Add support for Container Insights on Windows in otel repo (aws#1076)

jefchien · Mar 7, 2024 · 9ac52c9 · 9ac52c9
1 parent 79d7271
commit 9ac52c9
Show file tree

Hide file tree

Showing 17 changed files with 608 additions and 202 deletions.
diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml
@@ -79,6 +79,7 @@ jobs:
     with:
       ContainerRepositoryNameAndTag: "cwagent-integration-test:${{ github.sha }}"
       BucketKey: "integration-test/binary/${{ github.sha }}"
+      PackageBucketKey: "integration-test/packaging/${{ github.sha }}"
 
   BuildAndUploadITAR:
     uses: ./.github/workflows/test-build.yml

diff --git a/.github/workflows/nightly-build.yml b/.github/workflows/nightly-build.yml
@@ -41,3 +41,4 @@ jobs:
     with:
       ContainerRepositoryNameAndTag: "nightly-build:latest"
       BucketKey: "nightly-build/latest"
+      PackageBucketKey: "nightly-build/latest"
diff --git a/.github/workflows/soak-test.yml b/.github/workflows/soak-test.yml
@@ -58,6 +58,7 @@ jobs:
     with:
       ContainerRepositoryNameAndTag: "cwagent-integration-test:${{ github.sha }}"
       BucketKey: "integration-test/binary/${{ github.sha }}"
+      PackageBucketKey: "integration-test/packaging/${{ github.sha }}"
 
   DeploySoakTest:
     name: "DeploySoakTest"

diff --git a/.github/workflows/test-build-docker.yml b/.github/workflows/test-build-docker.yml
diff --git a/.github/workflows/test-build-packages.yml b/.github/workflows/test-build-packages.yml
@@ -60,65 +60,6 @@ on:
         type: string
 
 jobs:
-  MakeMSIZip:
-    name: 'MakeMSIZip'
-    runs-on: ubuntu-latest
-    permissions:
-      id-token: write
-      contents: read
-    steps:
-      - uses: actions/checkout@v3
-        with:
-          repository: ${{env.CWA_GITHUB_TEST_REPO_NAME}}
-
-      - name: Set up Go 1.x
-        uses: actions/setup-go@v4
-        with:
-          go-version: ~1.21.1
-
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v2
-        with:
-          role-to-assume: ${{ inputs.TerraformAWSAssumeRole }}
-          aws-region: ${{ inputs.Region }}
-
-      - name: Cache win zip
-        id: cached_win_zip
-        uses: actions/cache@v3
-        with:
-          key: "cached_win_zip_${{ github.sha }}_${{ inputs.PackageBucketKey }}_${{ inputs.Bucket }}_${{ inputs.BucketKey }}"
-          path: go.mod
-
-      - name: Copy binary
-        if: contains(inputs.BucketKey, 'test') == false || steps.cached_win_zip.outputs.cache-hit == false
-        run: |
-          aws s3 cp s3://${{ inputs.Bucket }}/${{ inputs.BucketKey }} . --recursive
-      - name: Unzip
-        if: contains(inputs.BucketKey, 'test') == false || steps.cached_win_zip.outputs.cache-hit == false
-        run: |
-          sudo apt install unzip
-          unzip windows/amd64/amazon-cloudwatch-agent.zip -d windows-agent
-      - name: Create msi dep folder and copy deps
-        if: contains(inputs.BucketKey, 'test') == false || steps.cached_win_zip.outputs.cache-hit == false
-        run: |
-          export version=$(cat CWAGENT_VERSION)
-          echo cw agent version $version
-          mkdir msi_dep
-          cp -r msi/tools/. msi_dep/
-          cp -r windows-agent/amazon-cloudwatch-agent/. msi_dep/
-          go run msi/tools/msiversion/msiversionconverter.go $version msi_dep/amazon-cloudwatch-agent.wxs '<version>'
-          go run msi/tools/msiversion/msiversionconverter.go $version msi_dep/manifest.json __VERSION__
-
-      - name: Zip
-        if: contains(inputs.BucketKey, 'test') == false || steps.cached_win_zip.outputs.cache-hit == false
-        run: |
-          sudo apt install zip
-          zip buildMSI.zip msi_dep/*
-
-      - name: Upload zip
-        if: contains(inputs.BucketKey, 'test') == false || steps.cached_win_zip.outputs.cache-hit == false
-        run: aws s3 cp buildMSI.zip s3://${{ inputs.Bucket }}/${{ inputs.BucketKey }}/buildMSI.zip
-
   MakeMacPkg:
     name: 'MakeMacPkg'
     runs-on: macos-11
@@ -194,50 +135,11 @@ jobs:
           cd arm64
           ./create_pkg.sh ${{ inputs.Bucket }}/${{ inputs.PackageBucketKey }} "nosha" arm64
 
