From bc5e02d65eb1e64ff7245b59b478448e485fe3df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kai=20L=C3=BCke?= Date: Mon, 19 Apr 2021 17:04:00 +0200 Subject: [PATCH] coreos-base/oem-gce: use systemd-nspawn to run the GCE daemon The GCE daemon container was run with rkt from an ACI tar ball. To replace rkt with systemd-nspawn, extract the tar ball to an image and run the daemon as systemd-nspawn container. --- .../oem-gce/files/units/oem-gce.service | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/units/oem-gce.service b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/units/oem-gce.service index 621ded604a..ef008182c2 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/units/oem-gce.service +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/units/oem-gce.service @@ -4,6 +4,7 @@ After=local-fs.target network-online.target [Service] Type=notify +NotifyAccess=all Restart=always RestartSec=5 @@ -11,19 +12,18 @@ RestartSec=5 KillMode=process KillSignal=SIGTERM -ExecStart=/usr/bin/rkt run \ - --inherit-env=true \ - --insecure-options=image \ - --net=host \ - --stage1-path=/usr/lib/rkt/stage1-images/stage1-fly.aci \ - --volume=etc,kind=host,source=/etc,readOnly=false \ - --volume=home,kind=host,source=/home,readOnly=false \ - --volume=runsystemd,kind=host,source=/run/systemd,readOnly=false \ - --volume=nsswitch,kind=host,source=/usr/share/google-oslogin/nsswitch.conf,readOnly=true \ - --mount=volume=nsswitch,target=/usr/share/google-oslogin/nsswitch.conf \ - /usr/share/oem/flatcar-oem-gce.aci - -ExecStopPost=/usr/bin/rkt gc --mark-only +ExecStartPre=/usr/bin/rm -f /var/lib/flatcar-oem-gce.img +ExecStartPre=/usr/bin/truncate -s 1G /var/lib/flatcar-oem-gce.img +ExecStartPre=/usr/sbin/mkfs.ext4 /var/lib/flatcar-oem-gce.img +ExecStartPre=/usr/bin/rm -rf /var/lib/flatcar-oem-gce +ExecStartPre=/usr/bin/mkdir -p /var/lib/flatcar-oem-gce +ExecStartPre=-/usr/bin/umount /var/lib/flatcar-oem-gce.img +ExecStartPre=/usr/bin/mount /var/lib/flatcar-oem-gce.img /var/lib/flatcar-oem-gce +ExecStartPre=/usr/bin/tar --directory=/var/lib/flatcar-oem-gce --extract --file=/usr/share/oem/flatcar-oem-gce.aci --strip-components=1 rootfs +ExecStartPre=/usr/bin/umount /var/lib/flatcar-oem-gce.img +ExecStart=/usr/bin/systemd-nspawn --keep-unit --register=no --link-journal=no \ + --machine=oem-gce --bind=/dev/log --bind=/run/systemd --tmpfs=/run/lock --bind=/etc --bind=/home --bind-ro=/usr/share/google-oslogin/nsswitch.conf \ + --read-only --volatile=overlay --image=/var/lib/flatcar-oem-gce.img /init.sh [Install] WantedBy=multi-user.target