Init Process for AWS for Fluent Bit on ECS #379
Conversation
Dockerfile.init
Outdated
| @@ -0,0 +1,150 @@ | |||
| FROM public.ecr.aws/amazonlinux/amazonlinux:latest as builder | |||
There was a problem hiding this comment.
I don't think we need to fully copy Dockerfile file right? We can reuse the aws-for-fluent-bit container and just copy our init process into it. Same thing as copying aws-for-fluent-bit-plugin into aws-for-fluent-bit container : https://github.com/aws/aws-for-fluent-bit/blob/mainline/load_tests/load_test.py#L117.
There was a problem hiding this comment.
Oh is it because of the entrypoint.sh?
There was a problem hiding this comment.
but we can still skip most of the code here right? like we don't need to build fluent bit, we can just copy the binary for aws-for-fluent-bit container
There was a problem hiding this comment.
Yea make sense. I also plan to continue to improve this part and will try again
fluent-bit-init-entrypoint.sh
Outdated
| @@ -0,0 +1,3 @@ | |||
| ./fluent-bit-init-process | |||
There was a problem hiding this comment.
let's keep fluent-bit-init-xx into one subfolder like init
There was a problem hiding this comment.
Do you think it's a good idea to put all init-related files and folders in one subfolder like fluent-bit-init?
There was a problem hiding this comment.
I think we can just create a folder called init and put all related files under it
fluent-bit-init-process.go
Outdated
|
|
||
| // static paths | ||
| const ( | ||
| s3FileFolderPath = "fluent-bit-init-s3-files" |
There was a problem hiding this comment.
why not do fluent-bit-init-s3-files/ if it is a path?
There was a problem hiding this comment.
Will modify this with above comment. Actually I will modify all paths of files and folders to make them more reasonable
fluent-bit-init-process.go
Outdated
| // static paths | ||
| const ( | ||
| s3FileFolderPath = "fluent-bit-init-s3-files" | ||
| mainConfigFilePath = "fluent-bit-init.conf" |
There was a problem hiding this comment.
nit: I think mainConfigFile and invokerFile is enough
fluent-bit-init-process.go
Outdated
| } | ||
|
|
||
| type ECSTaskMetadata struct { | ||
| AWS_REGION string `json:"AWSRegion"` // AWS region |
There was a problem hiding this comment.
you don't need to comment to an obvious item.. it just seems to write the same thing twice..
There was a problem hiding this comment.
Will delete unnecessary comments..
fluent-bit-init-process.go
Outdated
| err = json.Unmarshal(response, &metadata) | ||
| if err != nil { | ||
| logrus.Warnln(err) | ||
| logrus.Warnln("[FluentBit Init Process] Failed to unmarshal ECS metadata") |
fluent-bit-init-process.go
Outdated
| arn, err := arn.Parse(metadata.ECS_TASK_ARN) | ||
| if err != nil { | ||
| logrus.Warnln(err) | ||
| logrus.Warnln("[FluentBit Init Process] Failed to parse ECS TaskARN") |
fluent-bit-init-process.go
Outdated
| } | ||
|
|
||
| // create a file, when flag is true, the file will be closed automatically after creation | ||
| func createFile(filePath string, AutoClose bool) *os.File { |
There was a problem hiding this comment.
when autoclose will be set to false?
There was a problem hiding this comment.
here
Because s3Downloader need to download content to this file, so it needs to be kept open
There was a problem hiding this comment.
then we will not close it after downloading content?
fluent-bit-init-process_test.go
Outdated
| os.Setenv("ECS_CONTAINER_METADATA_URI_V4", "http://169.254.170.2/v4/50379854-baeb-4b84-9010-dd3fe2df5f20") | ||
|
|
||
| // Test case 1: full metadata | ||
| mockResponse1 := (`{"Cluster":"ygloaTest","TaskARN":"arn:aws:ecs:us-west-2:546265451413:task/ygloaTest/4ca5a280e68947cd84a8357f0d008fb5","Family":"code_test_A","Revision":"35","DesiredStatus":"RUNNING","KnownStatus":"RUNNING","PullStartedAt":"2022-07-06T03:06:45.282195951Z","PullStoppedAt":"2022-07-06T03:06:47.089531338Z","AvailabilityZone":"us-west-2a","LaunchType":"EC2","Containers":[{"DockerId":"8c928beb55e3989caf270cee85835e7f199715ffe44e6d54f5aeb68bf79a275c","Name":"log_router","DockerName":"ecs-code_test_A-35-logrouter-fea8e8aecab7ceeacc01","Image":"546265451413.dkr.ecr.us-west-2.amazonaws.com/ygloa:latest","ImageID":"sha256:bfdcbace4206be5e917ae71648bbb680d8ddc1cf558e60b8aad1e9e5533233a0","Labels":{"com.amazonaws.ecs.cluster":"ygloaTest","com.amazonaws.ecs.container-name":"log_router","com.amazonaws.ecs.task-arn":"arn:aws:ecs:us-west-2:546265451413:task/ygloaTest/4ca5a280e68947cd84a8357f0d008fb5","com.amazonaws.ecs.task-definition-family":"code_test_A","com.amazonaws.ecs.task-definition-version":"35"},"DesiredStatus":"RUNNING","KnownStatus":"RUNNING","Limits":{"CPU":2,"Memory":0},"CreatedAt":"2022-07-06T03:06:45.425156017Z","StartedAt":"2022-07-06T03:06:46.070292719