Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(runner): allow linux starter-runner script to retrieve labels without with IMDSv2 tags option #2764

Merged
merged 13 commits into from
Mar 10, 2023
7 changes: 7 additions & 0 deletions examples/multi-runner/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,13 @@ module "multi-runner" {
fifo = true
delay_webhook_event = 0
runner_config = {
# Test retrieving tag information via AWS API (Cli)
runner_metadata_options = {
instance_metadata_tags = "disabled"
http_endpoint = "enabled"
http_tokens = "optional"
http_put_response_hop_limit = 1
}
runner_os = "linux"
runner_architecture = "x64"
create_service_linked_role_spot = true
Expand Down
6 changes: 4 additions & 2 deletions modules/runners/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -144,8 +144,10 @@ resource "aws_launch_template" "runner" {
S3_LOCATION_RUNNER_DISTRIBUTION = local.s3_location_runner_distribution
RUNNER_ARCHITECTURE = var.runner_architecture
})
post_install = var.userdata_post_install
start_runner = templatefile(local.userdata_start_runner[var.runner_os], {})
post_install = var.userdata_post_install
start_runner = templatefile(local.userdata_start_runner[var.runner_os], {
metadata_tags = var.metadata_options != null ? var.metadata_options.instance_metadata_tags : "enabled"
})
ghes_url = var.ghes_url
ghes_ssl_verify = var.ghes_ssl_verify

Expand Down
14 changes: 11 additions & 3 deletions modules/runners/templates/start-runner.sh
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,20 @@ echo "Retrieved REGION from AWS API ($region)"
instance_id=$(curl -f -H "X-aws-ec2-metadata-token: $token" -v http://169.254.169.254/latest/meta-data/instance-id)
echo "Retrieved INSTANCE_ID from AWS API ($instance_id)"

%{ if metadata_tags == "enabled" }
environment=$(curl -f -H "X-aws-ec2-metadata-token: $token" -v http://169.254.169.254/latest/meta-data/tags/instance/ghr:environment)
echo "Retrieved ghr:environment tag - ($environment)"

ssm_config_path=$(curl -f -H "X-aws-ec2-metadata-token: $token" -v http://169.254.169.254/latest/meta-data/tags/instance/ghr:ssm_config_path)
echo "Retrieved ghr:ssm_config_path tag - ($ssm_config_path)"

%{ else }
tags=$(aws ec2 describe-tags --region "$region" --filters "Name=resource-id,Values=$instance_id")
echo "Retrieved tags from AWS API ($tags)"

environment=$(echo "$tags" | jq -r '.Tags[] | select(.Key == "ghr:environment") | .Value')
ssm_config_path=$(echo "$tags" | jq -r '.Tags[] | select(.Key == "ghr:ssm_config_path") | .Value')
%{ endif }

echo "Retrieved ghr:environment tag - ($environment)"
echo "Retrieved ghr:ssm_config_path tag - ($ssm_config_path)"

parameters=$(aws ssm get-parameters-by-path --path "$ssm_config_path" --region "$region" --query "Parameters[*].{Name:Name,Value:Value}")
echo "Retrieved parameters from AWS SSM ($parameters)"
Expand Down