Merge remote-tracking branch 'origin/dev' into jchorl/updatecgroup

Author: jchorl

Makefile

@@ -108,8 +108,11 @@ docker-release: pause-container-release cni-plugins .out-stamp
 		--rm \
 		"amazon/amazon-ecs-agent-${BUILD}:make"
 
+ifeq (${TARGET_OS},windows)
+    CSI_DRIVER_EXE=ebs-csi-driver
+endif
 # Legacy target : Release packages our agent into a "scratch" based dockerfile
-release: certs docker-release
+release: certs docker-release ${CSI_DRIVER_EXE}
 	@./scripts/create-amazon-ecs-scratch
 	@docker build -f scripts/dockerfiles/Dockerfile.release -t "amazon/amazon-ecs-agent:latest" .
 	@echo "Built Docker image \"amazon/amazon-ecs-agent:latest\""

agent/api/task/task.go

@@ -1781,6 +1781,7 @@ func (task *Task) dockerConfig(container *apicontainer.Container, apiVersion doc
 			return nil, &apierrors.DockerClientConfigError{Msg: "Unable decode given docker config: " + err.Error()}
 		}
 	}
+
 	if container.HealthCheckType == apicontainer.DockerHealthCheckType && containerConfig.Healthcheck == nil {
 		return nil, &apierrors.DockerClientConfigError{
 			Msg: "docker health check is nil while container health check type is DOCKER"}

agent/api/task/task_windows.go

@@ -19,21 +19,22 @@ package task
 import (
 	"time"
 
-	"github.com/aws/amazon-ecs-agent/agent/ecscni"
-	"github.com/aws/amazon-ecs-agent/agent/utils"
-	"github.com/aws/amazon-ecs-agent/ecs-agent/logger"
-	"github.com/aws/amazon-ecs-agent/ecs-agent/logger/field"
-	"github.com/containernetworking/cni/libcni"
-
 	"github.com/aws/amazon-ecs-agent/agent/config"
+	"github.com/aws/amazon-ecs-agent/agent/ecscni"
 	"github.com/aws/amazon-ecs-agent/agent/taskresource"
 	"github.com/aws/amazon-ecs-agent/agent/taskresource/fsxwindowsfileserver"
 	resourcetype "github.com/aws/amazon-ecs-agent/agent/taskresource/types"
 	taskresourcevolume "github.com/aws/amazon-ecs-agent/agent/taskresource/volume"
+	"github.com/aws/amazon-ecs-agent/agent/utils"
+	"github.com/aws/amazon-ecs-agent/ecs-agent/logger"
+	"github.com/aws/amazon-ecs-agent/ecs-agent/logger/field"
+
 	"github.com/aws/amazon-ecs-agent/ecs-agent/credentials"
 	ni "github.com/aws/amazon-ecs-agent/ecs-agent/netlib/model/networkinterface"
 	eautils "github.com/aws/amazon-ecs-agent/ecs-agent/utils"
+
 	"github.com/cihub/seelog"
+	"github.com/containernetworking/cni/libcni"
 	dockercontainer "github.com/docker/docker/api/types/container"
 	"github.com/pkg/errors"
 )

agent/app/agent_unix.go

@@ -159,7 +159,7 @@ func (agent *ecsAgent) startEBSWatcher(
 ) {
 	if agent.ebsWatcher == nil {
 		seelog.Debug("Creating new EBS watcher...")
-		agent.ebsWatcher = ebs.NewWatcher(agent.ctx, state, taskEngine, dockerClient)
+		agent.ebsWatcher = ebs.NewWatcher(agent.ctx, agent.cfg, state, taskEngine, dockerClient)
 		go agent.ebsWatcher.Start()
 	}
 }

