From 8dc19374cc2b4e7aa14cbd64fa88a46128a7b665 Mon Sep 17 00:00:00 2001
From: Brad Beam <brad.beam@b-rad.info>
Date: Tue, 13 Dec 2016 11:20:22 -0600
Subject: [PATCH] Allowing etcd to run via rkt

---
 cluster.yml                                   |  2 +-
 inventory/group_vars/all.yml                  |  2 +-
 .../tasks/{install.yml => install_docker.yml} | 13 +--------
 roles/etcd/tasks/install_host.yml             |  9 ++++++
 roles/etcd/tasks/install_rkt.yml              | 26 +++++++++++++++++
 roles/etcd/tasks/main.yml                     |  2 +-
 roles/etcd/templates/etcd-rkt.service.j2      | 29 +++++++++++++++++++
 roles/rkt/tasks/install.yml                   | 12 ++------
 8 files changed, 71 insertions(+), 24 deletions(-)
 rename roles/etcd/tasks/{install.yml => install_docker.yml} (74%)
 create mode 100644 roles/etcd/tasks/install_host.yml
 create mode 100644 roles/etcd/tasks/install_rkt.yml
 create mode 100644 roles/etcd/templates/etcd-rkt.service.j2

diff --git a/cluster.yml b/cluster.yml
index ce169a161..553261063 100644
--- a/cluster.yml
+++ b/cluster.yml
@@ -28,7 +28,7 @@
   roles:
     - { role: kubernetes/preinstall, tags: preinstall }
     - { role: docker, tags: docker }
-    - { role: rkt, tags: rkt }
+    - { role: rkt, tags: rkt, when: "'rkt' in [ etcd_deployment_type, kubelet_deployment_type ]" }
 
 - hosts: etcd:!k8s-cluster
   any_errors_fatal: true
diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
index a3598e9db..04e20922e 100644
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@@ -199,5 +199,5 @@ kpm_packages: []
 #  - name: kube-system/grafana
 
 rkt_version: 1.21.0
-etcd_deployment_type: rkt
+etcd_deployment_type: docker
 kubelet_deployment_type: docker
diff --git a/roles/etcd/tasks/install.yml b/roles/etcd/tasks/install_docker.yml
similarity index 74%
rename from roles/etcd/tasks/install.yml
rename to roles/etcd/tasks/install_docker.yml
index 0ed3f4154..f87caeb4c 100644
--- a/roles/etcd/tasks/install.yml
+++ b/roles/etcd/tasks/install_docker.yml
@@ -1,17 +1,6 @@
 ---
-- name: Install | Copy etcd binary from downloaddir
-  command: rsync -piu "{{ etcd_bin_dir }}/etcd" "{{ bin_dir }}/etcd"
-  when: etcd_deployment_type == "host"
-  register: etcd_copy
-  changed_when: false
-
-- name: Install | Copy etcdctl binary from downloaddir
-  command: rsync -piu "{{ etcd_bin_dir }}/etcdctl" "{{ bin_dir }}/etcdctl"
-  when: etcd_deployment_type == "host"
-  changed_when: false
-
 #Plan A: no docker-py deps
-- name: Install | Copy etcdctl binary from container
+- name: Install | Copy etcdctl binary from docker container
   command: sh -c "{{ docker_bin_dir }}/docker rm -f etcdctl-binarycopy;
            {{ docker_bin_dir }}/docker create --name etcdctl-binarycopy {{ etcd_image_repo }}:{{ etcd_image_tag }} &&
            {{ docker_bin_dir }}/docker cp etcdctl-binarycopy:{{ etcd_container_bin_dir }}etcdctl {{ bin_dir }}/etcdctl &&
diff --git a/roles/etcd/tasks/install_host.yml b/roles/etcd/tasks/install_host.yml
new file mode 100644
index 000000000..6f588a2f0
--- /dev/null
+++ b/roles/etcd/tasks/install_host.yml
@@ -0,0 +1,9 @@
+---
+- name: Install | Copy etcd binary from downloaddir
+  command: rsync -piu "{{ etcd_bin_dir }}/etcd" "{{ bin_dir }}/etcd"
+  register: etcd_copy
+  changed_when: false
+
+- name: Install | Copy etcdctl binary from downloaddir
+  command: rsync -piu "{{ etcd_bin_dir }}/etcdctl" "{{ bin_dir }}/etcdctl"
+  changed_when: false
diff --git a/roles/etcd/tasks/install_rkt.yml b/roles/etcd/tasks/install_rkt.yml
new file mode 100644
index 000000000..85f875383
--- /dev/null
+++ b/roles/etcd/tasks/install_rkt.yml
@@ -0,0 +1,26 @@
+---
+- name: Trust etcd container
+  command: >-
+    /usr/bin/rkt trust
+    --skip-fingerprint-review
+    --root
+    https://quay.io/aci-signing-key
+  register: etcd_rkt_trust_result
+  until: etcd_rkt_trust_result.rc == 0
+  retries: 4
+  delay: "{{ retry_stagger | random + 3 }}"
+  changed_when: false
+
+- name: Install | Copy etcdctl binary from rkt container
+  command: >-
+    /usr/bin/rkt run
+    --volume=bin-dir,kind=host,source={{ bin_dir}},readOnly=false
+    --mount=volume=bin-dir,target=/host/bin
+    {{ etcd_image_repo }}:{{ etcd_image_tag }}
+    --name=etcdctl-binarycopy
+    --exec=/bin/cp -- {{ etcd_container_bin_dir }}/etcdctl /host/bin/etcdctl
+  register: etcd_task_result
+  until: etcd_task_result.rc == 0
+  retries: 4
+  delay: "{{ retry_stagger | random + 3 }}"
+  changed_when: false
diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml
index d6320619c..cdd634517 100644
--- a/roles/etcd/tasks/main.yml
+++ b/roles/etcd/tasks/main.yml
@@ -5,7 +5,7 @@
   tags: [etcd-secrets, facts]
 - include: gen_certs.yml
   tags: etcd-secrets
-- include: install.yml
+- include: "install_{{ etcd_deployment_type }}.yml"
   when: is_etcd_master
   tags: upgrade
 - include: set_cluster_health.yml
diff --git a/roles/etcd/templates/etcd-rkt.service.j2 b/roles/etcd/templates/etcd-rkt.service.j2
new file mode 100644
index 000000000..002f6dbe6
--- /dev/null
+++ b/roles/etcd/templates/etcd-rkt.service.j2
@@ -0,0 +1,29 @@
+[Unit]
+Description=etcd rkt wrapper
+Documentation=https://github.com/coreos/etcd
+Wants=network.target
+
+[Service]
+Restart=on-failure
+RestartSec=10s
+TimeoutStartSec=0
+LimitNOFILE=40000
+
+ExecStart={{ rkt_bin_dir | default("/usr/bin") }}/rkt run \
+--uuid-file-save=/var/run/etcd.uuid \
+--volume=etc-ssl-certs,kind=host,source=/etc/ssl/certs,readOnly=true \
+--mount=volume=etc-ssl-certs,target=/etc/ssl/certs \
+--volume=etcd-cert-dir,kind=host,source={{ etcd_cert_dir }},readOnly=true \
+--mount=volume=etcd-cert-dir,target={{ etcd_cert_dir }} \
+--volume=var-lib-etcd,kind=host,source=/var/lib/etcd,readOnly=false \
+--mount=volume=var-lib-etcd,target=/var/lib/etcd \
+--set-env-file=/etc/etcd.env \
+--stage1-from-dir=stage1-fly.aci \
+{{ etcd_image_repo }}:{{ etcd_image_tag }} \
+--name={{ etcd_member_name | default("etcd") }}
+
+ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/run/etcd.uuid
+ExecStop=-/usr/bin/rkt stop --uuid-file=/var/run/etcd.uuid
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/rkt/tasks/install.yml b/roles/rkt/tasks/install.yml
index 0317c7a7e..41823bf54 100644
--- a/roles/rkt/tasks/install.yml
+++ b/roles/rkt/tasks/install.yml
@@ -14,12 +14,6 @@
       skip: true
   tags: facts
 
-#- name: download rkt pkg
-#  get_url:
-#    url: "{{ rkt_download_url }}/{{rkt_pkg_name}}"
-#    dest: "{{ local_release_dir }}" 
-#  when: (ansible_os_family != "CoreOS") and "rkt" in [ etcd_deployment_type, kubelet_deployment_type ]
-
 - name: install rkt pkg on ubuntu
   apt:
     deb: "{{ rkt_download_url }}/{{ rkt_pkg_name }}"
@@ -28,9 +22,9 @@
   until: rkt_task_result|success
   retries: 4
   delay: "{{ retry_stagger | random + 3 }}"
-  when: ansible_os_family == "Debian" and "rkt" in [ etcd_deployment_type, kubelet_deployment_type ]
+  when: ansible_os_family == "Debian"
 
-- name: "install rkt pkg on centos"
+- name: install rkt pkg on centos
   yum:
     pkg: "{{ rkt_download_url }}/{{ rkt_pkg_name }}"
     state: present
@@ -38,4 +32,4 @@
   until: rkt_task_result|success
   retries: 4
   delay: "{{ retry_stagger | random + 3 }}"
-  when: ansible_os_family == "RedHat" and "rkt" in [ etcd_deployment_type, kubelet_deployment_type ]
+  when: ansible_os_family == "RedHat"
-- 
GitLab