Documentation ¶
Overview ¶
Copyright 2017 Amazon.com, Inc. or its affiliates. All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at
http://aws.amazon.com/apache2.0/
or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Package config handles loading configuration data, warning on missing data, and setting sane defaults.
Configuration Sources ¶
Configuration data is loaded from two sources currently: the environment and a json config file.
Environment Variables:
The environment variables from which configuration values are loaded are documented in the README file which can be found at https://github.com/aws/amazon-ecs-agent#environment-variables.
Config file:
The config file will be loaded from the path stored in the environment key ECS_AGENT_CONFIG_FILE_PATH. It must be a JSON file of the format described by the "Config" struct below.
Index ¶
Constants ¶
const ( // http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=docker DockerReservedPort = 2375 DockerReservedSSLPort = 2376 SSHPort = 22 // AgentIntrospectionPort is used to serve the metadata about the agent and to query the tasks being managed by the agent. AgentIntrospectionPort = 51678 // AgentCredentialsPort is used to serve the credentials for tasks. AgentCredentialsPort = 51679 // DefaultClusterName is the name of the default cluster. DefaultClusterName = "default" // DefaultTaskCleanupWaitDuration specifies the default value for task cleanup duration. It is used to // clean up task's containers. DefaultTaskCleanupWaitDuration = 3 * time.Hour // DefaultDockerStopTimeout specifies the value for container stop timeout duration DefaultDockerStopTimeout = 30 * time.Second // DefaultImageCleanupTimeInterval specifies the default value for image cleanup duration. It is used to // remove the images pulled by agent. DefaultImageCleanupTimeInterval = 30 * time.Minute // DefaultNumImagesToDeletePerCycle specifies the default number of images to delete when agent performs // image cleanup. DefaultNumImagesToDeletePerCycle = 5 //DefaultImageDeletionAge specifies the default value for minimum amount of elapsed time after an image // has been pulled before it can be deleted. DefaultImageDeletionAge = 1 * time.Hour // DefaultMinSupportedCNIVersion denotes the minimum version of cni spec required DefaultMinSupportedCNIVersion = "0.3.0" )
const ( // AgentCredentialsAddress is used to serve the credentials for tasks. AgentCredentialsAddress = "" // this is left blank right now for net=bridge // Default cgroup prefix for ECS tasks DefaultTaskCgroupPrefix = "/ecs" )
Variables ¶
var ( // DefaultPauseContainerImageName is the name of the pause container image. The linker's // load flags are used to populate this value from the Makefile DefaultPauseContainerImageName = "" // DefaultPauseContainerTag is the tag for the pause container image. The linker's load // flags are used to populate this value from the Makefile DefaultPauseContainerTag = "" )
Functions ¶
This section is empty.
Types ¶
type Conditional ¶ added in v1.16.0
type Conditional int
Conditional makes it possible to understand if a variable was set explicitly or relies on a default setting
const ( ExplicitlyEnabled Conditional ExplicitlyDisabled DefaultEnabled )
func (Conditional) Enabled ¶ added in v1.16.0
func (b Conditional) Enabled() bool
Enabled is a convenience function for when consumers don't care if the value is implicit or explicit
func (Conditional) MarshalJSON ¶ added in v1.16.0
func (b Conditional) MarshalJSON() ([]byte, error)
MarshalJSON is used to serialize the type to json, per the Marshaller interface
func (*Conditional) UnmarshalJSON ¶ added in v1.16.0
func (b *Conditional) UnmarshalJSON(jsonData []byte) error
UnmarshalJSON is used to deserialize json types into Conditional, per the Unmarshaller interface
type Config ¶
