From 94d3a92d063d342de2a79e76a70b03314648dc60 Mon Sep 17 00:00:00 2001 From: David Wilkie Date: Wed, 23 Aug 2023 10:14:24 +0700 Subject: [PATCH] Fix memory usage for tasks (#299) --- components/gateway/Dockerfile | 2 +- components/gateway/client_gateway/docker-entrypoint.sh | 6 +++++- components/gateway/client_gateway/opensips.cfg | 4 ++-- components/gateway/public_gateway/docker-entrypoint.sh | 2 ++ components/gateway/public_gateway/opensips.cfg | 6 +++--- components/media_proxy/docker-entrypoint.sh | 4 +++- .../modules/container_instances/templates/setup.sh | 2 +- infrastructure/modules/somleng_switch/client_gateway.tf | 2 +- infrastructure/modules/somleng_switch/media_proxy.tf | 2 +- infrastructure/modules/somleng_switch/public_gateway.tf | 2 +- infrastructure/modules/somleng_switch/switch.tf | 2 +- .../modules/somleng_switch/templates/assign_eip.sh | 6 ++++-- 12 files changed, 25 insertions(+), 15 deletions(-) diff --git a/components/gateway/Dockerfile b/components/gateway/Dockerfile index a4267dc7a..4567fb8c7 100644 --- a/components/gateway/Dockerfile +++ b/components/gateway/Dockerfile @@ -37,7 +37,7 @@ ENV DEBIAN_FRONTEND noninteractive ARG OPENSIPS_VERSION=3.3 ARG OPENSIPS_BUILD=releases -RUN apt-get -y update -qq && apt-get -y install gnupg2 ca-certificates +RUN apt-get -y update -qq && apt-get -y install gnupg2 ca-certificates iproute2 RUN apt-key adv --fetch-keys https://apt.opensips.org/pubkey.gpg RUN echo "deb https://apt.opensips.org bullseye ${OPENSIPS_VERSION}-${OPENSIPS_BUILD}" >/etc/apt/sources.list.d/opensips.list RUN apt-get -y update -qq && apt-get -y install opensips opensips-postgres-module opensips-auth-modules netcat jq curl diff --git a/components/gateway/client_gateway/docker-entrypoint.sh b/components/gateway/client_gateway/docker-entrypoint.sh index a1bd8d85b..3f280405c 100755 --- a/components/gateway/client_gateway/docker-entrypoint.sh +++ b/components/gateway/client_gateway/docker-entrypoint.sh @@ -8,6 +8,7 @@ if [ "$1" = 'opensips' ]; then FIFO_NAME="${FIFO_NAME:="/tmp/opensips_fifo"}" DATABASE_URL="${DATABASE_URL:="postgres://postgres:@localhost:5432/opensips"}" SIP_PORT="${SIP_PORT:="5060"}" + INTERFACE_NAME="$(ip route list | grep default | grep -E 'dev (\w+)' -o | awk '{print $2}')" if [ -n "$DATABASE_HOST" ]; then DATABASE_URL="postgres://$DATABASE_USERNAME:$DATABASE_PASSWORD@$DATABASE_HOST:$DATABASE_PORT/$DATABASE_NAME" @@ -16,7 +17,9 @@ if [ "$1" = 'opensips' ]; then LOCAL_IP="$(hostname -i)" if [ -n "$ECS_CONTAINER_METADATA_FILE" ]; then - SIP_ADVERTISED_IP="${SIP_ADVERTISED_IP:="$(curl -s http://169.254.169.254/latest/meta-data/public-ipv4)"}" + TOKEN=$(curl -s -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600") + AWS_PUBLIC_IP=$(curl -s -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/public-ipv4) + SIP_ADVERTISED_IP="${SIP_ADVERTISED_IP:="$AWS_PUBLIC_IP"}" else SIP_ADVERTISED_IP="${SIP_ADVERTISED_IP:="$(hostname -i)"}" fi @@ -26,6 +29,7 @@ if [ "$1" = 'opensips' ]; then sed -i "s|SIP_PORT|$SIP_PORT|g" /etc/opensips/opensips.cfg sed -i "s|SIP_ADVERTISED_IP|$SIP_ADVERTISED_IP|g" /etc/opensips/opensips.cfg sed -i "s|LOCAL_IP|$LOCAL_IP|g" /etc/opensips/opensips.cfg + sed -i "s|INTERFACE_NAME|$INTERFACE_NAME|g" /etc/opensips/opensips.cfg exec "$OPENSIPS_CONTAINER_BINARY" -FE fi diff --git a/components/gateway/client_gateway/opensips.cfg b/components/gateway/client_gateway/opensips.cfg index 4cf4eada0..9d3ef6e79 100644 --- a/components/gateway/client_gateway/opensips.cfg +++ b/components/gateway/client_gateway/opensips.cfg @@ -18,8 +18,8 @@ udp_workers=4 lookup failures (default disabled) */ #dns_try_ipv6=yes -socket=udp:eth0:SIP_PORT -socket=tcp:eth0:SIP_PORT # TCP Health Check +socket=udp:INTERFACE_NAME:SIP_PORT +socket=tcp:INTERFACE_NAME:SIP_PORT # TCP Health Check ####### Modules Section ######## diff --git a/components/gateway/public_gateway/docker-entrypoint.sh b/components/gateway/public_gateway/docker-entrypoint.sh index 5d851ce4e..55c2757b4 100755 --- a/components/gateway/public_gateway/docker-entrypoint.sh +++ b/components/gateway/public_gateway/docker-entrypoint.sh @@ -11,6 +11,7 @@ if [ "$1" = 'opensips' ]; then DATABASE_URL="${DATABASE_URL:="postgres://postgres:@localhost:5432/opensips"}" SIP_ADVERTISED_IP="${SIP_ADVERTISED_IP:="$(hostname -i)"}" LOCAL_IP="$(hostname -i)" + INTERFACE_NAME="$(ip route list | grep default | grep -E 'dev (\w+)' -o | awk '{print $2}')" if [ -n "$DATABASE_HOST" ]; then DATABASE_URL="postgres://$DATABASE_USERNAME:$DATABASE_PASSWORD@$DATABASE_HOST:$DATABASE_PORT/$DATABASE_NAME" @@ -22,6 +23,7 @@ if [ "$1" = 'opensips' ]; then sed -i "s|SIP_ALTERNATIVE_PORT|$SIP_ALTERNATIVE_PORT|g" /etc/opensips/opensips.cfg sed -i "s|SIP_ADVERTISED_IP|$SIP_ADVERTISED_IP|g" /etc/opensips/opensips.cfg sed -i "s|LOCAL_IP|$LOCAL_IP|g" /etc/opensips/opensips.cfg + sed -i "s|INTERFACE_NAME|$INTERFACE_NAME|g" /etc/opensips/opensips.cfg exec "$OPENSIPS_CONTAINER_BINARY" -FE fi diff --git a/components/gateway/public_gateway/opensips.cfg b/components/gateway/public_gateway/opensips.cfg index 771295b04..d204bd206 100644 --- a/components/gateway/public_gateway/opensips.cfg +++ b/components/gateway/public_gateway/opensips.cfg @@ -18,9 +18,9 @@ udp_workers=4 lookup failures (default disabled) */ #dns_try_ipv6=yes -socket=udp:eth0:SIP_PORT as SIP_ADVERTISED_IP -socket=udp:eth0:SIP_ALTERNATIVE_PORT as SIP_ADVERTISED_IP -socket=tcp:eth0:SIP_PORT # TCP Health Check +socket=udp:INTERFACE_NAME:SIP_PORT as SIP_ADVERTISED_IP +socket=udp:INTERFACE_NAME:SIP_ALTERNATIVE_PORT as SIP_ADVERTISED_IP +socket=tcp:INTERFACE_NAME:SIP_PORT # TCP Health Check ####### Modules Section ######## diff --git a/components/media_proxy/docker-entrypoint.sh b/components/media_proxy/docker-entrypoint.sh index 83ab77501..c63363ccc 100755 --- a/components/media_proxy/docker-entrypoint.sh +++ b/components/media_proxy/docker-entrypoint.sh @@ -13,7 +13,9 @@ if [ "$1" = 'rtpengine' ]; then LOCAL_IP="$(hostname -i)" if [ -n "$ECS_CONTAINER_METADATA_FILE" ]; then - ADVERTISED_IP="${ADVERTISED_IP:="$(curl -s http://169.254.169.254/latest/meta-data/public-ipv4)"}" + TOKEN=$(curl -s -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600") + AWS_PUBLIC_IP=$(curl -s -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/public-ipv4) + ADVERTISED_IP="${ADVERTISED_IP:="$AWS_PUBLIC_IP"}" else ADVERTISED_IP="${ADVERTISED_IP:="$(hostname -i)"}" fi diff --git a/infrastructure/modules/container_instances/templates/setup.sh b/infrastructure/modules/container_instances/templates/setup.sh index 43d2a5d02..b1a5fd91d 100644 --- a/infrastructure/modules/container_instances/templates/setup.sh +++ b/infrastructure/modules/container_instances/templates/setup.sh @@ -6,6 +6,6 @@ systemctl start amazon-ssm-agent # ECS config cat <<'EOF' >> /etc/ecs/ecs.config ECS_CLUSTER=${cluster_name} -ECS_RESERVED_MEMORY=128 +ECS_RESERVED_MEMORY=256 ECS_ENABLE_CONTAINER_METADATA=true EOF diff --git a/infrastructure/modules/somleng_switch/client_gateway.tf b/infrastructure/modules/somleng_switch/client_gateway.tf index b0af9d99f..2d9dd20d4 100644 --- a/infrastructure/modules/somleng_switch/client_gateway.tf +++ b/infrastructure/modules/somleng_switch/client_gateway.tf @@ -194,7 +194,7 @@ resource "aws_ecs_task_definition" "client_gateway" { requires_compatibilities = ["EC2"] execution_role_arn = aws_iam_role.client_gateway_task_execution_role.arn container_definitions = data.template_file.client_gateway.rendered - memory = module.client_gateway_container_instances.ec2_instance_type.memory_size - 256 + memory = module.client_gateway_container_instances.ec2_instance_type.memory_size - 512 volume { name = "opensips" diff --git a/infrastructure/modules/somleng_switch/media_proxy.tf b/infrastructure/modules/somleng_switch/media_proxy.tf index 1fd77b63b..ddc39b1ae 100644 --- a/infrastructure/modules/somleng_switch/media_proxy.tf +++ b/infrastructure/modules/somleng_switch/media_proxy.tf @@ -164,7 +164,7 @@ resource "aws_ecs_task_definition" "media_proxy" { requires_compatibilities = ["EC2"] execution_role_arn = aws_iam_role.media_proxy_task_execution_role.arn container_definitions = data.template_file.media_proxy.rendered - memory = module.media_proxy_container_instances.ec2_instance_type.memory_size - 256 + memory = module.media_proxy_container_instances.ec2_instance_type.memory_size - 512 } resource "aws_ecs_service" "media_proxy" { diff --git a/infrastructure/modules/somleng_switch/public_gateway.tf b/infrastructure/modules/somleng_switch/public_gateway.tf index 857a448f3..2fe514b2f 100644 --- a/infrastructure/modules/somleng_switch/public_gateway.tf +++ b/infrastructure/modules/somleng_switch/public_gateway.tf @@ -175,7 +175,7 @@ resource "aws_ecs_task_definition" "public_gateway" { task_role_arn = aws_iam_role.public_gateway_task_role.arn execution_role_arn = aws_iam_role.public_gateway_task_execution_role.arn container_definitions = data.template_file.public_gateway.rendered - memory = module.public_gateway_container_instances.ec2_instance_type.memory_size - 256 + memory = module.public_gateway_container_instances.ec2_instance_type.memory_size - 512 volume { name = "opensips" diff --git a/infrastructure/modules/somleng_switch/switch.tf b/infrastructure/modules/somleng_switch/switch.tf index 803db3874..160c31d89 100644 --- a/infrastructure/modules/somleng_switch/switch.tf +++ b/infrastructure/modules/somleng_switch/switch.tf @@ -417,7 +417,7 @@ resource "aws_ecs_task_definition" "switch" { container_definitions = data.template_file.switch.rendered task_role_arn = aws_iam_role.ecs_task_role.arn execution_role_arn = aws_iam_role.task_execution_role.arn - memory = module.switch_container_instances.ec2_instance_type.memory_size - 256 + memory = module.switch_container_instances.ec2_instance_type.memory_size - 512 volume { name = local.efs_volume_name diff --git a/infrastructure/modules/somleng_switch/templates/assign_eip.sh b/infrastructure/modules/somleng_switch/templates/assign_eip.sh index 2091f1164..c7139e41b 100644 --- a/infrastructure/modules/somleng_switch/templates/assign_eip.sh +++ b/infrastructure/modules/somleng_switch/templates/assign_eip.sh @@ -8,8 +8,10 @@ curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip unzip awscliv2.zip ./aws/install -AWS_REGION="$(curl http://169.254.169.254/latest/meta-data/placement/region)" -INSTANCE_ID="$(curl http://169.254.169.254/latest/meta-data/instance-id)" +TOKEN=$(curl -s -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600") + +AWS_REGION="$(curl -s -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/placement/region)" +INSTANCE_ID="$(curl -s -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/instance-id)" # Get first unallocated EIP with a matching tag sorted by the Priority tag ALLOCATION_ID="$(aws ec2 describe-addresses --filters "Name=tag-key,Values=${eip_tag}" --output text --query 'Addresses[?AssociationId==null].[AllocationId,Tags[?Key==`Priority`].Value|[0]]|sort_by(@, &[1])|[0][0]' --region $AWS_REGION)"