Merge pull request #2205 from crawford/wrappers

app-admin/*-wrapper: clean up wrappers

sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/etcd-wrapper-0.0.3.ebuild

@@ -22,6 +22,8 @@ RDEPEND=">=app-emulation/rkt-1.9.1[rkt_stage1_fly]"
 S=${WORKDIR}
 
 src_install() {
-	dobin "${FILESDIR}"/etcd-wrapper
+	exeinto /usr/lib/coreos
-  	systemd_dounit "${FILESDIR}"/etcd-wrapper.service
+	doexe "${FILESDIR}"/etcd-wrapper
+
+	systemd_dounit "${FILESDIR}"/etcd-member.service
 }

sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/files/etcd-member.service

@@ -0,0 +1,27 @@
+[Unit]
+Description=etcd (System Application Container)
+Documentation=https://github.com/coreos/etcd
+Wants=network.target
+Conflicts=etcd.service
+Conflicts=etcd2.service
+
+[Service]
+Type=notify
+Restart=on-failure
+RestartSec=10s
+TimeoutStartSec=0
+LimitNOFILE=40000
+
+Environment="ETCD_IMAGE_TAG=v3.0.10"
+Environment="ETCD_NAME=%m"
+Environment="ETCD_USER=etcd"
+Environment="ETCD_DATA_DIR=/var/lib/etcd"
+Environment="RKT_RUN_ARGS=--uuid-file-save=/var/lib/coreos/etcd-member-wrapper.uuid"
+
+ExecStartPre=/usr/bin/mkdir --parents /var/lib/coreos
+ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/lib/coreos/etcd-member-wrapper.uuid
+ExecStart=/usr/lib/coreos/etcd-wrapper $ETCD_OPTS
+ExecStop=-/usr/bin/rkt stop --uuid-file=/var/lib/coreos/etcd-member-wrapper.uuid
+
+[Install]
+WantedBy=multi-user.target

sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/files/etcd-wrapper

@@ -1,76 +1,80 @@
 #!/usr/bin/bash -e
 # Wrapper for launching etcd via rkt.
+#
+# Make sure to set ETCD_IMAGE_TAG to an image tag published here:
+# https://quay.io/repository/coreos/etcd?tab=tags Alternatively,
+# override ETCD_IMAGE to a custom image.
 
 function require_ev_all() {
-    for rev in $@ ; do
+	for rev in $@ ; do
-        if [[ -z ${!rev} ]]; then
+		if [[ -z "${!rev}" ]]; then
-            echo ${rev} is not set
+			echo ${rev} is not set
-            exit 1
+			exit 1
-        fi
+		fi
-    done
+	done
 }
 
 function require_ev_one() {
-    for rev in $@ ; do
+	for rev in $@ ; do
-        if [[ ! -z ${!rev} ]]; then
+		if [[ ! -z "${!rev}" ]]; then
-            return
+			return
-        fi
+		fi
-    done
+	done
-    echo One of $@ must be set
+	echo One of $@ must be set
-    exit 1
+	exit 1
 }
 
-require_ev_one ETCD_IMG ETCD_TAG
+require_ev_one ETCD_IMAGE ETCD_IMAGE_TAG
-require_ev_all ETCD_IMG_USER ETCD_DATA_DIR
+require_ev_all ETCD_USER ETCD_DATA_DIR
 
-if [[ ! -z ${ETCD_TAG} ]]; then
+ETCD_IMAGE_URL="${ETCD_IMAGE_URL:-quay.io/coreos/etcd}"
-    ETCD_IMG="${ETCD_IMG:-coreos.com/etcd:${ETCD_TAG}}"
+ETCD_IMAGE="${ETCD_IMAGE:-${ETCD_IMAGE_URL}:${ETCD_IMAGE_TAG}}"
-    RKT_RUN_ARGS="${RKT_RUN_ARGS} \
+
-        --trust-keys-from-https
+if [[ "${ETCD_IMAGE%%/*}" == "quay.io" ]]; then
-    "
+	RKT_RUN_ARGS="${RKT_RUN_ARGS} --trust-keys-from-https"
 fi
 
