5

I'm attempting to start an ECS Task using an image in our ECR yet it doesn't start, I get the below error:

CannotPullContainerError: containerd: pull command failed: time="2021-08-10T13:12:24Z" level=info msg="apply failure, attempting cleanup" error="failed to extract layer sha256:e5b96[snip]8caa: link /var/...

All other examples of this error online seem to have a 'not found' element to them.. mine doesn't and I'm kind of lost for why it isn't working.

Any ideas?

GoldieLocks
  • 845
  • 7
  • 22
  • Is it EC2 or fargate lunch type, and is your cluster deployed on private or public subnet? – Asri Badlah Aug 10 '21 at 13:26
  • Things to check: 1. Does the ECS task have IAM permission to pull the image from ECR? 2. Does the ECS task have a NAT Gateway, or VPC Private Link, to provide network access to the ECR repository? 3. Is there anything wrong with the image in ECR? You could try pulling it to your local computer from ECR to validate this. – Mark B Aug 10 '21 at 13:42
  • Also, how large is the image? The "failed to extract layer" error almost sounds like a "out of space" error. – Mark B Aug 10 '21 at 13:44
  • It's a fargate launch type, with a public subnet I believe. The image is 1353MB. I can pull it to my local computer no problem at all. – GoldieLocks Aug 10 '21 at 13:46
  • You might check for the full (non-truncated) error message in CloudTrail which may give more insight into the problem, per this answer: https://stackoverflow.com/questions/66919512/stoppedreason-in-ecs-fargate-is-truncated – Mark B Aug 10 '21 at 13:49
  • CloudTrail doesn't give me any more info. It just shows me calls to GetAuthorizationToken, BatchGetImage, and GetDownloadUrlForLayer loads of times. None of them have any errors in. – GoldieLocks Aug 11 '21 at 10:30
  • @MarkB any other ideas? – GoldieLocks Aug 11 '21 at 12:36

1 Answers1

3

Turns out that this is caused as I was trying to run a Windows container in Fargate, and that apparently isn't supported:

Windows containers are only supported for tasks that use the EC2 launch type. The Fargate launch type isn't currently supported for Windows containers.

Quote from: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_Windows.html

GoldieLocks
  • 845
  • 7
  • 22
  • 2022 July- is this still true? And would it not be nice if AWS would tell us this rather than the cryptic error message? – Daniel Williams Jul 27 '22 at 20:04
  • Looks like Fargate supports Windows as of Oct 2021 https://aws.amazon.com/about-aws/whats-new/2021/10/aws-fargate-amazon-ecs-windows-containers/ – Daniel Williams Jul 27 '22 at 20:10