-
Notifications
You must be signed in to change notification settings - Fork 612
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enforce minimum docker version support #1477
Conversation
038f9b0
to
385598c
Compare
agent/app/agent.go
Outdated
@@ -579,3 +588,24 @@ func (agent *ecsAgent) startACSSession( | |||
seelog.Critical("ACS Session handler should never exit") | |||
return exitcodes.ExitError | |||
} | |||
|
|||
// validateRequiredDockerVersion validates docker version to be minimum 1.9.0 | |||
func (agent *ecsAgent) validateRequiredDockerVersion(selector string) error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why can't we use a combination of ACS capabilities and API versions like we have done for other features?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
talked offline
agent/app/agent.go
Outdated
// validateRequiredDockerVersion validates docker version to be minimum 1.9.0 | ||
func (agent *ecsAgent) validateRequiredDockerVersion(selector string) error { | ||
dockerVersion, err := agent.dockerClient.Version(agent.ctx, dockerclient.VersionTimeout) | ||
if err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we retry in the case of a timeout and not exit with a terminal code?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it will exit with terminal code, since timeout will result in error.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was wondering if timeout was a transient issue, it might make sense for init to try and restart agent again to find the docker version. So instead of returning a terminal code, we could exit with a non terminal one. What do you think?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if there's a timeout, we could exit with a non terminal error code imo
agent/app/agent.go
Outdated
return errors.New("Could not get docker version") | ||
} | ||
|
||
match, err := utils.Version(dockerVersion).Matches(selector) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
how does this handle unexpected strings? dev or custom docker builds?
README.md
Outdated
@@ -14,6 +14,8 @@ The Amazon ECS Container Agent is a component of Amazon Elastic Container Servic | |||
The best source of information on running this software is the | |||
[Amazon ECS documentation](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_agent.html). | |||
|
|||
Please note that from Agent version 1.20.0, Docker versions 1.9.0 or older are no longer supported. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add a link to our docs page as well where information can be found and add a sentence here to the effect of "For more information, please visit the ECS agent documentation"
agent/app/agent.go
Outdated
dockerVersion, err := agent.dockerClient.Version(agent.ctx, dockerclient.VersionTimeout) | ||
if err != nil { | ||
seelog.Criticalf("Could not get docker version: %v", err) | ||
return errors.New("Could not get docker version") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(multiple occurrences) please follow error string format as per https://github.com/golang/go/wiki/CodeReviewComments#error-strings
agent/app/agent.go
Outdated
// validateRequiredDockerVersion validates docker version to be minimum 1.9.0 | ||
func (agent *ecsAgent) validateRequiredDockerVersion(selector string) error { | ||
dockerVersion, err := agent.dockerClient.Version(agent.ctx, dockerclient.VersionTimeout) | ||
if err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if there's a timeout, we could exit with a non terminal error code imo
5662f28
to
de4f86c
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for making another pass at this.
agent/app/agent.go
Outdated
minVersionMet := false | ||
for _, version := range supportedVersions { | ||
if version == dockerclient.Version_1_21 { | ||
minVersionMet = true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if you return -1, true
here, you can get rid of this variable and the next if statement. :)
agent/app/agent.go
Outdated
@@ -213,6 +214,12 @@ func (agent *ecsAgent) doStart(containerChangeEventStream *eventstream.EventStre | |||
imageManager engine.ImageManager, | |||
client api.ECSClient) int { | |||
|
|||
// check docker version >= 1.9.0, exit agent if older | |||
exitcode, valid := agent.validateRequiredVersion() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you wanted, you could follow this idiom.
if exitcode, valid:= agent.validate(); !valid{
return exitcode
}
README.md
Outdated
@@ -14,6 +14,8 @@ The Amazon ECS Container Agent is a component of Amazon Elastic Container Servic | |||
The best source of information on running this software is the | |||
[Amazon ECS documentation](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_agent.html). | |||
|
|||
Please note that from Agent version 1.20.0, Minimum required docker version is 1.9.0, corresponding to API version 1.21. For more information, please visit [Amazon ECS Container Agent Versions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/container_agent_versions.html). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe fully qualify "Docker API version 1.21"
2471cfe
to
4b689ff
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nits and question about additional unit test case
agent/app/agent.go
Outdated
@@ -213,6 +214,11 @@ func (agent *ecsAgent) doStart(containerChangeEventStream *eventstream.EventStre | |||
imageManager engine.ImageManager, | |||
client api.ECSClient) int { | |||
|
|||
// check docker version >= 1.9.0, exit agent if older | |||
if exitcode, verified := agent.verifyRequiredVersion(); !verified { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit, naming: can we use if exitcode, ok :=
here? would be in line with golang bool returns convention.
agent/app/agent.go
Outdated
} | ||
|
||
// api 1.21 is not supported, docker version is older than 1.9.0 | ||
seelog.Criticalf("Required minimum docker API verion %s is not supported ", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: extra space at end of log line
oldAPIVersions := []dockerclient.DockerVersion{ | ||
dockerclient.Version_1_18, | ||
dockerclient.Version_1_19, | ||
dockerclient.Version_1_20} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should a unit test cover the happy path as well? checking for Version_1_21
as well?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That usecase is covered by all the other unit tests in this file, using "apiVersions".
