From 6f0e93bd8a09ba0f6d943d64b9e68ed52d18a007 Mon Sep 17 00:00:00 2001 From: Alex Crawford Date: Mon, 1 Oct 2018 16:09:25 -0700 Subject: [PATCH 1/2] templates: reformat etcd-member This just cleans up the indentation to match the other stanzas. --- templates/_base/master/units/etcd-member.yaml | 62 +++++++++---------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/templates/_base/master/units/etcd-member.yaml b/templates/_base/master/units/etcd-member.yaml index dabd69ba1f..51ab6adf65 100644 --- a/templates/_base/master/units/etcd-member.yaml +++ b/templates/_base/master/units/etcd-member.yaml @@ -63,37 +63,37 @@ contents: | ExecStartPre=/usr/bin/chown etcd /var/lib/etcd ExecStartPre=/usr/bin/chown etcd /run/etcd - ExecStart= /usr/bin/bash -c " \ - /bin/podman \ - run \ - --rm \ - --name etcd-member \ - --volume /run/systemd/system:/run/systemd/system:ro,z \ - --volume /etc/ssl/certs:/etc/ssl/certs:ro,z \ - --volume /etc/ssl/etcd:/etc/ssl/etcd:ro,z \ - --volume /var/lib/etcd:/var/lib/etcd:rw,z \ - --volume /etc/ssl/certs:/etc/ssl/certs:ro,z \ - --env 'ETCD_NAME=%m' \ - --env ETCD_DATA_DIR=/var/lib/etcd \ - --network host \ - --user=$(id --user etcd) \ - '${ETCD_IMAGE}' \ - /usr/local/bin/etcd \ - --name={{.ClusterName}}-etcd-{{skip "etcd_index"}}.{{.BaseDomain}} \ - --advertise-client-urls=https://{{.ClusterName}}-etcd-{{skip "etcd_index"}}.{{.BaseDomain}}:2379 \ - --cert-file=/etc/ssl/etcd/system:etcd-server:{{.ClusterName}}-etcd-{{skip "etcd_index"}}.{{.BaseDomain}}.crt \ - --key-file=/etc/ssl/etcd/system:etcd-server:{{.ClusterName}}-etcd-{{skip "etcd_index"}}.{{.BaseDomain}}.key \ - --trusted-ca-file=/etc/ssl/etcd/ca.crt \ - --client-cert-auth=true \ - --peer-cert-file=/etc/ssl/etcd/system:etcd-peer:{{.ClusterName}}-etcd-{{skip "etcd_index"}}.{{.BaseDomain}}.crt \ - --peer-key-file=/etc/ssl/etcd/system:etcd-peer:{{.ClusterName}}-etcd-{{skip "etcd_index"}}.{{.BaseDomain}}.key \ - --peer-trusted-ca-file=/etc/ssl/etcd/ca.crt \ - --peer-client-cert-auth=true \ - --initial-cluster='{{etcdInitialCluster .}}' \ - --initial-advertise-peer-urls=https://{{.ClusterName}}-etcd-{{skip "etcd_index"}}.{{.BaseDomain}}:2380 \ - --listen-client-urls=https://0.0.0.0:2379 \ - --listen-peer-urls=https://0.0.0.0:2380 \ - " + ExecStart=/usr/bin/bash -c " \ + /bin/podman \ + run \ + --rm \ + --name etcd-member \ + --volume /run/systemd/system:/run/systemd/system:ro,z \ + --volume /etc/ssl/certs:/etc/ssl/certs:ro,z \ + --volume /etc/ssl/etcd:/etc/ssl/etcd:ro,z \ + --volume /var/lib/etcd:/var/lib/etcd:rw,z \ + --volume /etc/ssl/certs:/etc/ssl/certs:ro,z \ + --env 'ETCD_NAME=%m' \ + --env ETCD_DATA_DIR=/var/lib/etcd \ + --network host \ + --user=$(id --user etcd) \ + '${ETCD_IMAGE}' \ + /usr/local/bin/etcd \ + --name={{.ClusterName}}-etcd-{{skip "etcd_index"}}.{{.BaseDomain}} \ + --advertise-client-urls=https://{{.ClusterName}}-etcd-{{skip "etcd_index"}}.{{.BaseDomain}}:2379 \ + --cert-file=/etc/ssl/etcd/system:etcd-server:{{.ClusterName}}-etcd-{{skip "etcd_index"}}.