metadata service continued

README.md

@@ -179,6 +179,8 @@ configure them as something other than the defaults.
 | `ECS_CNI_PLUGINS_PATH` | `/ecs/cni` | The path where the cni binary file is located | `/amazon-ecs-cni-plugins` | Not applicable |
 | `ECS_AWSVPC_BLOCK_IMDS` | `true` | Whether to block access to [Instance Metdata](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) for Tasks started with `awsvpc` network mode | `false` | Not applicable |
 | `ECS_AWSVPC_ADDITIONAL_LOCAL_ROUTES` | `["10.0.15.0/24"]` | In `awsvpc` network mode, traffic to these prefixes will be routed via the host bridge instead of the task ENI | `[]` | Not applicable |
+| `ECS_ENABLE_CONTAINER_METADATA` | `<true|false>` | Whether to enable creation of a metadata file in the containers. If enabled the agent will inject a file with the container's various metadata and the user can access the container's metadata internally by accessing the environment variable $ECS_CONTAINER_METADATA_FILE. | `false` | `false` |
+| `ECS_HOST_DATA_DIR` | `/var/lib/ecs` | The source directory on the host from which ECS_DATADIR is mounted. We use this to determine the source mount path for container metadata files in the case the Agent is run in a container. We do not use this value in Windows because the Agent is not run on a container in Windows. | `/var/lib/ecs` | `Not used` |
 
 ### Persistence
 

agent/acs/update_handler/updater_test.go

@@ -105,7 +105,7 @@ func TestPerformUpdateWithUpdatesDisabled(t *testing.T) {
 		Reason:            ptr("Updates are disabled").(*string),
 	}})
 
-	u.performUpdateHandler(statemanager.NewNoopStateManager(), engine.NewTaskEngine(cfg, nil, nil, nil, nil, nil))(&ecsacs.PerformUpdateMessage{
+	u.performUpdateHandler(statemanager.NewNoopStateManager(), engine.NewTaskEngine(cfg, nil, nil, nil, nil, nil, nil))(&ecsacs.PerformUpdateMessage{
 		ClusterArn:           ptr("cluster").(*string),
 		ContainerInstanceArn: ptr("containerInstance").(*string),
 		MessageId:            ptr("mid").(*string),
@@ -159,7 +159,7 @@ func TestFullUpdateFlow(t *testing.T) {
 
 			require.Equal(t, "update-tar-data", writtenFile.String(), "incorrect data written")
 
-			u.performUpdateHandler(statemanager.NewNoopStateManager(), engine.NewTaskEngine(cfg, nil, nil, nil, nil, nil))(&ecsacs.PerformUpdateMessage{
+			u.performUpdateHandler(statemanager.NewNoopStateManager(), engine.NewTaskEngine(cfg, nil, nil, nil, nil, nil, nil))(&ecsacs.PerformUpdateMessage{
 				ClusterArn:           ptr("cluster").(*string),
 				ContainerInstanceArn: ptr("containerInstance").(*string),
 				MessageId:            ptr("mid2").(*string),
@@ -224,7 +224,7 @@ func TestUndownloadedUpdate(t *testing.T) {
 		MessageId:         ptr("mid").(*string),
 	}})
 
-	u.performUpdateHandler(statemanager.NewNoopStateManager(), engine.NewTaskEngine(cfg, nil, nil, nil, nil, nil))(&ecsacs.PerformUpdateMessage{
+	u.performUpdateHandler(statemanager.NewNoopStateManager(), engine.NewTaskEngine(cfg, nil, nil, nil, nil, nil, nil))(&ecsacs.PerformUpdateMessage{
 		ClusterArn:           ptr("cluster").(*string),
 		ContainerInstanceArn: ptr("containerInstance").(*string),
 		MessageId:            ptr("mid").(*string),
@@ -282,7 +282,7 @@ func TestDuplicateUpdateMessagesWithSuccess(t *testing.T) {
 
 	require.Equal(t, "update-tar-data", writtenFile.String(), "incorrect data written")
 