-  BuildMSI:
-    name: 'BuildMSI'
-    runs-on: windows-latest
-    needs: [ MakeMSIZip ]
-    permissions:
-      id-token: write
-      contents: read
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v2
-        with:
-          role-to-assume: ${{ inputs.TerraformAWSAssumeRole }}
-          aws-region: ${{ inputs.Region }}
-
-      - name: Cache msi
-        id: cached_msi
-        uses: actions/cache@v3
-        with:
-          key: "cached_msi_${{ github.sha }}"
-          path: go.mod
-
-      # Using the env variable returns "" for bucket name thus use the secret
-      - name: Copy msi
-        if: contains(inputs.BucketKey, 'test') == false || steps.cached_msi.outputs.cache-hit == false
-        run: aws s3 cp s3://${{ inputs.Bucket }}/${{ inputs.BucketKey }}/buildMSI.zip .
-
-      - name: Create msi
-        if: contains(inputs.BucketKey, 'test') == false || steps.cached_msi.outputs.cache-hit == false
-        run: |
-          curl -OLS https://github.com/wixtoolset/wix3/releases/download/wix3111rtm/wix311.exe
-          .\wix311.exe /install /quiet /norestart
-          $wixToolsetBinPath = ";C:\Program Files (x86)\WiX Toolset v3.11\bin;"
-          $env:PATH = $env:PATH + $wixToolsetBinPath
-          Expand-Archive buildMSI.zip -Force
-          cd buildMSI/msi_dep
-          .\create_msi.ps1 "nosha" ${{ inputs.Bucket }}/${{ inputs.PackageBucketKey }}
-
   #GH actions set up gpg only works on ubuntu as of this commit date
-  GPGSignMacAndWindowsPackage:
-    name: 'SignMacAndWindowsPackage'
+  GPGSignMacPackage:
+    name: 'GPGSignMacPackage'
     runs-on: ubuntu-latest
-    needs: [ BuildMSI, MakeMacPkg ]
+    needs: [  MakeMacPkg ]
     permissions:
       id-token: write
       contents: read
@@ -262,7 +164,6 @@ jobs:
         run: |
           mkdir -p packages/amd64
           mkdir packages/arm64
-          aws s3 cp s3://${{ inputs.Bucket }}/${{ inputs.PackageBucketKey }}/amazon-cloudwatch-agent.msi ./packages/amazon-cloudwatch-agent.msi
           aws s3 cp s3://${{ inputs.Bucket }}/${{ inputs.PackageBucketKey }}/amd64/amazon-cloudwatch-agent.pkg ./packages/amd64/amazon-cloudwatch-agent.pkg
           aws s3 cp s3://${{ inputs.Bucket }}/${{ inputs.PackageBucketKey }}/arm64/amazon-cloudwatch-agent.pkg ./packages/arm64/amazon-cloudwatch-agent.pkg
       - name: Import GPG Key
@@ -277,6 +178,5 @@ jobs:
       - name: Upload to s3
         if: contains(inputs.BucketKey, 'test') == false || steps.cached_sig.outputs.cache-hit == false
         run: |
-          aws s3 cp packages/amazon-cloudwatch-agent.msi.sig s3://${{ inputs.Bucket }}/${{ inputs.PackageBucketKey }}/amazon-cloudwatch-agent.msi.sig
           aws s3 cp packages/amd64/amazon-cloudwatch-agent.pkg.sig s3://${{ inputs.Bucket }}/${{ inputs.PackageBucketKey }}/amd64/amazon-cloudwatch-agent.pkg.sig
           aws s3 cp packages/arm64/amazon-cloudwatch-agent.pkg.sig s3://${{ inputs.Bucket }}/${{ inputs.PackageBucketKey }}/arm64/amazon-cloudwatch-agent.pkg.sig
diff --git a/Makefile b/Makefile
@@ -30,6 +30,7 @@ IMAGE_REPO = cloudwatch-agent
 IMAGE_TAG = $(VERSION)
 IMAGE = $(IMAGE_REGISTRY)/$(IMAGE_REPO):$(IMAGE_TAG)
 DOCKER_BUILD_FROM_SOURCE = docker build -t $(IMAGE) -f ./amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/source/Dockerfile
+DOCKER_WINDOWS_BUILD_FROM_SOURCE = docker build -t $(IMAGE) -f ./amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/source/Dockerfile.Windows
 