Z","Type":"NORMAL","Volumes":[{"Source":"/var/lib/ecs/deps/execute-command/bin/3.1.1260.0/ssm-session-worker","Destination":"/ecs-execute-command-6de6aecd-5468-4666-9ad9-b1521a24893c/ssm-session-worker"},{"Source":"/var/lib/ecs/deps/execute-command/config/amazon-ssm-agent-ZfC4ex5qAj4jNHNZsam9TbekaQ_EkbnJMsW0hcZEbFI=.json","Destination":"/ecs-execute-command-6de6aecd-5468-4666-9ad9-b1521a24893c/configuration/amazon-ssm-agent.json"},{"Source":"/var/lib/ecs/deps/execute-command/config/seelog-gEZ-TIvHAyOLfMC5wiWRofgDMlDzaCZ6zcswnAoop84=.xml","Destination":"/ecs-execute-command-6de6aecd-5468-4666-9ad9-b1521a24893c/configuration/seelog.xml"},{"Source":"/var/lib/ecs/deps/execute-command/certs/tls-ca-bundle.pem","Destination":"/ecs-execute-command-6de6aecd-5468-4666-9ad9-b1521a24893c/certs/amazon-ssm-agent.crt"},{"Source":"/var/lib/ecs/data/firelens/4ca5a280e68947cd84a8357f0d008fb5/socket","Destination":"/var/run"},{"Source":"/var/lib/ecs/deps/execute-command/bin/3.1.1260.0/amazon-ssm-agent","Destination":"/ecs-execute-command-6de6aecd-5468-4666-9ad9-b1521a24893c/amazon-ssm-agent"},{"Source":"/var/log/ecs/exec/4ca5a280e68947cd84a8357f0d008fb5/log_router","Destination":"/var/log/amazon/ssm"},{"Source":"/var/lib/ecs/data/firelens/4ca5a280e68947cd84a8357f0d008fb5/config/fluent.conf","Destination":"/fluent-bit/etc/fluent-bit.conf"},{"Source":"/var/lib/ecs/deps/execute-command/bin/3.1.1260.0/ssm-agent-worker","Destination":"/ecs-execute-command-6de6aecd-5468-4666-9ad9-b1521a24893c/ssm-agent-worker"}],"LogDriver":"awslogs","LogOptions":{"awslogs-create-group":"true","awslogs-group":"/ecs/code_test_A","awslogs-region":"us-west-2","awslogs-stream":"ecs/log_router/4ca5a280e68947cd84a8357f0d008fb5"},"ContainerARN":"arn:aws:ecs:us-west-2:546265451413:container/ygloaTest/4ca5a280e68947cd84a8357f0d008fb5/cf2297e2-6204-4132-9d7b-6c1cab4c4f8e","Networks":[{"NetworkMode":"bridge","IPv4Addresses":["172.17.0.2"]}]},{"DockerId":"f2eb74ec6624e8f0ed4763f3c1b5dd6da6fc7810d4df83245fe419f28d34cbf4","Name":"app","DockerName":"ecs-code_test_A-35-app-beacfe98d8fabbc01400","Image":"nginx:latest","ImageID":"sha256:55f4b40fe486a5b734b46bb7bf28f52fa31426bf23be068c8e7b19e58d9b8deb","Labels":{"com.amazonaws.ecs.cluster":"ygloaTest","com.amazonaws.ecs.container-name":"app","com.amazonaws.ecs.task-arn":"arn:aws:ecs:us-west-2:546265451413:task/ygloaTest/4ca5a280e68947cd84a8357f0d008fb5","com.amazonaws.ecs.task-definition-family":"code_test_A","com.amazonaws.ecs.task-definition-version":"35"},"DesiredStatus":"RUNNING","KnownStatus":"RUNNING","Limits":{"CPU":2,"Memory":0},"CreatedAt":"2022-07-06T03:06:47.103306928Z","StartedAt":"2022-07-06T03:06:47.757888246Z","Type":"NORMAL","Volumes":[{"Source":"/var/lib/ecs/deps/execute-command/config/seelog-gEZ-TIvHAyOLfMC5wiWRofgDMlDzaCZ6zcswnAoop84=.xml","Destination":"/ecs-execute-command-64f2d8e8-ca2d-443b-b9b1-1410aee62888/configuration/seelog.xml"},{"Source":"/var/lib/ecs/deps/execute-command/certs/tls-ca-bundle.pem","Destination":"/ecs-execute-command-64f2d8e8-ca2d-443b-b9b1-1410aee62888/certs/amazon-ssm-agent.crt"},{"Source":"/var/log/ecs/exec/4ca5a280e68947cd84a8357f0d008fb5/app","Destination":"/var/log/amazon/ssm"},{"Source":"/var/lib/ecs/deps/execute-command/bin/3.1.1260.0/amazon-ssm-agent","Destination":"/ecs-execute-command-64f2d8e8-ca2d-443b-b9b1-1410aee62888/amazon-ssm-agent"},{"Source":"/var/lib/ecs/deps/execute-command/bin/3.1.1260.0/ssm-agent-worker","Destination":"/ecs-execute-command-64f2d8e8-ca2d-443b-b9b1-1410aee62888/ssm-agent-worker"},{"Source":"/var/lib/ecs/deps/execute-command/bin/3.1.1260.0/ssm-session-worker","Destination":"/ecs-execute-command-64f2d8e8-ca2d-443b-b9b1-1410aee62888/ssm-session-worker"},{"Source":"/var/lib/ecs/deps/execute-command/config/amazon-ssm-agent-ZfC4ex5qAj4jNHNZsam9TbekaQ_EkbnJMsW0hcZEbFI=.json","Destination":"/ecs-execute-command-64f2d8e8-ca2d-443b-b9b1-1410aee62888/configuration/amazon-ssm-agent.json"}],"LogDriver":"awsfirelens","LogOptions":{"Name":"cloudwatch","auto_create_group":"true","log_group_name":"/aws/ecs/containerinsights/$(ecs_cluster)/app_ygloa","log_stream_name":"$(ecs_task_id)","region":"us-west-2","retry_limit":"2"},"ContainerARN":"arn:aws:ecs:us-west-2:546265451413:container/ygloaTest/4ca5a280e68947cd84a8357f0d008fb5/65feb143-c5a1-4bcf-b524-0953a02524bf","Networks":[{"NetworkMode":"bridge","IPv4Addresses":["172.17.0.3"]}]}]}`) |
There was a problem hiding this comment.
we can change the name to be more generate or official rather than using our alias. Like Cluster:ecs-cluster
fluent-bit-init-process_test.go
Outdated
| @@ -0,0 +1,295 @@ | |||
| package main | |||
|
|
|||
There was a problem hiding this comment.
for name, let' do all - or _ to keep consistent
There was a problem hiding this comment.
