-
Notifications
You must be signed in to change notification settings - Fork 601
/
config_unix.go
139 lines (126 loc) · 7.03 KB
/
config_unix.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
//go:build !windows
// +build !windows
// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License"). You may
// not use this file except in compliance with the License. A copy of the
// License is located at
//
// http://aws.amazon.com/apache2.0/
//
// or in the "license" file accompanying this file. This file is distributed
// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
// express or implied. See the License for the specific language governing
// permissions and limitations under the License.
package config
import (
"fmt"
"os"
"time"
"github.com/aws/amazon-ecs-agent/agent/dockerclient"
"github.com/aws/amazon-ecs-agent/agent/utils"
"github.com/aws/amazon-ecs-agent/ecs-agent/tmds"
)
const (
// AgentCredentialsAddress is used to serve the credentials for tasks.
AgentCredentialsAddress = "" // this is left blank right now for net=bridge
// defaultAuditLogFile specifies the default audit log filename
defaultCredentialsAuditLogFile = "/log/audit.log"
// defaultRuntimeStatsLogFile stores the path where the golang runtime stats are periodically logged
defaultRuntimeStatsLogFile = `/log/agent-runtime-stats.log`
// DefaultTaskCgroupV1Prefix is default cgroup v1 prefix for ECS tasks
DefaultTaskCgroupV1Prefix = "/ecs"
// DefaultTaskCgroupV2Prefix is default cgroup v2 prefix for ECS tasks
// ecstasks is used because this creates a systemd "slice", and using just
// ecs would create a confusing name conflict with the ecs systemd service.
// (we would have both ecs.service and ecs.slice in /sys/fs/cgroup).
DefaultTaskCgroupV2Prefix = "ecstasks"
// Default cgroup memory system root path, this is the default used if the
// path has not been configured through ECS_CGROUP_PATH
defaultCgroupPath = "/sys/fs/cgroup"
// defaultContainerStartTimeout specifies the value for container start timeout duration
defaultContainerStartTimeout = 3 * time.Minute
// minimumContainerStartTimeout specifies the minimum value for starting a container
minimumContainerStartTimeout = 45 * time.Second
// defaultContainerCreateTimeout specifies the value for container create timeout duration
defaultContainerCreateTimeout = 4 * time.Minute
// minimumContainerCreateTimeout specifies the minimum value for creating a container
minimumContainerCreateTimeout = 1 * time.Minute
// default docker inactivity time is extra time needed on container extraction
defaultImagePullInactivityTimeout = 1 * time.Minute
)
// DefaultConfig returns the default configuration for Linux
func DefaultConfig() Config {
return Config{
DockerEndpoint: "unix:///var/run/docker.sock",
ReservedPorts: []uint16{SSHPort, DockerReservedPort, DockerReservedSSLPort, AgentIntrospectionPort, tmds.Port},
ReservedPortsUDP: []uint16{},
DataDir: "/data/",
DataDirOnHost: "/var/lib/ecs",
DisableMetrics: BooleanDefaultFalse{Value: ExplicitlyDisabled},
ReservedMemory: 0,
AvailableLoggingDrivers: []dockerclient.LoggingDriver{dockerclient.JSONFileDriver, dockerclient.NoneDriver},
TaskCleanupWaitDuration: DefaultTaskCleanupWaitDuration,
DockerStopTimeout: defaultDockerStopTimeout,
ContainerStartTimeout: defaultContainerStartTimeout,
ContainerCreateTimeout: defaultContainerCreateTimeout,
DependentContainersPullUpfront: BooleanDefaultFalse{Value: ExplicitlyDisabled},
CredentialsAuditLogFile: defaultCredentialsAuditLogFile,
CredentialsAuditLogDisabled: false,
ImageCleanupDisabled: BooleanDefaultFalse{Value: ExplicitlyDisabled},
MinimumImageDeletionAge: DefaultImageDeletionAge,
NonECSMinimumImageDeletionAge: DefaultNonECSImageDeletionAge,
ImageCleanupInterval: DefaultImageCleanupTimeInterval,
ImagePullInactivityTimeout: defaultImagePullInactivityTimeout,
ImagePullTimeout: DefaultImagePullTimeout,
NumImagesToDeletePerCycle: DefaultNumImagesToDeletePerCycle,
NumNonECSContainersToDeletePerCycle: DefaultNumNonECSContainersToDeletePerCycle,
CNIPluginsPath: defaultCNIPluginsPath,
PauseContainerTarballPath: pauseContainerTarballPath,
PauseContainerImageName: DefaultPauseContainerImageName,
PauseContainerTag: DefaultPauseContainerTag,
AWSVPCBlockInstanceMetdata: BooleanDefaultFalse{Value: ExplicitlyDisabled},
ContainerMetadataEnabled: BooleanDefaultFalse{Value: ExplicitlyDisabled},
TaskCPUMemLimit: BooleanDefaultTrue{Value: NotSet},
CgroupPath: defaultCgroupPath,
TaskMetadataSteadyStateRate: DefaultTaskMetadataSteadyStateRate,
TaskMetadataBurstRate: DefaultTaskMetadataBurstRate,
SharedVolumeMatchFullConfig: BooleanDefaultFalse{Value: ExplicitlyDisabled}, // only requiring shared volumes to match on name, which is default docker behavior
ContainerInstancePropagateTagsFrom: ContainerInstancePropagateTagsFromNoneType,
PrometheusMetricsEnabled: false,
PollMetrics: BooleanDefaultFalse{Value: NotSet},
PollingMetricsWaitDuration: DefaultPollingMetricsWaitDuration,
NvidiaRuntime: DefaultNvidiaRuntime,
CgroupCPUPeriod: defaultCgroupCPUPeriod,
GMSACapable: parseGMSACapability(),
GMSADomainlessCapable: parseGMSADomainlessCapability(),
FSxWindowsFileServerCapable: BooleanDefaultTrue{Value: ExplicitlyDisabled},
RuntimeStatsLogFile: defaultRuntimeStatsLogFile,
EnableRuntimeStats: BooleanDefaultFalse{Value: NotSet},
ShouldExcludeIPv6PortBinding: BooleanDefaultTrue{Value: ExplicitlyEnabled},
}
}
func (cfg *Config) platformOverrides() {
cfg.PrometheusMetricsEnabled = utils.ParseBool(os.Getenv("ECS_ENABLE_PROMETHEUS_METRICS"), false)
if cfg.PrometheusMetricsEnabled {
cfg.ReservedPorts = append(cfg.ReservedPorts, AgentPrometheusExpositionPort)
}
if cfg.TaskENIEnabled.Enabled() { // when task networking is enabled, eni trunking is enabled by default
cfg.ENITrunkingEnabled = parseBooleanDefaultTrueConfig("ECS_ENABLE_HIGH_DENSITY_ENI")
}
}
// platformString returns platform-specific config data that can be serialized
// to string for debugging
func (cfg *Config) platformString() string {
// Returns a string if the default image name/tag of the Pause container has
// been overridden
if cfg.PauseContainerImageName == DefaultPauseContainerImageName &&
cfg.PauseContainerTag == DefaultPauseContainerTag {
return fmt.Sprintf(", PauseContainerImageName: %s, PauseContainerTag: %s",
cfg.PauseContainerImageName, cfg.PauseContainerTag)
}
return ""
}
func getConfigFileName() (string, error) {
return utils.DefaultIfBlank(os.Getenv("ECS_AGENT_CONFIG_FILE_PATH"), defaultConfigFileName), nil
}