Split ECS and VPC CNI plugins from ecs-agent #85
Conversation
koooosh
force-pushed
the
split-cni-plugins
branch
from
4863aed to
639860f
Compare
koooosh
changed the title
koooosh
force-pushed
the
split-cni-plugins
branch
from
639860f to
8d744e7
Compare
|
Force push addresses @arnaldo2792 comments:
|
There was a problem hiding this comment.
nit: you can drop pkg and pkgs from the commit messages; the "packages:" prefix implies that you're working with packages.
Overall this seems like a reasonable change - generally sources with different upstreams should be packaged separately - but there's no rationale provided, either in the commit messages or in the pull request summary. It's obvious what you're doing (splitting up a package) but not why.
packages/ecs-agent/ecs-agent.spec
Outdated
| # Create symlinks to VPC CNI plugin binaries | ||
| for p in \ | ||
| aws-appmesh \ | ||
| ecs-serviceconnect \ | ||
| vpc-branch-eni \ | ||
| vpc-bridge \ | ||
| vpc-eni \ | ||
| vpc-tunnel \ | ||
| ; do | ||
| ln -rs %{buildroot}%{_cross_libexecdir}/cni/vpc/${p} %{buildroot}%{_cross_libexecdir}/amazon-ecs-agent/${p} | ||
| ln -rs %{buildroot}%{_cross_libexecdir}/cni/vpc/${p} %{buildroot}%{_cross_fips_libexecdir}/amazon-ecs-agent/${p} | ||
| done |
There was a problem hiding this comment.
It's very strange for a package to symlink another package's binaries like this, and to vend those symlinks. I acknowledge that it was done for the SSM agent plugin but it's not a great pattern to emulate. It would be better to create these links in the corresponding CNI package. You could put them in an "ecs" subpackage, but that's not as important as keeping the links and binaries together.
Some concerns with this approach:
- If a new VPC or ECS plugin is added, this package definition must also change in order to create symlinks. Where if the plugin package also owns the symlink, then it will be more obvious to the packager that this dependency exists.
- This will create broken symlinks, if the plugin package drops a plugin or changes the path where plugins are installed.
There was a problem hiding this comment.
Ack regarding dropping pkg* from commit messages - will fix those. Regarding rationale, I put that in the issue #90 :
Ideally, we want to split these plugins into their own packages for ease of building and patching.
But I'll copy that over to this PR description!
There was a problem hiding this comment.
Good callouts regarding the symlinks. My (naive) reasoning was that since they are being installed in the /amazon-ecs-agent directory, they should be added to the amazon-ecs-agent spec, but I agree this will cause more maintenance issues in the future. Will create these symlinks in their respective pkg as suggested.
koooosh
force-pushed
the
split-cni-plugins
branch
from
8d744e7 to
7823448
Compare
|
Force push makes the following relevant changes:
|
koooosh
force-pushed
the
split-cni-plugins
branch
from
7823448 to
a9eaf98
Compare
|
Force push changes symlink subpackaging to better match repo convention like here |
koooosh
force-pushed
the
split-cni-plugins
branch
from
a9eaf98 to
b391a7f
Compare
|
Force push makes the following changes:
|
Signed-off-by: Kush Upadhyay <[email protected]>
Signed-off-by: Kush Upadhyay <[email protected]>
Signed-off-by: Kush Upadhyay <[email protected]>
Signed-off-by: Kush Upadhyay <[email protected]>
koooosh
force-pushed
the
split-cni-plugins
branch
from
b391a7f to
e195e63
Compare
|
Force push updates FIPS symlink paths to point to binaries in |
Issue number: #90
Closes #90
Description of changes:
Currently, the
ecs-agentpkg also includes theamazon-ecs-cni-pluginsandamazon-vpc-cni-pluginssubmodules (source) which are built along with it. Ideally, we want to split these plugins into their own packages for ease of building and patching.This PR splits the
amazon-ecs-cni-pluginsandamazon-vpc-cni-pluginssubmodules from theecs-agentpackage into their own separate packages.The plugin binaries are installed in the
/usr/libexec/cni/path and have symlinks in/usr/libexec/amazon-ecs-agent/for the ecs-agent to access.Testing done:
Both
aws-ecs-1andaws-ecs-2variants build and boot successfully.Binaries and symlinks are installed correctly:
bash-5.1# systemctl status ecs ● ecs.service - Amazon Elastic Container Service - container agent Loaded: loaded (/x86_64-bottlerocket-linux-gnu/sys-root/usr/lib/systemd/system/ecs.service; enabled; preset: enabled) Drop-In: /x86_64-bottlerocket-linux-gnu/sys-root/usr/lib/systemd/system/ecs.service.d └─00-defaults.conf /etc/systemd/system/ecs.service.d └─10-base.conf Active: active (running) since Thu 2024-08-15 09:10:06 UTC; 25min ago Docs: https://aws.amazon.com/documentation/ecs/ Main PID: 2080 (amazon-ecs-agen) Tasks: 10 (limit: 18928) Memory: 81.9M CGroup: /system.slice/ecs.service └─2080 /usr/bin/amazon-ecs-agentaws-ecs-1variant succeeds.Terms of contribution:
By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.