config

package
v1.16.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 22, 2017 License: Apache-2.0, BSD-2-Clause, BSD-3-Clause, + 4 more Imports: 15 Imported by: 0

Documentation

Overview

Copyright 2017 Amazon.com, Inc. or its affiliates. All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at

http://aws.amazon.com/apache2.0/

or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Package config handles loading configuration data, warning on missing data, and setting sane defaults.

Configuration Sources

Configuration data is loaded from two sources currently: the environment and a json config file.

Environment Variables:

The environment variables from which configuration values are loaded are documented in the README file which can be found at https://github.com/aws/amazon-ecs-agent#environment-variables.

Config file:

The config file will be loaded from the path stored in the environment key ECS_AGENT_CONFIG_FILE_PATH. It must be a JSON file of the format described by the "Config" struct below.

Index

Constants

View Source
const (
	// http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=docker
	DockerReservedPort    = 2375
	DockerReservedSSLPort = 2376

	SSHPort = 22

	// AgentIntrospectionPort is used to serve the metadata about the agent and to query the tasks being managed by the agent.
	AgentIntrospectionPort = 51678

	// AgentCredentialsPort is used to serve the credentials for tasks.
	AgentCredentialsPort = 51679

	// DefaultClusterName is the name of the default cluster.
	DefaultClusterName = "default"

	// DefaultTaskCleanupWaitDuration specifies the default value for task cleanup duration. It is used to
	// clean up task's containers.
	DefaultTaskCleanupWaitDuration = 3 * time.Hour

	// DefaultDockerStopTimeout specifies the value for container stop timeout duration
	DefaultDockerStopTimeout = 30 * time.Second

	// DefaultImageCleanupTimeInterval specifies the default value for image cleanup duration. It is used to
	// remove the images pulled by agent.
	DefaultImageCleanupTimeInterval = 30 * time.Minute

	// DefaultNumImagesToDeletePerCycle specifies the default number of images to delete when agent performs
	// image cleanup.
	DefaultNumImagesToDeletePerCycle = 5

	//DefaultImageDeletionAge specifies the default value for minimum amount of elapsed time after an image
	// has been pulled before it can be deleted.
	DefaultImageDeletionAge = 1 * time.Hour

	// DefaultMinSupportedCNIVersion denotes the minimum version of cni spec required
	DefaultMinSupportedCNIVersion = "0.3.0"
)
View Source
const (
	// AgentCredentialsAddress is used to serve the credentials for tasks.
	AgentCredentialsAddress = "" // this is left blank right now for net=bridge

	// Default cgroup prefix for ECS tasks
	DefaultTaskCgroupPrefix = "/ecs"
)

Variables

View Source
var (
	// DefaultPauseContainerImageName is the name of the pause container image. The linker's
	// load flags are used to populate this value from the Makefile
	DefaultPauseContainerImageName = ""

	// DefaultPauseContainerTag is the tag for the pause container image. The linker's load
	// flags are used to populate this value from the Makefile
	DefaultPauseContainerTag = ""
)

Functions

This section is empty.

Types

type Conditional added in v1.16.0

type Conditional int

Conditional makes it possible to understand if a variable was set explicitly or relies on a default setting

const (
	ExplicitlyEnabled Conditional
	ExplicitlyDisabled
	DefaultEnabled
)

func (Conditional) Enabled added in v1.16.0

func (b Conditional) Enabled() bool

Enabled is a convenience function for when consumers don't care if the value is implicit or explicit

func (Conditional) MarshalJSON added in v1.16.0

func (b Conditional) MarshalJSON() ([]byte, error)

MarshalJSON is used to serialize the type to json, per the Marshaller interface

func (*Conditional) UnmarshalJSON added in v1.16.0

func (b *Conditional) UnmarshalJSON(jsonData []byte) error

UnmarshalJSON is used to deserialize json types into Conditional, per the Unmarshaller interface

type Config

type Config struct {
	// DEPRECATED
	// ClusterArn is the Name or full ARN of a Cluster to register into. It has
	// been deprecated (and will eventually be removed) in favor of Cluster
	ClusterArn string `deprecated:"Please use Cluster instead"`
	// Cluster can either be the Name or full ARN of a Cluster. This is the
	// cluster the agent should register this ContainerInstance into. If this
	// value is not set, it will default to "default"
	Cluster string `trim:"true"`
	// APIEndpoint is the endpoint, such as "ecs.us-east-1.amazonaws.com", to
	// make calls against. If this value is not set, it will default to the
	// endpoint for your current AWSRegion
	APIEndpoint string `trim:"true"`
	// DockerEndpoint is the address the agent will attempt to connect to the
	// Docker daemon at. This should have the same value as "DOCKER_HOST"
	// normally would to interact with the daemon. It defaults to
	// unix:///var/run/docker.sock
	DockerEndpoint string
	// AWSRegion is the region to run in (such as "us-east-1"). This value will
	// be inferred from the EC2 metadata service, but if it cannot be found this
	// will be fatal.
	AWSRegion string `missing:"fatal" trim:"true"`