-	u.performUpdateHandler(statemanager.NewNoopStateManager(), engine.NewTaskEngine(cfg, nil, nil, nil, nil, nil))(&ecsacs.PerformUpdateMessage{
+	u.performUpdateHandler(statemanager.NewNoopStateManager(), engine.NewTaskEngine(cfg, nil, nil, nil, nil, nil, nil))(&ecsacs.PerformUpdateMessage{
 		ClusterArn:           ptr("cluster").(*string),
 		ContainerInstanceArn: ptr("containerInstance").(*string),
 		MessageId:            ptr("mid3").(*string),
@@ -347,7 +347,7 @@ func TestDuplicateUpdateMessagesWithFailure(t *testing.T) {
 
 	require.Equal(t, "update-tar-data", writtenFile.String(), "incorrect data written")
 
-	u.performUpdateHandler(statemanager.NewNoopStateManager(), engine.NewTaskEngine(cfg, nil, nil, nil, nil, nil))(&ecsacs.PerformUpdateMessage{
+	u.performUpdateHandler(statemanager.NewNoopStateManager(), engine.NewTaskEngine(cfg, nil, nil, nil, nil, nil, nil))(&ecsacs.PerformUpdateMessage{
 		ClusterArn:           ptr("cluster").(*string),
 		ContainerInstanceArn: ptr("containerInstance").(*string),
 		MessageId:            ptr("mid3").(*string),
@@ -420,7 +420,7 @@ func TestNewerUpdateMessages(t *testing.T) {
 
 	require.Equal(t, "newer-update-tar-data", writtenFile.String(), "incorrect data written")
 
-	u.performUpdateHandler(statemanager.NewNoopStateManager(), engine.NewTaskEngine(cfg, nil, nil, nil, nil, nil))(&ecsacs.PerformUpdateMessage{
+	u.performUpdateHandler(statemanager.NewNoopStateManager(), engine.NewTaskEngine(cfg, nil, nil, nil, nil, nil, nil))(&ecsacs.PerformUpdateMessage{
 		ClusterArn:           ptr("cluster").(*string),
 		ContainerInstanceArn: ptr("containerInstance").(*string),
 		MessageId:            ptr("mid2").(*string),

agent/api/container.go

@@ -123,6 +123,10 @@ type Container struct {
 	// handled properly so that the state storage continues to work.
 	SentStatusUnsafe ContainerStatus `json:"SentStatus"`
 
+	// MetadataFileUpdated is set to true when we have completed updating the
+	// metadata file
+	MetadataFileUpdated bool `json:"metadataFileUpdated"`
+
 	knownExitCode     *int
 	KnownPortBindings []PortBinding
 
@@ -317,3 +321,20 @@ func (c *Container) IsInternal() bool {
 func (c *Container) IsRunning() bool {
 	return c.GetKnownStatus().IsRunning()
 }
+
+// IsMetadataFileUpdated() returns true if the metadata file has been once the
+// metadata file is ready and will no longer change
+func (c *Container) IsMetadataFileUpdated() bool {
+	c.lock.RLock()
+	defer c.lock.RUnlock()
+
+	return c.MetadataFileUpdated
+}
+
+// SetMetadataFileUpdated sets the container's MetadataFileUpdated status to true
+func (c *Container) SetMetadataFileUpdated() {
+	c.lock.Lock()
+	defer c.lock.Unlock()
+
+	c.MetadataFileUpdated = true
+}

agent/app/agent.go

@@ -25,6 +25,7 @@ import (
 	"github.com/aws/amazon-ecs-agent/agent/app/factory"
 	"github.com/aws/amazon-ecs-agent/agent/app/oswrapper"
 	"github.com/aws/amazon-ecs-agent/agent/config"
+	"github.com/aws/amazon-ecs-agent/agent/containermetadata"
 	"github.com/aws/amazon-ecs-agent/agent/credentials"
 	"github.com/aws/amazon-ecs-agent/agent/ec2"
 	"github.com/aws/amazon-ecs-agent/agent/ecs_client/model/ecs"
@@ -92,6 +93,7 @@ type ecsAgent struct {
 	vpc                   string
 	subnet                string
 	mac                   string
+	metadataManager       containermetadata.Manager
 }
 
 // newAgent returns a new ecsAgent object
@@ -126,6 +128,14 @@ func newAgent(
 		return nil, err
 	}
 
