AWS Fargate

At the time of writing, Fargate does not support Daemon tasks (see this tracking issue).

Furthermore, Fargate does not allow "pidMode": "host" in the task definition (see documentation of pidMode here). Host PID is required for gProfiler to be able to profile processes running in other containers (in case of Fargate, other containers under the same containerDefinition).

So in order to deploy gProfiler, we need to modify a container definition to include running gProfiler alongside the actual application. This can be done with the following steps:

  1. Modify the command and entryPoint parameters of your entry in the containerDefinitions array. The new command should include the downloading of gProfiler and the execution of it in the background, and entryPoint will be ["/bin/bash"].

    For example, if your default command is ["python", "/path/to/my/app.py"], we will now change it to:

["-c", "(wget https://github.com/Granulate/gprofiler/releases/latest/download/gprofiler -O /tmp/gprofiler; chmod +x /tmp/gprofiler; /tmp/gprofiler -cu --token <TOKEN> --service-name <SERVICE NAME> --disable-pidns-check --perf-mode none) & python /path/to/my/app.py"].

This new command will start the downloading of gProfiler in the background, then run your application. Make sure to JSON-escape any characters in your command line! For example, " are replaced with \".

Additionally, we will set entryPoint to ["/bin/bash"]. If you had used entryPoint prior to incorporating gProfiler, make sure to use it in the new command.

  • --disable-pidns-check is required because, well, we won't run in init PID NS :)

  • --perf-mode none is required because our container will not have permissions to run system-wide perf, so gProfiler will profile only runtime processes. See perf-less mode for more information.

gProfiler and its installation process will send the outputs to your container's stdout and stderr. After verifying that everything works, you can append > /dev/null 2>&1 to the gProfiler command parenthesis (in this example, before the & python ...) to prevent it from spamming your container logs.

This requires your image to have wget installed. You can make sure wget is installed, or substitute the wget command with:

curl -SL https://github.com/Granulate/gprofiler/releases/latest/download/gprofiler --output /tmp/gprofiler

... or any other HTTP-downloader you wish.

2. Add linuxParameters to the container definition (this goes directly in your entry in containerDefinitions):

"linuxParameters:" {
    "capabilities": {
        "add": [
            "SYS_PTRACE"
            ],
        },
    },

sys_ptrace is required by various profilers, and Fargate by default denies it for containers.

Alternatively, you can download gProfiler in your Dockerfile to avoid having to download it every time in run-time. Then you just need to invoke it upon container start-up.

PreviousECS DaemonsetNextAWS EMR

Last updated