From 8e8d8955b845a04a31d34370bfbea0d234d689e6 Mon Sep 17 00:00:00 2001
From: Alex Crawford <alex.crawford@coreos.com>
Date: Wed, 28 Sep 2016 11:25:47 -0700
Subject: [PATCH] app-admin/etcd-wrapper: clean up wrapper

This builds on the work done by Stefan Junker.
---
 ....2-r0.ebuild => etcd-wrapper-0.0.3.ebuild} |   6 +-
 .../etcd-wrapper/files/etcd-member.service    |  27 ++++
 .../app-admin/etcd-wrapper/files/etcd-wrapper | 116 +++++++++---------
 .../etcd-wrapper/files/etcd-wrapper.service   |  19 ---
 4 files changed, 91 insertions(+), 77 deletions(-)
 rename sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/{etcd-wrapper-0.0.2-r0.ebuild => etcd-wrapper-0.0.3.ebuild} (78%)
 create mode 100644 sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/files/etcd-member.service
 mode change 100644 => 100755 sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/files/etcd-wrapper
 delete mode 100644 sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/files/etcd-wrapper.service

diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/etcd-wrapper-0.0.2-r0.ebuild b/sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/etcd-wrapper-0.0.3.ebuild
similarity index 78%
rename from sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/etcd-wrapper-0.0.2-r0.ebuild
rename to sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/etcd-wrapper-0.0.3.ebuild
index 2cbe7bd844..f2d34a2902 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/etcd-wrapper-0.0.2-r0.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/etcd-wrapper-0.0.3.ebuild
@@ -22,6 +22,8 @@ RDEPEND=">=app-emulation/rkt-1.9.1[rkt_stage1_fly]"
 S=${WORKDIR}
 
 src_install() {
-	dobin "${FILESDIR}"/etcd-wrapper
-  	systemd_dounit "${FILESDIR}"/etcd-wrapper.service
+	exeinto /usr/lib/coreos
+	doexe "${FILESDIR}"/etcd-wrapper
+
+	systemd_dounit "${FILESDIR}"/etcd-member.service
 }
diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/files/etcd-member.service b/sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/files/etcd-member.service
new file mode 100644
index 0000000000..10d9f5df86
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/files/etcd-member.service
@@ -0,0 +1,27 @@
+[Unit]
+Description=etcd (System Application Container)
+Documentation=https://github.com/coreos/etcd
+Wants=network.target
+Conflicts=etcd.service
+Conflicts=etcd2.service
+
+[Service]
+Type=notify
+Restart=on-failure
+RestartSec=10s
+TimeoutStartSec=0
+LimitNOFILE=40000
+
+Environment="ETCD_IMAGE_TAG=v3.0.10"
+Environment="ETCD_NAME=%m"
+Environment="ETCD_USER=etcd"
+Environment="ETCD_DATA_DIR=/var/lib/etcd"
+Environment="RKT_RUN_ARGS=--uuid-file-save=/var/lib/coreos/etcd-member-wrapper.uuid"
+
+ExecStartPre=/usr/bin/mkdir --parents /var/lib/coreos
+ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/lib/coreos/etcd-member-wrapper.uuid
+ExecStart=/usr/lib/coreos/etcd-wrapper $ETCD_OPTS
+ExecStop=-/usr/bin/rkt stop --uuid-file=/var/lib/coreos/etcd-member-wrapper.uuid
+
+[Install]
+WantedBy=multi-user.target
diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/files/etcd-wrapper b/sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/files/etcd-wrapper
old mode 100644
new mode 100755
index d56fded9c8..6a84dbc258
--- a/sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/files/etcd-wrapper
+++ b/sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/files/etcd-wrapper
@@ -1,76 +1,80 @@
 #!/usr/bin/bash -e
 # Wrapper for launching etcd via rkt.
+#
+# Make sure to set ETCD_IMAGE_TAG to an image tag published here:
+# https://quay.io/repository/coreos/etcd?tab=tags Alternatively,
+# override ETCD_IMAGE to a custom image.
 
