Only mount flat file-related directories, not the whole agentcore directory

e5aa981e · Jared Kosanovic · 88232c1f · e5aa981e · e5aa981e · e5aa981e
Commit e5aa981e authored 4 years ago by Jared Kosanovic
--- a/terraform/autoscaling-group.tf
+++ b/terraform/autoscaling-group.tf
@@ -24,7 +24,10 @@ data "aws_ssm_parameter" "ecs-optimized" {

 resource "aws_launch_configuration" "secure-agent-launch-config" {
  name              = "secure-agnet-launch-configuration"
-  image_id          = data.aws_ssm_parameter.ecs-optimized.value
+
+  # Fix me: Make this use the ecs-optimized parameter so that it always uses the latest version.
+  image_id          = "ami-00f69adbdc780866c"
+
  enable_monitoring = false

  iam_instance_profile = aws_iam_instance_profile.ecs-instance-profile.name

--- a/terraform/ecs.tf
+++ b/terraform/ecs.tf
@@ -84,7 +84,7 @@ resource "aws_ecs_task_definition" "task" {
  "EC2"]
  container_definitions = data.template_file.container.rendered
  volume {
-    name = "agent-configs-path"
+    name = "wiscalerts"
    docker_volume_configuration {
      autoprovision = true
      scope         = "shared"
@@ -92,7 +92,22 @@ resource "aws_ecs_task_definition" "task" {

      driver_opts = {
        "type"   = "nfs"
-        "device" = "${aws_efs_file_system.secure-agent-fs.dns_name}:/"
+        "device" = "${aws_efs_file_system.secure-agent-fs.dns_name}:/wiscalerts"
+        "o"      = "addr=${aws_efs_file_system.secure-agent-fs.dns_name},nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,nosuid"
+      }
+    }
+  }
+
+  volume {
+    name = "partner-integrations"
+    docker_volume_configuration {
+      autoprovision = true
+      scope         = "shared"
+      driver        = "local"
+
+      driver_opts = {
+        "type"   = "nfs"
+        "device" = "${aws_efs_file_system.secure-agent-fs.dns_name}:/partner-integrations"
        "o"      = "addr=${aws_efs_file_system.secure-agent-fs.dns_name},nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,nosuid"
      }
    }
@@ -101,10 +116,15 @@ resource "aws_ecs_task_definition" "task" {
 }

 resource "aws_ecs_service" "service" {
-  name            = var.ecs_service_name
-  cluster         = aws_ecs_cluster.cluster.id
-  task_definition = aws_ecs_task_definition.task.arn
-  desired_count   = 1
+  name                               = var.ecs_service_name
+  cluster                            = aws_ecs_cluster.cluster.id
+  task_definition                    = aws_ecs_task_definition.task.arn
+
+  # Ensures that only one secure agent is running at a given time. Otherwise there may not be enough memory available on the instance.
+  desired_count                      = 1
+  deployment_minimum_healthy_percent = 0
+  deployment_maximum_percent         = 100
+
  # secure agent configs and logs are persisted into an EFS volume.
  launch_type = "EC2"
 }
@@ -112,4 +132,4 @@ resource "aws_ecs_service" "service" {
 resource "aws_ecs_cluster" "cluster" {
  name = var.ecs_cluster_name
  tags = var.ecs_cluster_tags
-}
\ No newline at end of file
+}
--- a/terraform/templates/container-definitions.tpl
+++ b/terraform/templates/container-definitions.tpl
@@ -20,8 +20,12 @@
    ],
    "mountPoints": [
        {
-            "containerPath": "${secure_agent_mount_path}",
-            "sourceVolume": "agent-configs-path"
+            "containerPath": "${secure_agent_mount_path}wiscalerts/",
+            "sourceVolume": "wiscalerts"
+        },
+        {
+            "containerPath": "${secure_agent_mount_path}partner-integrations/",
+            "sourceVolume": "partner-integrations"
        }
    ],
    "secrets":[
@@ -35,4 +39,4 @@
        }
    ]
  }
-]
\ No newline at end of file
+]