From 2a621521a877c9a81ef845ff00f31228b4a283f7 Mon Sep 17 00:00:00 2001 From: Sanne Raymaekers Date: Thu, 20 Jun 2024 13:40:07 +0200 Subject: [PATCH] osbuildexecutor/aws.ec2: set hostname of executor via cloud-init This way much more of the journal will be captured under the new hostname. --- cmd/osbuild-worker/jobimpl-osbuild.go | 3 +-- internal/cloud/awscloud/secure-instance.go | 15 ++++++++------- internal/cloud/awscloud/secure-instance_test.go | 5 ++++- internal/osbuildexecutor/osbuild-executor.go | 3 --- internal/osbuildexecutor/runner-impl-aws-ec2.go | 6 ++++-- .../roles/common/files/worker-executor.service | 1 + .../set_executor_hostname.sh | 11 +++++++++++ 7 files changed, 29 insertions(+), 15 deletions(-) create mode 100644 templates/packer/ansible/roles/common/files/worker-initialization-scripts/set_executor_hostname.sh diff --git a/cmd/osbuild-worker/jobimpl-osbuild.go b/cmd/osbuild-worker/jobimpl-osbuild.go index 98945de0b..eca86fb5b 100644 --- a/cmd/osbuild-worker/jobimpl-osbuild.go +++ b/cmd/osbuild-worker/jobimpl-osbuild.go @@ -515,7 +515,7 @@ func (impl *OSBuildJobImpl) Run(job worker.Job) error { return err } defer os.RemoveAll(tmpDir) - executor = osbuildexecutor.NewAWSEC2Executor(impl.OSBuildExecutor.IAMProfile, impl.OSBuildExecutor.KeyName, impl.OSBuildExecutor.CloudWatchGroup, tmpDir) + executor = osbuildexecutor.NewAWSEC2Executor(impl.OSBuildExecutor.IAMProfile, impl.OSBuildExecutor.KeyName, impl.OSBuildExecutor.CloudWatchGroup, job.Id().String(), tmpDir) default: osbuildJobResult.JobError = clienterrors.WorkerClientError(clienterrors.ErrorInvalidConfig, "No osbuild executor defined", nil) return err @@ -533,7 +533,6 @@ func (impl *OSBuildJobImpl) Run(job worker.Job) error { ExportPaths: exportPaths, ExtraEnv: extraEnv, Result: true, - JobID: job.Id().String(), } osbuildJobResult.OSBuildOutput, err = executor.RunOSBuild(jobArgs.Manifest, opts, os.Stderr) // First handle the case when "running" osbuild failed diff --git a/internal/cloud/awscloud/secure-instance.go b/internal/cloud/awscloud/secure-instance.go index 68c895659..7f2db55d2 100644 --- a/internal/cloud/awscloud/secure-instance.go +++ b/internal/cloud/awscloud/secure-instance.go @@ -19,14 +19,15 @@ type SecureInstance struct { } // SecureInstanceUserData returns the cloud-init user data for a secure instance. -func SecureInstanceUserData(CloudWatchGroup string) string { +func SecureInstanceUserData(cloudWatchGroup, hostname string) string { additionalFiles := "" - if CloudWatchGroup != "" { + if cloudWatchGroup != "" { additionalFiles += fmt.Sprintf(` - path: /tmp/cloud_init_vars content: | OSBUILD_EXECUTOR_CLOUDWATCH_GROUP='%s' -`, CloudWatchGroup) + OSBUILD_EXECUTOR_HOSTNAME='%s' +`, cloudWatchGroup, hostname) } return fmt.Sprintf(`#cloud-config @@ -38,7 +39,7 @@ write_files: // Runs an instance with a security group that only allows traffic to // the host. Will replace resources if they already exists. -func (a *AWS) RunSecureInstance(iamProfile, keyName, CloudWatchGroup string) (*SecureInstance, error) { +func (a *AWS) RunSecureInstance(iamProfile, keyName, cloudWatchGroup, hostname string) (*SecureInstance, error) { identity, err := a.ec2metadata.GetInstanceIdentityDocument() if err != nil { logrus.Errorf("Error getting the identity document, %s", err) @@ -79,7 +80,7 @@ func (a *AWS) RunSecureInstance(iamProfile, keyName, CloudWatchGroup string) (*S return nil, err } - ltID, err := a.createOrReplaceLT(identity.InstanceID, imageID, sgID, instanceType, iamProfile, keyName, CloudWatchGroup) + ltID, err := a.createOrReplaceLT(identity.InstanceID, imageID, sgID, instanceType, iamProfile, keyName, cloudWatchGroup, hostname) if ltID != "" { secureInstance.LTID = ltID } @@ -280,7 +281,7 @@ func isLaunchTemplateNotFoundError(err error) bool { } -func (a *AWS) createOrReplaceLT(hostInstanceID, imageID, sgID, instanceType, iamProfile, keyName, CloudWatchGroup string) (string, error) { +func (a *AWS) createOrReplaceLT(hostInstanceID, imageID, sgID, instanceType, iamProfile, keyName, cloudWatchGroup, hostname string) (string, error) { ltName := fmt.Sprintf("launch-template-for-%s-runner-instance", hostInstanceID) descrLTOutput, err := a.ec2.DescribeLaunchTemplates(&ec2.DescribeLaunchTemplatesInput{ LaunchTemplateNames: []*string{ @@ -333,7 +334,7 @@ func (a *AWS) createOrReplaceLT(hostInstanceID, imageID, sgID, instanceType, iam