-if [[ ! -e ${ETCD_DATA_DIR} ]]; then
+if [[ ! -e "${ETCD_DATA_DIR}" ]]; then
-    mkdir -p ${ETCD_DATA_DIR}
+	mkdir --parents "${ETCD_DATA_DIR}"
-    chown ${ETCD_IMG_USER} ${ETCD_DATA_DIR}
+	chown "${ETCD_USER}" "${ETCD_DATA_DIR}"
 fi
 
-SYSTEMD_SYSTEM_DIR_SRC=${SYSTEMD_SYSTEM_DIR_SRC:-/run/systemd/system}
+ETCD_SSL_DIR="${ETCD_SSL_DIR:-/etc/ssl/certs}"
-if [[ -d ${SYSTEMD_SYSTEM_DIR_SRC} ]]; then
+
-    RKT_RUN_ARGS="${RKT_RUN_ARGS} \
+SYSTEMD_SYSTEM_DIR_SRC="${SYSTEMD_SYSTEM_DIR_SRC:-/run/systemd/system}"
-    --mount volume=systemd-dir,target=/run/systemd/system \
+if [[ -d "${SYSTEMD_SYSTEM_DIR_SRC}" ]]; then
-    --volume systemd-dir,kind=host,source=${SYSTEMD_SYSTEM_DIR_SRC},readOnly=true \
+	RKT_RUN_ARGS="${RKT_RUN_ARGS} \
-    "
+		--mount volume=systemd-dir,target=/run/systemd/system \
+		--volume systemd-dir,kind=host,source=${SYSTEMD_SYSTEM_DIR_SRC},readOnly=true \
+	"
 fi
 
-
+if [[ -S "${NOTIFY_SOCKET}" ]]; then
-if [[ -S ${NOTIFY_SOCKET} ]]; then
+	RKT_RUN_ARGS="${RKT_RUN_ARGS} \
-    RKT_RUN_ARGS="${RKT_RUN_ARGS} \
+		--mount volume=notify,target=/run/systemd/notify \
-    --mount volume=notify,target=/run/systemd/notify \
+		--volume notify,kind=host,source=${NOTIFY_SOCKET} \
-    --volume notify,kind=host,source=${NOTIFY_SOCKET} \
+		--set-env=NOTIFY_SOCKET=/run/systemd/notify \
-    --set-env=NOTIFY_SOCKET=/run/systemd/notify \
+	"
-    "
 fi
 
-SSL_CERTS_SRC=${SSL_CERTS_SRC:-/etc/ssl/certs}
+RKT="${RKT:-/usr/bin/rkt}"
-ETC_HOSTS_SRC=${ETC_HOSTS_SRC:-/etc/hosts}
+RKT_STAGE1_ARG="${RKT_STAGE1_ARG:---stage1-from-dir=stage1-fly.aci}"
-ETCD_IMG_EXEC=${ETCD_IMG_EXEC:-/etcd}
-
-RKT=${RKT:-/usr/bin/rkt}
-RKT_STAGE1_ARG=${RKT_STAGE1_ARG:-"--stage1-from-dir=stage1-fly.aci"}
 set -x
 exec ${RKT} ${RKT_GLOBAL_ARGS} \
-    run ${RKT_RUN_ARGS} \
+	run ${RKT_RUN_ARGS} \
-    --volume data-dir,kind=host,source=${ETCD_DATA_DIR} \
+	--volume data-dir,kind=host,source="${ETCD_DATA_DIR}",readOnly=false \
-    \
+	--volume etc-ssl-certs,kind=host,source="${ETCD_SSL_DIR}",readOnly=true \
-    --mount volume=etc-ssl-certs,target=/etc/ssl/certs \
+	--volume usr-share-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \
-    --volume etc-ssl-certs,kind=host,source=${SSL_CERTS_SRC} \
+	--volume etc-hosts,kind=host,source=/etc/hosts,readOnly=true \
-    \
+	--volume etc-resolv,kind=host,source=/etc/resolv.conf,readOnly=true \
-    --mount volume=etc-hosts,target=/etc/hosts  \
+	--mount volume=data-dir,target=/var/lib/etcd \
-    --volume etc-hosts,kind=host,source=${ETC_HOSTS_SRC} \
+	--mount volume=etc-ssl-certs,target=/etc/ssl/certs \
-    \
+	--mount volume=usr-share-certs,target=/usr/share/ca-certificates \
-    ${RKT_STAGE1_ARG} \
+	--mount volume=etc-hosts,target=/etc/hosts  \
-    ${ETCD_IMG} ${ETCD_IMG_ARGS} \
+	--mount volume=etc-resolv,target=/etc/resolv.conf  \
-        --user=$(id -u ${ETCD_IMG_USER}) \
+	--inherit-env \
-        --exec=${ETCD_IMG_EXEC} -- \
+	${RKT_STAGE1_ARG} \
-        "$@"
+	${ETCD_IMAGE} \
+		${ETCD_IMAGE_ARGS} \
+		--user=$(id -u "${ETCD_USER}") \
+		-- "$@"

sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/files/etcd-wrapper.service

@@ -1,19 +0,0 @@
-[Unit]
-Description=etcd (System Application Container)
-Conflicts=etcd.service
-Conflicts=etcd2.service
-
-[Service]
-Type=notify
-Environment=ETCD_NAME=%m
-Environment=ETCD_IMG_USER=etcd
-Environment=ETCD_DATA_DIR=/var/lib/etcd
-Environment=ETCD_TAG=
-ExecStart=/usr/bin/etcd-wrapper $ETCD_OPTS
-Restart=always
-RestartSec=10s
-LimitNOFILE=40000
-TimeoutStartSec=0
-
-[Install]
-WantedBy=multi-user.target

sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/50-flannel.network

@@ -0,0 +1,4 @@
+[Match]
+Name=flannel*
+
+[Network]

sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/flannel-docker-opts.service

@@ -0,0 +1,23 @@
+[Unit]
+Description=flannel docker export service - Network fabric for containers (System Application Container)
+Documentation=https://github.com/coreos/flannel
+After=flannel.service
+PartOf=flannel.service
+Before=docker.service
+
+[Service]
+Type=simple
+Restart=on-failure
+RestartSec=10
+TimeoutStartSec=60
+
+Environment="FLANNEL_IMAGE_TAG=v0.6.2"
+Environment="RKT_RUN_ARGS=--uuid-file-save=/var/lib/coreos/flannel-wrapper2.uuid"
+Environment="FLANNEL_IMAGE_ARGS=--exec=/opt/bin/mk-docker-opts.sh"
+
+ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/lib/coreos/flannel-wrapper2.uuid
+ExecStart=/usr/lib/coreos/flannel-wrapper -d /run/flannel/flannel_docker_opts.env -i
+ExecStop=-/usr/bin/rkt stop --uuid-file=/var/lib/coreos/flannel-wrapper2.uuid
+
+[Install]
+WantedBy=multi-user.target

sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/flannel-wrapper

@@ -0,0 +1,84 @@
+#!/bin/bash -e
+# Wrapper for launching flannel via rkt.
+#
+# Make sure to set FLANNEL_IMAGE_TAG to an image tag published here:
+# https://quay.io/repository/coreos/flannel?tab=tags Alternatively,
+# override FLANNEL_IMAGE to a custom image.
+
+function require_ev_all() {
+	for rev in $@ ; do
+		if [[ -z "${!rev}" ]]; then
+			echo "${rev}" is not set
+			exit 1
+		fi
+	done
+}
+
+function require_ev_one() {
+	for rev in $@ ; do
+		if [[ ! -z "${!rev}" ]]; then
+			return
+		fi
+	done
+	echo One of $@ must be set
+	exit 1
+}
+
+if [[ -n "${FLANNEL_VER}" ]]; then
+	echo FLANNEL_VER environment variable is deprecated, please use FLANNEL_IMAGE_TAG instead
+fi
+
+if [[ -n "${FLANNEL_IMG}" ]]; then
+	echo FLANNEL_IMG environment variable is deprecated, please use FLANNEL_IMAGE_URL instead
+fi
+
+FLANNEL_IMAGE_TAG="${FLANNEL_IMAGE_TAG:-${FLANNEL_VER}}"
+
+require_ev_one FLANNEL_IMAGE FLANNEL_IMAGE_TAG
+
+FLANNEL_IMAGE_URL="${FLANNEL_IMAGE_URL:-${FLANNEL_IMG:-quay.io/coreos/flannel}}"
+FLANNEL_IMAGE="${FLANNEL_IMAGE:-${FLANNEL_IMAGE_URL}:${FLANNEL_IMAGE_TAG}}"
+
+if [[ "${FLANNEL_IMAGE%%/*}" == "quay.io" ]]; then
+	RKT_RUN_ARGS="${RKT_RUN_ARGS} --trust-keys-from-https"
+fi
+
+ETCD_SSL_DIR="${ETCD_SSL_DIR:-/etc/ssl/etcd}"
+if [[ -d "${ETCD_SSL_DIR}" ]]; then
+	RKT_RUN_ARGS="${RKT_RUN_ARGS} \
+		--volume ssl,kind=host,source=${ETCD_SSL_DIR},readOnly=true \
+		--mount volume=ssl,target=${ETCD_SSL_DIR} \
+	"
+fi
+
+if [[ -S "${NOTIFY_SOCKET}" ]]; then
+	RKT_RUN_ARGS="${RKT_RUN_ARGS} \
+		--mount volume=notify,target=/run/systemd/notify \
+		--volume notify,kind=host,source=${NOTIFY_SOCKET} \
+		--set-env=NOTIFY_SOCKET=/run/systemd/notify \
+	"
+fi
+
+mkdir --parents /run/flannel
+
+RKT="${RKT:-/usr/bin/rkt}"
+RKT_STAGE1_ARG="${RKT_STAGE1_ARG:---stage1-from-dir=stage1-fly.aci}"
+set -x
+exec ${RKT} ${RKT_GLOBAL_ARGS} \
+	run ${RKT_RUN_ARGS} \
+	--net=host \
+	--volume run-flannel,kind=host,source=/run/flannel,readOnly=false \
+	--volume etc-ssl-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \
+	--volume usr-share-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \
+	--volume etc-hosts,kind=host,source=/etc/hosts,readOnly=true \
+	--volume etc-resolv,kind=host,source=/etc/resolv.conf,readOnly=true \
+	--mount volume=run-flannel,target=/run/flannel \
+	--mount volume=etc-ssl-certs,target=/etc/ssl/certs \
+	--mount volume=usr-share-certs,target=/usr/share/ca-certificates \
+	--mount volume=etc-hosts,target=/etc/hosts  \
+	--mount volume=etc-resolv,target=/etc/resolv.conf \
+	--inherit-env \
+	${RKT_STAGE1_ARG} \
+	${FLANNEL_IMAGE} \
+		${FLANNEL_IMAGE_ARGS} \
+		-- "$@"

sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/flanneld.service

@@ -0,0 +1,27 @@
+[Unit]
+Description=flannel - Network fabric for containers (System Application Container)
+Documentation=https://github.com/coreos/flannel
+After=etcd.service etcd2.service etcd-member.service
+Before=docker.service flannel-docker-opts.service
+Requires=flannel-docker-opts.service
+
+[Service]
+Type=notify
+Restart=always
+RestartSec=10s
+LimitNOFILE=40000
+LimitNPROC=1048576
+
+Environment="FLANNEL_IMAGE_TAG=v0.6.2"
+Environment="FLANNEL_OPTS=--ip-masq=true"
+Environment="RKT_RUN_ARGS=--uuid-file-save=/var/lib/coreos/flannel-wrapper.uuid"
+EnvironmentFile=-/run/flannel/options.env
+
+ExecStartPre=/sbin/modprobe ip_tables
+ExecStartPre=/usr/bin/mkdir --parents /var/lib/coreos /run/flannel
+ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/lib/coreos/flannel-wrapper.uuid
+ExecStart=/usr/lib/coreos/flannel-wrapper $FLANNEL_OPTS
+ExecStop=-/usr/bin/rkt stop --uuid-file=/var/lib/coreos/flannel-wrapper.uuid
+
+[Install]
+WantedBy=multi-user.target

sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/flannel-wrapper-0.0.1.ebuild