type Config struct { // DEPRECATED // ClusterArn is the Name or full ARN of a Cluster to register into. It has // been deprecated (and will eventually be removed) in favor of Cluster ClusterArn string `deprecated:"Please use Cluster instead"` // Cluster can either be the Name or full ARN of a Cluster. This is the // cluster the agent should register this ContainerInstance into. If this // value is not set, it will default to "default" Cluster string `trim:"true"` // APIEndpoint is the endpoint, such as "ecs.us-east-1.amazonaws.com", to // make calls against. If this value is not set, it will default to the // endpoint for your current AWSRegion APIEndpoint string `trim:"true"` // DockerEndpoint is the address the agent will attempt to connect to the // Docker daemon at. This should have the same value as "DOCKER_HOST" // normally would to interact with the daemon. It defaults to // unix:///var/run/docker.sock DockerEndpoint string // AWSRegion is the region to run in (such as "us-east-1"). This value will // be inferred from the EC2 metadata service, but if it cannot be found this // will be fatal. AWSRegion string `missing:"fatal" trim:"true"` // ReservedPorts is an array of ports which should be registerd as // unavailable. If not set, they default to [22,2375,2376,51678]. ReservedPorts []uint16 // ReservedPortsUDP is an array of UDP ports which should be registered as // unavailable. If not set, it defaults to []. ReservedPortsUDP []uint16 // DataDir is the directory data is saved to in order to preserve state // across agent restarts. // It is also used to keep the metadata of containers managed by the agent DataDir string // DataDirOnHost is the directory in the instance from which we mount // DataDir to the ecs-agent container and to agent managed containers DataDirOnHost string // Checkpoint configures whether data should be periodically to a checkpoint // file, in DataDir, such that on instance or agent restarts it will resume // as the same ContainerInstance. It defaults to false. Checkpoint bool // EngineAuthType configures what type of data is in EngineAuthData. // Supported types, right now, can be found in the dockerauth package: https://godoc.org/github.com/aws/amazon-ecs-agent/agent/engine/dockerauth EngineAuthType string `trim:"true"` // EngineAuthData contains authentication data. Please see the documentation // for EngineAuthType for more information. EngineAuthData *SensitiveRawMessage // UpdatesEnabled specifies whether updates should be applied to this agent. // Default true UpdatesEnabled bool // UpdateDownloadDir specifies where new agent versions should be placed // within the container in order for the external updating process to // correctly handle them. UpdateDownloadDir string // DisableMetrics configures whether task utilization metrics should be // sent to the ECS telemetry endpoint DisableMetrics bool // ReservedMemory specifies the amount of memory (in MB) to reserve for things // other than containers managed by ECS ReservedMemory uint16 // DockerStopTimeout specifies the amount time before a SIGKILL is issued to // containers managed by ECS DockerStopTimeout time.Duration // AvailableLoggingDrivers specifies the logging drivers available for use // with Docker. If not set, it defaults to ["json-file","none"]. AvailableLoggingDrivers []dockerclient.LoggingDriver // PrivilegedDisabled specified whether the Agent is capable of launching // tasks with privileged containers PrivilegedDisabled bool // SELinxuCapable specifies whether the Agent is capable of using SELinux // security options SELinuxCapable bool // AppArmorCapable specifies whether the Agent is capable of using AppArmor // security options AppArmorCapable bool // TaskCleanupWaitDuration specifies the time to wait after a task is stopped // until cleanup of task resources is started. TaskCleanupWaitDuration time.Duration // TaskIAMRoleEnabled specifies if the Agent is capable of launching // tasks with IAM Roles. TaskIAMRoleEnabled bool // TaskCPUMemLimit specifies if Agent can launch a task with a hierarchical cgroup TaskCPUMemLimit Conditional // CredentialsAuditLogFile specifies the path/filename of the audit log. CredentialsAuditLogFile string // CredentialsAuditLogEnabled specifies whether audit logging is disabled. CredentialsAuditLogDisabled bool // TaskIAMRoleEnabledForNetworkHost specifies if the Agent is capable of launching // tasks with IAM Roles when networkMode is set to 'host' TaskIAMRoleEnabledForNetworkHost bool // TaskENIEnabled specifies if the Agent is capable of launching task within // defined EC2 networks TaskENIEnabled bool // ImageCleanupDisabled specifies whether the Agent will periodically perform // automated image cleanup ImageCleanupDisabled bool // MinimumImageDeletionAge specifies the minimum time since it was pulled // before it can be deleted MinimumImageDeletionAge time.Duration // ImageCleanupInterval specifies the time to wait before performing the image // cleanup since last time it was executed ImageCleanupInterval time.Duration // NumImagesToDeletePerCycle specifies the num of image to delete every time // when Agent performs cleanup