Hmm.. it's because Go unit test file must end with _test.go
There was a problem hiding this comment.
I see. Then I would prefer all _
Thank you for your comments on this PR! |
init/fluent_bit_init_process.go
Outdated
| func createS3ConfigFileFolder(folderPath string) { | ||
| os.Mkdir(folderPath, os.ModePerm) | ||
| os.Mkdir(folderPath, 0777) |
There was a problem hiding this comment.
All file permissions like this will be reconfirmed
.gitignore
Outdated
| @@ -1,2 +1,3 @@ | |||
| bin | |||
| integ/out | |||
| .DS_Store | |||
There was a problem hiding this comment.
I am not sure if we need this file. Need to confirm with @PettitWesley . Normally I just don't git add these files
Dockerfile.init
Outdated
| @@ -0,0 +1,30 @@ | |||
| FROM public.ecr.aws/amazonlinux/amazonlinux:latest as fluent-bit-initer | |||
There was a problem hiding this comment.
nit: initer sounds weird to me. I prefer builder or init-builder
There was a problem hiding this comment.
Will modify all these names
| RUN go mod init fluent_bit_init_process \ | ||
| && go mod tidy \ | ||
| && go build fluent_bit_init_process.go | ||
|
|
There was a problem hiding this comment.
you should not run go mod commands inside of a build script IMO/AFAIK. The go.mod and go.sum files are generally committed to the source control in most projects I have seen and this helps ensure all build use the same versions of dependencies.
There was a problem hiding this comment.
Yea, I changed it to copy go.mod and go.sum from our repo instead of creating a new one
init/fluent_bit_init_entrypoint.sh
Outdated
| @@ -0,0 +1,3 @@ | |||
| ./init/fluent_bit_init_process | |||
| cat /init/fluent-bit-init.conf | |||
| source /init/fluent-bit-invoker.sh | |||
There was a problem hiding this comment.
nit: invoker sounds weird to me. I prefer /init/init.sh
init/fluent_bit_init_process.go
Outdated
| s3FileFolderPath = "/init/fluent-bit-init-s3-files/" | ||
| mainConfigFile = "/init/fluent-bit-init.conf" | ||
| originalMainConfigFile = "/fluent-bit/etc/fluent-bit.conf" | ||
| invokerFile = "/init/fluent-bit-invoker.sh" |
There was a problem hiding this comment.
nit: naming issue as above
init/fluent_bit_init_process.go
Outdated
| envKey = string(env_kv[0]) | ||
| envValue = string(env_kv[1]) | ||
|
|
||
| matched_s3, _ := regexp.MatchString("aws_fluent_bit_s3_", envKey) |
There was a problem hiding this comment.
Based on discussion, let's change this to aws_fluent_bit_init_s3 and aws_fluent_bit_init_file
There was a problem hiding this comment.
And both aws_fluent_bit_init_s3 and aws_fluent_bit_init_S3 will be accepted as config files from S3.
I think it would be more helpful here not to use case sensitivity, customers may not be concerned about the way s3 or S3 is written
Galaoaoa
force-pushed
the
ygloa-initProcess-PR3
branch
from
a74937c to
5df678f
Compare
|
Update
|
| RUN /bin/gimme 1.17.9 | ||
| ENV PATH ${PATH}:/home/.gimme/versions/go1.17.9.linux.arm64/bin:/home/.gimme/versions/go1.17.9.linux.amd64/bin |
There was a problem hiding this comment.
Can we try not to hardcode the go version since This always need to be upgraded.
Not 100% if it works but can you verify if it's possible to use
gimme stable
to install go?
Official doc: https://github.com/travis-ci/gimme
There was a problem hiding this comment.
I've tried switching to the stable version, but this prevents me from setting the PATH for the go command in the Dockerfile..
Using 1.17.9 is because other Dockerfiles in our repo used this version
| metadataReigon string = "" | ||
| ) | ||
|
|
||
| // HTTPClient interface |
There was a problem hiding this comment.
useless comment, could remove
There was a problem hiding this comment.
actually go lint will require a comment for structures... preferably more descriptive than this but this is the minimum needed to pass the linter
There was a problem hiding this comment.
For these interfaces, I think they are useless comments. And maybe we can discuss a standard for our team's code comments, although this is not a very important thing for this moment..
| Get(url string) (*http.Response, error) | ||
| } | ||
|
|
||
| // S3Downloader interface |
There was a problem hiding this comment.
useless comment, could remove.
There was a problem hiding this comment.
See my comment on HTTPClient
| fileFromS3 := createFile(s3FileFolder+s3FileName[len(s3FileName)-1], false) | ||
| defer fileFromS3.Close() | ||
|
|
||
| _, err := s3Downloader.Download(fileFromS3, |
There was a problem hiding this comment.
Do we need to consider retry is download from S3 fail for once?
There was a problem hiding this comment.
Check the docs, I think the downloader may have some setting to auto-add retries.
There was a problem hiding this comment.
Already modified. Thanks!
init/fluent_bit_init_process.go
Outdated
| httpClient := createHTTPClient() | ||
| metadata := getECSTaskMetadata(httpClient) | ||
| metadataReigon = reflect.ValueOf(metadata).Field(0).Interface().(string) | ||
|
|
There was a problem hiding this comment.
I like the format in main(), it's clean and in good shape.
These three lines could be optimized to only one function like others in main() as well.
and move these three lines into that function outside of main().