SecurityGroupIds: []*string{ aws.String(sgID), }, - UserData: aws.String(base64.StdEncoding.EncodeToString([]byte(SecureInstanceUserData(CloudWatchGroup)))), + UserData: aws.String(base64.StdEncoding.EncodeToString([]byte(SecureInstanceUserData(cloudWatchGroup, hostname)))), }, TagSpecifications: []*ec2.TagSpecification{ &ec2.TagSpecification{ diff --git a/internal/cloud/awscloud/secure-instance_test.go b/internal/cloud/awscloud/secure-instance_test.go index 0a3c9548b..c67734486 100644 --- a/internal/cloud/awscloud/secure-instance_test.go +++ b/internal/cloud/awscloud/secure-instance_test.go @@ -8,6 +8,7 @@ import ( func TestSecureInstanceUserData(t *testing.T) { type testCase struct { CloudWatchGroup string + Hostname string ExpectedUserData string } @@ -21,6 +22,7 @@ write_files: }, { CloudWatchGroup: "test-group", + Hostname: "test-hostname", ExpectedUserData: `#cloud-config write_files: - path: /tmp/worker-run-executor-service @@ -28,13 +30,14 @@ write_files: - path: /tmp/cloud_init_vars content: | OSBUILD_EXECUTOR_CLOUDWATCH_GROUP='test-group' + OSBUILD_EXECUTOR_HOSTNAME='test-hostname' `, }, } for idx, tc := range testCases { t.Run(fmt.Sprintf("Test case %d", idx), func(t *testing.T) { - userData := SecureInstanceUserData(tc.CloudWatchGroup) + userData := SecureInstanceUserData(tc.CloudWatchGroup, tc.Hostname) if userData != tc.ExpectedUserData { t.Errorf("Expected: %s, got: %s", tc.ExpectedUserData, userData) } diff --git a/internal/osbuildexecutor/osbuild-executor.go b/internal/osbuildexecutor/osbuild-executor.go index 9748d1e42..ed3c35eae 100644 --- a/internal/osbuildexecutor/osbuild-executor.go +++ b/internal/osbuildexecutor/osbuild-executor.go @@ -14,9 +14,6 @@ type OsbuildOpts struct { Checkpoints []string ExtraEnv []string Result bool - - // not strict a osbuild opt - JobID string } type Executor interface { diff --git a/internal/osbuildexecutor/runner-impl-aws-ec2.go b/internal/osbuildexecutor/runner-impl-aws-ec2.go index be23de914..012947c63 100644 --- a/internal/osbuildexecutor/runner-impl-aws-ec2.go +++ b/internal/osbuildexecutor/runner-impl-aws-ec2.go @@ -25,6 +25,7 @@ type awsEC2Executor struct { iamProfile string keyName string cloudWatchGroup string + hostname string tmpDir string } @@ -268,7 +269,7 @@ func (ec2e *awsEC2Executor) RunOSBuild(manifest []byte, opts *OsbuildOpts, error return nil, fmt.Errorf("Failed to get default aws client in %s region: %w", region, err) } - si, err := aws.RunSecureInstance(ec2e.iamProfile, ec2e.keyName, ec2e.cloudWatchGroup) + si, err := aws.RunSecureInstance(ec2e.iamProfile, ec2e.keyName, ec2e.cloudWatchGroup, ec2e.hostname) if err != nil { return nil, fmt.Errorf("Unable to start secure instance: %w", err) } @@ -317,11 +318,12 @@ func (ec2e *awsEC2Executor) RunOSBuild(manifest []byte, opts *OsbuildOpts, error return osbuildResult, nil } -func NewAWSEC2Executor(iamProfile, keyName, cloudWatchGroup, tmpDir string) Executor { +func NewAWSEC2Executor(iamProfile, keyName, cloudWatchGroup, hostname, tmpDir string) Executor { return &awsEC2Executor{ iamProfile, keyName, cloudWatchGroup, + hostname, tmpDir, } } diff --git a/templates/packer/ansible/roles/common/files/worker-executor.service b/templates/packer/ansible/roles/common/files/worker-executor.service index 7b1233b0d..c908a0042 100644 --- a/templates/packer/ansible/roles/common/files/worker-executor.service +++ b/templates/packer/ansible/roles/common/files/worker-executor.service @@ -6,6 +6,7 @@ After=cloud-final.service [Service] Type=oneshot +ExecStart=/usr/local/libexec/worker-initialization-scripts/set_executor_hostname.sh ExecStart=/usr/local/libexec/worker-initialization-scripts/worker_executor.sh [Install] diff --git a/templates/packer/ansible/roles/common/files/worker-initialization-scripts/set_executor_hostname.sh b/templates/packer/ansible/roles/common/files/worker-initialization-scripts/set_executor_hostname.sh new file mode 100644 index 000000000..513a423d8 --- /dev/null +++ b/templates/packer/ansible/roles/common/files/worker-initialization-scripts/set_executor_hostname.sh @@ -0,0 +1,11 @@ +#!/bin/bash +set -euo pipefail +source /tmp/cloud_init_vars + +if [[ -z "$OSBUILD_EXECUTOR_HOSTNAME" ]]; then + echo "OSBUILD_EXECUTOR_HOSTNAME not set, skipping." + exit 0 +fi + +echo "Setting system hostname to $OSBUILD_EXECUTOR_HOSTNAME." +hostnamectl set-hostname "$OSBUILD_EXECUTOR_HOSTNAME"