app-admin/etcd-wrapper: clean up wrapper

This builds on the work done by Stefan Junker.
2025-08-23 23:41:10 +02:00 · 2016-09-28 11:25:47 -07:00 · 2016-09-28 11:25:47 -07:00 · 8e8d8955b8
commit 8e8d8955b8
parent be5c3bf372
4 changed files with 91 additions and 77 deletions
--- a/sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/etcd-wrapper-0.0.2-r0.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/etcd-wrapper-0.0.2-r0.ebuild
@ -22,6 +22,8 @@ RDEPEND=">=app-emulation/rkt-1.9.1[rkt_stage1_fly]"
 S=${WORKDIR}
 src_install() {
-	dobin "${FILESDIR}"/etcd-wrapper
+	exeinto /usr/lib/coreos
-  	systemd_dounit "${FILESDIR}"/etcd-wrapper.service
+	doexe "${FILESDIR}"/etcd-wrapper
 	systemd_dounit "${FILESDIR}"/etcd-member.service
 }
--- a/sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/files/etcd-member.service
+++ b/sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/files/etcd-member.service
@ -0,0 +1,27 @@
 [Unit]
 Description=etcd (System Application Container)
 Documentation=https://github.com/coreos/etcd
 Wants=network.target
 Conflicts=etcd.service
 Conflicts=etcd2.service
 [Service]
 Type=notify
 Restart=on-failure
 RestartSec=10s
 TimeoutStartSec=0
 LimitNOFILE=40000
 Environment="ETCD_IMAGE_TAG=v3.0.10"
 Environment="ETCD_NAME=%m"
 Environment="ETCD_USER=etcd"
 Environment="ETCD_DATA_DIR=/var/lib/etcd"
 Environment="RKT_RUN_ARGS=--uuid-file-save=/var/lib/coreos/etcd-member-wrapper.uuid"
 ExecStartPre=/usr/bin/mkdir --parents /var/lib/coreos
 ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/lib/coreos/etcd-member-wrapper.uuid
 ExecStart=/usr/lib/coreos/etcd-wrapper $ETCD_OPTS
 ExecStop=-/usr/bin/rkt stop --uuid-file=/var/lib/coreos/etcd-member-wrapper.uuid
 [Install]
 WantedBy=multi-user.target
--- a/sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/files/etcd-wrapper
+++ b/sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/files/etcd-wrapper
@ -1,76 +1,80 @@
 #!/usr/bin/bash -e
 # Wrapper for launching etcd via rkt.
 #
 # Make sure to set ETCD_IMAGE_TAG to an image tag published here:
 # https://quay.io/repository/coreos/etcd?tab=tags Alternatively,
 # override ETCD_IMAGE to a custom image.
 function require_ev_all() {
-    for rev in $@ ; do
+	for rev in $@ ; do
-        if [[ -z ${!rev} ]]; then
+		if [[ -z "${!rev}" ]]; then
-            echo ${rev} is not set
+			echo ${rev} is not set
-            exit 1
+			exit 1
-        fi
+		fi
-    done
+	done
 }
 function require_ev_one() {
-    for rev in $@ ; do
+	for rev in $@ ; do
-        if [[ ! -z ${!rev} ]]; then
+		if [[ ! -z "${!rev}" ]]; then
-            return
+			return
-        fi
+		fi
-    done
+	done
-    echo One of $@ must be set
+	echo One of $@ must be set
-    exit 1
+	exit 1
 }
-require_ev_one ETCD_IMG ETCD_TAG
+require_ev_one ETCD_IMAGE ETCD_IMAGE_TAG
-require_ev_all ETCD_IMG_USER ETCD_DATA_DIR
+require_ev_all ETCD_USER ETCD_DATA_DIR
-if [[ ! -z ${ETCD_TAG} ]]; then
+ETCD_IMAGE_URL="${ETCD_IMAGE_URL:-quay.io/coreos/etcd}"
-    ETCD_IMG="${ETCD_IMG:-coreos.com/etcd:${ETCD_TAG}}"
+ETCD_IMAGE="${ETCD_IMAGE:-${ETCD_IMAGE_URL}:${ETCD_IMAGE_TAG}}"
-    RKT_RUN_ARGS="${RKT_RUN_ARGS} \
+
-        --trust-keys-from-https
+if [[ "${ETCD_IMAGE%%/*}" == "quay.io" ]]; then
-    "
+	RKT_RUN_ARGS="${RKT_RUN_ARGS} --trust-keys-from-https"
 fi
-if [[ ! -e ${ETCD_DATA_DIR} ]]; then
+if [[ ! -e "${ETCD_DATA_DIR}" ]]; then
-    mkdir -p ${ETCD_DATA_DIR}
+	mkdir --parents "${ETCD_DATA_DIR}"
-    chown ${ETCD_IMG_USER} ${ETCD_DATA_DIR}