+	var metadataManager containermetadata.Manager
+	if cfg.ContainerMetadataEnabled {
+		// We use the default API client for the metadata inspect call. This version has some information
+		// missing which means if we need those fields later we will need to change this client to
+		// the appropriate version
+		metadataManager = containermetadata.NewManager(dockerClient, cfg)
+	}
+
 	return &ecsAgent{
 		ctx:               ctx,
 		ec2MetadataClient: ec2MetadataClient,
@@ -142,7 +152,8 @@ func newAgent(
 			PluginsPath:            cfg.CNIPluginsPath,
 			MinSupportedCNIVersion: config.DefaultMinSupportedCNIVersion,
 		}),
-		os: oswrapper.New(),
+		os:              oswrapper.New(),
+		metadataManager: metadataManager,
 	}, nil
 }
 
@@ -224,6 +235,10 @@ func (agent *ecsAgent) doStart(containerChangeEventStream *eventstream.EventStre
 		}
 		return exitcodes.ExitTerminal
 	}
+	// Add container instance ARN to metadata manager
+	if agent.cfg.ContainerMetadataEnabled {
+		agent.metadataManager.SetContainerInstanceARN(agent.containerInstanceARN)
+	}
 
 	// Begin listening to the docker daemon and saving changes
 	taskEngine.SetSaver(stateManager)
@@ -255,13 +270,13 @@ func (agent *ecsAgent) newTaskEngine(containerChangeEventStream *eventstream.Eve
 	if !agent.cfg.Checkpoint {
 		seelog.Info("Checkpointing not enabled; a new container instance will be created each time the agent is run")
 		return engine.NewTaskEngine(agent.cfg, agent.dockerClient,
-			credentialsManager, containerChangeEventStream, imageManager, state), "", nil
+			credentialsManager, containerChangeEventStream, imageManager, state, agent.metadataManager), "", nil
 	}
 
 	// We try to set these values by loading the existing state file first
 	var previousCluster, previousEC2InstanceID, previousContainerInstanceArn string
 	previousTaskEngine := engine.NewTaskEngine(agent.cfg, agent.dockerClient,
-		credentialsManager, containerChangeEventStream, imageManager, state)
+		credentialsManager, containerChangeEventStream, imageManager, state, agent.metadataManager)
 
 	// previousState is used to verify that our current runtime configuration is
 	// compatible with our past configuration as reflected by our state-file
@@ -287,7 +302,7 @@ func (agent *ecsAgent) newTaskEngine(containerChangeEventStream *eventstream.Eve
 		state.Reset()
 		// Reset taskEngine; all the other values are still default
 		return engine.NewTaskEngine(agent.cfg, agent.dockerClient, credentialsManager,
-			containerChangeEventStream, imageManager, state), currentEC2InstanceID, nil
+			containerChangeEventStream, imageManager, state, agent.metadataManager), currentEC2InstanceID, nil
 	}
 
 	if previousCluster != "" {
@@ -298,6 +313,7 @@ func (agent *ecsAgent) newTaskEngine(containerChangeEventStream *eventstream.Eve
 
 	// Use the values we loaded if there's no issue
 	agent.containerInstanceARN = previousContainerInstanceArn
+
 	return previousTaskEngine, currentEC2InstanceID, nil
 }
 

agent/config/config.go

@@ -353,6 +353,8 @@ func environmentConfig() (Config, error) {
 			errs = append(errs, err)
 		}
 	}
+	containerMetadataEnabled := utils.ParseBool(os.Getenv("ECS_ENABLE_CONTAINER_METADATA"), false)
+	dataDirOnHost := os.Getenv("ECS_HOST_DATA_DIR")
 
 	if len(errs) > 0 {
 		err = utils.NewMultiError(errs...)
@@ -393,6 +395,8 @@ func environmentConfig() (Config, error) {
 		CNIPluginsPath:                   cniPluginsPath,
 		AWSVPCBlockInstanceMetdata:       awsVPCBlockInstanceMetadata,
 		AWSVPCAdditionalLocalRoutes:      additionalLocalRoutes,
+		ContainerMetadataEnabled:         containerMetadataEnabled,
+		DataDirOnHost:                    dataDirOnHost,
 	}, err
 }
 

