app-admin/etcd-wrapper: clean up wrapper

This builds on the work done by Stefan Junker.

sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/etcd-wrapper-0.0.3.ebuild

@@ -22,6 +22,8 @@ RDEPEND=">=app-emulation/rkt-1.9.1[rkt_stage1_fly]"
 S=${WORKDIR}
 
 src_install() {
-	dobin "${FILESDIR}"/etcd-wrapper
-  	systemd_dounit "${FILESDIR}"/etcd-wrapper.service
+	exeinto /usr/lib/coreos
+	doexe "${FILESDIR}"/etcd-wrapper
+
+	systemd_dounit "${FILESDIR}"/etcd-member.service
 }

sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/files/etcd-member.service

@@ -0,0 +1,27 @@
+[Unit]
+Description=etcd (System Application Container)
+Documentation=https://github.com/coreos/etcd
+Wants=network.target
+Conflicts=etcd.service
+Conflicts=etcd2.service
+
+[Service]
+Type=notify
+Restart=on-failure
+RestartSec=10s
+TimeoutStartSec=0
+LimitNOFILE=40000
+
+Environment="ETCD_IMAGE_TAG=v3.0.10"
+Environment="ETCD_NAME=%m"
+Environment="ETCD_USER=etcd"
+Environment="ETCD_DATA_DIR=/var/lib/etcd"
+Environment="RKT_RUN_ARGS=--uuid-file-save=/var/lib/coreos/etcd-member-wrapper.uuid"
+
+ExecStartPre=/usr/bin/mkdir --parents /var/lib/coreos
+ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/lib/coreos/etcd-member-wrapper.uuid
+ExecStart=/usr/lib/coreos/etcd-wrapper $ETCD_OPTS
+ExecStop=-/usr/bin/rkt stop --uuid-file=/var/lib/coreos/etcd-member-wrapper.uuid
+
+[Install]
+WantedBy=multi-user.target

sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/files/etcd-wrapper

@@ -1,9 +1,13 @@
 #!/usr/bin/bash -e
 # Wrapper for launching etcd via rkt.
+#
+# Make sure to set ETCD_IMAGE_TAG to an image tag published here:
+# https://quay.io/repository/coreos/etcd?tab=tags Alternatively,
+# override ETCD_IMAGE to a custom image.
 
 function require_ev_all() {
 	for rev in $@ ; do
-        if [[ -z ${!rev} ]]; then
+		if [[ -z "${!rev}" ]]; then
 			echo ${rev} is not set
 			exit 1
 		fi
@@ -12,7 +16,7 @@ function require_ev_all() {
 
 function require_ev_one() {
 	for rev in $@ ; do
-        if [[ ! -z ${!rev} ]]; then
+		if [[ ! -z "${!rev}" ]]; then
 			return
 		fi
 	done
@@ -20,31 +24,32 @@ function require_ev_one() {
 	exit 1
 }
 
-require_ev_one ETCD_IMG ETCD_TAG
-require_ev_all ETCD_IMG_USER ETCD_DATA_DIR
+require_ev_one ETCD_IMAGE ETCD_IMAGE_TAG
+require_ev_all ETCD_USER ETCD_DATA_DIR
 
-if [[ ! -z ${ETCD_TAG} ]]; then
-    ETCD_IMG="${ETCD_IMG:-coreos.com/etcd:${ETCD_TAG}}"
-    RKT_RUN_ARGS="${RKT_RUN_ARGS} \
-        --trust-keys-from-https
-    "
+ETCD_IMAGE_URL="${ETCD_IMAGE_URL:-quay.io/coreos/etcd}"
+ETCD_IMAGE="${ETCD_IMAGE:-${ETCD_IMAGE_URL}:${ETCD_IMAGE_TAG}}"
+
+if [[ "${ETCD_IMAGE%%/*}" == "quay.io" ]]; then
+	RKT_RUN_ARGS="${RKT_RUN_ARGS} --trust-keys-from-https"
 fi
 
-if [[ ! -e ${ETCD_DATA_DIR} ]]; then
-    mkdir -p ${ETCD_DATA_DIR}
-    chown ${ETCD_IMG_USER} ${ETCD_DATA_DIR}
+if [[ ! -e "${ETCD_DATA_DIR}" ]]; then
+	mkdir --parents "${ETCD_DATA_DIR}"
+	chown "${ETCD_USER}" "${ETCD_DATA_DIR}"
 fi
 