NumImagesToDeletePerCycle int // InstanceAttributes contains key/value pairs representing // attributes to be associated with this instance within the // ECS service and used to influence behavior such as launch // placement. InstanceAttributes map[string]string // Set if clients validate ssl certificates. Used mainly for testing AcceptInsecureCert bool `json:"-"` // CNIPluginsPath is the path for the cni plugins CNIPluginsPath string // PauseContainerTarballPath is the path to the pause container tarball PauseContainerTarballPath string // PauseContainerImageName is the name for the pause container image. // Setting this value to be different from the default will disable loading // the image from the tarball; the referenced image must already be loaded. PauseContainerImageName string // PauseContainerTag is the tag for the pause container image. // Setting this value to be different from the default will disable loading // the image from the tarball; the referenced image must already be loaded. PauseContainerTag string // AWSVPCBlockInstanceMetdata specifies if InstanceMetadata endpoint should be blocked // for tasks that are launched with network mode "awsvpc" when ECS_AWSVPC_BLOCK_IMDS=true AWSVPCBlockInstanceMetdata bool // OverrideAWSVPCLocalIPv4Address overrides the local IPv4 address chosen // for a task using the `awsvpc` networking mode. Using this configuration // will limit you to running one `awsvpc` task at a time. IPv4 addresses // must be specified in decimal-octet form and also specify the subnet // size (e.g., "169.254.172.42/22"). OverrideAWSVPCLocalIPv4Address *cnitypes.IPNet // AWSVPCAdditionalLocalRoutes allows the specification of routing table // entries that will be added in the task's network namespace via the // instance bridge interface rather than via the ENI. AWSVPCAdditionalLocalRoutes []cnitypes.IPNet // ContainerMetadataEnabled specifies if the agent should provide a metadata // file for containers. ContainerMetadataEnabled bool // OverrideAWSLogsExecutionRole is config option used to enable awslogs // driver authentication over the task's execution role OverrideAWSLogsExecutionRole bool }
func DefaultConfig ¶
func DefaultConfig() Config
DefaultConfig returns the default configuration for Linux
func NewConfig ¶
func NewConfig(ec2client ec2.EC2MetadataClient) (config *Config, err error)
NewConfig returns a config struct created by merging environment variables, a config file, and EC2 Metadata info. The 'config' struct it returns can be used, even if an error is returned. An error is returned, however, if the config is incomplete in some way that is considered fatal.
func (*Config) Merge ¶
Merge merges two config files, preferring the ones on the left. Any nil or zero values present in the left that are not present in the right will be overridden
func (*Config) ShouldLoadPauseContainerTarball ¶ added in v1.14.5
ShouldLoadPauseContainerTarball determines whether the pause container tarball should be loaded into Docker or not. This function will return false is the default image name/tag have been overridden, because we do not expect the tarball to match the overridden name/tag.
type ConfigReader ¶
type ConfigReader interface {
ReadConfig() *Config
}
type SensitiveRawMessage ¶ added in v1.5.0
type SensitiveRawMessage struct {
// contains filtered or unexported fields
}
SensitiveRawMessage is a struct to store some data that should not be logged or printed. This struct is a Stringer which will not print its contents with 'String'. It is a json.Marshaler and json.Unmarshaler and will present its actual contents in plaintext when read/written from/to json.
func NewSensitiveRawMessage ¶ added in v1.5.0
func NewSensitiveRawMessage(data json.RawMessage) *SensitiveRawMessage
NewSensitiveRawMessage returns a new encapsulated json.RawMessage or nil if the data is empty. It cannot be accidentally logged via .String/.GoString/%v/%#v
func (SensitiveRawMessage) Contents ¶ added in v1.5.0
func (data SensitiveRawMessage) Contents() json.RawMessage
func (SensitiveRawMessage) GoString ¶ added in v1.5.0
func (data SensitiveRawMessage) GoString() string
func (SensitiveRawMessage) MarshalJSON ¶ added in v1.5.0
func (data SensitiveRawMessage) MarshalJSON() ([]byte, error)
func (SensitiveRawMessage) String ¶ added in v1.5.0
func (data SensitiveRawMessage) String() string
func (*SensitiveRawMessage) UnmarshalJSON ¶ added in v1.5.0
func (data *SensitiveRawMessage) UnmarshalJSON(jsonData []byte) error