Skip to content

Commit ec5ea49

Browse files
EC2 Default Userubhattacharjya
EC2 Default User
authored and
ubhattacharjya
committed
Extend the mounting to include all dependencies
1 parent 5deb2a3 commit ec5ea49

File tree

2 files changed

+20
-49
lines changed

2 files changed

+20
-49
lines changed

ecs-init/docker/docker.go

+11-20
Original file line numberDiff line numberDiff line change
@@ -122,9 +122,7 @@ const (
122122
containerResourcesRootDir = "/managed-agents"
123123

124124
execCapabilityName = "execute-command"
125-
execBinRelativePath = "bin"
126125
execConfigRelativePath = "config"
127-
execCertsRelativePath = "certs"
128126

129127
execAgentLogRelativePath = "/exec"
130128
)
@@ -437,7 +435,7 @@ func (c *client) getHostConfig(envVarsFromFiles map[string]string) *godocker.Hos
437435
binds = append(binds, getDockerPluginDirBinds()...)
438436

439437
// only add bind mounts when the src file/directory exists on host; otherwise docker API create an empty directory on host
440-
binds = append(binds, getCapabilityExecBinds()...)
438+
binds = append(binds, getCapabilityBinds()...)
441439

442440
return createHostConfig(binds)
443441
}
@@ -473,31 +471,24 @@ func getDockerPluginDirBinds() []string {
473471
return pluginBinds
474472
}
475473

476-
func getCapabilityExecBinds() []string {
477-
hostResourcesDir := filepath.Join(hostResourcesRootDir, execCapabilityName)
478-
containerResourcesDir := filepath.Join(containerResourcesRootDir, execCapabilityName)
474+
func getCapabilityBinds() []string {
475+
var binds = []string{}
479476

480-
var binds []string
481-
482-
// bind mount the entire /host/dependency/path/execute-command/bin folder
483-
hostBinDir := filepath.Join(hostResourcesDir, execBinRelativePath)
484-
if isPathValid(hostBinDir, true) {
477+
// bind mount the entire /host/dependency/path/ folder
478+
// as readonly to support all managed dependencies
479+
if isPathValid(hostResourcesRootDir, true) {
485480
binds = append(binds,
486-
hostBinDir+":"+filepath.Join(containerResourcesDir, execBinRelativePath)+readOnly)
481+
hostResourcesRootDir+":"+containerResourcesRootDir+readOnly)
487482
}
488483

489484
// bind mount the entire /host/dependency/path/execute-command/config folder
490485
// in read-write mode to allow ecs-agent to write config files to host file system
491486
// (docker will) create the config folder if it does not exist
492-
hostConfigDir := filepath.Join(hostResourcesDir, execConfigRelativePath)
493-
binds = append(binds,
494-
hostConfigDir+":"+filepath.Join(containerResourcesDir, execConfigRelativePath))
495-
496-
// bind mount the entire /host/dependency/path/execute-command/certs folder
497-
hostCertsDir := filepath.Join(hostResourcesDir, execCertsRelativePath)
498-
if isPathValid(hostCertsDir, true) {
487+
hostConfigDir := filepath.Join(hostResourcesRootDir, execCapabilityName, execConfigRelativePath)
488+
// Check that execute-command folder is present not config folder
489+
if isPathValid(filepath.Dir(hostConfigDir), true) {
499490
binds = append(binds,
500-
hostCertsDir+":"+filepath.Join(containerResourcesDir, execCertsRelativePath)+readOnly)
491+
hostConfigDir+":"+filepath.Join(containerResourcesRootDir, execCapabilityName, execConfigRelativePath))
501492
}
502493

503494
return binds

ecs-init/docker/docker_test.go

+9-29
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ import (
3535
const (
3636
testTempDirPrefix = "init-docker-test-"
3737

38-
expectedAgentBindsUnspecifiedPlatform = 21
38+
expectedAgentBindsUnspecifiedPlatform = 20
3939
expectedAgentBindsSuseUbuntuPlatform = 18
4040
)
4141

@@ -829,21 +829,13 @@ func TestStartAgentWithExecBinds(t *testing.T) {
829829
hostCapabilityExecResourcesDir := filepath.Join(hostResourcesRootDir, execCapabilityName)
830830
containerCapabilityExecResourcesDir := filepath.Join(containerResourcesRootDir, execCapabilityName)
831831

