feat(coreos-base/oem-ami): add packages to make amis work

sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-0.5.0.ebuild

@@ -8,13 +8,15 @@ EAPI=2
 EGIT_REPO_URI="https://github.com/dotcloud/docker"
 inherit toolchain-funcs systemd git-2
 
+EGIT_COMMIT="51f6c4a7372450d164c61e0054daf0223ddbd909" # 0.5
+
 DESCRIPTION="Docker container management"
 HOMEPAGE="http://docker.io"
 SRC_URI=""
 
 LICENSE="MIT"
 SLOT="0"
-KEYWORDS="~amd64 ~arm ~x86"
+KEYWORDS="amd64"
 IUSE=""
 
 DEPEND=">=dev-lang/go-1.0.2"
@@ -36,5 +38,6 @@ src_install() {
 	keepdir /var/lib/${PN}/graph
 	keepdir /var/lib/${PN}/containers
 	systemd_dounit "${FILESDIR}"/${PN}.service
-	systemd_enable_service multi-user.target ${PN}.service
+	# not enabling by default because it messes up the EC2 169. meta url routing
+	#systemd_enable_service multi-user.target ${PN}.service
 }

sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-experimental/coreos-experimental-0.0.1.ebuild

@@ -15,5 +15,4 @@ IUSE=""
 DEPEND=""
 RDEPEND="
 	app-admin/systemd-rest
-	dev-db/etcd
 "

sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild

@@ -151,6 +151,7 @@ RDEPEND="${RDEPEND}
 	app-misc/ca-certificates
 	virtual/udev
 	coreos-base/oem-service
+	dev-db/etcd
 	"
 
 # TODO(dianders):

sdk_container/src/third_party/coreos-overlay/coreos-base/oem-ami/files/install-ec2-key.sh

@@ -1,5 +1,7 @@
 #!/bin/bash
 
+/usr/bin/block-until-url http://169.254.169.254/
+
 USER_DIR="/home/core/user"
 
 if [ ! -d ${USER_DIR}/.ssh ] ; then
@@ -7,10 +9,14 @@ if [ ! -d ${USER_DIR}/.ssh ] ; then
 	chmod 700 ${USER_DIR}/.ssh
 fi
 # Fetch public key using HTTP
-curl -s http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key > /tmp/my-key
+curl -s --connect-timeout 3 http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key > /tmp/my-key
 if [ $? -eq 0 ] ; then
 	cat /tmp/my-key >> ${USER_DIR}/.ssh/authorized_keys
 	chmod 700 ${USER_DIR}/.ssh/authorized_keys
 	rm /tmp/my-key
+else
+	echo unable to download key
+	rm /tmp/my-key
+	exit 1
 fi
 chown -R core: $USER_DIR/.ssh

sdk_container/src/third_party/coreos-overlay/dev-db/etcd/etcd-0.0.1-r2.ebuild

@@ -1 +0,0 @@
-etcd-0.0.1.ebuild

sdk_container/src/third_party/coreos-overlay/dev-db/etcd/etcd-0.0.1.ebuild

@@ -9,7 +9,7 @@ EAPI=4
 CROS_WORKON_PROJECT="coreos/etcd"
 CROS_WORKON_LOCALNAME="etcd"
 CROS_WORKON_REPO="git://github.com"
-CROS_WORKON_COMMIT="01e5d41f91da0251a8ed9dbba79df70a9dd6a237"
+CROS_WORKON_COMMIT="d0ec1007a218ff9e089e158ecd79d055d092cadc"
 inherit toolchain-funcs cros-workon systemd
 
 DESCRIPTION="etcd"
@@ -33,6 +33,7 @@ src_install() {
 	dobin ${S}/${PN}
 	dobin ${FILESDIR}/coreos-c10n
 	dobin ${FILESDIR}/etcd-bootstrap
+	dobin ${FILESDIR}/block-until-url
 
 	systemd_dounit "${FILESDIR}"/${PN}.service
 	systemd_enable_service multi-user.target ${PN}.service

sdk_container/src/third_party/coreos-overlay/dev-db/etcd/files/block-until-url

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+URL="$1"
+
+CMD="curl -s --capath /usr/share/coreos-ca-certificates/ --capath /etc/ssl/certs/ $URL"
+while ($CMD > /dev/null); [ $? -ne 0 ];
+  do sleep .5; done

sdk_container/src/third_party/coreos-overlay/dev-db/etcd/files/coreos-c10n

@@ -3,33 +3,32 @@
 C10N_ENDPOINT=https://core-api.appspot.com/v1/c10n/group
 META_URL="http://169.254.169.254/latest"
 
+ETCD_BOOTSTRAP="/var/run/etcd/bootstrap.config"
+[ ! -e "/var/run/etcd/" ] && mkdir "/var/run/etcd/"
+
+/usr/bin/block-until-url $C10N_ENDPOINT
+/usr/bin/block-until-url $META_URL
+
 USER_DATA=$(curl -s $META_URL/user-data)
+if [ $? -eq 0 ] && [ ! -z "$USER_DATA" ]; then
+        URL=$USER_DATA
 
-URL=$USER_DATA
+        echo $URL | grep -q '^https://' || (echo Coordination URL requires valid SSL; exit 1)
 