agent/config/config_test.go

@@ -120,6 +120,10 @@ func TestEnvironmentConfig(t *testing.T) {
 	additionalLocalRoutesJSON := `["1.2.3.4/22","5.6.7.8/32"]`
 	os.Setenv("ECS_AWSVPC_ADDITIONAL_LOCAL_ROUTES", additionalLocalRoutesJSON)
 	defer os.Unsetenv("ECS_AWSVPC_ADDITIONAL_LOCAL_ROUTES")
+	os.Setenv("ECS_ENABLE_CONTAINER_METADATA", "true")
+	os.Setenv("ECS_HOST_DATA_DIR", "/etc/ecs/")
+	defer os.Unsetenv("ECS_ENABLE_CONTAINER_METADATA")
+	defer os.Unsetenv("ECS_HOST_DATA_DIR")
 
 	conf, err := environmentConfig()
 	assert.NoError(t, err)
@@ -146,6 +150,9 @@ func TestEnvironmentConfig(t *testing.T) {
 	serializedAdditionalLocalRoutesJSON, err := json.Marshal(conf.AWSVPCAdditionalLocalRoutes)
 	assert.NoError(t, err, "should marshal additional local routes")
 	assert.Equal(t, additionalLocalRoutesJSON, string(serializedAdditionalLocalRoutesJSON))
+	assert.Equal(t, (90 * time.Second), conf.TaskCleanupWaitDuration)
+	assert.Equal(t, "/etc/ecs/", conf.DataDirOnHost, "Wrong value for DataDirOnHost")
+	assert.True(t, conf.ContainerMetadataEnabled, "Wrong value for ContainerMetadataEnabled")
 }
 
 func TestTrimWhitespace(t *testing.T) {

agent/config/config_unix.go

@@ -32,6 +32,7 @@ func DefaultConfig() Config {
 		ReservedPorts:               []uint16{SSHPort, DockerReservedPort, DockerReservedSSLPort, AgentIntrospectionPort, AgentCredentialsPort},
 		ReservedPortsUDP:            []uint16{},
 		DataDir:                     "/data/",
+		DataDirOnHost:               "/var/lib/ecs",
 		DisableMetrics:              false,
 		ReservedMemory:              0,
 		AvailableLoggingDrivers:     []dockerclient.LoggingDriver{dockerclient.JSONFileDriver},
@@ -48,6 +49,7 @@ func DefaultConfig() Config {
 		PauseContainerImageName:     DefaultPauseContainerImageName,
 		PauseContainerTag:           DefaultPauseContainerTag,
 		AWSVPCBlockInstanceMetdata:  false,
+		ContainerMetadataEnabled:    false,
 	}
 }
 

agent/config/config_unix_test.go

@@ -49,6 +49,7 @@ func TestConfigDefault(t *testing.T) {
 	os.Unsetenv("ECS_ENABLE_TASK_ENI")
 	os.Unsetenv("ECS_CNI_PLUGINS_PATH")
 	os.Unsetenv("ECS_AWSVPC_BLOCK_IMDS")
+	os.Unsetenv("ECS_HOST_DATA_DIR")
 
 	cfg, err := NewConfig(ec2.NewBlackholeEC2MetadataClient())
 	assert.NoError(t, err)
@@ -73,6 +74,7 @@ func TestConfigDefault(t *testing.T) {
 	assert.Equal(t, DefaultNumImagesToDeletePerCycle, cfg.NumImagesToDeletePerCycle, "NumImagesToDeletePerCycle default is set incorrectly")
 	assert.Equal(t, defaultCNIPluginsPath, cfg.CNIPluginsPath, "CNIPluginsPath default is set incorrectly")
 	assert.False(t, cfg.AWSVPCBlockInstanceMetdata, "AWSVPCBlockInstanceMetdata default is incorrectly set")
+	assert.Equal(t, "/var/lib/ecs", cfg.DataDirOnHost, "Default DataDirOnHost set incorrectly")
 }
 