 function require_ev_all() {
-    for rev in $@ ; do
-        if [[ -z ${!rev} ]]; then
-            echo ${rev} is not set
-            exit 1
-        fi
-    done
+	for rev in $@ ; do
+		if [[ -z "${!rev}" ]]; then
+			echo ${rev} is not set
+			exit 1
+		fi
+	done
 }
 
 function require_ev_one() {
-    for rev in $@ ; do
-        if [[ ! -z ${!rev} ]]; then
-            return
-        fi
-    done
-    echo One of $@ must be set
-    exit 1
+	for rev in $@ ; do
+		if [[ ! -z "${!rev}" ]]; then
+			return
+		fi
+	done
+	echo One of $@ must be set
+	exit 1
 }
 
-require_ev_one ETCD_IMG ETCD_TAG
-require_ev_all ETCD_IMG_USER ETCD_DATA_DIR
+require_ev_one ETCD_IMAGE ETCD_IMAGE_TAG
+require_ev_all ETCD_USER ETCD_DATA_DIR
 
-if [[ ! -z ${ETCD_TAG} ]]; then
-    ETCD_IMG="${ETCD_IMG:-coreos.com/etcd:${ETCD_TAG}}"
-    RKT_RUN_ARGS="${RKT_RUN_ARGS} \
-        --trust-keys-from-https
-    "
+ETCD_IMAGE_URL="${ETCD_IMAGE_URL:-quay.io/coreos/etcd}"
+ETCD_IMAGE="${ETCD_IMAGE:-${ETCD_IMAGE_URL}:${ETCD_IMAGE_TAG}}"
+
+if [[ "${ETCD_IMAGE%%/*}" == "quay.io" ]]; then
+	RKT_RUN_ARGS="${RKT_RUN_ARGS} --trust-keys-from-https"
 fi
 
-if [[ ! -e ${ETCD_DATA_DIR} ]]; then
-    mkdir -p ${ETCD_DATA_DIR}
-    chown ${ETCD_IMG_USER} ${ETCD_DATA_DIR}
+if [[ ! -e "${ETCD_DATA_DIR}" ]]; then
+	mkdir --parents "${ETCD_DATA_DIR}"
+	chown "${ETCD_USER}" "${ETCD_DATA_DIR}"
 fi
 
-SYSTEMD_SYSTEM_DIR_SRC=${SYSTEMD_SYSTEM_DIR_SRC:-/run/systemd/system}
-if [[ -d ${SYSTEMD_SYSTEM_DIR_SRC} ]]; then
-    RKT_RUN_ARGS="${RKT_RUN_ARGS} \
-    --mount volume=systemd-dir,target=/run/systemd/system \
-    --volume systemd-dir,kind=host,source=${SYSTEMD_SYSTEM_DIR_SRC},readOnly=true \
-    "
+ETCD_SSL_DIR="${ETCD_SSL_DIR:-/etc/ssl/certs}"
+
+SYSTEMD_SYSTEM_DIR_SRC="${SYSTEMD_SYSTEM_DIR_SRC:-/run/systemd/system}"
+if [[ -d "${SYSTEMD_SYSTEM_DIR_SRC}" ]]; then
+	RKT_RUN_ARGS="${RKT_RUN_ARGS} \
+		--mount volume=systemd-dir,target=/run/systemd/system \
+		--volume systemd-dir,kind=host,source=${SYSTEMD_SYSTEM_DIR_SRC},readOnly=true \
+	"
 fi
 