agent/app/agent_windows.go

@@ -25,6 +25,7 @@ import (
 	asmfactory "github.com/aws/amazon-ecs-agent/agent/asm/factory"
 	"github.com/aws/amazon-ecs-agent/agent/data"
 	"github.com/aws/amazon-ecs-agent/agent/dockerclient/dockerapi"
+	ebs "github.com/aws/amazon-ecs-agent/agent/ebs"
 	"github.com/aws/amazon-ecs-agent/agent/ecscni"
 	"github.com/aws/amazon-ecs-agent/agent/engine"
 	"github.com/aws/amazon-ecs-agent/agent/engine/dockerstate"
@@ -105,7 +106,11 @@ func (agent *ecsAgent) startEBSWatcher(
 	taskEngine engine.TaskEngine,
 	dockerClient dockerapi.DockerClient,
 ) {
-	seelog.Debug("Windows EBS Watcher not implemented: No Op")
+	if agent.ebsWatcher == nil {
+		seelog.Debug("Creating new EBS watcher...")
+		agent.ebsWatcher = ebs.NewWatcher(agent.ctx, agent.cfg, state, taskEngine, dockerClient)
+		go agent.ebsWatcher.Start()
+	}
 }
 
 // handler implements https://godoc.org/golang.org/x/sys/windows/svc#Handler

agent/config/config_unix.go

@@ -60,6 +60,12 @@ const (
 	minimumContainerCreateTimeout = 1 * time.Minute
 	// default docker inactivity time is extra time needed on container extraction
 	defaultImagePullInactivityTimeout = 1 * time.Minute
+	// default socket filepath is "/var/run/ecs/ebs-csi-driver/csi-driver.sock"
+	defaultCSIDriverSocketPath = "/var/run/ecs/ebs-csi-driver/csi-driver.sock"
+	// nodeStageTimeout is the deafult timeout for staging an EBS TA volume
+	nodeStageTimeout = 2 * time.Second
+	// nodeUnstageTimeout is the deafult timeout for unstaging an EBS TA volume
+	nodeUnstageTimeout = 30 * time.Second
 )
 
 // DefaultConfig returns the default configuration for Linux
@@ -112,6 +118,9 @@ func DefaultConfig() Config {
 		RuntimeStatsLogFile:                 defaultRuntimeStatsLogFile,
 		EnableRuntimeStats:                  BooleanDefaultFalse{Value: NotSet},
 		ShouldExcludeIPv6PortBinding:        BooleanDefaultTrue{Value: ExplicitlyEnabled},
+		CSIDriverSocketPath:                 defaultCSIDriverSocketPath,
+		NodeStageTimeout:                    nodeStageTimeout,
+		NodeUnstageTimeout:                  nodeUnstageTimeout,
 	}
 }
 

agent/config/config_unix_test.go

@@ -77,6 +77,9 @@ func TestConfigDefault(t *testing.T) {
 	assert.False(t, cfg.EnableRuntimeStats.Enabled(), "Default EnableRuntimeStats set incorrectly")
 	assert.True(t, cfg.ShouldExcludeIPv6PortBinding.Enabled(), "Default ShouldExcludeIPv6PortBinding set incorrectly")
 	assert.False(t, cfg.FSxWindowsFileServerCapable.Enabled(), "Default FSxWindowsFileServerCapable set incorrectly")
+	assert.Equal(t, "/var/run/ecs/ebs-csi-driver/csi-driver.sock", cfg.CSIDriverSocketPath, "Default CSIDriverSocketPath set incorrectly")
+	assert.Equal(t, 2*time.Second, cfg.NodeStageTimeout, "Default NodeStage timeout set incorrectly")
+	assert.Equal(t, 30*time.Second, cfg.NodeUnstageTimeout, "Default NodeUntage timeout set incorrectly")
 }
 
