in agent/app/agent.go [172:288]
func newAgent(blackholeEC2Metadata bool, acceptInsecureCert *bool) (agent, error) {
ctx, cancel := context.WithCancel(context.Background())
var (
ec2MetadataClient ec2.EC2MetadataClient
err error
)
if blackholeEC2Metadata {
ec2MetadataClient = ec2.NewBlackholeEC2MetadataClient()
} else {
ec2MetadataClient, err = ec2.NewEC2MetadataClient(nil)
if err != nil {
logger.Critical("Error creating EC2 metadata client", logger.Fields{
field.Error: err,
})
cancel()
return nil, err
}
}
logger.Info("Starting Amazon ECS Agent", logger.Fields{
"version": version.Version,
"commit": version.GitShortHash,
})
logger.Info("Loading configuration")
cfg, err := config.NewConfig(ec2MetadataClient)
if err != nil {
// All required config values can be inferred from EC2 Metadata,
// so this error could be transient.
seelog.Criticalf("Error loading config: %v", err)
cancel()
return nil, err
}
cfg.AcceptInsecureCert = aws.BoolValue(acceptInsecureCert)
if cfg.AcceptInsecureCert {
seelog.Warn("SSL certificate verification disabled. This is not recommended.")
}
seelog.Debugf("Loaded config: %s", cfg.String())
if cfg.External.Enabled() {
logger.Info("ECS Agent is running in external mode.")
ec2MetadataClient = ec2.NewBlackholeEC2MetadataClient()
cfg.NoIID = true
}
ec2Client, err := ec2.NewClientImpl(cfg.AWSRegion)
if err != nil {
logger.Critical("Error creating EC2 client", logger.Fields{
field.Error: err,
})
cancel()
return nil, err
}
dockerClient, err := dockerapi.NewDockerGoClient(sdkclientfactory.NewFactory(ctx, cfg.DockerEndpoint), cfg, ctx)
if err != nil {
// This is also non terminal in the current config
logger.Critical("Error creating Docker client", logger.Fields{
field.Error: err,
})
cancel()
return nil, err
}
var dataClient data.Client
if cfg.Checkpoint.Enabled() {
dataClient, err = data.New(cfg.DataDir)
if err != nil {
logger.Critical("Error creating data client", logger.Fields{
field.Error: err,
})
cancel()
return nil, err
}
} else {
dataClient = data.NewNoopClient()
}
var metadataManager containermetadata.Manager
if cfg.ContainerMetadataEnabled.Enabled() {
// We use the default API client for the metadata inspect call. This version has some information
// missing which means if we need those fields later we will need to change this client to
// the appropriate version
metadataManager = containermetadata.NewManager(dockerClient, cfg)
}
credentialsCache := providers.NewInstanceCredentialsCache(
cfg.External.Enabled(),
providers.NewRotatingSharedCredentialsProviderV2(),
nil,
)
initialSeqNumber := int64(-1)
return &ecsAgent{
ctx: ctx,
cancel: cancel,
ec2MetadataClient: ec2MetadataClient,
ec2Client: ec2Client,
cfg: cfg,
dockerClient: dockerClient,
dataClient: dataClient,
// We instantiate our own credentialProvider for use in acs/tcs. This tries
// to mimic roughly the way it's instantiated by the SDK for a default
// session.
credentialProvider: instancecreds.GetCredentials(cfg.External.Enabled()),
credentialsCache: credentialsCache,
stateManagerFactory: factory.NewStateManager(),
saveableOptionFactory: factory.NewSaveableOption(),
pauseLoader: pause.New(),
serviceconnectManager: engineserviceconnect.NewManager(),
daemonManagers: make(map[string]dm.DaemonManager),
cniClient: ecscni.NewClient(cfg.CNIPluginsPath),
metadataManager: metadataManager,
terminationHandler: sighandlers.StartDefaultTerminationHandler,
mobyPlugins: mobypkgwrapper.NewPlugins(),
latestSeqNumberTaskManifest: &initialSeqNumber,
}, nil
}