Deprecate ECS settings applier

[arnaldo2792]

Issue number:

Closes #3621

Description of changes:

This deprecates the ECS settings applier and migrates all the ECS configurations to use systemd drop-ins.

The ecs.config template file was removed, and replaced with systemd drop-ins for the ecs.service. This will allow downstream builders consume the configurations and build upon them if needed. The new configuration files include:

• 00-defaults.conf: immutable configuration file with the default hard-coded configurations used for Bottlerocket
• 10-base.conf: mutable configuration file generated by the API server
• 20-nvidia.conf: immutable configuration file with the hard-coded configuration to enable NVIDIA support

With this PR, the ecs-agent-base and ecs-agent-nvidia packages were created to pull down the correct configuration while building the variant. Variants were updated accordingly to use the respective file.

In the new ecs-base-conf template file, most of the {{#if}} statements were removed in favor of using helpers like default. There are two ECS boolean configurations in the API system whose values are inverted:

• ECS_PRIVILEGED_DISABLED -> allow-privileged-containers
• ECS_DISABLE_IMAGE_CLEANUP -> image-cleanup-enabled

I tried to use the native not helper to generate the correct values for the settings, e.g. {{not (default <setting>)}}. However, the default helper will transform the boolean types to string when passed to the not helper. This results in the not helper always returning true, since not-empty strings are considered "truthy". I added the negate_or_else handlebars helper, which will render the passed configuration or a default value.

Testing done:

For aws-ecs-2:

• Run internal suite of tests
• Test ECS_TASK_METADATA_RPS_LIMIT
• Test that both ECS_PRIVILEGED_DISABLED and ECS_DISABLE_IMAGE_CLEANUP are set as expected
• Test that the value for ECS_AVAILABLE_LOGGING_DRIVERS is a valid JSON string, and that the ECS agent parses it
• Test ECS_ENABLE_CONTAINER_METADATA

bash-5.1# docker exec 7b059bad5345 sh -c '[ -f ${ECS_CONTAINER_METADATA_FILE} ] && echo Exists!'                                                                                                                                                                                          
Exists!

• Migration testing
  • Verified all the configuration files exist on upgrade
  • Verified both ecs.config and ecs.config.json exist on downgrade

For aws-ecs-1:

• Run internal suite of tests

All the other tests are omitted since the configuration file and API definition are the same for both variants.

For aws-ecs-2-nvidia:

• Run smoke test

For aws-ecs-1-nvidia:

• Run smoke test

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

[arnaldo2792]

(Forced push added unit tests)

[arnaldo2792]

(forced push adds the migration and fixes the implementation of one of the schnauzer helpers)

[arnaldo2792]

Forced push includes:

• Use drop-ins instead of configuration files
• Remove unnecessary handlebars helpers
• Split commits that add handlebars helpers

[arnaldo2792]

(forced push includes rebase to resolve conflicts)

[arnaldo2792]

Forced push to address one comment about the ecs_metadata_service_limits helper.

[bcressey]

For consistency with the rest of the template, where the defaults are visible, you could pass the defaults here as well, e.g.:

Suggested change

	Environment=ECS_TASK_METADATA_RPS_LIMIT="{{ecs_metadata_service_limits settings.ecs.metadata-service-rps settings.ecs.metadata-service-burst}}"
	Environment=ECS_TASK_METADATA_RPS_LIMIT="{{ecs_metadata_service_limits 40 60 settings.ecs.metadata-service-rps settings.ecs.metadata-service-burst}}"

[arnaldo2792]

Forced push includes:

• Fix description in subpackage for NVIDIA
• Remove unnecessary lines in tmpfiles.d
• Renamed base package to config
• Renamed default variable in helper to fallback

[arnaldo2792]

(Forced push includes a missing fix to rename nvidia to nvidia-config)

[arnaldo2792]

(Forced push to rebase onto develop)