|
||
exitCode := agent.doStart(eventstream.NewEventStream("events", ctx), | ||
credentialsManager, state, imageManager, client) | ||
assert.Equal(t, exitcodes.ExitTerminal, exitCode) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you please add a test case for exitcodes.ExitError
as well?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
added TestDoStartMinimumSupportedDockerVersionError test case
agent/app/agent.go
Outdated
// validateRequiredVersion validates docker version. | ||
// Minimum docker version supported is 1.9.0, maps to api version 1.21 | ||
// see https://docs.docker.com/develop/sdk/#api-version-matrix | ||
func (agent *ecsAgent) verifyRequiredVersion() (int, bool) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Renaming this to verifyRequiredDockerVersion
might be more descriptive.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we are doing this, should we also remove the 1.17, ,1.18, 1.19, 1.20 from the list of supported versions, and also the default version should now be changed to 1.21?
CHANGELOG.md
Outdated
@@ -1,5 +1,8 @@ | |||
# Changelog | |||
|
|||
## 1.20.0-dev | |||
* Feature - Support Docker volume and driver plugins. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably it's better to list them as two items?
Feature - Add support for Docker volume plugins
Enhancement - Replace the empty container with Docker local volume
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should add a note about locking out older docker versions -- the changelog would be a reasonable place to put a significant change like that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've added "deprecating support for older docker versions" as enhancement.
@@ -14,6 +14,8 @@ The Amazon ECS Container Agent is a component of Amazon Elastic Container Servic | |||
The best source of information on running this software is the | |||
[Amazon ECS documentation](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_agent.html). | |||
|
|||
Please note that from Agent version 1.20.0, Minimum required Docker version is 1.9.0, corresponding to Docker API version 1.21. For more information, please visit [Amazon ECS Container Agent Versions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/container_agent_versions.html). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you ask @nrdlngr to take a look at this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ping'd him.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would it be possible to rephrase a bit?
"Please note: starting from Agent 1.20.0, the minimum supported Docker version is 1.9.0."
Also: can you break lines at 80 or 120 characters? This is a super long single line in a text file now.
9b02e28
to
b1726c7
Compare
supportedVersions := agent.dockerClient.SupportedVersions() | ||
if len(supportedVersions) == 0 { | ||
seelog.Critical("Could not get supported docker versions.") | ||
return exitcodes.ExitError, false |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
With the new api version change(minimum is 1.21), you probably only need to return exitcodes.ExitTerminal
here, and then you can remove the rest of the code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Undid this change, CP backend might still need >= logic on the api versions. Keeping exitError here. Updated getDefaultVersion to return 1.21 however.
3327bb6
to
3db6809
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm, thanks for making those changes
CHANGELOG.md
Outdated
* Feature - Add support for Docker volume plugins | ||
* Enhancement - Replace the empty container with Docker local volume | ||
* Enhancement - Deprecate support for Docker version older than 1.9.0 | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These changelog items need PR links.
68fedda
to
f25f0e7
Compare
CHANGELOG.md
Outdated
## 1.20.0-dev | ||
* Feature - Add support for Docker volume plugins | ||
* Enhancement - Replace the empty container with Docker local volume | ||
* Enhancement - Deprecate support for Docker version older than 1.9.0 [1477](https://github.com/aws/amazon-ecs-agent/pull/1477) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: [#1477]
…ing support for any previous versions updated default docker api version to 1.21.
0a79394
to
c75c475
Compare
@@ -14,6 +14,8 @@ The Amazon ECS Container Agent is a component of Amazon Elastic Container Servic | |||
The best source of information on running this software is the | |||
[Amazon ECS documentation](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_agent.html). | |||
|
|||
Please note that from Agent version 1.20.0, Minimum required Docker version is 1.9.0, corresponding to Docker API version 1.21. For more information, please visit [Amazon ECS Container Agent Versions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/container_agent_versions.html). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would it be possible to rephrase a bit?
"Please note: starting from Agent 1.20.0, the minimum supported Docker version is 1.9.0."
Also: can you break lines at 80 or 120 characters? This is a super long single line in a text file now.
} | ||
|
||
// api 1.21 is not supported, docker version is older than 1.9.0 | ||
seelog.Criticalf("Required minimum docker API verion %s is not supported", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"Docker API"
// if api version 1.21 is supported, it means docker version is at least 1.9.0 | ||
for _, version := range supportedVersions { | ||
if version == dockerclient.Version_1_21 { | ||
return -1, true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What's -1
? Can you use one of the exitcodes
constants?
…revious versions
Summary
Deprecate support for docker version older than 1.9.0, by checking for Docker API 1.21 support. Using API version instead of Docker version since it's been more consistent historically.
Implementation details
During agent startup, check for docker api version and return ExitTerminal if 1.21 is not supported. See https://docs.docker.com/develop/sdk/#api-version-matrix (docker 1.9.0 corresponds to api 1.21).
Testing
make release
)go build -out amazon-ecs-agent.exe ./agent
)make test
) passgo test -timeout=25s ./agent/...
) passmake run-integ-tests
) pass.\scripts\run-integ-tests.ps1
) passmake run-functional-tests
) pass.\scripts\run-functional-tests.ps1
) passNew tests cover the changes: yes
Description for the changelog
Licensing
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.