 CW_AGENT_IMPORT_PATH=github.com/aws/amazon-cloudwatch-agent
 ALL_SRC := $(shell find . -name '*.go' -type f | sort)
@@ -109,6 +110,11 @@ build-for-docker-amd64:
 	$(LINUX_AMD64_BUILD)/start-amazon-cloudwatch-agent github.com/aws/amazon-cloudwatch-agent/cmd/start-amazon-cloudwatch-agent
 	$(LINUX_AMD64_BUILD)/config-translator github.com/aws/amazon-cloudwatch-agent/cmd/config-translator
 
+build-for-docker-windows-amd64:
+	$(WIN_BUILD)/amazon-cloudwatch-agent.exe github.com/aws/amazon-cloudwatch-agent/cmd/amazon-cloudwatch-agent
+	$(WIN_BUILD)/start-amazon-cloudwatch-agent.exe github.com/aws/amazon-cloudwatch-agent/cmd/start-amazon-cloudwatch-agent
+	$(WIN_BUILD)/config-translator.exe github.com/aws/amazon-cloudwatch-agent/cmd/config-translator
+
 build-for-docker-arm64:
 	$(LINUX_ARM64_BUILD)/amazon-cloudwatch-agent github.com/aws/amazon-cloudwatch-agent/cmd/amazon-cloudwatch-agent
 	$(LINUX_ARM64_BUILD)/start-amazon-cloudwatch-agent github.com/aws/amazon-cloudwatch-agent/cmd/start-amazon-cloudwatch-agent
@@ -126,6 +132,13 @@ docker-build-arm64: build-for-docker-arm64
 docker-push:
 	docker push $(IMAGE)
 
+build-for-docker-fast-windows-amd64: build-for-docker-windows-amd64
+	rm -rf tmp
+	mkdir -p tmp/windows_amd64
+	cp build/bin/windows_amd64/* tmp/windows_amd64
+	docker build --platform windows/amd64 -f amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/localbin/Dockerfile.Windows . -t amazon-cloudwatch-agent
+	rm -rf tmp
+
 install-goimports:
 	GOBIN=$(TOOLS_BIN_DIR) go install golang.org/x/tools/cmd/goimports
 