 // TestConfigFromFile tests the configuration can be read from file

agent/config/config_windows.go

@@ -76,6 +76,11 @@ const (
 	adminSid = "S-1-5-32-544"
 	// default directory name of CNI Plugins
 	defaultCNIPluginDirName = "cni"
+	// Setting the node stage and unstage timeout to 600 seconds as Windows takes longer to stage and unstage volumes
+	// nodeStageTimeout is the deafult timeout for staging an EBS TA volume
+	nodeStageTimeout = 600 * time.Second
+	// nodeUnstageTimeout is the deafult timeout for unstaging an EBS TA volume
+	nodeUnstageTimeout = 600 * time.Second
 )
 
 var (
@@ -97,6 +102,7 @@ func DefaultConfig() Config {
 
 	programFiles := utils.DefaultIfBlank(os.Getenv("ProgramFiles"), `C:\Program Files`)
 	ecsBinaryDir := filepath.Join(programFiles, "Amazon", "ECS")
+	defaultCSIDriverSocketPath := filepath.Join(ecsRoot, "ebs-csi-driver", "csi-driver.sock")
 
 	platformVariables := PlatformVariables{
 		CPUUnbounded:    BooleanDefaultFalse{Value: ExplicitlyDisabled},
@@ -157,6 +163,9 @@ func DefaultConfig() Config {
 		RuntimeStatsLogFile:                 filepath.Join(ecsRoot, defaultRuntimeStatsLogFile),
 		EnableRuntimeStats:                  BooleanDefaultFalse{Value: NotSet},
 		ShouldExcludeIPv6PortBinding:        BooleanDefaultTrue{Value: ExplicitlyEnabled},
+		CSIDriverSocketPath:                 defaultCSIDriverSocketPath,
+		NodeStageTimeout:                    nodeStageTimeout,
+		NodeUnstageTimeout:                  nodeUnstageTimeout,
 	}
 }
 

agent/config/config_windows_test.go

@@ -73,6 +73,9 @@ func TestConfigDefault(t *testing.T) {
 	assert.False(t, cfg.EnableRuntimeStats.Enabled(), "Default EnableRuntimeStats set incorrectly")
 	assert.True(t, cfg.ShouldExcludeIPv6PortBinding.Enabled(), "Default ShouldExcludeIPv6PortBinding set incorrectly")
 	assert.True(t, cfg.FSxWindowsFileServerCapable.Enabled(), "Default FSxWindowsFileServerCapable set incorrectly")
+	assert.Equal(t, "C:\\ProgramData\\Amazon\\ECS\\ebs-csi-driver\\csi-driver.sock", cfg.CSIDriverSocketPath, "Default CSIDriverSocketPath set incorrectly")
+	assert.Equal(t, 600*time.Second, cfg.NodeStageTimeout, "Default NodeStage timeout set incorrectly")
+	assert.Equal(t, 600*time.Second, cfg.NodeUnstageTimeout, "Default NodeUntage timeout set incorrectly")
 }
 
 func TestConfigIAMTaskRolesReserves80(t *testing.T) {

agent/config/const_linux.go

@@ -16,5 +16,11 @@
 
 package config
 
-// OSType is the type of operating system where agent is running
-const OSType = "linux"
+const (
+	// OSType is the type of operating system where agent is running
+	OSType = "linux"
+	// This is the path that will be used for the csi-driver socker
+	ManagedDaemonSocketPathHostRoot = "/var/run/ecs"
+	// This is the path that will be used to store the log file for the CSI Driver Managed Daemon
+	ManagedDaemonLogPathHostRoot = "/log/daemons"
+)

agent/config/const_windows.go

@@ -17,4 +17,12 @@
 package config
 
 // OSType is the type of operating system where agent is running
-const OSType = "windows"
+const (
+	OSType = "windows"
+	// containerAdminUser is the admin username for any container on Windows.
+	ContainerAdminUser = "ContainerAdministrator"
+	// This is the path that will be used to store the local named pipe for CSI Proxy
+	ManagedDaemonSocketPathHostRoot = "C:\\ProgramData\\Amazon\\ECS\\ebs-csi-driver"
+	// This is the path that will be used to store the log file for the CSI Driver Managed Daemon
+	ManagedDaemonLogPathHostRoot = "C:\\ProgramData\\Amazon\\ECS\\log\\daemons"
+)