832-
// binaries
833-
hostBinDir := filepath.Join(hostCapabilityExecResourcesDir, execBinRelativePath)
834-
containerBinDir := filepath.Join(containerCapabilityExecResourcesDir, execBinRelativePath)
835-
836832
// config
837833
hostConfigDir := filepath.Join(hostCapabilityExecResourcesDir, execConfigRelativePath)
838834
containerConfigDir := filepath.Join(containerCapabilityExecResourcesDir, execConfigRelativePath)
839835

840-
// certs
841-
hostCertsDir := filepath.Join(hostCapabilityExecResourcesDir, execCertsRelativePath)
842-
containerCertsDir := filepath.Join(containerCapabilityExecResourcesDir, execCertsRelativePath)
843-
844836
expectedExecBinds := []string{
845-
hostBinDir + ":" + containerBinDir + readOnly,
846-
hostCertsDir + ":" + containerCertsDir + readOnly,
837+
hostResourcesRootDir + ":" + containerResourcesRootDir + readOnly,
838+
hostConfigDir + ":" + containerConfigDir,
847839
}
848840
expectedAgentBinds += len(expectedExecBinds)
849841

@@ -886,18 +878,10 @@ func TestGetCapabilityExecBinds(t *testing.T) {
886878
hostCapabilityExecResourcesDir := filepath.Join(hostResourcesRootDir, execCapabilityName)
887879
containerCapabilityExecResourcesDir := filepath.Join(containerResourcesRootDir, execCapabilityName)
888880

889-
// binaries
890-
hostBinDir := filepath.Join(hostCapabilityExecResourcesDir, execBinRelativePath)
891-
containerBinDir := filepath.Join(containerCapabilityExecResourcesDir, execBinRelativePath)
892-
893881
// config
894882
hostConfigDir := filepath.Join(hostCapabilityExecResourcesDir, execConfigRelativePath)
895883
containerConfigDir := filepath.Join(containerCapabilityExecResourcesDir, execConfigRelativePath)
896884

897-
// certs
898-
hostCertsDir := filepath.Join(hostCapabilityExecResourcesDir, execCertsRelativePath)
899-
containerCertsDir := filepath.Join(containerCapabilityExecResourcesDir, execCertsRelativePath)
900-
901885
testCases := []struct {
902886
name string
903887
testIsPathValid func(string, bool) bool
@@ -909,35 +893,31 @@ func TestGetCapabilityExecBinds(t *testing.T) {
909893
return true
910894
},
911895
expectedBinds: []string{
912-
hostBinDir + ":" + containerBinDir + readOnly,
896+
hostResourcesRootDir + ":" + containerResourcesRootDir + readOnly,
913897
hostConfigDir + ":" + containerConfigDir,
914-
hostCertsDir + ":" + containerCertsDir + readOnly,
915898
},
916899
},
917900
{
918-
name: "only ssm-agent bin path valid",
901+
name: "managed-agents path valid, no execute-command",
919902
testIsPathValid: func(path string, isDir bool) bool {
920-
return path == hostBinDir
903+
return path == hostResourcesRootDir
921904
},
922905
expectedBinds: []string{
923-
hostBinDir + ":" + containerBinDir + readOnly,
924-
hostConfigDir + ":" + containerConfigDir,
906+
hostResourcesRootDir + ":" + containerResourcesRootDir + readOnly,
925907
},
926908
},
927909
{
928910
name: "no path valid",
929911
testIsPathValid: func(path string, isDir bool) bool {
930912
return false
931913
},
932-
expectedBinds: []string{
933-
hostConfigDir + ":" + containerConfigDir,
934-
},
914+
expectedBinds: []string{},
935915
},
936916
}
937917
for _, tc := range testCases {
938918
t.Run(tc.name, func(t *testing.T) {
939919
isPathValid = tc.testIsPathValid
940-
binds := getCapabilityExecBinds()
920+
binds := getCapabilityBinds()
941921
assert.Equal(t, tc.expectedBinds, binds)
942922
})
943923
}

0 commit comments

Comments
 (0)