-SYSTEMD_SYSTEM_DIR_SRC=${SYSTEMD_SYSTEM_DIR_SRC:-/run/systemd/system}
-if [[ -d ${SYSTEMD_SYSTEM_DIR_SRC} ]]; then
+ETCD_SSL_DIR="${ETCD_SSL_DIR:-/etc/ssl/certs}"
+
+SYSTEMD_SYSTEM_DIR_SRC="${SYSTEMD_SYSTEM_DIR_SRC:-/run/systemd/system}"
+if [[ -d "${SYSTEMD_SYSTEM_DIR_SRC}" ]]; then
 	RKT_RUN_ARGS="${RKT_RUN_ARGS} \
 		--mount volume=systemd-dir,target=/run/systemd/system \
 		--volume systemd-dir,kind=host,source=${SYSTEMD_SYSTEM_DIR_SRC},readOnly=true \
 	"
 fi
 
-
-if [[ -S ${NOTIFY_SOCKET} ]]; then
+if [[ -S "${NOTIFY_SOCKET}" ]]; then
 	RKT_RUN_ARGS="${RKT_RUN_ARGS} \
 		--mount volume=notify,target=/run/systemd/notify \
 		--volume notify,kind=host,source=${NOTIFY_SOCKET} \
@@ -52,25 +57,24 @@ if [[ -S ${NOTIFY_SOCKET} ]]; then
 	"
 fi
 
-SSL_CERTS_SRC=${SSL_CERTS_SRC:-/etc/ssl/certs}
-ETC_HOSTS_SRC=${ETC_HOSTS_SRC:-/etc/hosts}
-ETCD_IMG_EXEC=${ETCD_IMG_EXEC:-/etcd}
-
-RKT=${RKT:-/usr/bin/rkt}
-RKT_STAGE1_ARG=${RKT_STAGE1_ARG:-"--stage1-from-dir=stage1-fly.aci"}
+RKT="${RKT:-/usr/bin/rkt}"
+RKT_STAGE1_ARG="${RKT_STAGE1_ARG:---stage1-from-dir=stage1-fly.aci}"
 set -x
 exec ${RKT} ${RKT_GLOBAL_ARGS} \
 	run ${RKT_RUN_ARGS} \
-    --volume data-dir,kind=host,source=${ETCD_DATA_DIR} \
-    \
+	--volume data-dir,kind=host,source="${ETCD_DATA_DIR}",readOnly=false \
+	--volume etc-ssl-certs,kind=host,source="${ETCD_SSL_DIR}",readOnly=true \
+	--volume usr-share-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \
+	--volume etc-hosts,kind=host,source=/etc/hosts,readOnly=true \
+	--volume etc-resolv,kind=host,source=/etc/resolv.conf,readOnly=true \
+	--mount volume=data-dir,target=/var/lib/etcd \
 	--mount volume=etc-ssl-certs,target=/etc/ssl/certs \
-    --volume etc-ssl-certs,kind=host,source=${SSL_CERTS_SRC} \
-    \
+	--mount volume=usr-share-certs,target=/usr/share/ca-certificates \
 	--mount volume=etc-hosts,target=/etc/hosts  \
-    --volume etc-hosts,kind=host,source=${ETC_HOSTS_SRC} \
-    \
+	--mount volume=etc-resolv,target=/etc/resolv.conf  \
+	--inherit-env \
 	${RKT_STAGE1_ARG} \
-    ${ETCD_IMG} ${ETCD_IMG_ARGS} \
-        --user=$(id -u ${ETCD_IMG_USER}) \
-        --exec=${ETCD_IMG_EXEC} -- \
-        "$@"
+	${ETCD_IMAGE} \
+		${ETCD_IMAGE_ARGS} \
+		--user=$(id -u "${ETCD_USER}") \
+		-- "$@"

sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/files/etcd-wrapper.service

@@ -1,19 +0,0 @@
-[Unit]
-Description=etcd (System Application Container)
-Conflicts=etcd.service
-Conflicts=etcd2.service
-
-[Service]
-Type=notify
-Environment=ETCD_NAME=%m
-Environment=ETCD_IMG_USER=etcd
-Environment=ETCD_DATA_DIR=/var/lib/etcd
-Environment=ETCD_TAG=
-ExecStart=/usr/bin/etcd-wrapper $ETCD_OPTS
-Restart=always
-RestartSec=10s
-LimitNOFILE=40000
-TimeoutStartSec=0
-
-[Install]
-WantedBy=multi-user.target