forked from aws/amazon-ecs-agent
-
Notifications
You must be signed in to change notification settings - Fork 0
/
write_metadata_unix.go
90 lines (78 loc) · 2.92 KB
/
write_metadata_unix.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
// +build !windows
// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License"). You may
// not use this file except in compliance with the License. A copy of the
// License is located at
//
// http://aws.amazon.com/apache2.0/
//
// or in the "license" file accompanying this file. This file is distributed
// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
// express or implied. See the License for the specific language governing
// permissions and limitations under the License.
package containermetadata
import (
"fmt"
"io/ioutil"
"os"
"path/filepath"
"github.com/aws/amazon-ecs-agent/agent/utils/oswrapper"
"github.com/cihub/seelog"
"github.com/pborman/uuid"
)
const (
mountPoint = "/opt/ecs/metadata"
tempFile = "temp_metadata_file"
bindMode = "Z"
selinuxSecurityOption = "selinux"
)
// createBindsEnv will do the appropriate formatting to add a new mount in a container's HostConfig
// and add the metadata file path as an environment variable ECS_CONTAINER_METADATA_FILE
// We add an additional uuid to the path to ensure it does not conflict with user mounts
func createBindsEnv(binds []string, env []string, dataDirOnHost string, metadataDirectoryPath string, dockerSecurityOptions []string) ([]string, []string) {
selinuxEnabled := false
for _, option := range dockerSecurityOptions {
if option == selinuxSecurityOption {
selinuxEnabled = true
}
}
randID := uuid.New()
instanceBind := fmt.Sprintf(`%s/%s:%s/%s`, dataDirOnHost, metadataDirectoryPath, mountPoint, randID)
if selinuxEnabled {
seelog.Info("Selinux is enabled on docker, mounting data directory in Z mode")
instanceBind = fmt.Sprintf(`%s:%s`, instanceBind, bindMode)
}
metadataEnvVariable := fmt.Sprintf("%s=%s/%s/%s", metadataEnvironmentVariable, mountPoint, randID, metadataFile)
binds = append(binds, instanceBind)
env = append(env, metadataEnvVariable)
return binds, env
}
var rename = os.Rename
var TempFile = func(dir, pattern string) (oswrapper.File, error) {
return ioutil.TempFile(dir, pattern)
}
// writeToMetadata puts the metadata into JSON format and writes into
// the metadata file
func writeToMetadataFile(data []byte, taskARN string, containerName string, dataDir string) error {
metadataFileDir, err := getMetadataFilePath(taskARN, containerName, dataDir)
// Boundary case if file path is bad (Such as if task arn is incorrectly formatted)
if err != nil {
return fmt.Errorf("write to metadata file for task %s container %s: %v", taskARN, containerName, err)
}
metadataFileName := filepath.Join(metadataFileDir, metadataFile)
temp, err := TempFile(metadataFileDir, tempFile)
if err != nil {
return err
}
defer temp.Close()
_, err = temp.Write(data)
if err != nil {
return err
}
err = temp.Chmod(metadataPerm)
if err != nil {
return err
}
return rename(temp.Name(), metadataFileName)
}