerfile and build an image then run a container with the image.
| key | description |
|---|---|
| image | Base image in the generated Dockerfile |
| build | Command list which are described in the generated Dockerfile with RUN |
| build_options | Option list for docker build command |