There was a problem hiding this comment.
Writing them out for unit testing, has removed metadataReigon from the main().
But I think I still have to keep the other two..
Dockerfile.init
Outdated
|
|
||
| RUN curl -sL -o /bin/gimme https://raw.githubusercontent.com/travis-ci/gimme/master/gimme | ||
| RUN chmod +x /bin/gimme | ||
| RUN yum upgrade -y && yum install -y tar gzip git make gcc |
There was a problem hiding this comment.
do we need all of these packages?
There was a problem hiding this comment.
After verification, tar gzip git are required. Already removed make gcc. Thanks for this reminder~
init/fluent_bit_init_process.go
Outdated
| envKey = string(env_kv[0]) | ||
| envValue = string(env_kv[1]) | ||
|
|
||
| matched_s3, _ := regexp.MatchString("aws_fluent_bit_init_s3", envKey) |
There was a problem hiding this comment.
you can just make it case-insensitive here: https://stackoverflow.com/questions/15326421/how-do-i-do-a-case-insensitive-regular-expression-in-go. as well as file/File maybe
There was a problem hiding this comment.
Already modified. Thank you for this advice
init/fluent_bit_init_process.go
Outdated
|
|
||
| func processConfigFile(path string) { | ||
|
|
||
| content_b, err := ioutil.ReadFile(path) |
There was a problem hiding this comment.
what does content_b mean? Avoid to use meaningless name
There was a problem hiding this comment.
I think its always better to do full names if needed: contentBytes
init/fluent_bit_init_process.go
Outdated
| exists3Client bool = false | ||
|
|
||
| // global ecs metadata region | ||
| metadataReigon string = "" |
init/fluent_bit_init_process.go
Outdated
|
|
||
| // global s3 client and flag | ||
| s3Client *s3.S3 | ||
| exists3Client bool = false |
There was a problem hiding this comment.
Actually, s3ClientExists or s3ClientCreated would be more idiomatic I think... this fits what I've seem from other go programmers, if you have a bool, you use works like has or is or something else, but you put it in the variable name in a way that fits how you'd say it out loud in english, so hass3Client but that sounds weird to me... I prefer s3ClientCreated since its readable is exactly what you mean- has the S3 client been created or not yet?
There was a problem hiding this comment.
Already modified this variable name. Thanks for advice
init/fluent_bit_init_process.go
Outdated
| } | ||
| } | ||
|
|
||
| func processS3ConfigFiles(folderPath string) { |
There was a problem hiding this comment.
I don't think it is needed. In function getAllConfigFiles(), from line 166, you can directly do:
if s3 {
download S3;
return filePath;
}
processConfigFile(filePath);
This function is very similar to processConfigFile
There was a problem hiding this comment.
Then you don't need to use one extra function to create a s3Folder, you can just save all S3 files in one path which shares the same prefix. I remember the command will automatically create one path or find that path and create the file.
There was a problem hiding this comment.
For the first comment, thanks for this advice. Reuse processConfigFile() and delete processS3ConfigFiles() makes my code more concise
For the second comment, after trying, os.Create cannot create a file in a non-existent folder, which means I need create this folder first..
There was a problem hiding this comment.
for #2, I think you can have a function for it.
// create a file from a specific path
func create(p string) (*os.File, error) {
if err := os.MkdirAll(filepath.Dir(p), 0600); err != nil {
return nil, err
}
return os.Create(p)
}
I believe above should work? it will check if it needs to create a directory and then create the file
There was a problem hiding this comment.
I think it should work, will try it later, thanks
init/fluent_bit_init_process.go
Outdated
| // add @INCLUDE in main config file to include original main config file | ||
| writeInclude(originalMainConfigFile, mainConfigFile) | ||
|
|
||
| // create Fluent Bit command to use "-R" to specify new main config file |
init/fluent_bit_init_process_test.go
Outdated
| os.Setenv("ECS_CONTAINER_METADATA_URI_V4", "http://169.254.170.2/v4/50379854-baeb-4b84-9010-dd3fe2df5f20") | ||
|
|
||
| // Test case 1: full metadata | ||
