Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Checking if require tc show command works before advertising fault injection capability #4434

Merged
merged 1 commit into from
Dec 4, 2024

Conversation

mye956
Copy link
Contributor

@mye956 mye956 commented Nov 19, 2024

Summary

This PR will add a check to see if the tc tool that's installed on the host is using a compatible version before advertising the fault injection capability.

Implementation details

  • New function called checkTCShowTooling() that will try calling tc -j q show dev <INTERFACE> parent 1:1 to see if the correct version of tc is available to be used on the host. This will be called after checking that all of the tools are installed/bind mounted to the agent container just like with the modules check.
    • Uses the netconfig utility package that was added to ecs-agent to obtain the default network interface name on the host
    • Uses the execwrapper package that was added. to ecs-agent in order to make the tc commands via OS exec calls

Testing

Manual testing: Launched an Ubuntu 20 instance and installed ECS on it with these changes. Was able to see within the agent logs that the fault injection capability was not able to be advertised.

level=debug time=2024-11-22T19:38:44Z msg="Found route" Route={Ifindex: 2 Dst: <nil> Src: 172.31.26.194 Gw: 172.31.16.1 Flags: [] Table: 254 Realm: 0}
level=debug time=2024-11-22T19:38:44Z msg="Found the associated network interface by the index" LinkName="ens5" LinkIndex=2
level=warn time=2024-11-22T19:38:44Z msg="Failed to call tc -j q show dev ens5 parent 1:1 which is needed for fault-injection feature: exit status 255" module=agent_capability_unix.go
level=warn time=2024-11-22T19:38:44Z msg="Fault injection capability not enabled: Required network tools are missing" module=agent_capability.go
level=info time=2024-11-22T19:38:44Z msg="Registering Instance with ECS"
level=debug time=2024-11-22T19:38:44Z msg="Attempting to get Instance Identity Document"

Checked within ECS whether the instance advertised the capability for fault injection

aws ecs list-attributes --cluster test-fis-ubuntu  --region us-west-2 --target-type container-instance --attribute-name "ecs.capability.fault-injection"
{
    "attributes": []
}

vs.
an advertised capability

aws ecs list-attributes --cluster test-fis-ubuntu  --region us-west-2 --target-type container-instance --attribute-name "ecs.capability.efsAuth"        
{
    "attributes": [
        {
            "name": "ecs.capability.efsAuth",
            "targetId": "arn:aws:ecs:us-west-2::container-instance/test-fis-ubuntu/3969a54fdb8740d8ba44c791a7ee69ee"
        }
    ]
}

New tests cover the changes: Yes

Description for the changelog

Enhancement: Add check if tc is compatible before advertising fault injection capability

Additional Information

Does this PR include breaking model changes? If so, Have you added transformation functions?

Does this PR include the addition of new environment variables in the README?

Licensing

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@mye956 mye956 requested a review from a team as a code owner November 19, 2024 22:24
@mye956 mye956 force-pushed the check-tc-command-cap branch from 8fde532 to 0f6ecbd Compare November 19, 2024 23:05
@mye956 mye956 force-pushed the check-tc-command-cap branch 3 times, most recently from d0d46b3 to 93c0d19 Compare November 22, 2024 19:57
@mye956 mye956 changed the title [WIP] Checking if require tc show command works before advertising fault injection capability Checking if require tc show command works before advertising fault injection capability Nov 22, 2024
@mye956 mye956 force-pushed the check-tc-command-cap branch 4 times, most recently from 848836d to e132451 Compare December 3, 2024 00:15
@mye956 mye956 added the bot/test label Dec 3, 2024
@mye956 mye956 force-pushed the check-tc-command-cap branch from e132451 to 121f869 Compare December 3, 2024 17:44
@mye956 mye956 added the bot/test label Dec 3, 2024
@mye956 mye956 force-pushed the check-tc-command-cap branch from 121f869 to 2f9c682 Compare December 3, 2024 21:19
@mye956 mye956 added the bot/test label Dec 3, 2024
@mye956 mye956 merged commit 0743b42 into aws:dev Dec 4, 2024
40 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants