Enforce minimum docker version support #1477
Conversation
yhlee-aws
force-pushed
the
enforce_min_docker_ver
branch
3 times, most recently
from
038f9b0
to
385598c
Compare
agent/app/agent.go
Outdated
| @@ -579,3 +588,24 @@ func (agent *ecsAgent) startACSSession( | |||
| seelog.Critical("ACS Session handler should never exit") | |||
| return exitcodes.ExitError | |||
| } | |||
|
|
|||
| // validateRequiredDockerVersion validates docker version to be minimum 1.9.0 | |||
| func (agent *ecsAgent) validateRequiredDockerVersion(selector string) error { | |||
There was a problem hiding this comment.
Why can't we use a combination of ACS capabilities and API versions like we have done for other features?
agent/app/agent.go
Outdated
| // validateRequiredDockerVersion validates docker version to be minimum 1.9.0 | ||
| func (agent *ecsAgent) validateRequiredDockerVersion(selector string) error { | ||
| dockerVersion, err := agent.dockerClient.Version(agent.ctx, dockerclient.VersionTimeout) | ||
| if err != nil { |
There was a problem hiding this comment.
Should we retry in the case of a timeout and not exit with a terminal code?
There was a problem hiding this comment.
it will exit with terminal code, since timeout will result in error.
There was a problem hiding this comment.
I was wondering if timeout was a transient issue, it might make sense for init to try and restart agent again to find the docker version. So instead of returning a terminal code, we could exit with a non terminal one. What do you think?
There was a problem hiding this comment.
if there's a timeout, we could exit with a non terminal error code imo
agent/app/agent.go
Outdated
| return errors.New("Could not get docker version") | ||
| } | ||
|
|
||
| match, err := utils.Version(dockerVersion).Matches(selector) |
There was a problem hiding this comment.
how does this handle unexpected strings? dev or custom docker builds?
README.md
Outdated
| @@ -14,6 +14,8 @@ The Amazon ECS Container Agent is a component of Amazon Elastic Container Servic | |||
| The best source of information on running this software is the | |||
| [Amazon ECS documentation](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_agent.html). | |||
|
|
|||
| Please note that from Agent version 1.20.0, Docker versions 1.9.0 or older are no longer supported. | |||
There was a problem hiding this comment.
Please add a link to our docs page as well where information can be found and add a sentence here to the effect of "For more information, please visit the ECS agent documentation"
agent/app/agent.go
Outdated
| dockerVersion, err := agent.dockerClient.Version(agent.ctx, dockerclient.VersionTimeout) | ||
| if err != nil { | ||
| seelog.Criticalf("Could not get docker version: %v", err) | ||
| return errors.New("Could not get docker version") |
There was a problem hiding this comment.
(multiple occurrences) please follow error string format as per https://github.com/golang/go/wiki/CodeReviewComments#error-strings
agent/app/agent.go
Outdated
| // validateRequiredDockerVersion validates docker version to be minimum 1.9.0 | ||
| func (agent *ecsAgent) validateRequiredDockerVersion(selector string) error { | ||
| dockerVersion, err := agent.dockerClient.Version(agent.ctx, dockerclient.VersionTimeout) | ||
| if err != nil { |
There was a problem hiding this comment.
if there's a timeout, we could exit with a non terminal error code imo
yhlee-aws
force-pushed
the
enforce_min_docker_ver
branch
2 times, most recently
from
5662f28
to
de4f86c
Compare
agent/app/agent.go
Outdated
| minVersionMet := false | ||
| for _, version := range supportedVersions { | ||
| if version == dockerclient.Version_1_21 { | ||
| minVersionMet = true |
There was a problem hiding this comment.
if you return -1, true here, you can get rid of this variable and the next if statement. :)
agent/app/agent.go
Outdated
| @@ -213,6 +214,12 @@ func (agent *ecsAgent) doStart(containerChangeEventStream *eventstream.EventStre | |||
| imageManager engine.ImageManager, | |||
| client api.ECSClient) int { | |||
|
|
|||
| // check docker version >= 1.9.0, exit agent if older | |||
| exitcode, valid := agent.validateRequiredVersion() | |||
There was a problem hiding this comment.
If you wanted, you could follow this idiom.
if exitcode, valid:= agent.validate(); !valid{
return exitcode
}
README.md
Outdated
| @@ -14,6 +14,8 @@ The Amazon ECS Container Agent is a component of Amazon Elastic Container Servic | |||
| The best source of information on running this software is the | |||
| [Amazon ECS documentation](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_agent.html). | |||
|
|
|||
| Please note that from Agent version 1.20.0, Minimum required docker version is 1.9.0, corresponding to API version 1.21. For more information, please visit [Amazon ECS Container Agent Versions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/container_agent_versions.html). | |||
There was a problem hiding this comment.
maybe fully qualify "Docker API version 1.21"
yhlee-aws
force-pushed
the
enforce_min_docker_ver
branch
from
2471cfe
to
4b689ff
Compare
agent/app/agent.go
Outdated
| @@ -213,6 +214,11 @@ func (agent *ecsAgent) doStart(containerChangeEventStream *eventstream.EventStre | |||
| imageManager engine.ImageManager, | |||
| client api.ECSClient) int { | |||
|
|
|||
| // check docker version >= 1.9.0, exit agent if older | |||
| if exitcode, verified := agent.verifyRequiredVersion(); !verified { | |||
There was a problem hiding this comment.
nit, naming: can we use if exitcode, ok := here? would be in line with golang bool returns convention.
agent/app/agent.go
Outdated
| } | ||
|
|
||
| // api 1.21 is not supported, docker version is older than 1.9.0 | ||
| seelog.Criticalf("Required minimum docker API verion %s is not supported ", |
There was a problem hiding this comment.
nit: extra space at end of log line
| oldAPIVersions := []dockerclient.DockerVersion{ | ||
| dockerclient.Version_1_18, | ||
| dockerclient.Version_1_19, | ||
| dockerclient.Version_1_20} |
There was a problem hiding this comment.
should a unit test cover the happy path as well? checking for Version_1_21 as well?
There was a problem hiding this comment.
That usecase is covered by all the other unit tests in this file, using "apiVersions".
|
|
||
| exitCode := agent.doStart(eventstream.NewEventStream("events", ctx), | ||
| credentialsManager, state, imageManager, client) | ||
| assert.Equal(t, exitcodes.ExitTerminal, exitCode) |
There was a problem hiding this comment.
Could you please add a test case for exitcodes.ExitError as well?
There was a problem hiding this comment.
added TestDoStartMinimumSupportedDockerVersionError test case
agent/app/agent.go
Outdated
| // validateRequiredVersion validates docker version. | ||
| // Minimum docker version supported is 1.9.0, maps to api version 1.21 | ||
| // see https://docs.docker.com/develop/sdk/#api-version-matrix | ||
| func (agent *ecsAgent) verifyRequiredVersion() (int, bool) { |
There was a problem hiding this comment.
Renaming this to verifyRequiredDockerVersion might be more descriptive.
There was a problem hiding this comment.
If we are doing this, should we also remove the 1.17, ,1.18, 1.19, 1.20 from the list of supported versions, and also the default version should now be changed to 1.21?
CHANGELOG.md
Outdated
| @@ -1,5 +1,8 @@ | |||
| # Changelog | |||
|
|
|||
| ## 1.20.0-dev | |||
| * Feature - Support Docker volume and driver plugins. | |||
There was a problem hiding this comment.
Probably it's better to list them as two items?
Feature - Add support for Docker volume plugins
Enhancement - Replace the empty container with Docker local volume
There was a problem hiding this comment.
We should add a note about locking out older docker versions -- the changelog would be a reasonable place to put a significant change like that.
There was a problem hiding this comment.
I've added "deprecating support for older docker versions" as enhancement.
| @@ -14,6 +14,8 @@ The Amazon ECS Container Agent is a component of Amazon Elastic Container Servic | |||
| The best source of information on running this software is the | |||
| [Amazon ECS documentation](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_agent.html). | |||
|
|
|||
| Please note that from Agent version 1.20.0, Minimum required Docker version is 1.9.0, corresponding to Docker API version 1.21. For more information, please visit [Amazon ECS Container Agent Versions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/container_agent_versions.html). | |||
There was a problem hiding this comment.
Can you ask @nrdlngr to take a look at this?
There was a problem hiding this comment.
Would it be possible to rephrase a bit?
"Please note: starting from Agent 1.20.0, the minimum supported Docker version is 1.9.0."
Also: can you break lines at 80 or 120 characters? This is a super long single line in a text file now.
yhlee-aws
force-pushed
the
enforce_min_docker_ver
branch
2 times, most recently
from
9b02e28
to
b1726c7
Compare
| supportedVersions := agent.dockerClient.SupportedVersions() | ||
| if len(supportedVersions) == 0 { | ||
| seelog.Critical("Could not get supported docker versions.") | ||
| return exitcodes.ExitError, false |
There was a problem hiding this comment.
With the new api version change(minimum is 1.21), you probably only need to return exitcodes.ExitTerminal here, and then you can remove the rest of the code.
There was a problem hiding this comment.
Undid this change, CP backend might still need >= logic on the api versions. Keeping exitError here. Updated getDefaultVersion to return 1.21 however.
yhlee-aws
force-pushed
the
enforce_min_docker_ver
branch
2 times, most recently
from
3327bb6
to
3db6809
Compare
CHANGELOG.md
Outdated
| * Feature - Add support for Docker volume plugins | ||
| * Enhancement - Replace the empty container with Docker local volume | ||
| * Enhancement - Deprecate support for Docker version older than 1.9.0 | ||
|
|
There was a problem hiding this comment.
These changelog items need PR links.
yhlee-aws
force-pushed
the
enforce_min_docker_ver
branch
from
68fedda
to
f25f0e7
Compare
CHANGELOG.md
Outdated
| ## 1.20.0-dev | ||
| * Feature - Add support for Docker volume plugins | ||
| * Enhancement - Replace the empty container with Docker local volume | ||
| * Enhancement - Deprecate support for Docker version older than 1.9.0 [1477](https://github.com/aws/amazon-ecs-agent/pull/1477) |
…ing support for any previous versions updated default docker api version to 1.21.
yhlee-aws
force-pushed
the
enforce_min_docker_ver
branch
from
0a79394
to
c75c475
Compare
| @@ -14,6 +14,8 @@ The Amazon ECS Container Agent is a component of Amazon Elastic Container Servic | |||
| The best source of information on running this software is the | |||
| [Amazon ECS documentation](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_agent.html). | |||
|
|
|||
| Please note that from Agent version 1.20.0, Minimum required Docker version is 1.9.0, corresponding to Docker API version 1.21. For more information, please visit [Amazon ECS Container Agent Versions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/container_agent_versions.html). | |||
There was a problem hiding this comment.
Would it be possible to rephrase a bit?
"Please note: starting from Agent 1.20.0, the minimum supported Docker version is 1.9.0."
Also: can you break lines at 80 or 120 characters? This is a super long single line in a text file now.
| } | ||
|
|
||
| // api 1.21 is not supported, docker version is older than 1.9.0 | ||
| seelog.Criticalf("Required minimum docker API verion %s is not supported", |
| // if api version 1.21 is supported, it means docker version is at least 1.9.0 | ||
| for _, version := range supportedVersions { | ||
| if version == dockerclient.Version_1_21 { | ||
| return -1, true |
There was a problem hiding this comment.
What's -1? Can you use one of the exitcodes constants?
…revious versions
Summary
Deprecate support for docker version older than 1.9.0, by checking for Docker API 1.21 support. Using API version instead of Docker version since it's been more consistent historically.
Implementation details
During agent startup, check for docker api version and return ExitTerminal if 1.21 is not supported. See https://docs.docker.com/develop/sdk/#api-version-matrix (docker 1.9.0 corresponds to api 1.21).
Testing
make release)go build -out amazon-ecs-agent.exe ./agent)make test) passgo test -timeout=25s ./agent/...) passmake run-integ-tests) pass.\scripts\run-integ-tests.ps1) passmake run-functional-tests) pass.\scripts\run-functional-tests.ps1) passNew tests cover the changes: yes
Description for the changelog
Licensing
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.