@@ -315,3 +328,9 @@ dockerized-build:
 # Use vendor instead of proxy when building w/ vendor folder
 dockerized-build-vendor:
 	$(DOCKER_BUILD_FROM_SOURCE) --build-arg GO111MODULE=off .
+
+.PHONY: dockerized-windows-build
+dockerized-windows-build:
+	$(DOCKER_WINDOWS_BUILD_FROM_SOURCE) .
+	@echo Built image:
+	@echo $(IMAGE)
diff --git a/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/localbin/Dockerfile.Windows b/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/localbin/Dockerfile.Windows
@@ -0,0 +1,22 @@
+# This Dockerfile can be used for building Windows Server 2019, 2022 Container images.
+
+# Build Container image from binary in local
+ARG TAG=ltsc2022
+ARG TARGETARCH=amd64
+ARG CONTAINER_CLOUDWATCHAGENT_PATH=C:\\Program\ Files\\Amazon\\AmazonCloudWatchAgent\\
+ARG CONTAINER_CLOUDWATCHAGENT_DATA_PATH=C:\\ProgramData\\Amazon\\AmazonCloudWatchAgent\\
+
+FROM mcr.microsoft.com/windows/servercore:$TAG as runtime
+
+ARG CONTAINER_CLOUDWATCHAGENT_PATH
+ARG CONTAINER_CLOUDWATCHAGENT_DATA_PATH
+ARG TARGETARCH
+
+RUN Powershell -Command New-Item -ItemType Directory -Path $Env:CONTAINER_CLOUDWATCHAGENT_PATH -Force
+RUN Powershell -Command New-Item -ItemType Directory -Path $Env:CONTAINER_CLOUDWATCHAGENT_DATA_PATH -Force
+WORKDIR $CONTAINER_CLOUDWATCHAGENT_PATH
+
+COPY "./tmp/windows_${TARGETARCH}" $CONTAINER_CLOUDWATCHAGENT_PATH
+
+ENV RUN_IN_CONTAINER="True"
+CMD ["start-amazon-cloudwatch-agent.exe"]
diff --git a/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/localmsi/Dockerfile.Windows b/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/localmsi/Dockerfile.Windows
@@ -0,0 +1,20 @@
+# This Dockerfile can be used for building Windows Server 2019, 2022 Container images.
+
+# Build Container image from msi installer
+ARG IMAGE_TAG=ltsc2022
+ARG BUILD_IMAGE=mcr.microsoft.com/windows/servercore:$IMAGE_TAG
+ARG TARGETARCH=amd64
+ARG CONTAINER_CLOUDWATCHAGENT_PATH=C:\\Program\ Files\\Amazon\\AmazonCloudWatchAgent\\
+
+FROM $BUILD_IMAGE
+
+ARG TARGETARCH
+ARG CONTAINER_CLOUDWATCHAGENT_PATH
+
+COPY ${TARGETARCH}/amazon-cloudwatch-agent.msi C:\\tmp\\amazon-cloudwatch-agent.msi
+RUN msiexec /i C:\\tmp\\amazon-cloudwatch-agent.msi
+
+WORKDIR $CONTAINER_CLOUDWATCHAGENT_PATH
+
+ENV RUN_IN_CONTAINER="True"
+CMD ["start-amazon-cloudwatch-agent.exe"]
diff --git a/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/source/Dockerfile.Windows b/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/source/Dockerfile.Windows
@@ -0,0 +1,45 @@
+# This Dockerfile can be used for building Windows Server 2019, 2022 Container images.
+
+ARG TAG=ltsc2022
+ARG TARGETARCH=amd64
+ARG CONTAINER_CLOUDWATCHAGENT_PATH=C:\\Program\ Files\\Amazon\\AmazonCloudWatchAgent\\
+ARG GO_IMAGE=golang:latest
+
+# Build CW agent inside Windows golang container
+FROM $GO_IMAGE as builder
+
+ARG TARGETARCH
+
+RUN New-Item -ItemType Directory -Path "C:\go\src\github.com\aws\amazon-cloudwatch-agent" -Force
+WORKDIR "C:\go\src\github.com\aws\amazon-cloudwatch-agent"
+
+ENV GOPROXY=direct
+ARG GO111MODULE="on"
+ENV GO111MODULE=${GO111MODULE}
+
+COPY go.mod "C:\go\src\github.com\aws\amazon-cloudwatch-agent"
+COPY go.sum "C:\go\src\github.com\aws\amazon-cloudwatch-agent"
+RUN go mod download -x
+
+COPY . "C:\go\src\github.com\aws\amazon-cloudwatch-agent"
+
+# Install chocolatey and make
+RUN Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))
+RUN choco install make
+
+# Run make and build CW agent inside container
+RUN make build-for-docker-windows-${env:TARGETARCH}
+
+# Build target CW agent container image for Windows
+FROM mcr.microsoft.com/windows/servercore:$TAG
+
+ARG CONTAINER_CLOUDWATCHAGENT_PATH
+ARG TARGETARCH
+
+RUN Powershell -Command New-Item -ItemType Directory -Path $env:CONTAINER_CLOUDWATCHAGENT_PATH -Force
+WORKDIR $CONTAINER_CLOUDWATCHAGENT_PATH
+
+COPY --from=builder C:\\go\\src\\github.com\\aws\\amazon-cloudwatch-agent\\build\\bin\\windows_$TARGETARCH\\ $CONTAINER_CLOUDWATCHAGENT_PATH
+
+ENV RUN_IN_CONTAINER="True"
+CMD ["start-amazon-cloudwatch-agent.exe"]
diff --git a/cfg/envconfig/envconfig.go b/cfg/envconfig/envconfig.go
@@ -5,29 +5,31 @@ package envconfig
 