| mockResponse1 := (`{"Cluster":"ecs-cluster","TaskARN":"arn:aws:ecs:us-west-2:546265451413:task/ecs-cluster/4ca5a280e68947cd84a8357f0d008fb5","Family":"code_test_A","Revision":"35","DesiredStatus":"RUNNING","KnownStatus":"RUNNING","PullStartedAt":"2022-07-06T03:06:45.282195951Z","PullStoppedAt":"2022-07-06T03:06:47.089531338Z","AvailabilityZone":"us-west-2a","LaunchType":"EC2","Containers":[{"DockerId":"8c928beb55e3989caf270cee85835e7f199715ffe44e6d54f5aeb68bf79a275c","Name":"log_router","DockerName":"ecs-code_test_A-35-logrouter-fea8e8aecab7ceeacc01","Image":"546265451413.dkr.ecr.us-west-2.amazonaws.com/ygloa:latest","ImageID":"sha256:bfdcbace4206be5e917ae71648bbb680d8ddc1cf558e60b8aad1e9e5533233a0","Labels":{"com.amazonaws.ecs.cluster":"ecs-cluster","com.amazonaws.ecs.container-name":"log_router","com.amazonaws.ecs.task-arn":"arn:aws:ecs:us-west-2:546265451413:task/ecs-cluster/4ca5a280e68947cd84a8357f0d008fb5","com.amazonaws.ecs.task-definition-family":"code_test_A","com.amazonaws.ecs.task-definition-version":"35"},"DesiredStatus":"RUNNING","KnownStatus":"RUNNING","Limits":{"CPU":2,"Memory":0},"CreatedAt":"2022-07-06T03:06:45.425156017Z","StartedAt":"2022-07-06T03:06:46.070292719Z","Type":"NORMAL","Volumes":[{"Source":"/var/lib/ecs/deps/execute-command/bin/3.1.1260.0/ssm-session-worker","Destination":"/ecs-execute-command-6de6aecd-5468-4666-9ad9-b1521a24893c/ssm-session-worker"},{"Source":"/var/lib/ecs/deps/execute-command/config/amazon-ssm-agent-ZfC4ex5qAj4jNHNZsam9TbekaQ_EkbnJMsW0hcZEbFI=.json","Destination":"/ecs-execute-command-6de6aecd-5468-4666-9ad9-b1521a24893c/configuration/amazon-ssm-agent.json"},{"Source":"/var/lib/ecs/deps/execute-command/config/seelog-gEZ-TIvHAyOLfMC5wiWRofgDMlDzaCZ6zcswnAoop84=.xml","Destination":"/ecs-execute-command-6de6aecd-5468-4666-9ad9-b1521a24893c/configuration/seelog.xml"},{"Source":"/var/lib/ecs/deps/execute-command/certs/tls-ca-bundle.pem","Destination":"/ecs-execute-command-6de6aecd-5468-4666-9ad9-b1521a24893c/certs/amazon-ssm-agent.crt"},{"Source":"/var/lib/ecs/data/firelens/4ca5a280e68947cd84a8357f0d008fb5/socket","Destination":"/var/run"},{"Source":"/var/lib/ecs/deps/execute-command/bin/3.1.1260.0/amazon-ssm-agent","Destination":"/ecs-execute-command-6de6aecd-5468-4666-9ad9-b1521a24893c/amazon-ssm-agent"},{"Source":"/var/log/ecs/exec/4ca5a280e68947cd84a8357f0d008fb5/log_router","Destination":"/var/log/amazon/ssm"},{"Source":"/var/lib/ecs/data/firelens/4ca5a280e68947cd84a8357f0d008fb5/config/fluent.conf","Destination":"/fluent-bit/etc/fluent-bit.conf"},{"Source":"/var/lib/ecs/deps/execute-command/bin/3.1.1260.0/ssm-agent-worker","Destination":"/ecs-execute-command-6de6aecd-5468-4666-9ad9-b1521a24893c/ssm-agent-worker"}],"LogDriver":"awslogs","LogOptions":{"awslogs-create-group":"true","awslogs-group":"/ecs/code_test_A","awslogs-region":"us-west-2","awslogs-stream":"ecs/log_router/4ca5a280e68947cd84a8357f0d008fb5"},"ContainerARN":"arn:aws:ecs:us-west-2:546265451413:container/ecs-cluster/4ca5a280e68947cd84a8357f0d008fb5/cf2297e2-6204-4132-9d7b-6c1cab4c4f8e","Networks":[{"NetworkMode":"bridge","IPv4Addresses":["172.17.0.2"]}]},{"DockerId":"f2eb74ec6624e8f0ed4763f3c1b5dd6da6fc7810d4df83245fe419f28d34cbf4","Name":"app","DockerName":"ecs-code_test_A-35-app-beacfe98d8fabbc01400","Image":"nginx:latest","ImageID":"sha256:55f4b40fe486a5b734b46bb7bf28f52fa31426bf23be068c8e7b19e58d9b8deb","Labels":{"com.amazonaws.ecs.cluster":"ecs-cluster","com.amazonaws.ecs.container-name":"app","com.amazonaws.ecs.task-arn":"arn:aws:ecs:us-west-2:546265451413:task/ecs-cluster/4ca5a280e68947cd84a8357f0d008fb5","com.amazonaws.ecs.task-definition-family":"code_test_A","com.amazonaws.ecs.task-definition-version":"35"},"DesiredStatus":"RUNNING","KnownStatus":"RUNNING","Limits":{"CPU":2,"Memory":0},"CreatedAt":"2022-07-06T03:06:47.103306928Z","StartedAt":"2022-07-06T03:06:47.757888246Z","Type":"NORMAL","Volumes":[{"Source":"/var/lib/ecs/deps/execute-command/config/seelog-gEZ-TIvHAyOLfMC5wiWRofgDMlDzaCZ6zcswnAoop84=.xml","Destination":"/ecs-execute-command-64f2d8e8-ca2d-443b-b9b1-1410aee62888/configuration/seelog.xml"},{"Source":"/var/lib/ecs/deps/execute-command/certs/tls-ca-bundle.pem","Destination":"/ecs-execute-command-64f2d8e8-ca2d-443b-b9b1-1410aee62888/certs/amazon-ssm-agent.crt"},{"Source":"/var/log/ecs/exec/4ca5a280e68947cd84a8357f0d008fb5/app","Destination":"/var/log/amazon/ssm"},{"Source":"/var/lib/ecs/deps/execute-command/bin/3.1.1260.0/amazon-ssm-agent","Destination":"/ecs-execute-command-64f2d8e8-ca2d-443b-b9b1-1410aee62888/amazon-ssm-agent"},{"Source":"/var/lib/ecs/deps/execute-command/bin/3.1.1260.0/ssm-agent-worker","Destination":"/ecs-execute-command-64f2d8e8-ca2d-443b-b9b1-1410aee62888/ssm-agent-worker"},{"Source":"/var/lib/ecs/deps/execute-command/bin/3.1.1260.0/ssm-session-worker","Destination":"/ecs-execute-command-64f2d8e8-ca2d-443b-b9b1-1410aee62888/ssm-session-worker"},{"Source":"/var/lib/ecs/deps/execute-command/config/amazon-ssm-agent-ZfC4ex5qAj4jNHNZsam9TbekaQ_EkbnJMsW0hcZEbFI=.json","Destination":"/ecs-execute-command-64f2d8e8-ca2d-443b-b9b1-1410aee62888/configuration/amazon-ssm-agent.json"}],"LogDriver":"awsfirelens","LogOptions":{"Name":"cloudwatch","auto_create_group":"true","log_group_name":"/aws/ecs/containerinsights/$(ecs_cluster)/app_ygloa","log_stream_name":"$(ecs_task_id)","region":"us-west-2","retry_limit":"2"},"ContainerARN":"arn:aws:ecs:us-west-2:546265451413:container/ecs-cluster/4ca5a280e68947cd84a8357f0d008fb5/65feb143-c5a1-4bcf-b524-0953a02524bf","Networks":[{"NetworkMode":"bridge","IPv4Addresses":["172.17.0.3"]}]}]}`) |
There was a problem hiding this comment.
