mantle/aws: ami f39 changes #3586
Conversation
|
Skipping CI for Draft Pull Request. |
|
Nice. Thanks for working on this! A few questions/ideas:
|
AWS now allows marking an AMI as "UEFI-preferred"; i.e. that both BIOS and UEFI are supported, but the latter is preferred if the instance type supports it. Let's make use of it. A change proposal has been submitted for Fedora 39 to also do this for the Fedora Cloud image. Ref: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-boot.html Ref: https://fedoraproject.org/wiki/Changes/CloudEC2UEFIPreferred
|
After talking offline with @dustymabe, we decided it might make more sense to create a knob for each of the features. Exposing them through the image.yaml file to reduce the impact on the existing function signatures by using environment variables which can be sneaky removed / configured. |
prestist
force-pushed
the
ami-updates
branch
2 times, most recently
from
568cc93
to
b605888
Compare
|
Ok @dustymabe, we should be good for another review :) |
src/cosalib/aws.py
Outdated
| os.environ["aws_imds_support"] = image_yaml['aws-imds-support'] | ||
| os.environ["aws_volume_type"] = image_yaml['aws-volume-type'] | ||
| os.environ["aws_boot_mode"] = image_yaml['aws-boot-mode'] |
There was a problem hiding this comment.
Let's use uppercase here. I typically see all caps and it leads me to "this is an environment variable" more quickly.
It may also be good to prefix the env vars with MANTLE to make it super clear this isn't some sort of AWS SDK environment variable we are setting:
| os.environ["aws_imds_support"] = image_yaml['aws-imds-support'] | |
| os.environ["aws_volume_type"] = image_yaml['aws-volume-type'] | |
| os.environ["aws_boot_mode"] = image_yaml['aws-boot-mode'] | |
| os.environ["MANTLE_AWS_IMDS_SUPPORT"] = image_yaml['aws-imds-support'] | |
| os.environ["MANTLE_AWS_VOLUME_TYPE"] = image_yaml['aws-volume-type'] | |
| os.environ["MANTLE_AWS_BOOT_MODE"] = image_yaml['aws-boot-mode'] |
There was a problem hiding this comment.
Is there a reason we're not passing this info as parameters instead?
There was a problem hiding this comment.
Or, just pass the final image.json to mantle and have it parse it directly...
There was a problem hiding this comment.
yes. I view these settings as relatively temporary so my guidance to @prestist was to use environment variables rather than figure out how to weave in/pass the information down through each layer.
The goal here is to remove these settings after some relatively short period of time.
Maybe the advice was misguided. If so, it's on me.
There was a problem hiding this comment.
Or, just pass the final
image.jsonto mantle and have it parse it directly...
I thought about that, but it's less clear to me whether that's the best path forward. AFAIK, this would be a first for ore, which we've treated so far as a lower level tool wrapped by cosa. I think the value of keeping it separate is to have the image.yaml handling centralized at the cosa level, and keeping ore generic.
Maybe the advice was misguided. If so, it's on me.
I'm not strongly against it, it just feels hacky. :) I think the "passing down through layers" wouldn't be hard since CreateHVMImage() is called directly by upload.go where the flags are located, so it'd just be one layer (and a cumbersome function signature, but like you said, it'd hopefully be temporary).
There was a problem hiding this comment.
I'm not strongly against it, it just feels hacky. :) I think the "passing down through layers" wouldn't be hard since
CreateHVMImage()is called directly byupload.gowhere the flags are located, so it'd just be one layer (and a cumbersome function signature, but like you said, it'd hopefully be temporary).
Right, but what's the goal? Is the goal to not use env variables at all here? In which case we'd need to add ore CLI opts, which I'd rather avoid if we plan to delete it soon.
If we're going to use env vars anyway I think I'd rather it be where the PR currently has it closer to where it's used so we don't have to change the function signatures.
