Attini::Deploy::Runner
The Attini::Deploy::Runner resource only works in conjunction with the
Attini deployment plan. See
AttiniRunnerJob
for more information.
The Attini::Deploy::Runner can only be created in the
Attini init deploy stack.
Type: Attini::Deploy::Runner
Properties:
TaskDefinitionArn: String
ContainerName: String
EcsCluster: String
RoleArn: String
Image: String
Memory: Integer
Cpu: Integer
Ec2Configuration:
Ami: String
InstanceType: String
InstanceProfileName: String
RunnerConfiguration:
MaxConcurrentJobs: Number
IdleTimeToLive: Number
JobTimeout: Number
LogLevel: String
AwsVpcConfiguration:
Subnets: String,String
SecurityGroups: String,String
AssignPublicIp: String
Startup:
Commands:
- String
CommandsTimeout: Number
TaskDefinitionArn
Type: String
ECS task definition that the Attini Runner should use.
If you want to use CloudFormation to define the task definition, see
AWS::ECS::TaskDefinition
for more information.
Your TaskDefinitions IAM Role requires a basic execution policy
called:
arn:aws:iam::${AccountId}:policy/attini-runner-basic-execution-policy-${Region}
The “TaskDefinitionArn” configuration can not be combined with the
“Image” configuration.
If “TaskDefinitionArn” and “Image” is omitted,
default task definition
will be used.
Required: No
ContainerName
Type: String
The name of the container in the task definition that should run the runner jobs.
This is required if there is more than one container definition in the specified
task definition.
Required: Conditional
EcsCluster
Type: String
The name of the Attini Runners ECS Cluster.
Required: No
Default: attini-default
RoleArn
Type: String
This IAM Role will override the IAM Role from the TaskDefinition.
This IAM Role requires a basic execution policy that allows the
runner to communicate with the deployment plan:
arn:aws:iam::${AccountId}:policy/attini-runner-basic-execution-policy-${Region}
AttiniRunnerRole:
Type: AWS::IAM::Role
Properties:
Description: Attini runner task role
Path: /attini/
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
-
Effect: Allow
Principal:
Service: ecs-tasks.amazonaws.com
Action: sts:AssumeRole
ManagedPolicyArns:
- !Sub arn:aws:iam::${AWS::AccountId}:policy/attini-runner-basic-execution-policy-${AWS::Region}
Required: No
Default: arn:aws:iam::{AccountId}:role/attini/attini-default-runner-role-{Region}
Image
Type: String
A Container image that the runner should use. If you configure this
value, Attini will configure a TaskDefinition for you with the
following configuration:
{RunnerName}TaskDefinition:
Type: AWS::ECS::TaskDefinition
Properties:
ContainerDefinitions:
- Name: Container
Image: ${Image}
LogConfiguration:
LogDriver: awslogs
Options:
awslogs-group: !Ref {RunnerName}LogGroup
awslogs-region: !Ref AWS::Region
awslogs-stream-prefix: logs
Cpu: 512
ExecutionRoleArn: # Set to {RoleArn} or "Fn::Sub: arn:aws:iam::${AWS::AccountId}:role/attini/attini-default-runner-role-${AWS::Region}"
TaskRoleArn: # Set to {RoleArn} or "Fn::Sub: arn:aws:iam::${AWS::AccountId}:role/attini/attini-default-runner-role-${AWS::Region}"
Memory: 3072
NetworkMode: awsvpc
RequiresCompatibilities:
- FARGATE
{RunnerName}LogGroup:
Type: AWS::Logs::LogGroup
Properties:
RetentionInDays: 90
If you want to change any configuration, you can create your own
task definition.
The “Image” configuration can not be combined with the
“TaskDefinitionArn” configuration.
If “TaskDefinitionArn” and “Image” is omitted,
default task definition
will be used.
Required: No
Memory
Type: Number
This configuration will override the
memory
configuration from the TaskDefinition.