-
-if [[ -S ${NOTIFY_SOCKET} ]]; then
-    RKT_RUN_ARGS="${RKT_RUN_ARGS} \
-    --mount volume=notify,target=/run/systemd/notify \
-    --volume notify,kind=host,source=${NOTIFY_SOCKET} \
-    --set-env=NOTIFY_SOCKET=/run/systemd/notify \
-    "
+if [[ -S "${NOTIFY_SOCKET}" ]]; then
+	RKT_RUN_ARGS="${RKT_RUN_ARGS} \
+		--mount volume=notify,target=/run/systemd/notify \
+		--volume notify,kind=host,source=${NOTIFY_SOCKET} \
+		--set-env=NOTIFY_SOCKET=/run/systemd/notify \
+	"
 fi
 
-SSL_CERTS_SRC=${SSL_CERTS_SRC:-/etc/ssl/certs}
-ETC_HOSTS_SRC=${ETC_HOSTS_SRC:-/etc/hosts}
-ETCD_IMG_EXEC=${ETCD_IMG_EXEC:-/etcd}
-
-RKT=${RKT:-/usr/bin/rkt}
-RKT_STAGE1_ARG=${RKT_STAGE1_ARG:-"--stage1-from-dir=stage1-fly.aci"}
+RKT="${RKT:-/usr/bin/rkt}"
+RKT_STAGE1_ARG="${RKT_STAGE1_ARG:---stage1-from-dir=stage1-fly.aci}"
 set -x
 exec ${RKT} ${RKT_GLOBAL_ARGS} \
-    run ${RKT_RUN_ARGS} \
-    --volume data-dir,kind=host,source=${ETCD_DATA_DIR} \
-    \
-    --mount volume=etc-ssl-certs,target=/etc/ssl/certs \
-    --volume etc-ssl-certs,kind=host,source=${SSL_CERTS_SRC} \
-    \
-    --mount volume=etc-hosts,target=/etc/hosts  \
-    --volume etc-hosts,kind=host,source=${ETC_HOSTS_SRC} \
-    \
-    ${RKT_STAGE1_ARG} \
-    ${ETCD_IMG} ${ETCD_IMG_ARGS} \
-        --user=$(id -u ${ETCD_IMG_USER}) \
-        --exec=${ETCD_IMG_EXEC} -- \
-        "$@"
+	run ${RKT_RUN_ARGS} \
+	--volume data-dir,kind=host,source="${ETCD_DATA_DIR}",readOnly=false \
+	--volume etc-ssl-certs,kind=host,source="${ETCD_SSL_DIR}",readOnly=true \
+	--volume usr-share-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \
+	--volume etc-hosts,kind=host,source=/etc/hosts,readOnly=true \
+	--volume etc-resolv,kind=host,source=/etc/resolv.conf,readOnly=true \
+	--mount volume=data-dir,target=/var/lib/etcd \
+	--mount volume=etc-ssl-certs,target=/etc/ssl/certs \
+	--mount volume=usr-share-certs,target=/usr/share/ca-certificates \
+	--mount volume=etc-hosts,target=/etc/hosts  \
+	--mount volume=etc-resolv,target=/etc/resolv.conf  \
+	--inherit-env \
+	${RKT_STAGE1_ARG} \
+	${ETCD_IMAGE} \
+		${ETCD_IMAGE_ARGS} \
+		--user=$(id -u "${ETCD_USER}") \
+		-- "$@"
diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/files/etcd-wrapper.service b/sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/files/etcd-wrapper.service
deleted file mode 100644
index 85dabc4e8c..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/files/etcd-wrapper.service
+++ /dev/null
@@ -1,19 +0,0 @@
-[Unit]
-Description=etcd (System Application Container)
-Conflicts=etcd.service
-Conflicts=etcd2.service
-
-[Service]
-Type=notify
-Environment=ETCD_NAME=%m
-Environment=ETCD_IMG_USER=etcd
-Environment=ETCD_DATA_DIR=/var/lib/etcd
-Environment=ETCD_TAG=
-ExecStart=/usr/bin/etcd-wrapper $ETCD_OPTS
-Restart=always
-RestartSec=10s
-LimitNOFILE=40000
-TimeoutStartSec=0
-
-[Install]
-WantedBy=multi-user.target