TL;DR I definitely wouldn't suggest using env vars for this if it wasn't a temporary thing. I think in that case I'd advocate for ore CLI opts instead.
There was a problem hiding this comment.
What I'm suggesting is to not use env vars at all since it's trivial to do it with switches, which are cleaner and more characteristic of ore. Also, hacks we think are temporary today often turn out not to be and linger for years. :)
There was a problem hiding this comment.
"switches" being CLI opts?
i.e. ore aws --volumetype=gp2 ... ?
There was a problem hiding this comment.
"switches" being CLI opts?
i.e.
ore aws --volumetype=gp2 ...?
Yup, exactly!
| @@ -349,14 +365,15 @@ func (a *API) CreateHVMImage(snapshotID string, diskSizeGiB uint, name string, d | |||
| Architecture: aws.String(awsArch), | |||
| VirtualizationType: aws.String("hvm"), | |||
| RootDeviceName: aws.String("/dev/xvda"), | |||
| ImdsSupport: aws.String(imdsSupport), | |||
There was a problem hiding this comment.
Is passing in an empty string here the same thing as not passing a value for ImdsSupport at all?
There was a problem hiding this comment.
maybe instead of an empty string we should just default to v2.0 in the code above?
src/image-default.yaml
Outdated
| # Defaults for AWS | ||
| aws-imds-support: "v2.0" | ||
| aws-volume-type: "gp3" | ||
| aws-boot-mode: "uefi-preferred" |
There was a problem hiding this comment.
this knob should probably be architecture specific. Since the only option for aarch64 is uefi I think we can get by with still only having one knob, just mention x86_64:
aws-boot-mode-x86-64: "uefi-preferred"
mantle/platform/api/aws/images.go
Outdated
| if !set { | ||
| imdsSupport = "" | ||
| } | ||
| bootmode, set = os.LookupEnv("aws_boot_mode") |
There was a problem hiding this comment.
Assuming we do #3586 (comment) WDYT about moving the !set logic up here and renaming this variable to signify it's specific to x86_64?
| bootmode, set = os.LookupEnv("aws_boot_mode") | |
| bootmodex86, set = os.LookupEnv("aws_boot_mode_x86_64") | |
| if !set { | |
| bootmodex86 = "uefi-preferred" | |
| } |
|
Should we add a test to our test suite that sets these settings back to the old values when launching an AMI and doing a sanity check? |
prestist
force-pushed
the
ami-updates
branch
2 times, most recently
from
701f1d8
to
0b5df45
Compare
IMDSV2-only has the potential to break existing systems, expose configuration through an environment vairable defined in 'image-default.yaml' to overide defaults. Default volume type to 'gp3', while 'gp3' is generally better there could be a reason to change it. Expose configuration through enviornment variable defined in 'image-default.yaml' to allow for overiding. Docs: IMDSv2: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-IMDS-new-instances.html#configure-IMDS-new-instances-ami-configuration GP3: https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-plan-storage-compare-volume-types.html
Add configuration for boot mode when used with a supported architecture i.e. 'amd64/x86_64'. With a default of 'uefi-preferred'.
prestist
force-pushed
the
ami-updates
branch
from
0b5df45
to
ebc5105
Compare
I was thinking about it the other way too: a non-exclusive external test to verify the new defaults. But I don't think you can tell from within a host what kind of volume type you're on (unless we have it talk to the API but I don't know if think our test instances are set up to have that enabled). It could still at least check if it booted via UEFI or BIOS. Not sure either for IMDSv2. I guess it would be easier to test this from the outside instead, though that means writing it in either mantle or Not sure, thinking it's probably not worth trying to automate this vs. sanity-checking it manually. But not strongly against either. |
|
Let's close this one in favour of #3607. |
Pulled in changes from #3402
Fixes: coreos/fedora-coreos-tracker#1502
Regarding documentation for the switch of the default from gp2 to gp3 is there a way to preload release notes for this repo?
i.e
https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-plan-storage-compare-volume-types.html