I think this line is too long.. you can skip some useless parts.
There was a problem hiding this comment.
Actually I used ECS Exec specifically to get this real response for testing..
I want to keep this because real test cases are more likely to find potential bugs, and this will be useful for further testing. If we change the Metadate structure future, we can still use this test case to test it
There was a problem hiding this comment.
Then I prefer you put the two long responses in one place like in the very beginning as const. It is too long to see here
There was a problem hiding this comment.
Yea already modified~
init/fluent_bit_init_process_test.go
Outdated
| assert.Equal(t, actualOutput1, expectedOutput1) | ||
|
|
||
| // Test case 2: Task launch type will be an empty string if container agent is under version 1.45.0 | ||
| mockResponse2 := (`{"Cluster":"ecs-cluster","TaskARN":"arn:aws:ecs:us-west-2:546265451413:task/ecs-cluster/4ca5a280e68947cd84a8357f0d008fb5","Family":"code_test_A","Revision":"35","DesiredStatus":"RUNNING","KnownStatus":"RUNNING","PullStartedAt":"2022-07-06T03:06:45.282195951Z","PullStoppedAt":"2022-07-06T03:06:47.089531338Z","AvailabilityZone":"us-west-2a","Containers":[{"DockerId":"8c928beb55e3989caf270cee85835e7f199715ffe44e6d54f5aeb68bf79a275c","Name":"log_router","DockerName":"ecs-code_test_A-35-logrouter-fea8e8aecab7ceeacc01","Image":"546265451413.dkr.ecr.us-west-2.amazonaws.com/ygloa:latest","ImageID":"sha256:bfdcbace4206be5e917ae71648bbb680d8ddc1cf558e60b8aad1e9e5533233a0","Labels":{"com.amazonaws.ecs.cluster":"ecs-cluster","com.amazonaws.ecs.container-name":"log_router","com.amazonaws.ecs.task-arn":"arn:aws:ecs:us-west-2:546265451413:task/ecs-cluster/4ca5a280e68947cd84a8357f0d008fb5","com.amazonaws.ecs.task-definition-family":"code_test_A","com.amazonaws.ecs.task-definition-version":"35"},"DesiredStatus":"RUNNING","KnownStatus":"RUNNING","Limits":{"CPU":2,"Memory":0},"CreatedAt":"2022-07-06T03:06:45.425156017Z","StartedAt":"2022-07-06T03:06:46.070292719Z","Type":"NORMAL","Volumes":[{"Source":"/var/lib/ecs/deps/execute-command/bin/3.1.1260.0/ssm-session-worker","Destination":"/ecs-execute-command-6de6aecd-5468-4666-9ad9-b1521a24893c/ssm-session-worker"},{"Source":"/var/lib/ecs/deps/execute-command/config/amazon-ssm-agent-ZfC4ex5qAj4jNHNZsam9TbekaQ_EkbnJMsW0hcZEbFI=.json","Destination":"/ecs-execute-command-6de6aecd-5468-4666-9ad9-b1521a24893c/configuration/amazon-ssm-agent.json"},{"Source":"/var/lib/ecs/deps/execute-command/config/seelog-gEZ-TIvHAyOLfMC5wiWRofgDMlDzaCZ6zcswnAoop84=.xml","Destination":"/ecs-execute-command-6de6aecd-5468-4666-9ad9-b1521a24893c/configuration/seelog.xml"},{"Source":"/var/lib/ecs/deps/execute-command/certs/tls-ca-bundle.pem","Destination":"/ecs-execute-command-6de6aecd-5468-4666-9ad9-b1521a24893c/certs/amazon-ssm-agent.crt"},{"Source":"/var/lib/ecs/data/firelens/4ca5a280e68947cd84a8357f0d008fb5/socket","Destination":"/var/run"},{"Source":"/var/lib/ecs/deps/execute-command/bin/3.1.1260.0/amazon-ssm-agent","Destination":"/ecs-execute-command-6de6aecd-5468-4666-9ad9-b1521a24893c/amazon-ssm-agent"},{"Source":"/var/log/ecs/exec/4ca5a280e68947cd84a8357f0d008fb5/log_router","Destination":"/var/log/amazon/ssm"},{"Source":"/var/lib/ecs/data/firelens/4ca5a280e68947cd84a8357f0d008fb5/config/fluent.conf","Destination":"/fluent-bit/etc/fluent-bit.conf"},{"Source":"/var/lib/ecs/deps/execute-command/bin/3.1.1260.0/ssm-agent-worker","Destination":"/ecs-execute-command-6de6aecd-5468-4666-9ad9-b1521a24893c/ssm-agent-worker"}],"LogDriver":"awslogs","LogOptions":{"awslogs-create-group":"true","awslogs-group":"/ecs/code_test_A","awslogs-region":"us-west-2","awslogs-stream":"ecs/log_router/4ca5a280e68947cd84a8357f0d008fb5"},"ContainerARN":"arn:aws:ecs:us-west-2:546265451413:container/ecs-cluster/4ca5a280e68947cd84a8357f0d008fb5/cf2297e2-6204-4132-9d7b-6c1cab4c4f8e","Networks":[{"NetworkMode":"bridge","IPv4Addresses":["172.17.0.2"]}]},{"DockerId":"f2eb74ec6624e8f0ed4763f3c1b5dd6da6fc7810d4df83245fe419f28d34cbf4","Name":"app","DockerName":"ecs-code_test_A-35-app-beacfe98d8fabbc01400","Image":"nginx:latest","ImageID":"sha256:55f4b40fe486a5b734b46bb7bf28f52fa31426bf23be068c8e7b19e58d9b8deb","Labels":{"com.amazonaws.ecs.cluster":"ecs-cluster","com.amazonaws.ecs.container-name":"app","com.amazonaws.ecs.task-arn":"arn:aws:ecs:us-west-2:546265451413:task/ecs-cluster/4ca5a280e68947cd84a8357f0d008fb5","com.amazonaws.ecs.task-definition-family":"code_test_A","com.amazonaws.ecs.task-definition-version":"35"},"DesiredStatus":"RUNNING","KnownStatus":"RUNNING","Limits":{"CPU":2,"Memory":0},"CreatedAt":"2022-07-06T03:06:47.103306928Z","StartedAt":"2022-07-06T03:06:47.757888246Z","Type":"NORMAL","Volumes":[{"Source":"/var/lib/ecs/deps/execute-command/config/seelog-gEZ-TIvHAyOLfMC5wiWRofgDMlDzaCZ6zcswnAoop84=.xml","Destination":"/ecs-execute-command-64f2d8e8-ca2d-443b-b9b1-1410aee62888/configuration/seelog.xml"},{"Source":"/var/lib/ecs/deps/execute-command/certs/tls-ca-bundle.pem","Destination":"/ecs-execute-command-64f2d8e8-ca2d-443b-b9b1-1410aee62888/certs/amazon-ssm-agent.crt"},{"Source":"/var/log/ecs/exec/4ca5a280e68947cd84a8357f0d008fb5/app","Destination":"/var/log/amazon/ssm"},{"Source":"/var/lib/ecs/deps/execute-command/bin/3.1.1260.0/amazon-ssm-agent","Destination":"/ecs-execute-command-64f2d8e8-ca2d-443b-b9b1-1410aee62888/amazon-ssm-agent"},{"Source":"/var/lib/ecs/deps/execute-command/bin/3.1.1260.0/ssm-agent-worker","Destination":"/ecs-execute-command-64f2d8e8-ca2d-443b-b9b1-1410aee62888/ssm-agent-worker"},{"Source":"/var/lib/ecs/deps/execute-command/bin/3.1.1260.0/ssm-session-worker","Destination":"/ecs-execute-command-64f2d8e8-ca2d-443b-b9b1-1410aee62888/ssm-session-worker"},{"Source":"/var/lib/ecs/deps/execute-command/config/amazon-ssm-agent-ZfC4ex5qAj4jNHNZsam9TbekaQ_EkbnJMsW0hcZEbFI=.json","Destination":"/ecs-execute-command-64f2d8e8-ca2d-443b-b9b1-1410aee62888/configuration/amazon-ssm-agent.json"}],"LogDriver":"awsfirelens","LogOptions":{"Name":"cloudwatch","auto_create_group":"true","log_group_name":"/aws/ecs/containerinsights/$(ecs_cluster)/app_ygloa","log_stream_name":"$(ecs_task_id)","region":"us-west-2","retry_limit":"2"},"ContainerARN":"arn:aws:ecs:us-west-2:546265451413:container/ecs-cluster/4ca5a280e68947cd84a8357f0d008fb5/65feb143-c5a1-4bcf-b524-0953a02524bf","Networks":[{"NetworkMode":"bridge","IPv4Addresses":["172.17.0.3"]}]}]}`) |
init/fluent_bit_init_process.go
Outdated
|
|
||
| // process all config files in S3 config file folder | ||
| // add @INCLUDE in main config file and change the fluent bit command if it's a Parser config file | ||
| processS3ConfigFiles(s3FileFolderPath) |
There was a problem hiding this comment.
I don't think line 385 and 394 is needed. See my comment in line 285
Makefile
Outdated
| @@ -17,6 +17,7 @@ all: release | |||
| release: | |||
| docker build --no-cache -t aws-fluent-bit-plugins:latest -f Dockerfile.plugins . | |||
| docker build -t amazon/aws-for-fluent-bit:latest -f Dockerfile . | |||
| docker build -t amazon/aws-for-fluent-bit-init:latest -f Dockerfile.init . | |||
There was a problem hiding this comment.
I thought/think the image should be amazon/aws-for-fluent-bit:latest-init or amazon/aws-for-fluent-bit:init-latest.
Building the image with this tag: amazon/aws-for-fluent-bit-init implies that we have a Docker Hub repo with that name. But we do not. I beleive we are planning to push these images to the same repos as we use for the non-init image right? And thus only the tag is different. So the same hsould be true in our build script IMO.
There was a problem hiding this comment.
Can we create a new Docker Hub repo for init images? Helps to manage new images more clearly and without affecting the original image.
I think if we naming it as amazon/aws-for-fluent-bit:latest-init, we also need to add different version numbers in the future, which can be very confusing like amazon/aws-for-fluent-bit:init-amd64-2.26.0? Tag will be too long and it is a different style from the original image..
There was a problem hiding this comment.
So unfortunately creating a new Docker Hub repo is a whole big process... also while I understand the tag becomes very long, I also think its better if all AWS for Fluent Bit images are in one repo if possible.
A good example of long tags is fluentd repo which has tons of tags: https://hub.docker.com/r/fluent/fluentd/tags
There was a problem hiding this comment.
Yea I already discussed this with @zhonghui12 .
Understand to create a new Docker Hub repo will be a big process..
We finally decided to use same repo and these tags:
amazon/aws-for-fluent-bit:init-latest
amazon/aws-for-fluent-bit:init-2.26.0
amazon/aws-for-fluent-bit:init-amd64-2.26.0
init/fluent_bit_init_entrypoint.sh
Outdated
| @@ -0,0 +1,3 @@ | |||
| ./init/fluent_bit_init_process | |||
| cat /init/fluent-bit-init.conf | |||
There was a problem hiding this comment.