	// ReservedPorts is an array of ports which should be registerd as
	// unavailable. If not set, they default to [22,2375,2376,51678].
	ReservedPorts []uint16
	// ReservedPortsUDP is an array of UDP ports which should be registered as
	// unavailable. If not set, it defaults to [].
	ReservedPortsUDP []uint16

	// DataDir is the directory data is saved to in order to preserve state
	// across agent restarts.
	// It is also used to keep the metadata of containers managed by the agent
	DataDir string
	// DataDirOnHost is the directory in the instance from which we mount
	// DataDir to the ecs-agent container and to agent managed containers
	DataDirOnHost string
	// Checkpoint configures whether data should be periodically to a checkpoint
	// file, in DataDir, such that on instance or agent restarts it will resume
	// as the same ContainerInstance. It defaults to false.
	Checkpoint bool

	// EngineAuthType configures what type of data is in EngineAuthData.
	// Supported types, right now, can be found in the dockerauth package: https://godoc.org/github.com/aws/amazon-ecs-agent/agent/engine/dockerauth
	EngineAuthType string `trim:"true"`
	// EngineAuthData contains authentication data. Please see the documentation
	// for EngineAuthType for more information.
	EngineAuthData *SensitiveRawMessage

	// UpdatesEnabled specifies whether updates should be applied to this agent.
	// Default true
	UpdatesEnabled bool
	// UpdateDownloadDir specifies where new agent versions should be placed
	// within the container in order for the external updating process to
	// correctly handle them.
	UpdateDownloadDir string

	// DisableMetrics configures whether task utilization metrics should be
	// sent to the ECS telemetry endpoint
	DisableMetrics bool

	// ReservedMemory specifies the amount of memory (in MB) to reserve for things
	// other than containers managed by ECS
	ReservedMemory uint16

	// DockerStopTimeout specifies the amount time before a SIGKILL is issued to
	// containers managed by ECS
	DockerStopTimeout time.Duration

	// AvailableLoggingDrivers specifies the logging drivers available for use
	// with Docker.  If not set, it defaults to ["json-file","none"].
	AvailableLoggingDrivers []dockerclient.LoggingDriver

	// PrivilegedDisabled specified whether the Agent is capable of launching
	// tasks with privileged containers
	PrivilegedDisabled bool

	// SELinxuCapable specifies whether the Agent is capable of using SELinux
	// security options
	SELinuxCapable bool

	// AppArmorCapable specifies whether the Agent is capable of using AppArmor
	// security options
	AppArmorCapable bool

	// TaskCleanupWaitDuration specifies the time to wait after a task is stopped
	// until cleanup of task resources is started.
	TaskCleanupWaitDuration time.Duration

	// TaskIAMRoleEnabled specifies if the Agent is capable of launching
	// tasks with IAM Roles.
	TaskIAMRoleEnabled bool

	// TaskCPUMemLimit specifies if Agent can launch a task with a hierarchical cgroup
	TaskCPUMemLimit Conditional

	// CredentialsAuditLogFile specifies the path/filename of the audit log.
	CredentialsAuditLogFile string

	// CredentialsAuditLogEnabled specifies whether audit logging is disabled.
	CredentialsAuditLogDisabled bool

	// TaskIAMRoleEnabledForNetworkHost specifies if the Agent is capable of launching
	// tasks with IAM Roles when networkMode is set to 'host'
	TaskIAMRoleEnabledForNetworkHost bool

	// TaskENIEnabled specifies if the Agent is capable of launching task within
	// defined EC2 networks
	TaskENIEnabled bool

	// ImageCleanupDisabled specifies whether the Agent will periodically perform
	// automated image cleanup
	ImageCleanupDisabled bool

	// MinimumImageDeletionAge specifies the minimum time since it was pulled
	// before it can be deleted
	MinimumImageDeletionAge time.Duration

	// ImageCleanupInterval specifies the time to wait before performing the image
	// cleanup since last time it was executed
	ImageCleanupInterval time.Duration

	// NumImagesToDeletePerCycle specifies the num of image to delete every time
	// when Agent performs cleanup
	NumImagesToDeletePerCycle int