If the runner uses Fargate, this has to be a valid Fargate CPU and
memory
configuration.
If the runner uses EC2, we recommend the memory configuration to be
ca 70-80% of the available memory of the EC2 Host so that there is
some memory left for the Host OS. Exactly how much memory your Host
OS needs depends on your workload so you might need to adjust this
if you face any issues.
Required: No
Cpu
Type: Number
This configuration will
override the CPU
configuration from the TaskDefinition.
If the runner uses Fargate, this has to be a
valid Fargate CPU and memory
configuration.
If the runner uses EC2, this value has to be smaller than the
available Host CPU.
Required: No
Ec2Configuration
Type: Ec2Configuration
Configuration for the runner EC2 Host.
If this EC2 configuration is set, the Attini runner will use ECS EC2
launch type, otherwise Fargate launch type will be used.
Consequently, the task definition has to be compatible with the
correct launch type.
Find more information in the .
Required: No
RunnerConfiguration
Type: RunnerConfiguration
Configuration for the runner.
Required: No
AwsVpcConfiguration
Type: AwsVpcConfiguration
The VPC configuration for the Runner ECS task.
Note
If AwsVpcConfiguration is omitted, Attini will use the default VPC
and create a new security group resource in the init deploy stack.
The security group will have no inbound rules (no openings), but
allow all outgoing traffic.
Required: No
Startup
Type: StartupConfiguration
Startup instructions for the Attini Runner.
Required: No
Limitations
Some parts of the Attini::Deploy::Runner configuration will be moved
into the
deployment plan state language definition
so that it can be used by when Attini runs the RunTask API Call.
This means that some CloudFormation functions (ex Fn::Join or
Fn::ImportValue) might not work as expected. As a workaround, your can
use
deployment plan definition substitutions
and reference the substitutions in the
Attini::Deploy::Runner.
Install the Attini Runner
The Attini Runner will automatically be installed at boot if it’s not already
installed. However, it is recommended to install it on your own build
image. This will decrease startup time, give you better control over
software versions, and reduce the risk of other failures. Installing the
Attini Runner at boot also required internet access.
We recommend you configure a Linux user for security reasons. If you
pre-install all the software your deployment needs, the use-cases for
running jobs as root decrease significantly.
Example Dockerfile
Note
For the below dockerfile to work, you need to authenticate with the
Amazon ECR public registries using the command:
aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws
# Define the base image and update all software
FROM public.ecr.aws/amazonlinux/amazonlinux2:latest
RUN yum update -y && yum clean all
# Install the attini-runner
RUN curl -sfL#o /usr/local/bin/attini-runner https://docs.attini.io/api/v1/runner/get-runner/$(uname -m)/$(uname -s)/latest; chmod +x /usr/local/bin/attini-runner
# Configure a user (recommended)
RUN yum install -y shadow-utils && yum clean all && useradd attini
USER attini
Within the Attini Runner job, you can access the
deployment plan payload
input via a JSON file available on the runner. The path to
the JSON file is available to the job commands via the ATTINI_INPUT
environment variable.
Output
If you want the later steps in the deployment plan to access information
from your job, you can save that data to a file on the runner. That file
path is available through the ATTINI_OUTPUT environment variable.
The contents of the output file will be passed to the
deployment plan payload
under the path output.[StepName]. If the contents are
valid JSON, it will be passed as-is. If the contents are not valid
JSON it will be converted to a JSON object with the contents being
present under the "result" field, for example
{"result": "my-none-json-value"}.
Hint: jq is a good tool when you work
with JSON using bash.
Example
StepName:
Type: AttiniRunnerJob
Properties:
Runner: HelloWorldRunner
Commands:
- cat ${ATTINI_INPUT} # This will print the input as a string.
- echo '{"MyKey":"MyValue"}' > ${ATTINI_OUTPUT} # This will add the JSON object to the output