Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add script binary and screen to container #27

Merged
merged 1 commit into from
Mar 11, 2022

Conversation

jpculp
Copy link
Member

@jpculp jpculp commented Mar 9, 2022

Issue number:

#24

Description of changes:

script is a script utility in the util-linux package that the SSM
agent uses for session logging when enabled. screen is also installed
to avoid log data from being truncated (per Logging session activity).

Testing done:

  • Launched aws-ecs-1 ami with new control container set in userdata.
  • Enabled the admin container via the control container's APIclient.
  • Verified APIclient Exec functionality.
  • Verified Bottlerocket access via sudo sheltie.
  • Connected to admin container via ec2 instance connect.

Additional testing done:

Confirmed that session logging to S3 bucket works. (thanks, @etungsten!)

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

`script` is a script utility in the `util-linux` package that the SSM
agent uses for session logging when enabled. `screen` is also installed
to avoid log data from being truncated.
Dockerfile Show resolved Hide resolved
@jpculp jpculp marked this pull request as ready for review March 9, 2022 20:24
Dockerfile Show resolved Hide resolved
Comment on lines +46 to +47
# Validate script binary
RUN /usr/bin/script &>/dev/null
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: this adds an extra layer, should we instead test the container with actual testing instead of using the Dockerfile to validate the binary?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We certainly could, but I was worried that it would be "out of sight, out of mind" by anyone building the Dockerfile directly. What do folks think?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I remember asking for this and hadn't considered the extra layer. I still kinda like the check here as a belt-and-suspenders method for ensuring things work. It might be nice to add a bit more to the comment explaining that we're doing this check on account of copying a dynamically linked binary.

Dockerfile Show resolved Hide resolved
Copy link
Contributor

@etungsten etungsten left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm aside from outstanding comments.

@jpculp jpculp merged commit c04e1d5 into bottlerocket-os:develop Mar 11, 2022
@jpculp jpculp deleted the script-and-screen branch March 11, 2022 23:52
@jpculp jpculp mentioned this pull request Mar 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants