app-admin/flannel: drop flannel-in-docker systemd unit

sdk_container/src/third_party/coreos-overlay/app-admin/flannel/files/flanneld-rkt.service

@@ -1,53 +0,0 @@
-[Unit]
-Description=Network fabric for containers
-Documentation=https://github.com/coreos/flannel
-After=etcd.service etcd2.service
-Before=docker.service
-
-[Service]
-Type=notify
-Restart=always
-RestartSec=5
-Environment="TMPDIR=/var/tmp/"
-Environment="FLANNEL_VER={{flannel_ver}}"
-Environment="FLANNEL_IMG=quay.io/coreos/flannel"
-Environment="ETCD_SSL_DIR=/etc/ssl/etcd"
-EnvironmentFile=-/run/flannel/options.env
-LimitNOFILE=40000
-LimitNPROC=1048576
-ExecStartPre=/sbin/modprobe ip_tables
-ExecStartPre=/usr/bin/mkdir -p /run/flannel
-ExecStartPre=/usr/bin/mkdir -p ${ETCD_SSL_DIR}
-
-ExecStart=/usr/bin/rkt run --net=host \
-   --stage1-path=/usr/lib/rkt/stage1-images/stage1-fly.aci \
-   --insecure-options=image \
-   --set-env=NOTIFY_SOCKET=/run/systemd/notify \
-   --inherit-env=true \
-   --volume runsystemd,kind=host,source=/run/systemd,readOnly=false \
-   --volume runflannel,kind=host,source=/run/flannel,readOnly=false \
-   --volume ssl,kind=host,source=${ETCD_SSL_DIR},readOnly=true \
-   --volume certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \
-   --volume resolv,kind=host,source=/etc/resolv.conf,readOnly=true \
-   --mount volume=runsystemd,target=/run/systemd \
-   --mount volume=runflannel,target=/run/flannel \
-   --mount volume=ssl,target=${ETCD_SSL_DIR} \
-   --mount volume=certs,target=/etc/ssl/certs \
-   --mount volume=resolv,target=/etc/resolv.conf \
-   ${FLANNEL_IMG}:${FLANNEL_VER} \
-   --exec /opt/bin/flanneld \
-   -- --ip-masq=true
-
-# Update docker options
-ExecStartPost=/usr/bin/rkt run --net=host \
-   --stage1-path=/usr/lib/rkt/stage1-images/stage1-fly.aci \
-   --insecure-options=image \
-   --volume runvol,kind=host,source=/run,readOnly=false \
-   --mount volume=runvol,target=/run \
-   ${FLANNEL_IMG}:${FLANNEL_VER} \
-   --exec /opt/bin/mk-docker-opts.sh -- -d /run/flannel_docker_opts.env -i
-
-ExecStopPost=/usr/bin/rkt gc --mark-only
-
-[Install]
-WantedBy=multi-user.target

sdk_container/src/third_party/coreos-overlay/app-admin/flannel/files/flanneld.service

@@ -1,42 +1,53 @@
 [Unit]
 Description=Network fabric for containers
 Documentation=https://github.com/coreos/flannel
-Requires=early-docker.service
-After=etcd.service etcd2.service early-docker.service
-Before=early-docker.target
+After=etcd.service etcd2.service
+Before=docker.service
 
 [Service]
 Type=notify
 Restart=always
 RestartSec=5
 Environment="TMPDIR=/var/tmp/"
-Environment="DOCKER_HOST=unix:///var/run/early-docker.sock"
 Environment="FLANNEL_VER={{flannel_ver}}"
 Environment="FLANNEL_IMG=quay.io/coreos/flannel"
 Environment="ETCD_SSL_DIR=/etc/ssl/etcd"
-Environment="FLANNEL_ENV_FILE=/run/flannel/options.env"
+EnvironmentFile=-/run/flannel/options.env
 LimitNOFILE=40000
 LimitNPROC=1048576
 ExecStartPre=/sbin/modprobe ip_tables
 ExecStartPre=/usr/bin/mkdir -p /run/flannel
 ExecStartPre=/usr/bin/mkdir -p ${ETCD_SSL_DIR}
-ExecStartPre=-/usr/bin/touch ${FLANNEL_ENV_FILE}
 
-ExecStart=/usr/libexec/sdnotify-proxy /run/flannel/sd.sock \
-  /usr/bin/docker run --net=host --privileged=true --rm \
-  --volume=/run/flannel:/run/flannel \
-  --env=NOTIFY_SOCKET=/run/flannel/sd.sock \
-  --env=AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} \
-  --env=AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} \
-  --env-file=${FLANNEL_ENV_FILE} \
-  --volume=/usr/share/ca-certificates:/etc/ssl/certs:ro \
-  --volume=${ETCD_SSL_DIR}:${ETCD_SSL_DIR}:ro \
-  ${FLANNEL_IMG}:${FLANNEL_VER} /opt/bin/flanneld --ip-masq=true
+ExecStart=/usr/bin/rkt run --net=host \
+   --stage1-path=/usr/lib/rkt/stage1-images/stage1-fly.aci \
+   --insecure-options=image \
+   --set-env=NOTIFY_SOCKET=/run/systemd/notify \
+   --inherit-env=true \
+   --volume runsystemd,kind=host,source=/run/systemd,readOnly=false \
+   --volume runflannel,kind=host,source=/run/flannel,readOnly=false \
+   --volume ssl,kind=host,source=${ETCD_SSL_DIR},readOnly=true \
+   --volume certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \
+   --volume resolv,kind=host,source=/etc/resolv.conf,readOnly=true \
+   --mount volume=runsystemd,target=/run/systemd \
+   --mount volume=runflannel,target=/run/flannel \
+   --mount volume=ssl,target=${ETCD_SSL_DIR} \
+   --mount volume=certs,target=/etc/ssl/certs \
+   --mount volume=resolv,target=/etc/resolv.conf \
+   ${FLANNEL_IMG}:${FLANNEL_VER} \
+   --exec /opt/bin/flanneld \
+   -- --ip-masq=true
 
 # Update docker options
-ExecStartPost=/usr/bin/docker run --net=host --rm --volume=/run:/run \
-  ${FLANNEL_IMG}:${FLANNEL_VER} \
-  /opt/bin/mk-docker-opts.sh -d /run/flannel_docker_opts.env -i
+ExecStartPost=/usr/bin/rkt run --net=host \
+   --stage1-path=/usr/lib/rkt/stage1-images/stage1-fly.aci \
+   --insecure-options=image \
+   --volume runvol,kind=host,source=/run,readOnly=false \
+   --mount volume=runvol,target=/run \
+   ${FLANNEL_IMG}:${FLANNEL_VER} \
+   --exec /opt/bin/mk-docker-opts.sh -- -d /run/flannel_docker_opts.env -i
+
+ExecStopPost=/usr/bin/rkt gc --mark-only
 
 [Install]
 WantedBy=multi-user.target

sdk_container/src/third_party/coreos-overlay/app-admin/flannel/flannel-9999.ebuild

@@ -24,7 +24,7 @@ S="$WORKDIR"
 
 src_install() {
 	local arch_tag="$(go_arch)"
-	sed "s/{{flannel_ver}}/v${PV}-${arch_tag}/" "${FILESDIR}"/flanneld-rkt.service >"${T}"/flanneld.service
+	sed "s/{{flannel_ver}}/v${PV}-${arch_tag}/" "${FILESDIR}"/flanneld.service >"${T}"/flanneld.service
 	systemd_dounit "${T}"/flanneld.service
 
 	insinto /usr/lib/systemd/network