agent/config/types.go

@@ -384,4 +384,14 @@ type Config struct {
 	// cgroup setting at the ECS task level.
 	// see https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html#pid
 	TaskPidsLimit int
+
+	// CSIDriverSocketPath specifies the path that the CSI driver socket file is located at.
+	// Defaults to "/var/run/ecs/ebs-csi-driver/csi-driver.sock"
+	CSIDriverSocketPath string
+
+	// NodeStageTimeout is the amount of time to wait for staging an EBS TA volume
+	NodeStageTimeout time.Duration
+
+	// NodeUnstageTimeout is the amount of time to wait for unstaging an EBS TA volume
+	NodeUnstageTimeout time.Duration
 }

agent/ebs/watcher.go

@@ -22,6 +22,7 @@ import (
 	"time"
 
 	ecsapi "github.com/aws/amazon-ecs-agent/agent/api"
+	"github.com/aws/amazon-ecs-agent/agent/config"
 	"github.com/aws/amazon-ecs-agent/agent/dockerclient/dockerapi"
 	ecsengine "github.com/aws/amazon-ecs-agent/agent/engine"
 	"github.com/aws/amazon-ecs-agent/agent/engine/dockerstate"
@@ -36,17 +37,13 @@ import (
 	v1 "k8s.io/api/core/v1"
 )
 
-const (
-	nodeStageTimeout = 2 * time.Second
-	hostMountDir     = "/mnt/ecs/ebs"
-)
-
 type EBSWatcher struct {
 	ctx        context.Context
 	cancel     context.CancelFunc
 	agentState dockerstate.TaskEngineState
 	// TODO: The dataClient will be used to save to agent's data client as well as start the ACK timer. This will be added once the data client functionality have been added
 	// dataClient     data.Client
+	cfg             *config.Config
 	discoveryClient apiebs.EBSDiscovery
 	csiClient       csi.CSIClient
 	scanTicker      *time.Ticker
@@ -57,15 +54,16 @@ type EBSWatcher struct {
 
 // NewWatcher is used to return a new instance of the EBSWatcher struct
 func NewWatcher(ctx context.Context,
+	cfg *config.Config,
 	state dockerstate.TaskEngineState,
 	taskEngine ecsengine.TaskEngine,
 	dockerClient dockerapi.DockerClient) *EBSWatcher {
 	derivedContext, cancel := context.WithCancel(ctx)
 	discoveryClient := apiebs.NewDiscoveryClient(derivedContext)
-	// TODO pull this socket out into config
-	csiClient := csi.NewCSIClient("/var/run/ecs/ebs-csi-driver/csi-driver.sock")
+	csiClient := csi.NewCSIClient(cfg.CSIDriverSocketPath)
 	return &EBSWatcher{
 		ctx:             derivedContext,
+		cfg:             cfg,
 		cancel:          cancel,
 		agentState:      state,
 		discoveryClient: discoveryClient,
@@ -266,7 +264,7 @@ func (w *EBSWatcher) stageVolumeEBS(volID, deviceName string) error {
 	stubFsGroup, _ := strconv.ParseInt("123456", 10, 8)
 	publishContext := map[string]string{"devicePath": deviceName}
 	// call CSI NodeStage
-	timeoutCtx, cancelFunc := context.WithTimeout(w.ctx, nodeStageTimeout)
+	timeoutCtx, cancelFunc := context.WithTimeout(w.ctx, w.cfg.NodeStageTimeout)
 	defer cancelFunc()
 	err := w.csiClient.NodeStageVolume(timeoutCtx,
 		volID,

agent/ebs/watcher_linux.go

@@ -0,0 +1,21 @@
+//go:build linux
+// +build linux
+
+// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License"). You may
+// not use this file except in compliance with the License. A copy of the
+// License is located at
+//
+//      http://aws.amazon.com/apache2.0/
+//
+// or in the "license" file accompanying this file. This file is distributed
+// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+// express or implied. See the License for the specific language governing
+// permissions and limitations under the License.
+
+package ebs
+
+const (
+	hostMountDir = "/mnt/ecs/ebs"
+)

