Support rabbit_peer_discovery_aws to work with instance metadata service v2 (IMDSv2).

IMDSv2 uses session-oriented requests. With session-oriented requests, a session token is retrieved first
then used in subsequent GET requests for instance metadata values such as instance-id, credentials, etc.

Details could be found here https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html

1 files changed, 11 insertions, 44 deletions

diff --git a/deps/rabbitmq_peer_discovery_aws/src/rabbit_peer_discovery_aws.erl b/deps/rabbitmq_peer_discovery_aws/src/rabbit_peer_discovery_aws.erl
index ebdcbbebe2..f1e83638c3 100644
--- a/deps/rabbitmq_peer_discovery_aws/src/rabbit_peer_discovery_aws.erl
+++ b/deps/rabbitmq_peer_discovery_aws/src/rabbit_peer_discovery_aws.erl
@@ -23,16 +23,6 @@
 -compile(export_all).
 -endif.
 
-% rabbitmq/rabbitmq-peer-discovery-aws#25
-
-% Note: this timeout must not be greater than the default
-% gen_server:call timeout of 5000ms. Note that `timeout`,
-% when set, is used as the connect and then request timeout
-% by `httpc`
--define(INSTANCE_ID_TIMEOUT, 2250).
--define(INSTANCE_ID_URL,
-        "http://169.254.169.254/latest/meta-data/instance-id").
-
 -define(CONFIG_MODULE, rabbit_peer_discovery_config).
 -define(UTIL_MODULE,   rabbit_peer_discovery_util).
 
@@ -91,14 +81,15 @@ init() ->
 list_nodes() ->
     M = ?CONFIG_MODULE:config_map(?BACKEND_CONFIG_KEY),
     {ok, _} = application:ensure_all_started(rabbitmq_aws),
-    rabbit_log:debug("Started rabbitmq_aws"),
     rabbit_log:debug("Will use AWS access key of '~s'", [get_config_key(aws_access_key, M)]),
     ok = maybe_set_region(get_config_key(aws_ec2_region, M)),
     ok = maybe_set_credentials(get_config_key(aws_access_key, M),
                                get_config_key(aws_secret_key, M)),
     case get_config_key(aws_autoscaling, M) of
         true ->
-            get_autoscaling_group_node_list(instance_id(), get_tags());
+            {ok, InstanceId} = rabbitmq_aws_config:instance_id(),
+            rabbit_log:debug("EC2 instance ID is determined from metadata service: ~p", [InstanceId]),
+            get_autoscaling_group_node_list(InstanceId, get_tags());
         false ->
             get_node_list_from_tags(get_tags())
     end.
@@ -160,14 +151,18 @@ maybe_set_credentials(AccessKey, SecretKey) ->
 %% @doc Set the region from the configuration value, if it was set.
 %% @end
 %%
-maybe_set_region("undefined") -> ok;
+maybe_set_region("undefined") ->
+    case rabbitmq_aws_config:region() of
+        {ok, Region} -> maybe_set_region(Region);
+        _            -> ok
+    end;
 maybe_set_region(Value) ->
     rabbit_log:debug("Setting AWS region to ~p", [Value]),
     rabbitmq_aws:set_region(Value).
 
 get_autoscaling_group_node_list(error, _) ->
     rabbit_log:warning("Cannot discover any nodes: failed to fetch this node's EC2 "
-                       "instance id from ~s", [?INSTANCE_ID_URL]),
+                       "instance id from ~s", rabbitmq_aws_config:instance_id_url()),
     {ok, {[], disc}};
 get_autoscaling_group_node_list(Instance, Tag) ->
     case get_all_autoscaling_instances([]) of
@@ -222,7 +217,7 @@ get_all_autoscaling_instances(Accum, NextToken) ->
 
 fetch_all_autoscaling_instances(QArgs, Accum) ->
     Path = "/?" ++ rabbitmq_aws_urilib:build_query_string(QArgs),
-    case api_get_request("autoscaling", Path) of
+    case rabbitmq_aws:api_get_request("autoscaling", Path) of
         {ok, Payload} ->
             Instances = flatten_autoscaling_datastructure(Payload),
             NextToken = get_next_token(Payload),
@@ -244,16 +239,6 @@ get_next_token(Value) ->
     NextToken = proplists:get_value("NextToken", Result),
     NextToken.
 
-api_get_request(Service, Path) ->
-    case rabbitmq_aws:get(Service, Path) of
-        {ok, {_Headers, Payload}} ->
-            rabbit_log:debug("AWS request: ~s~nResponse: ~p",
-                             [Path, Payload]),
-            {ok, Payload};
-        {error, {credentials, _}} -> {error, credentials};
-        {error, Message, _} -> {error, Message}
-    end.
-
 -spec find_autoscaling_group(Instances :: list(), Instance :: string())
                             -> string() | error.
 %% @private
@@ -320,7 +305,7 @@ get_hostname_name_from_reservation_set([{"item", RI}|T], Accum) ->
     get_hostname_name_from_reservation_set(T, Accum ++ Hostnames).
 
 get_hostname_names(Path) ->
-    case api_get_request("ec2", Path) of
+    case rabbitmq_aws:api_get_request("ec2", Path) of
         {ok, Payload} ->
             Response = proplists:get_value("DescribeInstancesResponse", Payload),
             ReservationSet = proplists:get_value("reservationSet", Response),
@@ -351,24 +336,6 @@ select_hostname() ->
         _     -> "privateDnsName"
     end.
 
--spec instance_id() -> string() | error.
-%% @private
-%% @doc Return the local instance ID from the EC2 metadata service
-%% @end
-%%
-instance_id() ->
-    case httpc:request(get, {?INSTANCE_ID_URL, []},
-                       [{timeout, ?INSTANCE_ID_TIMEOUT}], []) of
-        {ok, {{_, 200, _}, _, Value}} ->
-            rabbit_log:debug("Fetched EC2 instance ID from ~p: ~p",
-                             [?INSTANCE_ID_URL, Value]),
-            Value;
-        Other ->
-            rabbit_log:error("Failed to fetch EC2 instance ID from ~p: ~p",
-                             [?INSTANCE_ID_URL, Other]),
-            error
-    end.
-
 -spec get_tags() -> tags().
 get_tags() ->
     Tags = get_config_key(aws_ec2_tags, ?CONFIG_MODULE:config_map(?BACKEND_CONFIG_KEY)),