osbuildexecutor/aws.ec2: set hostname of executor via cloud-init

This way much more of the journal will be captured under the new hostname.
2024-06-20 13:40:07 +02:00 · 2024-06-20 13:40:07 +02:00 · 2a621521a8
commit 2a621521a8
parent 14052e25db
7 changed files with 29 additions and 15 deletions
--- a/cmd/osbuild-worker/jobimpl-osbuild.go
+++ b/cmd/osbuild-worker/jobimpl-osbuild.go
@ -515,7 +515,7 @@ func (impl *OSBuildJobImpl) Run(job worker.Job) error {
 			return err
 		}
 		defer os.RemoveAll(tmpDir)
-		executor = osbuildexecutor.NewAWSEC2Executor(impl.OSBuildExecutor.IAMProfile, impl.OSBuildExecutor.KeyName, impl.OSBuildExecutor.CloudWatchGroup, tmpDir)
+		executor = osbuildexecutor.NewAWSEC2Executor(impl.OSBuildExecutor.IAMProfile, impl.OSBuildExecutor.KeyName, impl.OSBuildExecutor.CloudWatchGroup, job.Id().String(), tmpDir)
 	default:
 		osbuildJobResult.JobError = clienterrors.WorkerClientError(clienterrors.ErrorInvalidConfig, "No osbuild executor defined", nil)
 		return err
@ -533,7 +533,6 @@ func (impl *OSBuildJobImpl) Run(job worker.Job) error {
 		ExportPaths: exportPaths,
 		ExtraEnv:    extraEnv,
 		Result:      true,
 		JobID:       job.Id().String(),
 	}
 	osbuildJobResult.OSBuildOutput, err = executor.RunOSBuild(jobArgs.Manifest, opts, os.Stderr)
 	// First handle the case when "running" osbuild failed
--- a/internal/cloud/awscloud/secure-instance.go
+++ b/internal/cloud/awscloud/secure-instance.go
@ -19,14 +19,15 @@ type SecureInstance struct {
 }
 // SecureInstanceUserData returns the cloud-init user data for a secure instance.
-func SecureInstanceUserData(CloudWatchGroup string) string {
+func SecureInstanceUserData(cloudWatchGroup, hostname string) string {
 	additionalFiles := ""
-	if CloudWatchGroup != "" {
+	if cloudWatchGroup != "" {
 		additionalFiles += fmt.Sprintf(`  - path: /tmp/cloud_init_vars
    content: |
      OSBUILD_EXECUTOR_CLOUDWATCH_GROUP='%s'
-`, CloudWatchGroup)
+      OSBUILD_EXECUTOR_HOSTNAME='%s'
 `, cloudWatchGroup, hostname)
 	}
 	return fmt.Sprintf(`#cloud-config
@ -38,7 +39,7 @@ write_files:
 // Runs an instance with a security group that only allows traffic to
 // the host. Will replace resources if they already exists.
-func (a *AWS) RunSecureInstance(iamProfile, keyName, CloudWatchGroup string) (*SecureInstance, error) {
+func (a *AWS) RunSecureInstance(iamProfile, keyName, cloudWatchGroup, hostname string) (*SecureInstance, error) {
 	identity, err := a.ec2metadata.GetInstanceIdentityDocument()
 	if err != nil {
 		logrus.Errorf("Error getting the identity document, %s", err)
@ -79,7 +80,7 @@ func (a *AWS) RunSecureInstance(iamProfile, keyName, CloudWatchGroup string) (*S
 		return nil, err
 	}
-	ltID, err := a.createOrReplaceLT(identity.InstanceID, imageID, sgID, instanceType, iamProfile, keyName, CloudWatchGroup)
+	ltID, err := a.createOrReplaceLT(identity.InstanceID, imageID, sgID, instanceType, iamProfile, keyName, cloudWatchGroup, hostname)
 	if ltID != "" {
 		secureInstance.LTID = ltID
 	}
@ -280,7 +281,7 @@ func isLaunchTemplateNotFoundError(err error) bool {
 }
-func (a *AWS) createOrReplaceLT(hostInstanceID, imageID, sgID, instanceType, iamProfile, keyName, CloudWatchGroup string) (string, error) {
+func (a *AWS) createOrReplaceLT(hostInstanceID, imageID, sgID, instanceType, iamProfile, keyName, cloudWatchGroup, hostname string) (string, error) {
 	ltName := fmt.Sprintf("launch-template-for-%s-runner-instance", hostInstanceID)
 	descrLTOutput, err := a.ec2.DescribeLaunchTemplates(&ec2.DescribeLaunchTemplatesInput{
 		LaunchTemplateNames: []*string{
@ -333,7 +334,7 @@ func (a *AWS) createOrReplaceLT(hostInstanceID, imageID, sgID, instanceType, iam
 			SecurityGroupIds: []*string{
 				aws.String(sgID),
 			},
-			UserData: aws.String(base64.StdEncoding.EncodeToString([]byte(SecureInstanceUserData(CloudWatchGroup)))),
+			UserData: aws.String(base64.StdEncoding.EncodeToString([]byte(SecureInstanceUserData(cloudWatchGroup, hostname)))),
 		},
 		TagSpecifications: []*ec2.TagSpecification{
 			&ec2.TagSpecification{
--- a/internal/cloud/awscloud/secure-instance_test.go
+++ b/internal/cloud/awscloud/secure-instance_test.go
@ -8,6 +8,7 @@ import (
 func TestSecureInstanceUserData(t *testing.T) {
 	type testCase struct {
 		CloudWatchGroup  string
 		Hostname         string
 		ExpectedUserData string
 	}
@ -21,6 +22,7 @@ write_files:
 		},
 		{
 			CloudWatchGroup: "test-group",
 			Hostname:        "test-hostname",
 			ExpectedUserData: `#cloud-config
 write_files:
  - path: /tmp/worker-run-executor-service
@ -28,13 +30,14 @@ write_files:
  - path: /tmp/cloud_init_vars
    content: |
      OSBUILD_EXECUTOR_CLOUDWATCH_GROUP='test-group'
      OSBUILD_EXECUTOR_HOSTNAME='test-hostname'
 `,
 		},
 	}
 	for idx, tc := range testCases {
 		t.Run(fmt.Sprintf("Test case %d", idx), func(t *testing.T) {
-			userData := SecureInstanceUserData(tc.CloudWatchGroup)
+			userData := SecureInstanceUserData(tc.CloudWatchGroup, tc.Hostname)
 			if userData != tc.ExpectedUserData {
 				t.Errorf("Expected: %s, got: %s", tc.ExpectedUserData, userData)
 			}
--- a/internal/osbuildexecutor/osbuild-executor.go
+++ b/internal/osbuildexecutor/osbuild-executor.go
@ -14,9 +14,6 @@ type OsbuildOpts struct {
 	Checkpoints []string
 	ExtraEnv    []string
 	Result      bool
 	// not strict a osbuild opt
 	JobID string
 }
 type Executor interface {
--- a/internal/osbuildexecutor/runner-impl-aws-ec2.go
+++ b/internal/osbuildexecutor/runner-impl-aws-ec2.go
@ -25,6 +25,7 @@ type awsEC2Executor struct {
 	iamProfile      string
 	keyName         string
 	cloudWatchGroup string
 	hostname        string
 	tmpDir          string
 }
@ -268,7 +269,7 @@ func (ec2e *awsEC2Executor) RunOSBuild(manifest []byte, opts *OsbuildOpts, error
 		return nil, fmt.Errorf("Failed to get default aws client in %s region: %w", region, err)
 	}
-	si, err := aws.RunSecureInstance(ec2e.iamProfile, ec2e.keyName, ec2e.cloudWatchGroup)
+	si, err := aws.RunSecureInstance(ec2e.iamProfile, ec2e.keyName, ec2e.cloudWatchGroup, ec2e.hostname)
 	if err != nil {
 		return nil, fmt.Errorf("Unable to start secure instance: %w", err)
 	}
@ -317,11 +318,12 @@ func (ec2e *awsEC2Executor) RunOSBuild(manifest []byte, opts *OsbuildOpts, error
 	return osbuildResult, nil
 }
-func NewAWSEC2Executor(iamProfile, keyName, cloudWatchGroup, tmpDir string) Executor {
+func NewAWSEC2Executor(iamProfile, keyName, cloudWatchGroup, hostname, tmpDir string) Executor {
 	return &awsEC2Executor{
 		iamProfile,
 		keyName,
 		cloudWatchGroup,
 		hostname,
 		tmpDir,
 	}
 }
--- a/templates/packer/ansible/roles/common/files/worker-executor.service
+++ b/templates/packer/ansible/roles/common/files/worker-executor.service
@ -6,6 +6,7 @@ After=cloud-final.service
 [Service]
 Type=oneshot
 ExecStart=/usr/local/libexec/worker-initialization-scripts/set_executor_hostname.sh
 ExecStart=/usr/local/libexec/worker-initialization-scripts/worker_executor.sh
 [Install]
--- a/templates/packer/ansible/roles/common/files/worker-initialization-scripts/set_executor_hostname.sh
+++ b/templates/packer/ansible/roles/common/files/worker-initialization-scripts/set_executor_hostname.sh
@ -0,0 +1,11 @@
 #!/bin/bash
 set -euo pipefail
 source /tmp/cloud_init_vars
 if [[ -z "$OSBUILD_EXECUTOR_HOSTNAME" ]]; then
    echo "OSBUILD_EXECUTOR_HOSTNAME not set, skipping."
    exit 0
 fi
 echo "Setting system hostname to $OSBUILD_EXECUTOR_HOSTNAME."
 hostnamectl set-hostname "$OSBUILD_EXECUTOR_HOSTNAME"