Add Amazon SSM manager to the EC2 images

[samm-git]

Add AWS SSM manager

AWS Systems Manager Agent (SSM Agent) is Amazon software that can be installed and configured on an EC2 instance, an on-premises server, or a virtual machine (VM). SSM Agent makes it possible for Systems Manager to update, manage, and configure these resources. The agent processes requests from the Systems Manager service in the AWS Cloud, and then runs them as specified in the request.

SSM Agent is preinstalled, by default, on the following Amazon Machine Images (AMIs):

• Amazon Linux
• Amazon Linux 2
• Ubuntu Server 16.04
• Ubuntu Server 18.04 Amazon ECS-Optimized

Also for the RPM and DEB based systems Amazon provides binary packages. Flatcar Linux does not have support for it [yet], so it is required to use 3rd party script for the integration via userdata

See flatcar/Flatcar#107 for the request

How to use

Target state (not here yet)

• Package for the amazon-ssm-agent added to the coreos-overlay.
• Dependency added to the AWS EC2 package
• Integration with ignition/systemd
• Testing EC2 AMI with the agent built and enabled

Testing done

• Ebuild tested with a recent Flatcar SDK
• Test package on the live coreos installation
• Build EC2 AMI and test on it

[samm-git]

@dongsupark would be great if you can suggest how to integrate it with systemd. My understanding was to create systemd file from ignition, as i cant (?) put one from the oem package out of the oem dir.

[pothos]

Thanks for your work on it. I'm not sure about the build commands… and if we want to include this tool in the current way of vendor tool distribution.
But to answer your question, the service would need to be set up in coreos-base/oem-ec2-compat/files/base/base-ec2.ign.
Edit: See for example coreos-base/oem-azure/files/base/base.ign and coreos-base/oem-azure/files/units/waagent.service.

[samm-git]

@pothos thank you for feedback. Build commands are +- replicating what makefile is doing. I will work on ignition config, thank you for the hint.

[samm-git]

@pothos @dongsupark i think patch is ready to land - i added ignition/systemd support and did some minor cleanup/comments. Would be nice to see it merged, happy to answer any questions.

[samm-git]

@dongsupark now it fits to 128Mb, tested with ./image_to_vm.sh --format ami

[dongsupark]

In general it looks good.
Before getting merged, the commits should be somehow squashed.

Anyway I will let @sayanchowdhury have a look. He will decide when to merge it.

[samm-git]

@dongsupark thank you for review. squash is done, let me know if anything else needed.

[samm-git]

@dongsupark one thing in my mind - by design this tool creates new uid called ssm-user and grants sudo to it. But we already do have core user for +- the same. I think that may be we should replace default user from ssm-user to the core to make it more aligned. What do you think about it?

[samm-git]

@dongsupark i updated agent to the latest (2.3.1319.0) version and rebased it. Would be great to see if merged eventually

[sayanchowdhury]

Thanks @samm-git

[dongsupark]

@sayanchowdhury You would probably want to cherry-pick it to edge.

[samm-git]

Yeah, thank you!