-echo $URL | grep -q '^https://' || (echo Coordination URL requires valid SSL; exit 1)
+        TMP=`mktemp`
 
-TMP=`mktemp`
+        curl -s "$USER_DATA/raw" > $TMP
 
-curl -s "$USER_DATA/raw" > $TMP
-
-# validate ssh key
-ssh-keygen -l -f $TMP > /dev/null 2>&1
-if [ $? -eq 0 ]; then
-        cat $TMP >> $HOME/.ssh/authorized_keys
-        echo "SSH key updated"
-else
-        echo "Not a valid ssh key"
+        # validate ssh key
+        ssh-keygen -l -f $TMP > /dev/null 2>&1
+        if [ $? -eq 0 ]; then
+                cat $TMP >> /home/core/user/.ssh/authorized_keys
+                echo "SSH key updated"
+                chown -R core: /home/core/user/.ssh/
+        else
+                echo "Not a valid ssh key"
+        fi
 fi
 
-IP_LIST=""
-for IP4 in `curl -s $META_URL/meta-data/ | grep ipv4`; do
-        IP=$(curl -s $META_URL/meta-data/$IP4)
-        if [ "$IP_LIST" != "" ]; then
-                IP_LIST="$IP_LIST,$IP"
-        else
-                IP_LIST="$IP"
-        fi
-done
-
-curl $C10N_ENDPOINT -d "c10n_url=$URL" -d"ip_list=$IP_LIST" > /var/run/etcd/bootstrap.config
+IP=$(curl -s $META_URL/meta-data/local-ipv4)
+curl -s $C10N_ENDPOINT -d "c10n_url=$URL" -d"ip_list=$IP" > $ETCD_BOOTSTRAP

sdk_container/src/third_party/coreos-overlay/dev-db/etcd/files/etcd-bootstrap

@@ -1,43 +1,25 @@
 #!/bin/bash
 
-# Test an IP address for validity:
-# Usage:
-#      valid_ip IP_ADDRESS
-#      if [[ $? -eq 0 ]]; then echo good; else echo bad; fi
-#   OR
-#      if valid_ip IP_ADDRESS; then echo good; else echo bad; fi
-# http://www.linuxjournal.com/content/validating-ip-address-bash-script
-function valid_ip()
-{
-    local  ip=$1
-    local  stat=1
-
-    if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
-        OIFS=$IFS
-        IFS='.'
-        ip=($ip)
-        IFS=$OIFS
-        [[ ${ip[0]} -le 255 && ${ip[1]} -le 255 \
-            && ${ip[2]} -le 255 && ${ip[3]} -le 255 ]]
-        stat=$?
-    fi
-    return $stat
-}
+/usr/bin/coreos-c10n
 
+META_URL="http://169.254.169.254/latest"
+MY_IP=$(curl -s $META_URL/meta-data/local-ipv4)
 BOOTSTRAP="/var/run/etcd/bootstrap.config"
-for HOSTS in `[ -e $BOOTSTRAP ] && cat $BOOTSTRAP`; do
-        for IP in `echo $HOSTS | sed 's/,/\'$'\n/g' `; do
-                echo $IP
-                LEADER=`curl --connect-timeout 1 -s $IP:7001/leader`
-                if [ $? -eq 0 ]; then
-                        LEADER_IP=`echo $LEADER | cut -d':' -f1`
-                        LEADER_PORT=`echo $LEADER | cut -d':' -f2`
-                        if valid_ip $LEADER_IP; then
-                                echo GOT LEADER $LEADER
-                                exec /usr/bin/etcd -i -C $LEADER
-                        fi
-                fi
-        done
-done
-echo "Not able to connect to a leader, just starting..."
-exec /usr/bin/etcd -i
+
+# for etcd
+STATE=/mnt/stateful_partition/etcd
+mkdir -p $STATE
+
+[ ! -e $BOOTSTRAP ] && echo bootstrap config missing && exit 1
+
+# strip blank lines
+IPS=$(grep -v $MY_IP $BOOTSTRAP|grep -v '^\n$' |sed 's/$/:7001/'|tr '\n' ','|sed 's/^,//'|sed 's/,$//')
+
+if [ -z "$IPS" ]; then
+        echo "becoming master..."
+        exec /usr/bin/etcd -v -h $MY_IP -d $STATE
+else
+        echo "trying $IPS"
+        set -x
+        exec /usr/bin/etcd -v -h $MY_IP -C "$IPS" -d $STATE
+fi

sdk_container/src/third_party/coreos-overlay/dev-db/etcd/files/etcd.service

@@ -1,6 +1,4 @@
 [Service]
-ExecStartPre=-/bin/mkdir -p /var/run/etcd
-ExecStartPre=/usr/bin/coreos-c10n
 ExecStart=/usr/bin/etcd-bootstrap
 
 [Install]

sdk_container/src/third_party/coreos-overlay/profiles/targets/coreos/package.accept_keywords

@@ -130,5 +130,4 @@
 =net-dialup/ppp-2.4.5-r3 ~amd64
 =dev-python/pyxenstore-9999	~amd64 ~x86
 =coreos-base/motd-http-9999	~amd64 ~x86
-=app-emulation/docker-9999	~amd64 ~x86
 =app-emulation/lxc-0.8.0-r1	~amd64 ~x86