@@ -0,0 +1,34 @@
+# Copyright (c) 2014 CoreOS, Inc.. All rights reserved.
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit systemd
+
+DESCRIPTION="flannel (System Application Container)"
+HOMEPAGE="https://github.com/coreos/flannel"
+
+KEYWORDS="amd64"
+SRC_URI=""
+
+LICENSE="Apache-2.0"
+SLOT="0"
+IUSE=""
+
+RDEPEND="
+	!app-admin/flannel
+	>=app-emulation/rkt-1.9.1[rkt_stage1_fly]
+"
+
+S="$WORKDIR"
+
+src_install() {
+	exeinto /usr/lib/coreos
+	doexe "${FILESDIR}"/flannel-wrapper
+
+	systemd_dounit "${FILESDIR}"/flanneld.service
+	systemd_dounit "${FILESDIR}"/flannel-docker-opts.service
+
+	insinto /usr/lib/systemd/network
+	doins "${FILESDIR}"/50-flannel.network
+}

sdk_container/src/third_party/coreos-overlay/app-admin/kubelet-wrapper/files/kubelet-wrapper

@@ -1,39 +1,82 @@
 #!/bin/bash
-# Wrapper for launching kubelet via rkt-fly stage1. 
+# Wrapper for launching kubelet via rkt-fly.
 #
-# Make sure to set KUBELET_VERSION to an image tag published here:
+# Make sure to set KUBELET_IMAGE_TAG to an image tag published here:
 # https://quay.io/repository/coreos/hyperkube?tab=tags Alternatively,
-# override $KUBELET_ACI to a custom location.
+# override KUBELET_IMAGE to a custom image.
 
 set -e
 
-if [ -z "${KUBELET_VERSION}" ]; then
+function require_ev_all() {
-    echo "ERROR: must set KUBELET_VERSION"
+	for rev in $@ ; do
-    exit 1
+		if [[ -z "${!rev}" ]]; then
+			echo "${rev}" is not set
+			exit 1
+		fi
+	done
+}
+
+function require_ev_one() {
+	for rev in $@ ; do
+		if [[ ! -z "${!rev}" ]]; then
+			return
+		fi
+	done
+	echo One of $@ must be set
+	exit 1
+}
+
+if [[ -n "${KUBELET_VERSION}" ]]; then
+	echo KUBELET_VERSION environment variable is deprecated, please use KUBELET_IMAGE_TAG instead
 fi
 
-KUBELET_ACI="${KUBELET_ACI:-quay.io/coreos/hyperkube}"
+if [[ -n "${KUBELET_ACI}" ]]; then
+	echo KUBELET_ACI environment variable is deprecated, please use the KUBELET_IMAGE_URL instead
+fi
+
+if [[ -n "${RKT_OPTS}" ]]; then
+	echo RKT_OPTS environment variable is deprecated, please use the RKT_RUN_ARGS instead
+fi
+
+KUBELET_IMAGE_TAG="${KUBELET_IMAGE_TAG:-${KUBELET_VERSION}}"
+
+require_ev_one KUBELET_IMAGE KUBELET_IMAGE_TAG
+
+KUBELET_IMAGE_URL="${KUBELET_IMAGE_URL:-${KUBELET_ACI:-quay.io/coreos/hyperkube}}"
+KUBELET_IMAGE="${KUBELET_IMAGE:-${KUBELET_IMAGE_URL}:${KUBELET_IMAGE_TAG}}"
+
+RKT_RUN_ARGS="${RKT_RUN_ARGS} ${RKT_OPTS}"
+
+if [[ "${KUBELET_IMAGE%%/*}" == "quay.io" ]]; then
+	RKT_RUN_ARGS="${RKT_RUN_ARGS} --trust-keys-from-https"
+fi
 
 mkdir --parents /etc/kubernetes
 mkdir --parents /var/lib/docker
 mkdir --parents /var/lib/kubelet
 mkdir --parents /run/kubelet
 
