diff options
author | Thuan Duong Ba <thuandb@amazon.com> | 2021-04-04 20:57:59 -0700 |
---|---|---|
committer | Thuan Duong Ba <thuandb@amazon.com> | 2021-04-04 20:57:59 -0700 |
commit | 4e7eeb43098425c27d9649f676ccd69298be9499 (patch) | |
tree | 56e1471edad4d98a58389b998233a0b444d64573 /deps/rabbitmq_peer_discovery_aws | |
parent | e98b343095c163da7732eda1aaad9a9f20054664 (diff) | |
download | rabbitmq-server-git-4e7eeb43098425c27d9649f676ccd69298be9499.tar.gz |
Support rabbit_peer_discovery_aws to work with instance metadata service v2 (IMDSv2).
IMDSv2 uses session-oriented requests. With session-oriented requests, a session token is retrieved first
then used in subsequent GET requests for instance metadata values such as instance-id, credentials, etc.
Details could be found here https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
Diffstat (limited to 'deps/rabbitmq_peer_discovery_aws')
-rw-r--r-- | deps/rabbitmq_peer_discovery_aws/src/rabbit_peer_discovery_aws.erl | 55 |
1 files changed, 11 insertions, 44 deletions
diff --git a/deps/rabbitmq_peer_discovery_aws/src/rabbit_peer_discovery_aws.erl b/deps/rabbitmq_peer_discovery_aws/src/rabbit_peer_discovery_aws.erl index ebdcbbebe2..f1e83638c3 100644 --- a/deps/rabbitmq_peer_discovery_aws/src/rabbit_peer_discovery_aws.erl +++ b/deps/rabbitmq_peer_discovery_aws/src/rabbit_peer_discovery_aws.erl @@ -23,16 +23,6 @@ -compile(export_all). -endif. -% rabbitmq/rabbitmq-peer-discovery-aws#25 - -% Note: this timeout must not be greater than the default -% gen_server:call timeout of 5000ms. Note that `timeout`, -% when set, is used as the connect and then request timeout -% by `httpc` --define(INSTANCE_ID_TIMEOUT, 2250). --define(INSTANCE_ID_URL, - "http://169.254.169.254/latest/meta-data/instance-id"). - -define(CONFIG_MODULE, rabbit_peer_discovery_config). -define(UTIL_MODULE, rabbit_peer_discovery_util). @@ -91,14 +81,15 @@ init() -> list_nodes() -> M = ?CONFIG_MODULE:config_map(?BACKEND_CONFIG_KEY), {ok, _} = application:ensure_all_started(rabbitmq_aws), - rabbit_log:debug("Started rabbitmq_aws"), rabbit_log:debug("Will use AWS access key of '~s'", [get_config_key(aws_access_key, M)]), ok = maybe_set_region(get_config_key(aws_ec2_region, M)), ok = maybe_set_credentials(get_config_key(aws_access_key, M), get_config_key(aws_secret_key, M)), case get_config_key(aws_autoscaling, M) of true -> - get_autoscaling_group_node_list(instance_id(), get_tags()); + {ok, InstanceId} = rabbitmq_aws_config:instance_id(), + rabbit_log:debug("EC2 instance ID is determined from metadata service: ~p", [InstanceId]), + get_autoscaling_group_node_list(InstanceId, get_tags()); false -> get_node_list_from_tags(get_tags()) end. @@ -160,14 +151,18 @@ maybe_set_credentials(AccessKey, SecretKey) -> %% @doc Set the region from the configuration value, if it was set. %% @end %% -maybe_set_region("undefined") -> ok; +maybe_set_region("undefined") -> + case rabbitmq_aws_config:region() of + {ok, Region} -> maybe_set_region(Region); + _ -> ok + end; maybe_set_region(Value) -> rabbit_log:debug("Setting AWS region to ~p", [Value]), rabbitmq_aws:set_region(Value). get_autoscaling_group_node_list(error, _) -> rabbit_log:warning("Cannot discover any nodes: failed to fetch this node's EC2 " - "instance id from ~s", [?INSTANCE_ID_URL]), + "instance id from ~s", rabbitmq_aws_config:instance_id_url()), {ok, {[], disc}}; get_autoscaling_group_node_list(Instance, Tag) -> case get_all_autoscaling_instances([]) of @@ -222,7 +217,7 @@ get_all_autoscaling_instances(Accum, NextToken) -> fetch_all_autoscaling_instances(QArgs, Accum) -> Path = "/?" ++ rabbitmq_aws_urilib:build_query_string(QArgs), - case api_get_request("autoscaling", Path) of + case rabbitmq_aws:api_get_request("autoscaling", Path) of {ok, Payload} -> Instances = flatten_autoscaling_datastructure(Payload), NextToken = get_next_token(Payload), @@ -244,16 +239,6 @@ get_next_token(Value) -> NextToken = proplists:get_value("NextToken", Result), NextToken. -api_get_request(Service, Path) -> - case rabbitmq_aws:get(Service, Path) of - {ok, {_Headers, Payload}} -> - rabbit_log:debug("AWS request: ~s~nResponse: ~p", - [Path, Payload]), - {ok, Payload}; - {error, {credentials, _}} -> {error, credentials}; - {error, Message, _} -> {error, Message} - end. - -spec find_autoscaling_group(Instances :: list(), Instance :: string()) -> string() | error. %% @private @@ -320,7 +305,7 @@ get_hostname_name_from_reservation_set([{"item", RI}|T], Accum) -> get_hostname_name_from_reservation_set(T, Accum ++ Hostnames). get_hostname_names(Path) -> - case api_get_request("ec2", Path) of + case rabbitmq_aws:api_get_request("ec2", Path) of {ok, Payload} -> Response = proplists:get_value("DescribeInstancesResponse", Payload), ReservationSet = proplists:get_value("reservationSet", Response), @@ -351,24 +336,6 @@ select_hostname() -> _ -> "privateDnsName" end. --spec instance_id() -> string() | error. -%% @private -%% @doc Return the local instance ID from the EC2 metadata service -%% @end -%% -instance_id() -> - case httpc:request(get, {?INSTANCE_ID_URL, []}, - [{timeout, ?INSTANCE_ID_TIMEOUT}], []) of - {ok, {{_, 200, _}, _, Value}} -> - rabbit_log:debug("Fetched EC2 instance ID from ~p: ~p", - [?INSTANCE_ID_URL, Value]), - Value; - Other -> - rabbit_log:error("Failed to fetch EC2 instance ID from ~p: ~p", - [?INSTANCE_ID_URL, Other]), - error - end. - -spec get_tags() -> tags(). get_tags() -> Tags = get_config_key(aws_ec2_tags, ?CONFIG_MODULE:config_map(?BACKEND_CONFIG_KEY)), |