	// InstanceAttributes contains key/value pairs representing
	// attributes to be associated with this instance within the
	// ECS service and used to influence behavior such as launch
	// placement.
	InstanceAttributes map[string]string

	// Set if clients validate ssl certificates. Used mainly for testing
	AcceptInsecureCert bool `json:"-"`

	// CNIPluginsPath is the path for the cni plugins
	CNIPluginsPath string

	// PauseContainerTarballPath is the path to the pause container tarball
	PauseContainerTarballPath string

	// PauseContainerImageName is the name for the pause container image.
	// Setting this value to be different from the default will disable loading
	// the image from the tarball; the referenced image must already be loaded.
	PauseContainerImageName string

	// PauseContainerTag is the tag for the pause container image.
	// Setting this value to be different from the default will disable loading
	// the image from the tarball; the referenced image must already be loaded.
	PauseContainerTag string

	// AWSVPCBlockInstanceMetdata specifies if InstanceMetadata endpoint should be blocked
	// for tasks that are launched with network mode "awsvpc" when ECS_AWSVPC_BLOCK_IMDS=true
	AWSVPCBlockInstanceMetdata bool

	// OverrideAWSVPCLocalIPv4Address overrides the local IPv4 address chosen
	// for a task using the `awsvpc` networking mode. Using this configuration
	// will limit you to running one `awsvpc` task at a time. IPv4 addresses
	// must be specified in decimal-octet form and also specify the subnet
	// size (e.g., "169.254.172.42/22").
	OverrideAWSVPCLocalIPv4Address *cnitypes.IPNet

	// AWSVPCAdditionalLocalRoutes allows the specification of routing table
	// entries that will be added in the task's network namespace via the
	// instance bridge interface rather than via the ENI.
	AWSVPCAdditionalLocalRoutes []cnitypes.IPNet

	// ContainerMetadataEnabled specifies if the agent should provide a metadata
	// file for containers.
	ContainerMetadataEnabled bool

	// OverrideAWSLogsExecutionRole is config option used to enable awslogs
	// driver authentication over the task's execution role
	OverrideAWSLogsExecutionRole bool
}

func DefaultConfig

func DefaultConfig() Config

DefaultConfig returns the default configuration for Linux

func NewConfig

func NewConfig(ec2client ec2.EC2MetadataClient) (config *Config, err error)

NewConfig returns a config struct created by merging environment variables, a config file, and EC2 Metadata info. The 'config' struct it returns can be used, even if an error is returned. An error is returned, however, if the config is incomplete in some way that is considered fatal.

func (*Config) Merge

func (cfg *Config) Merge(rhs Config) *Config

Merge merges two config files, preferring the ones on the left. Any nil or zero values present in the left that are not present in the right will be overridden

func (*Config) ShouldLoadPauseContainerTarball added in v1.14.5

func (cfg *Config) ShouldLoadPauseContainerTarball() bool

ShouldLoadPauseContainerTarball determines whether the pause container tarball should be loaded into Docker or not. This function will return false is the default image name/tag have been overridden, because we do not expect the tarball to match the overridden name/tag.

func (*Config) String added in v1.2.1

func (cfg *Config) String() string

String returns a lossy string representation of the config suitable for human readable display. Consequently, it *should not* return any sensitive information.

type ConfigReader

type ConfigReader interface {
	ReadConfig() *Config
}

type SensitiveRawMessage added in v1.5.0

type SensitiveRawMessage struct {
	// contains filtered or unexported fields
}

SensitiveRawMessage is a struct to store some data that should not be logged or printed. This struct is a Stringer which will not print its contents with 'String'. It is a json.Marshaler and json.Unmarshaler and will present its actual contents in plaintext when read/written from/to json.

func NewSensitiveRawMessage added in v1.5.0

func NewSensitiveRawMessage(data json.RawMessage) *SensitiveRawMessage

NewSensitiveRawMessage returns a new encapsulated json.RawMessage or nil if the data is empty. It cannot be accidentally logged via .String/.GoString/%v/%#v

func (SensitiveRawMessage) Contents added in v1.5.0

func (data SensitiveRawMessage) Contents() json.RawMessage

func (SensitiveRawMessage) GoString added in v1.5.0

func (data SensitiveRawMessage) GoString() string

func (SensitiveRawMessage) MarshalJSON added in v1.5.0

func (data SensitiveRawMessage) MarshalJSON() ([]byte, error)

func (SensitiveRawMessage) String added in v1.5.0

func (data SensitiveRawMessage) String() string

func (*SensitiveRawMessage) UnmarshalJSON added in v1.5.0

func (data *SensitiveRawMessage) UnmarshalJSON(jsonData []byte) error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL