From 74f87488a3ebdf42b5be19e14de099e56e48ff7a Mon Sep 17 00:00:00 2001 From: Arnaldo Garcia Rincon Date: Tue, 30 Jan 2024 22:30:30 +0000 Subject: [PATCH 1/3] ecs: add additional settings This adds support for ECS_BACKEND_HOST and ECS_AWSVPC_BLOCK_IMDS through the API settings Signed-off-by: Arnaldo Garcia Rincon --- packages/ecs-agent/ecs.config | 6 ++++++ sources/models/src/lib.rs | 2 ++ 2 files changed, 8 insertions(+) diff --git a/packages/ecs-agent/ecs.config b/packages/ecs-agent/ecs.config index 5124635e5da..419424ac060 100644 --- a/packages/ecs-agent/ecs.config +++ b/packages/ecs-agent/ecs.config @@ -33,3 +33,9 @@ ECS_IMAGE_CLEANUP_INTERVAL="{{settings.ecs.image-cleanup-wait}}" {{# if settings.ecs.image-cleanup-age}} ECS_IMAGE_MINIMUM_CLEANUP_AGE="{{settings.ecs.image-cleanup-age}}" {{/if}} +{{#if settings.ecs.backend-host}} +ECS_BACKEND_HOST="{{settings.ecs.backend-host}}" +{{/if}} +{{#if settings.ecs.awsvpc-block-imds}} +ECS_AWSVPC_BLOCK_IMDS="{{settings.ecs.awsvpc-block-imds}}" +{{/if}} diff --git a/sources/models/src/lib.rs b/sources/models/src/lib.rs index 03c102232bf..dae1f9db9b2 100644 --- a/sources/models/src/lib.rs +++ b/sources/models/src/lib.rs @@ -333,6 +333,8 @@ struct ECSSettings { image_cleanup_delete_per_cycle: i64, image_cleanup_enabled: bool, image_cleanup_age: ECSDurationValue, + backend_host: String, + awsvpc_block_imds: bool, } #[model] From 4e690ee505524ea12d896fa110f295185d976b68 Mon Sep 17 00:00:00 2001 From: Arnaldo Garcia Rincon Date: Tue, 30 Jan 2024 22:31:59 +0000 Subject: [PATCH 2/3] ecs: add migration for new ECS settings This adds the migration to support ECS_BACKEND_HOST and ECS_AWSVPC_BLOCK_IMDS Signed-off-by: Arnaldo Garcia Rincon --- Release.toml | 3 +++ sources/Cargo.lock | 7 +++++++ sources/Cargo.toml | 1 + .../add-additional-ecs-settings/Cargo.toml | 12 +++++++++++ .../add-additional-ecs-settings/src/main.rs | 21 +++++++++++++++++++ 5 files changed, 44 insertions(+) create mode 100644 sources/api/migration/migrations/v1.19.0/add-additional-ecs-settings/Cargo.toml create mode 100644 sources/api/migration/migrations/v1.19.0/add-additional-ecs-settings/src/main.rs diff --git a/Release.toml b/Release.toml index c85de6dd342..5aa66ac51a2 100644 --- a/Release.toml +++ b/Release.toml @@ -261,3 +261,6 @@ version = "1.18.0" "migrate_v1.18.0_aws-control-container-v0-7-7.lz4", "migrate_v1.18.0_public-control-container-v0-7-7.lz4", ] +"(1.18.0, 1.19.0)" = [ + "migrate_v1.19.0_add-additional-ecs-settings.lz4", +] diff --git a/sources/Cargo.lock b/sources/Cargo.lock index afe7efc4ba8..5075d26563a 100644 --- a/sources/Cargo.lock +++ b/sources/Cargo.lock @@ -217,6 +217,13 @@ dependencies = [ "syn 2.0.46", ] +[[package]] +name = "add-additional-ecs-settings" +version = "0.1.0" +dependencies = [ + "migration-helpers", +] + [[package]] name = "addr2line" version = "0.21.0" diff --git a/sources/Cargo.toml b/sources/Cargo.toml index b50b53fb7ac..2e35c4d8abc 100644 --- a/sources/Cargo.toml +++ b/sources/Cargo.toml @@ -56,6 +56,7 @@ members = [ "api/migration/migrations/v1.18.0/public-admin-container-v0-11-3", "api/migration/migrations/v1.18.0/aws-control-container-v0-7-7", "api/migration/migrations/v1.18.0/public-control-container-v0-7-7", + "api/migration/migrations/v1.19.0/add-additional-ecs-settings", "bloodhound", diff --git a/sources/api/migration/migrations/v1.19.0/add-additional-ecs-settings/Cargo.toml b/sources/api/migration/migrations/v1.19.0/add-additional-ecs-settings/Cargo.toml new file mode 100644 index 00000000000..6820fdf4dd6 --- /dev/null +++ b/sources/api/migration/migrations/v1.19.0/add-additional-ecs-settings/Cargo.toml @@ -0,0 +1,12 @@ +[package] +name = "add-additional-ecs-settings" +version = "0.1.0" +authors = ["Arnaldo Garcia Rincon "] +license = "Apache-2.0 OR MIT" +edition = "2021" +publish = false +# Don't rebuild crate just because of changes to README. +exclude = ["README.md"] + +[dependencies] +migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"} diff --git a/sources/api/migration/migrations/v1.19.0/add-additional-ecs-settings/src/main.rs b/sources/api/migration/migrations/v1.19.0/add-additional-ecs-settings/src/main.rs new file mode 100644 index 00000000000..50d59e536a5 --- /dev/null +++ b/sources/api/migration/migrations/v1.19.0/add-additional-ecs-settings/src/main.rs @@ -0,0 +1,21 @@ +use migration_helpers::common_migrations::AddSettingsMigration; +use migration_helpers::{migrate, Result}; +use std::process; + +/// We added additional configurations for the ECS agent +fn run() -> Result<()> { + migrate(AddSettingsMigration(&[ + "settings.ecs.backend-host", + "settings.ecs.awsvpc-block-imds", + ])) +} + +// Returning a Result from main makes it print a Debug representation of the error, but with Snafu +// we have nice Display representations of the error, so we wrap "main" (run) and print any error. +// https://github.com/shepmaster/snafu/issues/110 +fn main() { + if let Err(e) = run() { + eprintln!("{}", e); + process::exit(1); + } +} From b6194cb66f086b7552e4b984f5a3fae085bb6bbe Mon Sep 17 00:00:00 2001 From: Arnaldo Garcia Rincon Date: Wed, 31 Jan 2024 05:45:23 +0000 Subject: [PATCH 3/3] ecs: change restart configurations for systemd service The previous configurations prevented the ECS service from restarting on failures, due to the short timespan between restarts. With this, the service now restarts on failures without throttling systemd. The new configurations align with what we do with the kubelet service. Signed-off-by: Arnaldo Garcia Rincon --- packages/ecs-agent/ecs.service | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/ecs-agent/ecs.service b/packages/ecs-agent/ecs.service index 510f7ba549b..96de5175220 100644 --- a/packages/ecs-agent/ecs.service +++ b/packages/ecs-agent/ecs.service @@ -7,9 +7,9 @@ Wants=network-online.target configured.target [Service] Type=simple -Restart=on-failure +Restart=always RestartPreventExitStatus=5 -RestartSec=1s +RestartSec=5 EnvironmentFile=-/etc/ecs/ecs.config EnvironmentFile=/etc/network/proxy.env Environment=ECS_CHECKPOINT=true