+	chown "${ETCD_USER}" "${ETCD_DATA_DIR}"
 fi
-SYSTEMD_SYSTEM_DIR_SRC=${SYSTEMD_SYSTEM_DIR_SRC:-/run/systemd/system}
+ETCD_SSL_DIR="${ETCD_SSL_DIR:-/etc/ssl/certs}"
-if [[ -d ${SYSTEMD_SYSTEM_DIR_SRC} ]]; then
+
-    RKT_RUN_ARGS="${RKT_RUN_ARGS} \
+SYSTEMD_SYSTEM_DIR_SRC="${SYSTEMD_SYSTEM_DIR_SRC:-/run/systemd/system}"
-    --mount volume=systemd-dir,target=/run/systemd/system \
+if [[ -d "${SYSTEMD_SYSTEM_DIR_SRC}" ]]; then
-    --volume systemd-dir,kind=host,source=${SYSTEMD_SYSTEM_DIR_SRC},readOnly=true \
+	RKT_RUN_ARGS="${RKT_RUN_ARGS} \
-    "
+		--mount volume=systemd-dir,target=/run/systemd/system \
 		--volume systemd-dir,kind=host,source=${SYSTEMD_SYSTEM_DIR_SRC},readOnly=true \
 	"
 fi
-
+if [[ -S "${NOTIFY_SOCKET}" ]]; then
-if [[ -S ${NOTIFY_SOCKET} ]]; then
+	RKT_RUN_ARGS="${RKT_RUN_ARGS} \
-    RKT_RUN_ARGS="${RKT_RUN_ARGS} \
+		--mount volume=notify,target=/run/systemd/notify \
-    --mount volume=notify,target=/run/systemd/notify \
+		--volume notify,kind=host,source=${NOTIFY_SOCKET} \
-    --volume notify,kind=host,source=${NOTIFY_SOCKET} \
+		--set-env=NOTIFY_SOCKET=/run/systemd/notify \
-    --set-env=NOTIFY_SOCKET=/run/systemd/notify \
+	"
    "
 fi
-SSL_CERTS_SRC=${SSL_CERTS_SRC:-/etc/ssl/certs}
+RKT="${RKT:-/usr/bin/rkt}"
-ETC_HOSTS_SRC=${ETC_HOSTS_SRC:-/etc/hosts}
+RKT_STAGE1_ARG="${RKT_STAGE1_ARG:---stage1-from-dir=stage1-fly.aci}"
 ETCD_IMG_EXEC=${ETCD_IMG_EXEC:-/etcd}
 RKT=${RKT:-/usr/bin/rkt}
 RKT_STAGE1_ARG=${RKT_STAGE1_ARG:-"--stage1-from-dir=stage1-fly.aci"}
 set -x
 exec ${RKT} ${RKT_GLOBAL_ARGS} \
-    run ${RKT_RUN_ARGS} \
+	run ${RKT_RUN_ARGS} \
-    --volume data-dir,kind=host,source=${ETCD_DATA_DIR} \
+	--volume data-dir,kind=host,source="${ETCD_DATA_DIR}",readOnly=false \
-    \
+	--volume etc-ssl-certs,kind=host,source="${ETCD_SSL_DIR}",readOnly=true \
-    --mount volume=etc-ssl-certs,target=/etc/ssl/certs \
+	--volume usr-share-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \
-    --volume etc-ssl-certs,kind=host,source=${SSL_CERTS_SRC} \
+	--volume etc-hosts,kind=host,source=/etc/hosts,readOnly=true \
-    \
+	--volume etc-resolv,kind=host,source=/etc/resolv.conf,readOnly=true \
-    --mount volume=etc-hosts,target=/etc/hosts  \
+	--mount volume=data-dir,target=/var/lib/etcd \
-    --volume etc-hosts,kind=host,source=${ETC_HOSTS_SRC} \
+	--mount volume=etc-ssl-certs,target=/etc/ssl/certs \
-    \
+	--mount volume=usr-share-certs,target=/usr/share/ca-certificates \
-    ${RKT_STAGE1_ARG} \
+	--mount volume=etc-hosts,target=/etc/hosts  \
-    ${ETCD_IMG} ${ETCD_IMG_ARGS} \
+	--mount volume=etc-resolv,target=/etc/resolv.conf  \
-        --user=$(id -u ${ETCD_IMG_USER}) \
+	--inherit-env \
-        --exec=${ETCD_IMG_EXEC} -- \
+	${RKT_STAGE1_ARG} \
-        "$@"
+	${ETCD_IMAGE} \
 		${ETCD_IMAGE_ARGS} \
 		--user=$(id -u "${ETCD_USER}") \
 		-- "$@"
--- a/sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/files/etcd-wrapper.service
+++ b/sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/files/etcd-wrapper.service
@ -1,19 +0,0 @@
 [Unit]
 Description=etcd (System Application Container)
 Conflicts=etcd.service
 Conflicts=etcd2.service
 [Service]
 Type=notify
 Environment=ETCD_NAME=%m
 Environment=ETCD_IMG_USER=etcd
 Environment=ETCD_DATA_DIR=/var/lib/etcd
 Environment=ETCD_TAG=
 ExecStart=/usr/bin/etcd-wrapper $ETCD_OPTS
 Restart=always
 RestartSec=10s
 LimitNOFILE=40000
 TimeoutStartSec=0
 [Install]
 WantedBy=multi-user.target