Why cat the file in entrypoint? This means it will be printed to the users log... which isn't bad but its also not really needed... and the user can get Fluent Bit to output all registered plugins if htey run it with debug logging...
There was a problem hiding this comment.
This came from a discussion with Bingfeng, he asked me how customer can quickly know which config files they are using.. Maybe using cat here is not suitable. Will delete
init/fluent_bit_init_process.go
Outdated
| // default Fluent Bit command | ||
| fluentBitCommand = "exec /fluent-bit/bin/fluent-bit -e /fluent-bit/firehose.so -e /fluent-bit/cloudwatch.so -e /fluent-bit/kinesis.so" |
There was a problem hiding this comment.
nit: I think "base command" is a better way to describe this since you start with it and add to it
| ECS_REVISION string `json:"Revision"` // Revision number | ||
| ECS_TASK_DEFINITION string `json:"TaskDefinition"` // TaskDefinition = "family:revision" |
There was a problem hiding this comment.
Hmm why do we give folks one with just revision, and one with "family:revision", but not just family?? Can we add that please. Since we do not have service name available, family (without the revision, since that changes a lot) is commonly used to replace service name.
There was a problem hiding this comment.
init/fluent_bit_init_process.go
Outdated
| func createHTTPClient() HTTPClient { | ||
| client := &http.Client{} | ||
| return client | ||
| } |
There was a problem hiding this comment.
nit: since this function is only one line, it does not really provide for code organization I think... you could replace the one line call to this function with the one line to create the client.
init/fluent_bit_init_process.go
Outdated
|
|
||
| // get ECS Task Metadata via endpoint V4 | ||
| func getECSTaskMetadata(httpClient HTTPClient) ECSTaskMetadata { | ||
|
|
There was a problem hiding this comment.
nit: newline at beginning of function
init/fluent_bit_init_process.go
Outdated
|
|
||
| response, err := ioutil.ReadAll(res.Body) | ||
| if err != nil { | ||
| logrus.Fatalf("[FluentBit Init Process] Failed to read HTTP response: %s\n", err) |
There was a problem hiding this comment.
nit: might be more clear to users if its: Failed to read ECS metadata HTTP response.
init/fluent_bit_init_process.go
Outdated
| output, err := s3Client.GetBucketLocation(input) | ||
| if err != nil { | ||
| logrus.Errorln(err) | ||
| logrus.Fatalf("[FluentBit Init Process] Cannot get bucket region of %s + %s", bucketName, s3FilePath) |
There was a problem hiding this comment.
So this has some limitations which users often run into:
To use this implementation of the operation, you must be the bucket owner.
https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLocation.html
We should probably put this in our error message
init/fluent_bit_init_process.go
Outdated
| // create a folder to store S3 config files user specified (download them from S3) | ||
| func createS3ConfigFileFolder(folderPath string) { | ||
| os.Mkdir(folderPath, 0700) |
There was a problem hiding this comment.
nit: in code, it is preferable IMO to use "directory" instead of folder. Directory is the old unix term, folder came around once we had GUIs.
There was a problem hiding this comment.
Yea, already modified. Will pay attention when writing code in the future
|
Update
|
Galaoaoa
force-pushed
the
ygloa-initProcess-PR3
branch
2 times, most recently
from
115db8d to
3555a3a
Compare
|
Update
|
init/fluent_bit_init_process_test.go
Outdated
| defer os.RemoveAll(s3FileDirectoryPathTest) | ||
|
|
||
| s3FilePath := "ygloa/files/aaa.conf" | ||
| bucketName := "ygloaBucket" |
There was a problem hiding this comment.
please update the username here
There was a problem hiding this comment.
already removed Alias in the unit test, thank you!
Galaoaoa
force-pushed
the
ygloa-initProcess-PR3
branch
from
35ecfa4 to
128faf0
Compare
Description
Users can build the new image
amazon/aws-for-fluent-bit-init:latestand original imageamazon/aws-for-fluent-bit:latestas the same time by using the commandmake releaseChanges from last PR
Code Style
Unit Test
fluent_bit_init_process_test.goDockerfile
Dockerfile.initDetails of comparison with
aws/aws-for-fluent-bit @ mainlineChange
MakefileChange the
make releasecommand, adddocker build -t amazon/aws-for-fluent-bit-init:latest -f Dockerfile.init .After executing themake releasecommand, will also build the imageamazon/aws-for-fluent-bit-init:latestCreate
Dockerfile.initThis Dockerfile will build the new image
amazon/aws-for-fluent-bit-init:latestwhich include init process and finally executefluent_bit_init_entrypoint.shCreate
initfolderThis folder is used to store files related to the init process (following three files)
Create
fluent_bit_init_entrypoint.shThis file is used to run init process binary and run
fluent-bit-invoker.sh, which will execute export command to set ECS Metadata, and finally invoke Fluent BitCreate
fluent_bit_init_process.goThis file is the code which used to achieve the desired init process functions
Create
fluent_bit_init_process_test.goThis file is the code of Unit Test for
fluent_bit_init_process.goTests already performed
Run image on ECS
Without any user specified environment variables. Same effect as using the original image
Add a Dummy Input config file via setting environment variables. Main config file is changed as expected
Add a Dummy Input config file, a Parser config file and a related Filter config file via setting environment variables. Main config file is changed as expected, the Fluent Bit Command is changed as expected
Add a Dummy Input config file, a Parser config file, a related Filter config file, a S3 Output config file, a stdout Output config file via setting environment variables. Main config file is changed as expected, the Fluent Bit Command is changed as expected. Can receive the log in the container and S3
Run image locally
[FluentBit Init Process] Unable to get ECS Metadata, ignore this warning if not running on ECS