From 8d7cfc1a45e50ea4f374f01cd7ca35f6c2d77b36 Mon Sep 17 00:00:00 2001
From: Dalton Hubble <dghubble@gmail.com>
Date: Thu, 5 Apr 2018 23:11:34 -0700
Subject: [PATCH] Use etcd system container on fedora-atomic

* Use the upstream etcd image packaged with the required
metadata to be usable as a system container (runc) under
systemd
---
 .../kubernetes/cloudinit/controller.yaml.tmpl | 32 ++-----------------
 .../kubernetes/cloudinit/controller.yaml.tmpl | 30 ++---------------
 .../kubernetes/cloudinit/controller.yaml.tmpl | 32 +++----------------
 .../kubernetes/cloudinit/worker.yaml.tmpl     |  2 ++
 4 files changed, 11 insertions(+), 85 deletions(-)

diff --git a/aws/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl b/aws/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl
index b64a0f66..c631e8df 100644
--- a/aws/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl
+++ b/aws/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl
@@ -1,31 +1,5 @@
 #cloud-config
 write_files:
-  - path: /etc/systemd/system/etcd-member.service
-    content: |
-      [Unit]
-      Description=etcd-member
-      Documentation=https://github.com/coreos/etcd
-      Wants=network-online.target network.target
-      After=network-online.target
-      Requires=docker.service
-      After=docker.service
-      [Service]
-      EnvironmentFile=/etc/etcd/etcd.conf
-      ExecStartPre=/bin/mkdir -p /var/lib/etcd
-      ExecStart=/usr/bin/docker run --rm --name etcd-member \
-        --net=host \
-        -v /etc/pki/tls/certs:/usr/share/ca-certificates:ro,z \
-        -v /etc/ssl/etcd:/etc/ssl/certs:ro,Z \
-        -v /var/lib/etcd:/var/lib/etcd:Z \
-        --env-file=/etc/etcd/etcd.conf \
-        quay.io/coreos/etcd:v3.3.3
-      ExecStop=/usr/bin/docker stop etcd-member
-      Restart=on-failure
-      RestartSec=10s
-      TimeoutStartSec=0
-      LimitNOFILE=40000
-      [Install]
-      WantedBy=multi-user.target
   - path: /etc/etcd/etcd.conf
     content: |
       ETCD_NAME=${etcd_name}
@@ -134,11 +108,11 @@ bootcmd:
   - [setenforce, Permissive]
 runcmd:
   - [systemctl, daemon-reload]
-  - [systemctl, enable, etcd-member.service]
-  - [systemctl, start, --no-block, etcd-member.service]
-  - [systemctl, disable, firewalld, --now]
+  - "atomic install --system --name=etcd quay.io/dghubble/etcd:99f87f9245ef2b2104fe2fc3550c21327b5a980f"
+  - [systemctl, start, --no-block, etcd.service]
   - [systemctl, enable, kubelet.service]
   - [systemctl, start, --no-block, kubelet.service]
+  - [systemctl, disable, firewalld, --now]
 users:
   - default
   - name: fedora
diff --git a/bare-metal/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl b/bare-metal/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl
index 07acbbd5..07edb26c 100644
--- a/bare-metal/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl
+++ b/bare-metal/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl
@@ -1,31 +1,5 @@
 #cloud-config
 write_files:
-  - path: /etc/systemd/system/etcd-member.service
-    content: |
-      [Unit]
-      Description=etcd-member
-      Documentation=https://github.com/coreos/etcd
-      Wants=network-online.target network.target
-      After=network-online.target
-      Requires=docker.service
-      After=docker.service
-      [Service]
-      EnvironmentFile=/etc/etcd/etcd.conf
-      ExecStartPre=/bin/mkdir -p /var/lib/etcd
-      ExecStart=/usr/bin/docker run --rm --name etcd-member \
-        --net=host \
-        -v /etc/pki/tls/certs:/usr/share/ca-certificates:ro,z \
-        -v /etc/ssl/etcd:/etc/ssl/certs:ro,Z \
-        -v /var/lib/etcd:/var/lib/etcd:Z \
-        --env-file=/etc/etcd/etcd.conf \
-        quay.io/coreos/etcd:v3.3.3
-      ExecStop=/usr/bin/docker stop etcd-member
-      Restart=on-failure
-      RestartSec=10s
-      TimeoutStartSec=0
-      LimitNOFILE=40000
-      [Install]
-      WantedBy=multi-user.target
   - path: /etc/etcd/etcd.conf
     content: |
       ETCD_NAME=${etcd_name}
@@ -131,8 +105,8 @@ bootcmd:
   - [setenforce, Permissive]
 runcmd:
   - [systemctl, daemon-reload]
-  - [systemctl, enable, etcd-member.service]
-  - [systemctl, start, --no-block, etcd-member.service]
+  - "atomic install --system --name=etcd quay.io/dghubble/etcd:99f87f9245ef2b2104fe2fc3550c21327b5a980f"
+  - [systemctl, start, --no-block, etcd.service]
   - [hostnamectl, set-hostname, ${domain_name}]
   - [systemctl, enable, kubelet.path]
   - [systemctl, start, --no-block, kubelet.path]
diff --git a/digital-ocean/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl b/digital-ocean/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl
index ad137469..4f2b7e95 100644
--- a/digital-ocean/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl
+++ b/digital-ocean/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl
@@ -1,31 +1,5 @@
 #cloud-config
 write_files:
-  - path: /etc/systemd/system/etcd-member.service
-    content: |
-      [Unit]
-      Description=etcd-member
-      Documentation=https://github.com/coreos/etcd
-      Wants=network-online.target network.target
-      After=network-online.target
-      Requires=docker.service
-      After=docker.service
-      [Service]
-      EnvironmentFile=/etc/etcd/etcd.conf
-      ExecStartPre=/bin/mkdir -p /var/lib/etcd
-      ExecStart=/usr/bin/docker run --rm --name etcd-member \
-        --net=host \
-        -v /etc/pki/tls/certs:/usr/share/ca-certificates:ro,z \
-        -v /etc/ssl/etcd:/etc/ssl/certs:ro,Z \
-        -v /var/lib/etcd:/var/lib/etcd:Z \
-        --env-file=/etc/etcd/etcd.conf \
-        quay.io/coreos/etcd:v3.3.3
-      ExecStop=/usr/bin/docker stop etcd-member
-      Restart=on-failure
-      RestartSec=10s
-      TimeoutStartSec=0
-      LimitNOFILE=40000
-      [Install]
-      WantedBy=multi-user.target
   - path: /etc/etcd/etcd.conf
     content: |
       ETCD_NAME=${etcd_name}
@@ -57,6 +31,8 @@ write_files:
         --retry 10)\nDIGITALOCEAN_IPV4_PRIVATE_0=$(curl\
         --url http://169.254.169.254/metadata/v1/interfaces/private/0/ipv4/address\
         --retry 10)" > $${OUTPUT}'
+      [Install]
+      WantedBy=multi-user.target
   - path: /etc/systemd/system/kubelet.service
     content: |
       [Unit]
@@ -147,8 +123,8 @@ bootcmd:
   - [setenforce, Permissive]
 runcmd:
   - [systemctl, daemon-reload]
-  - [systemctl, enable, etcd-member.service]
-  - [systemctl, start, --no-block, etcd-member.service]
+  - "atomic install --system --name=etcd quay.io/dghubble/etcd:99f87f9245ef2b2104fe2fc3550c21327b5a980f"
+  - [systemctl, start, --no-block, etcd.service]
   - [systemctl, enable, cloud-metadata.service]
   - [systemctl, enable, kubelet.path]
   - [systemctl, start, --no-block, kubelet.path]
diff --git a/digital-ocean/fedora-atomic/kubernetes/cloudinit/worker.yaml.tmpl b/digital-ocean/fedora-atomic/kubernetes/cloudinit/worker.yaml.tmpl
index 0adee7e0..f2127172 100644
--- a/digital-ocean/fedora-atomic/kubernetes/cloudinit/worker.yaml.tmpl
+++ b/digital-ocean/fedora-atomic/kubernetes/cloudinit/worker.yaml.tmpl
@@ -13,6 +13,8 @@ write_files:
         --retry 10)\nDIGITALOCEAN_IPV4_PRIVATE_0=$(curl\
         --url http://169.254.169.254/metadata/v1/interfaces/private/0/ipv4/address\
         --retry 10)" > $${OUTPUT}'
+      [Install]
+      WantedBy=multi-user.target
   - path: /etc/systemd/system/kubelet.service
     content: |
       [Unit]