agent/ebs/watcher_linux_test.go

@@ -0,0 +1,21 @@
+//go:build linux && unit
+// +build linux,unit
+
+// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License"). You may
+// not use this file except in compliance with the License. A copy of the
+// License is located at
+//
+//	http://aws.amazon.com/apache2.0/
+//
+// or in the "license" file accompanying this file. This file is distributed
+// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+// express or implied. See the License for the specific language governing
+// permissions and limitations under the License.
+
+package ebs
+
+const (
+	CSIDriverSocketPath = "/var/run/ecs/ebs-csi-driver/csi-driver.sock"
+)

agent/ebs/watcher_test.go

@@ -26,6 +26,7 @@ import (
 	"time"
 
 	"github.com/aws/amazon-ecs-agent/agent/api/task"
+	"github.com/aws/amazon-ecs-agent/agent/config"
 	mock_dockerapi "github.com/aws/amazon-ecs-agent/agent/dockerclient/dockerapi/mocks"
 	"github.com/aws/amazon-ecs-agent/agent/engine"
 	"github.com/aws/amazon-ecs-agent/agent/engine/daemonmanager"
@@ -60,8 +61,10 @@ const (
 func newTestEBSWatcher(ctx context.Context, agentState dockerstate.TaskEngineState,
 	discoveryClient apiebs.EBSDiscovery, taskEngine engine.TaskEngine, csiClient csi.CSIClient) *EBSWatcher {
 	derivedContext, cancel := context.WithCancel(ctx)
+	defaultConfig := config.DefaultConfig()
 	return &EBSWatcher{
 		ctx:             derivedContext,
+		cfg:             &defaultConfig,
 		cancel:          cancel,
 		agentState:      agentState,
 		discoveryClient: discoveryClient,
@@ -737,7 +740,8 @@ func TestTick(t *testing.T) {
 				tc.setDiscoveryClientExpectations(discoveryClient)
 			}
 
-			watcher := NewWatcher(context.Background(), taskEngineState, taskEngine, dockerClient)
+			defaultConfig := config.DefaultConfig()
+			watcher := NewWatcher(context.Background(), &defaultConfig, taskEngineState, taskEngine, dockerClient)
 			watcher.discoveryClient = discoveryClient
 			watcher.tick()
 

agent/ebs/watcher_unsupported.go

@@ -0,0 +1,21 @@
+//go:build !linux && !windows
+// +build !linux,!windows
+
+// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License"). You may
+// not use this file except in compliance with the License. A copy of the
+// License is located at
+//
+//      http://aws.amazon.com/apache2.0/
+//
+// or in the "license" file accompanying this file. This file is distributed
+// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+// express or implied. See the License for the specific language governing
+// permissions and limitations under the License.
+
+package ebs
+
+const (
+	hostMountDir = ""
+)

agent/ebs/watcher_windows.go

@@ -0,0 +1,22 @@
+//go:build windows
+// +build windows
+
+// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License"). You may
+// not use this file except in compliance with the License. A copy of the
+// License is located at
+//
+//      http://aws.amazon.com/apache2.0/
+//
+// or in the "license" file accompanying this file. This file is distributed
+// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+// express or implied. See the License for the specific language governing
+// permissions and limitations under the License.
+
+package ebs
+
+const (
+	// Host mount root path where the EBS volumes will be mounted
+	hostMountDir = "C:\\ProgramData\\Amazon\\ECS\\ebs\\"
+)

agent/ebs/watcher_windows_test.go

@@ -0,0 +1,21 @@
+//go:build windows && unit
+// +build windows,unit
+
+// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License"). You may
+// not use this file except in compliance with the License. A copy of the
+// License is located at
+//
+//	http://aws.amazon.com/apache2.0/
+//
+// or in the "license" file accompanying this file. This file is distributed
+// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+// express or implied. See the License for the specific language governing
+// permissions and limitations under the License.
+
+package ebs
+
+const (
+	CSIDriverSocketPath = "C:\\ProgramData\\Amazon\\ECS\\ebs-csi-driver\\csi-driver.sock"
+)