Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

thar-control: pin amazon-ssm-agent to a version that supports imdsv2 #709

Merged
merged 1 commit into from
Feb 4, 2020
Merged

thar-control: pin amazon-ssm-agent to a version that supports imdsv2 #709

merged 1 commit into from
Feb 4, 2020

Conversation

etungsten
Copy link
Contributor

Issue #, if available: Partially addresses #685

Description of changes:
Instead of installing the latest version of amazon-ssm-agent every time when we build thar-control, it is now pinned to a default version (v2.3.842.0). See amazon-ssm-agent releases here

Testing done:
Launched Thar instance with userdata that points to a thar-control container image with these changes:
host-containers@control starts and runs fine

bash-5.0# systemctl status host-containers@control
● host-containers@control.service - Host container: control
     Loaded: loaded (/x86_64-thar-linux-gnu/sys-root/usr/lib/systemd/system/host-containers@.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2020-02-04 00:13:31 UTC; 46s ago
    Process: 2636 ExecStartPre=/usr/bin/mkdir -m 1777 -p ${LOCAL_DIR}/host-containers/control (code=exited, status=0/SUCCESS)
   Main PID: 2717 (host-ctr)
      Tasks: 21 (limit: 4430)
     Memory: 42.7M
     CGroup: /system.slice/system-host\x2dcontainers.slice/host-containers@control.service
             └─2717 /usr/bin/host-ctr -ctr-id=control -source=SNIP.dkr.ecr.us-west-2.amazonaws.com/thar-control:latest -superpowered=false

Feb 04 00:14:09 ip-192-168-61-30.us-west-2.compute.internal host-ctr[2717]: 2020-02-04 00:14:09 INFO [StartupProcessor] Unable to open serial port /dev/ttyS0:
 open /dev/ttyS0: no such file or directory
Feb 04 00:14:09 ip-192-168-61-30.us-west-2.compute.internal host-ctr[2717]: 2020-02-04 00:14:09 INFO [StartupProcessor] Attempting to use different port (PV):
 /dev/hvc0
Feb 04 00:14:09 ip-192-168-61-30.us-west-2.compute.internal host-ctr[2717]: 2020-02-04 00:14:09 INFO [StartupProcessor] Unable to open serial port /dev/hvc0:
open /dev/hvc0: no such file or directory
Feb 04 00:14:09 ip-192-168-61-30.us-west-2.compute.internal host-ctr[2717]: 2020-02-04 00:14:09 ERROR [StartupProcessor] Error opening serial port: open /dev/
hvc0: no such file or directory
Feb 04 00:14:09 ip-192-168-61-30.us-west-2.compute.internal host-ctr[2717]: 2020-02-04 00:14:09 ERROR [StartupProcessor] Error opening serial port: open /dev/
hvc0: no such file or directory. Retrying in 5 seconds...
Feb 04 00:14:14 ip-192-168-61-30.us-west-2.compute.internal host-ctr[2717]: 2020-02-04 00:14:14 INFO [StartupProcessor] Unable to open serial port /dev/ttyS0:
 open /dev/ttyS0: no such file or directory
Feb 04 00:14:14 ip-192-168-61-30.us-west-2.compute.internal host-ctr[2717]: 2020-02-04 00:14:14 INFO [StartupProcessor] Attempting to use different port (PV):
 /dev/hvc0
Feb 04 00:14:14 ip-192-168-61-30.us-west-2.compute.internal host-ctr[2717]: 2020-02-04 00:14:14 INFO [StartupProcessor] Unable to open serial port /dev/hvc0:
open /dev/hvc0: no such file or directory
Feb 04 00:14:14 ip-192-168-61-30.us-west-2.compute.internal host-ctr[2717]: 2020-02-04 00:14:14 ERROR [StartupProcessor] Error opening serial port: open /dev/
hvc0: no such file or directory
Feb 04 00:14:14 ip-192-168-61-30.us-west-2.compute.internal host-ctr[2717]: 2020-02-04 00:14:14 ERROR [StartupProcessor] Error opening serial port: open /dev/
hvc0: no such file or directory. Retrying in 5 seconds...

*Note that the serial port error does not prevent us from starting ssm sessions. Being tracked here: #599

Can start SSM sessions with said instance

$ aws ssm start-session --target i-SNIP

Starting session with SessionId: SNIP
Welcome to Thar's control container!

This container gives you access to the Thar API, which in turn lets you inspect
and configure the system.  You'll probably want to use the `apiclient` tool for
that; for example, to inspect the system:

   apiclient -u /settings

You can run `apiclient --help` for usage details, and check the main Thar
documentation for descriptions of all settings and examples of changing them.

If you need to debug the system further, you can enable the admin container.
This enables SSH access to the system using the key you specified when you
launched the instance.  This environment has more debugging tools installed,
and allows you to get root access to the host.

To enable the admin container, run:

   enable-admin-container

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@iliana iliana mentioned this pull request Feb 4, 2020
Closed
10 tasks
@etungsten etungsten changed the title thar-control: pin amazon-ssm-agent to a verion that supports imdsv2 thar-control: pin amazon-ssm-agent to a version that supports imdsv2 Feb 4, 2020
@etungsten
thar-control: pin amazon-ssm-agent to a version that supports imdsv2
99aadb4 
Instead of installing the latest ssm-agent everytime thar-control is
built, now it's pinned to a default version (v2.3.842.0)
@etungsten etungsten force-pushed the control-container-ssm-agent-ver branch from 2403bc8 to 99aadb4 Compare February 4, 2020 00:22
zmrow
zmrow approved these changes Feb 4, 2020
View reviewed changes
Copy link
Contributor

@zmrow zmrow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work!

🌮

jahkeup
jahkeup approved these changes Feb 4, 2020
View reviewed changes
Copy link
Member

@jahkeup jahkeup left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yay for pinning to static versions here 👍

@etungsten etungsten merged commit 6924b55 into develop Feb 4, 2020
@etungsten etungsten deleted the control-container-ssm-agent-ver branch February 4, 2020 21:41
@jahkeup jahkeup mentioned this pull request Feb 6, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tjkirch tjkirch tjkirch approved these changes

@bcressey bcressey bcressey approved these changes

@jahkeup jahkeup jahkeup approved these changes

@zmrow zmrow zmrow approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@etungsten @tjkirch @bcressey @jahkeup @zmrow