-exec /usr/bin/rkt run \
+RKT="${RKT:-/usr/bin/rkt}"
-  --volume etc-kubernetes,kind=host,source=/etc/kubernetes \
+RKT_STAGE1_ARG="${RKT_STAGE1_ARG:---stage1-from-dir=stage1-fly.aci}"
-  --volume etc-ssl-certs,kind=host,source=/usr/share/ca-certificates \
+KUBELET_IMAGE_ARGS=${KUBELET_IMAGE_ARGS:---exec=/kubelet}
-  --volume var-lib-docker,kind=host,source=/var/lib/docker \
+set -x
-  --volume var-lib-kubelet,kind=host,source=/var/lib/kubelet \
+exec ${RKT} ${RKT_GLOBAL_ARGS} \
-  --volume os-release,kind=host,source=/usr/lib/os-release \
+	run ${RKT_RUN_ARGS} \
-  --volume run,kind=host,source=/run \
+	--volume etc-kubernetes,kind=host,source=/etc/kubernetes,readOnly=false \
-  --mount volume=etc-kubernetes,target=/etc/kubernetes \
+	--volume etc-ssl-certs,kind=host,source=/etc/ssl/certs,readOnly=true \
-  --mount volume=etc-ssl-certs,target=/etc/ssl/certs \
+	--volume usr-share-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \
-  --mount volume=var-lib-docker,target=/var/lib/docker \
+	--volume var-lib-docker,kind=host,source=/var/lib/docker,readOnly=false \
-  --mount volume=var-lib-kubelet,target=/var/lib/kubelet \
+	--volume var-lib-kubelet,kind=host,source=/var/lib/kubelet,readOnly=false \
-  --mount volume=os-release,target=/etc/os-release \
+	--volume os-release,kind=host,source=/usr/lib/os-release,readOnly=true \
-  --mount volume=run,target=/run \
+	--volume run,kind=host,source=/run,readOnly=false \
-  --trust-keys-from-https \
+	--mount volume=etc-kubernetes,target=/etc/kubernetes \
-  $RKT_OPTS \
+	--mount volume=etc-ssl-certs,target=/etc/ssl/certs \
-  --stage1-from-dir=stage1-fly.aci \
+	--mount volume=usr-share-certs,target=/usr/share/ca-certificates \
-  ${KUBELET_ACI}:${KUBELET_VERSION} --exec=/kubelet -- "$@"
+	--mount volume=var-lib-docker,target=/var/lib/docker \
-
+	--mount volume=var-lib-kubelet,target=/var/lib/kubelet \
+	--mount volume=os-release,target=/etc/os-release \
+	--mount volume=run,target=/run \
+	${RKT_STAGE1_ARG} \
+	${KUBELET_IMAGE} \
+		${KUBELET_IMAGE_ARGS} \
+		-- "$@"

sdk_container/src/third_party/coreos-overlay/app-admin/kubelet-wrapper/kubelet-wrapper-0.0.2.ebuild

@@ -4,7 +4,7 @@
 # $Header:$
 #
 
-EAPI=5
+EAPI=6
 
 DESCRIPTION="Kubernetes Container Manager"
 HOMEPAGE="http://kubernetes.io/"
@@ -14,7 +14,7 @@ LICENSE="Apache-2.0"
 SLOT="0"
 IUSE=""
 
-RDEPEND=app-emulation/rkt
+RDEPEND=">=app-emulation/rkt-1.9.1[rkt_stage1_fly]"
 
 # work around ${WORKDIR}/${P} not existing
 S=${WORKDIR}

sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service

@@ -6,7 +6,7 @@ Requires=docker.socket early-docker.target
 
 [Service]
 Type=notify
-EnvironmentFile=-/run/flannel_docker_opts.env
+EnvironmentFile=-/run/flannel/flannel_docker_opts.env
 MountFlags=slave
 # the default is not to use systemd for cgroups because the delegate issues still
 # exists and systemd currently does not support the cgroup feature set required

sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild

@@ -98,10 +98,10 @@ RDEPEND="${RDEPEND}
 		app-emulation/xenstore
 		sys-auth/realmd
 		sys-auth/sssd
+		app-admin/flannel-wrapper
 	)"
 
 RDEPEND="${RDEPEND}
-	app-admin/flannel
 	app-admin/fleet
 	app-admin/locksmith
 	app-admin/mayday