 import (
 	"os"
+	"runtime"
 	"strconv"
 	"sync"
 )
 
 const (
 	//the following are the names of environment variables
-	HTTP_PROXY         = "HTTP_PROXY"
-	HTTPS_PROXY        = "HTTPS_PROXY"
-	NO_PROXY           = "NO_PROXY"
-	AWS_CA_BUNDLE      = "AWS_CA_BUNDLE"
-	AWS_SDK_LOG_LEVEL  = "AWS_SDK_LOG_LEVEL"
-	CWAGENT_USER_AGENT = "CWAGENT_USER_AGENT"
-	CWAGENT_LOG_LEVEL  = "CWAGENT_LOG_LEVEL"
-	CWAGENT_USAGE_DATA = "CWAGENT_USAGE_DATA"
-	IMDS_NUMBER_RETRY  = "IMDS_NUMBER_RETRY"
-	RunInContainer     = "RUN_IN_CONTAINER"
-	RunInAWS           = "RUN_IN_AWS"
-	RunWithIRSA        = "RUN_WITH_IRSA"
-	UseDefaultConfig   = "USE_DEFAULT_CONFIG"
-	HostName           = "HOST_NAME"
-	PodName            = "POD_NAME"
-	HostIP             = "HOST_IP"
-	CWConfigContent    = "CW_CONFIG_CONTENT"
+	HTTP_PROXY                = "HTTP_PROXY"
+	HTTPS_PROXY               = "HTTPS_PROXY"
+	NO_PROXY                  = "NO_PROXY"
+	AWS_CA_BUNDLE             = "AWS_CA_BUNDLE"
+	AWS_SDK_LOG_LEVEL         = "AWS_SDK_LOG_LEVEL"
+	CWAGENT_USER_AGENT        = "CWAGENT_USER_AGENT"
+	CWAGENT_LOG_LEVEL         = "CWAGENT_LOG_LEVEL"
+	CWAGENT_USAGE_DATA        = "CWAGENT_USAGE_DATA"
+	IMDS_NUMBER_RETRY         = "IMDS_NUMBER_RETRY"
+	RunInContainer            = "RUN_IN_CONTAINER"
+	RunAsHostProcessContainer = "RUN_AS_HOST_PROCESS_CONTAINER"
+	RunInAWS                  = "RUN_IN_AWS"
+	RunWithIRSA               = "RUN_WITH_IRSA"
+	UseDefaultConfig          = "USE_DEFAULT_CONFIG"
+	HostName                  = "HOST_NAME"
+	PodName                   = "POD_NAME"
+	HostIP                    = "HOST_IP"
+	CWConfigContent           = "CW_CONFIG_CONTENT"
 )
 
 const (
@@ -57,3 +59,10 @@ func IsUsageDataEnabled() bool {
 func IsRunningInContainer() bool {
 	return os.Getenv(RunInContainer) == TrueValue
 }
+
+func IsWindowsHostProcessContainer() bool {
+	if runtime.GOOS == "windows" && os.Getenv(RunInContainer) == TrueValue && os.Getenv(RunAsHostProcessContainer) == TrueValue {
+		return true
+	}
+	return false
+}