 // TestConfigFromFile tests the configuration can be read from file

agent/config/config_windows.go

@@ -44,6 +44,7 @@ const (
 func DefaultConfig() Config {
 	programData := utils.DefaultIfBlank(os.Getenv("ProgramData"), `C:\ProgramData`)
 	ecsRoot := filepath.Join(programData, "Amazon", "ECS")
+	dataDir := filepath.Join(ecsRoot, "data")
 	return Config{
 		DockerEndpoint: "npipe:////./pipe/docker_engine",
 		ReservedPorts: []uint16{
@@ -59,7 +60,10 @@ func DefaultConfig() Config {
 			netBIOSPort,
 		},
 		ReservedPortsUDP: []uint16{},
-		DataDir:          filepath.Join(ecsRoot, "data"),
+		DataDir:          dataDir,
+		// DataDirOnHost is identical to DataDir for Windows because we do not
+		// run as a container
+		DataDirOnHost: dataDir,
 		// DisableMetrics is set to true on Windows as docker stats does not work
 		DisableMetrics:              true,
 		ReservedMemory:              0,
@@ -72,6 +76,7 @@ func DefaultConfig() Config {
 		MinimumImageDeletionAge:     DefaultImageDeletionAge,
 		ImageCleanupInterval:        DefaultImageCleanupTimeInterval,
 		NumImagesToDeletePerCycle:   DefaultNumImagesToDeletePerCycle,
+		ContainerMetadataEnabled:    false,
 	}
 }
 

agent/config/config_windows_test.go

@@ -42,6 +42,7 @@ func TestConfigDefault(t *testing.T) {
 	os.Unsetenv("ECS_NUM_IMAGES_DELETE_PER_CYCLE")
 	os.Unsetenv("ECS_IMAGE_MINIMUM_CLEANUP_AGE")
 	os.Unsetenv("ECS_IMAGE_CLEANUP_INTERVAL")
+	os.Unsetenv("ECS_HOST_DATA_DIR")
 
 	cfg, err := NewConfig(ec2.NewBlackholeEC2MetadataClient())
 	assert.NoError(t, err)
@@ -63,6 +64,7 @@ func TestConfigDefault(t *testing.T) {
 	assert.Equal(t, DefaultImageDeletionAge, cfg.MinimumImageDeletionAge, "MinimumImageDeletionAge default is set incorrectly")
 	assert.Equal(t, DefaultImageCleanupTimeInterval, cfg.ImageCleanupInterval, "ImageCleanupInterval default is set incorrectly")
 	assert.Equal(t, DefaultNumImagesToDeletePerCycle, cfg.NumImagesToDeletePerCycle, "NumImagesToDeletePerCycle default is set incorrectly")
+	assert.Equal(t, `C:\ProgramData\Amazon\ECS\data`, cfg.DataDirOnHost, "Default DataDirOnHost set incorrectly")
 }
 
 func TestConfigIAMTaskRolesReserves80(t *testing.T) {

agent/config/types.go

@@ -52,8 +52,12 @@ type Config struct {
 	ReservedPortsUDP []uint16
 
 	// DataDir is the directory data is saved to in order to preserve state
-	// across agent restarts. It is only used if "Checkpoint" is true as well.
+	// across agent restarts.
+	// It is also used to keep the metadata of containers managed by the agent
 	DataDir string
+	// DataDirOnHost is the directory in the instance from which we mount
+	// DataDir to the ecs-agent container and to agent managed containers
+	DataDirOnHost string
 	// Checkpoint configures whether data should be periodically to a checkpoint
 	// file, in DataDir, such that on instance or agent restarts it will resume
 	// as the same ContainerInstance. It defaults to false.
@@ -180,6 +184,10 @@ type Config struct {
 	// entries that will be added in the task's network namespace via the
 	// instance bridge interface rather than via the ENI.
 	AWSVPCAdditionalLocalRoutes []cnitypes.IPNet
+
+	// ContainerMetadataEnabled specifies if the agent should provide a metadata
+	// file for containers.
+	ContainerMetadataEnabled bool
 }
 
 // SensitiveRawMessage is a struct to store some data that should not be logged

agent/containermetadata/generate_mocks.go

@@ -0,0 +1,16 @@
+// Copyright 2017 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License"). You may
+// not use this file except in compliance with the License. A copy of the
+// License is located at
+//
+//	http://aws.amazon.com/apache2.0/
+//
+// or in the "license" file accompanying this file. This file is distributed
+// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+// express or implied. See the License for the specific language governing
+// permissions and limitations under the License.
+
+package containermetadata
+
+//go:generate go run ../../scripts/generate/mockgen.go github.com/aws/amazon-ecs-agent/agent/containermetadata Manager,DockerMetadataClient mocks/containermetadata_mocks.go