From ffc02ef3b0232f0aa7a716016ca92d6574323f73 Mon Sep 17 00:00:00 2001 From: Chris Wright Date: Mon, 8 Jul 2024 15:27:41 +0100 Subject: [PATCH] Allow enabling ECS debug mode * This enables debugging on Docker and ECS for the Infrastructure ECS cluster * This should only be enabled when needed, as it'll cause a lot of logs --- README.md | 1 + ec2-userdata/ecs-instance.tpl | 6 ++++++ locals.tf | 6 ++++-- variables.tf | 5 +++++ 4 files changed, 16 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c4942d1..06783a0 100644 --- a/README.md +++ b/README.md @@ -407,6 +407,7 @@ This project creates and manages resources within an AWS account for infrastruct | [infrastructure\_ecs\_cluster\_ecs\_asg\_diff\_alert\_slack](#input\_infrastructure\_ecs\_cluster\_ecs\_asg\_diff\_alert\_slack) | Enable Slack alerts for the ECS cluster's Container Instance / ASG instance diff alert | `bool` | n/a | yes | | [infrastructure\_ecs\_cluster\_ecs\_asg\_diff\_alert\_threshold](#input\_infrastructure\_ecs\_cluster\_ecs\_asg\_diff\_alert\_threshold) | Threshold (Number of pending tasks) for the ECS cluster's Container Instance / ASG instance diff alert | `number` | n/a | yes | | [infrastructure\_ecs\_cluster\_ecs\_asg\_diff\_metric\_lambda\_log\_retention](#input\_infrastructure\_ecs\_cluster\_ecs\_asg\_diff\_metric\_lambda\_log\_retention) | Log retention for the ECS cluster Container Instance / ASG instance diff metric Lambda | `number` | n/a | yes | +| [infrastructure\_ecs\_cluster\_enable\_debug\_mode](#input\_infrastructure\_ecs\_cluster\_enable\_debug\_mode) | Enable debug mode for ECS and Docker on the Infrastructure ECS. This should only be enabled when debugging (Can cause a lot of logs) | `bool` | n/a | yes | | [infrastructure\_ecs\_cluster\_instance\_type](#input\_infrastructure\_ecs\_cluster\_instance\_type) | The instance type for EC2 instances launched in the ECS cluster | `string` | n/a | yes | | [infrastructure\_ecs\_cluster\_max\_instance\_lifetime](#input\_infrastructure\_ecs\_cluster\_max\_instance\_lifetime) | Maximum lifetime in seconds of an instance within the ECS cluster | `number` | n/a | yes | | [infrastructure\_ecs\_cluster\_max\_size](#input\_infrastructure\_ecs\_cluster\_max\_size) | Maximum number of instances for the ECS cluster | `number` | n/a | yes | diff --git a/ec2-userdata/ecs-instance.tpl b/ec2-userdata/ecs-instance.tpl index 7231e43..ff17e1e 100644 --- a/ec2-userdata/ecs-instance.tpl +++ b/ec2-userdata/ecs-instance.tpl @@ -11,10 +11,16 @@ echo ECS_ENGINE_AUTH_TYPE=dockercfg >> /etc/ecs/ecs.config echo 'ECS_ENGINE_AUTH_DATA={"https://index.docker.io/v1/": { "auth": "${dockerhub_token}", "email": "${dockerhub_email}"}}' >> /etc/ecs/ecs.config # Set low task cleanup - reduces chance of docker thin pool running out of free space echo "ECS_ENGINE_TASK_CLEANUP_WAIT_DURATION=15m" >> /etc/ecs/ecs.config +%{~ if log_debug_mode } +echo "ECS_LOGLEVEL=debug" >> /etc/ecs/ecs.config +%{~ endif } # Configure Docker options sed -i s/OPTIONS/#OPTIONS/ /etc/sysconfig/docker echo 'OPTIONS="--default-ulimit nofile=1024:4096 --storage-opt overlay2.size=${docker_storage_size}G"' >> /etc/sysconfig/docker +%{~ if log_debug_mode } +echo '{"debug": true}' >> /etc/docker/daemon.json +%{~ endif } sudo service docker restart # Install useful packages diff --git a/locals.tf b/locals.tf index ea7a3e6..b319c8f 100644 --- a/locals.tf +++ b/locals.tf @@ -168,6 +168,7 @@ locals { infrastructure_ecs_cluster_ecs_asg_diff_alert_threshold = var.infrastructure_ecs_cluster_ecs_asg_diff_alert_threshold infrastructure_ecs_cluster_ecs_asg_diff_alert_slack = var.infrastructure_ecs_cluster_ecs_asg_diff_alert_slack infrastructure_ecs_cluster_ecs_asg_diff_alert_opsgenie = var.infrastructure_ecs_cluster_ecs_asg_diff_alert_opsgenie + infrastructure_ecs_cluster_enable_debug_mode = var.infrastructure_ecs_cluster_enable_debug_mode infrastructure_ecs_cluster_wafs = var.infrastructure_ecs_cluster_wafs infrastructure_ecs_cluster_enable_ssm_dhmc = local.enable_infrastructure_ecs_cluster ? data.external.ssm_dhmc_setting[0].result.setting_value != "$None" : false infrastructure_ecs_cluster_user_data = base64encode( @@ -180,8 +181,9 @@ locals { efs_id = local.enable_infrastructure_ecs_cluster_efs && ( local.infrastructure_vpc_network_enable_private || local.infrastructure_vpc_network_enable_public ) ? aws_efs_file_system.infrastructure_ecs_cluster[0].id : "", - region = local.aws_region, - efs_dirs = join(" ", local.ecs_cluster_efs_directories) + region = local.aws_region, + efs_dirs = join(" ", local.ecs_cluster_efs_directories), + log_debug_mode = local.infrastructure_ecs_cluster_enable_debug_mode }) ) diff --git a/variables.tf b/variables.tf index 8a40fb2..bb2dd8f 100644 --- a/variables.tf +++ b/variables.tf @@ -413,6 +413,11 @@ variable "infrastructure_ecs_cluster_ecs_asg_diff_alert_opsgenie" { type = bool } +variable "infrastructure_ecs_cluster_enable_debug_mode" { + description = "Enable debug mode for ECS and Docker on the Infrastructure ECS. This should only be enabled when debugging (Can cause a lot of logs)" + type = bool +} + variable "infrastructure_ecs_cluster_wafs" { description = "Map of WAF ACLs to craete, which can be used with service CloudFront distributions" type = map(object({