{{.BaseDomain}}.crt \ + --key-file=/etc/ssl/etcd/system:etcd-server:{{.ClusterName}}-etcd-{{skip "etcd_index"}}.{{.BaseDomain}}.key \ + --trusted-ca-file=/etc/ssl/etcd/ca.crt \ + --client-cert-auth=true \ + --peer-cert-file=/etc/ssl/etcd/system:etcd-peer:{{.ClusterName}}-etcd-{{skip "etcd_index"}}.{{.BaseDomain}}.crt \ + --peer-key-file=/etc/ssl/etcd/system:etcd-peer:{{.ClusterName}}-etcd-{{skip "etcd_index"}}.{{.BaseDomain}}.key \ + --peer-trusted-ca-file=/etc/ssl/etcd/ca.crt \ + --peer-client-cert-auth=true \ + --initial-cluster='{{etcdInitialCluster .}}' \ + --initial-advertise-peer-urls=https://{{.ClusterName}}-etcd-{{skip "etcd_index"}}.{{.BaseDomain}}:2380 \ + --listen-client-urls=https://0.0.0.0:2379 \ + --listen-peer-urls=https://0.0.0.0:2380 \ + " [Install] WantedBy=multi-user.target From ff9bc77030a5aee49d771b9cb991ccc3f10e93d2 Mon Sep 17 00:00:00 2001 From: Alex Crawford Date: Mon, 1 Oct 2018 16:10:38 -0700 Subject: [PATCH 2/2] templates: change etcd-member to notify type Now that podman is being used, we can actually use systemd's notify mechanism. This allows systemd to more accurately track etcd's state and it removes the following warning: etcdmain: forgot to set Type=notify in systemd service file? --- .../aws/master/units/etcd-member.service | 64 ++++++++++--------- .../libvirt/master/units/etcd-member.service | 64 ++++++++++--------- templates/_base/master/units/etcd-member.yaml | 2 + 3 files changed, 68 insertions(+), 62 deletions(-) diff --git a/pkg/controller/template/test_data/templates/aws/master/units/etcd-member.service b/pkg/controller/template/test_data/templates/aws/master/units/etcd-member.service index 91771a6bb7..960aa1b1ad 100644 --- a/pkg/controller/template/test_data/templates/aws/master/units/etcd-member.service +++ b/pkg/controller/template/test_data/templates/aws/master/units/etcd-member.service @@ -6,6 +6,7 @@ contents: | Wants=network-online.target [Service] + Type=notify Restart=on-failure RestartSec=10s TimeoutStartSec=0 @@ -61,37 +62,38 @@ contents: | ExecStartPre=/usr/bin/chown etcd /var/lib/etcd ExecStartPre=/usr/bin/chown etcd /run/etcd - ExecStart= /usr/bin/bash -c " \ - /bin/podman \ - run \ - --rm \ - --name etcd-member \ - --volume /run/systemd/system:/run/systemd/system:ro,z \ - --volume /etc/ssl/certs:/etc/ssl/certs:ro,z \ - --volume /etc/ssl/etcd:/etc/ssl/etcd:ro,z \ - --volume /var/lib/etcd:/var/lib/etcd:rw,z \ - --volume /etc/ssl/certs:/etc/ssl/certs:ro,z \ - --env 'ETCD_NAME=%m' \ - --env ETCD_DATA_DIR=/var/lib/etcd \ - --network host \ - --user=$(id --user etcd) \ - '${ETCD_IMAGE}' \ - /usr/local/bin/etcd \ - --name=my-test-cluster-etcd-{{.etcd_index}}.installer.team.coreos.systems \ - --advertise-client-urls=https://my-test-cluster-etcd-{{.etcd_index}}.installer.team.coreos.systems:2379 \ - --cert-file=/etc/ssl/etcd/system:etcd-server:my-test-cluster-etcd-{{.etcd_index}}.installer.team.coreos.systems.crt \ - --key-file=/etc/ssl/etcd/system:etcd-server:my-test-cluster-etcd-{{.etcd_index}}.installer.team.coreos.systems.key \ - --trusted-ca-file=/etc/ssl/etcd/ca.crt \ - --client-cert-auth=true \ - --peer-cert-file=/etc/ssl/etcd/system:etcd-peer:my-test-cluster-etcd-{{.etcd_index}}.installer.team.coreos.systems.crt \ - --peer-key-file=/etc/ssl/etcd/system:etcd-peer:my-test-cluster-etcd-{{.etcd_index}}.installer.team.coreos.systems.key \ - --peer-trusted-ca-file=/etc/ssl/etcd/ca.crt \ - --peer-client-cert-auth=true \ - --initial-cluster='my-test-cluster-etcd-0.installer.team.coreos.systems=https://my-test-cluster-etcd-0.installer.team.coreos.systems:2380,my-test-cluster-etcd-1.installer.team.coreos.systems=https://my-test-cluster-etcd-1.installer.team.coreos.systems:2380,my-test-cluster-etcd-2.installer.team.coreos.systems=https://my-test-cluster-etcd-2.installer.team.coreos.systems:2380' \ - --initial-advertise-peer-urls=https://my-test-cluster-etcd-{{.etcd_index}}.installer.team.coreos.systems:2380 \ - --listen-client-urls=https://0.0.0.0:2379 \ - --listen-peer-urls=https://0.0.0.0:2380 \ - " + ExecStart=/usr/bin/bash -c " \ + /bin/podman \ + run \ + --rm \ + --name etcd-member \ + --volume /run/systemd/system:/run/systemd/system:ro,z \ + --volume /run/systemd/notify:/run/systemd/notify:rw,z \ + --volume /etc/ssl/certs:/etc/ssl/certs:ro,z \ + --volume /etc/ssl/etcd:/etc/ssl/etcd:ro,z \ + --volume /var/lib/etcd:/var/lib/etcd:rw,z \ + --volume /etc/ssl/certs:/etc/ssl/certs:ro,z \ + --env 'ETCD_NAME=%m' \ + --env ETCD_DATA_DIR=/var/lib/etcd \ + --network host \ + --user=$(id --user etcd) \ + '${ETCD_IMAGE}' \ + /usr/local/bin/etcd \ + --name=my-test-cluster-etcd-{{.etcd_index}}.installer.team.coreos.systems \ + --advertise-client-urls=https://my-test-cluster-etcd-{{.etcd_index}}.installer.team.coreos.systems:2379 \ + --cert-file=/etc/ssl/etcd/system:etcd-server:my-test-cluster-etcd-{{.etcd_index}}.installer.team.coreos.systems.crt \ + --key-file=/etc/ssl/etcd/system:etcd-server:my-test-cluster-etcd-{{.etcd_index}}.installer.team.coreos.systems.key \ + --trusted-ca-file=/etc/ssl/etcd/ca.crt \ + --client-cert-auth=true \ + --peer-cert-file=/etc/ssl/etcd/system:etcd-peer:my-test-cluster-etcd-{{.etcd_index}}.installer.team.coreos.systems.crt \ + --peer-key-file=/etc/ssl/etcd/system:etcd-peer:my-test-cluster-etcd-{{.etcd_index}}.installer.team.coreos.systems.key \ + --peer-trusted-ca-file=/etc/ssl/etcd/ca.crt \ + --peer-client-cert-auth=true \ + --initial-cluster='my-test-cluster-etcd-0.installer.team.coreos.systems=https://my-test-cluster-etcd-0.installer.team.coreos.systems:2380,my-test-cluster-etcd-1.installer.team.coreos.systems=https://my-test-cluster-etcd-1.installer.team.coreos.systems:2380,my-test-cluster-etcd-2.installer.team.coreos.systems=https://my-test-cluster-etcd-2.installer.team.coreos.systems:2380' \ + --initial-advertise-peer-urls=https://my-test-cluster-etcd-{{.etcd_index}}.installer.team.coreos.systems:2380 \ + --listen-client-urls=https://0.0.0.0:2379 \ + --listen-peer-urls=https://0.0.0.0:2380 \ + " [Install] WantedBy=multi-user.target diff --git a/pkg/controller/template/test_data/templates/libvirt/master/units/etcd-member.service b/pkg/controller/template/test_data/templates/libvirt/master/units/etcd-member.service index 91771a6bb7..960aa1b1ad 100644 --- a/pkg/controller/template/test_data/templates/libvirt/master/units/etcd-member.service +++ b/pkg/controller/template/test_data/templates/libvirt/master/units/etcd-member.service @@ -6,6 +6,7 @@ contents: | Wants=network-online.target [Service] + Type=notify Restart=on-failure RestartSec=10s TimeoutStartSec=0 @@ -61,37 +62,38 @@ contents: | ExecStartPre=/usr/bin/chown etcd /var/lib/etcd ExecStartPre=/usr/bin/chown etcd /run/etcd - ExecStart= /usr/bin/bash -c " \ - /bin/podman \ - run \ - --rm \ - --name etcd-member \ - --volume /run/systemd/system:/run/systemd/system:ro,z \ - --volume /etc/ssl/certs:/etc/ssl/certs:ro,z \ - --volume /etc/ssl/etcd:/etc/ssl/etcd:ro,z \ - --volume /var/lib/etcd:/var/lib/etcd:rw,z \ - --volume /etc/ssl/certs:/etc/ssl/certs:ro,z \ - --env 'ETCD_NAME=%m' \ - --env ETCD_DATA_DIR=/var/lib/etcd \ - --network host \ - --user=$(id --user etcd) \ - '${ETCD_IMAGE}' \ - /usr/local/bin/etcd \ - --name=my-test-cluster-etcd-{{.etcd_index}}.installer.team.coreos.systems \ - --advertise-client-urls=https://my-test-cluster-etcd-{{.etcd_index}}.installer.team.coreos.systems:2379 \ - --cert-file=/etc/ssl/etcd/system:etcd-server:my-test-cluster-etcd-{{.etcd_index}}.installer.team.coreos.systems.crt \ - --key-file=/etc/ssl/etcd/system:etcd-server:my-test-cluster-etcd-{{.etcd_index}}.installer.team.coreos.systems.key \ - --trusted-ca-file=/etc/ssl/etcd/ca.crt \ - --client-cert-auth=true \ - --peer-cert-file=/etc/ssl/etcd/system:etcd-peer:my-test-cluster-etcd-{{.etcd_index}}.installer.team.coreos.systems.crt \ - --peer-key-file=/etc/ssl/etcd/system:etcd-peer:my-test-cluster-etcd-{{.etcd_index}}.installer.team.coreos.systems.key \ - --peer-trusted-ca-file=/etc/ssl/etcd/ca.crt \ - --peer-client-cert-auth=true \ - --initial-cluster='my-test-cluster-etcd-0.installer.team.coreos.systems=https://my-test-cluster-etcd-0.installer.team.coreos.systems:2380,my-test-cluster-etcd-1.installer.team.coreos.systems=https://my-test-cluster-etcd-1.installer.team.coreos.systems:2380,my-test-cluster-etcd-2.installer.team.coreos.systems=https://my-test-cluster-etcd-2.installer.team.coreos.systems:2380' \ - --initial-advertise-peer-urls=https://my-test-cluster-etcd-{{.etcd_index}}.installer.team.coreos.systems:2380 \ - --listen-client-urls=https://0.0.0.0:2379 \ - --listen-peer-urls=https://0.0.0.0:2380 \ - " + ExecStart=/usr/bin/bash -c " \ + /bin/podman \ + run \ + --rm \ + --name etcd-member \ + --volume /run/systemd/system:/run/systemd/system:ro,z \ + --volume /run/systemd/notify:/run/systemd/notify:rw,z \ + --volume /etc/ssl/certs:/etc/ssl/certs:ro,z \ + --volume /etc/ssl/etcd:/etc/ssl/etcd:ro,z \ + --volume /var/lib/etcd:/var/lib/etcd:rw,z \ + --volume /etc/ssl/certs:/etc/ssl/certs:ro,z \ + --env 'ETCD_NAME=%m' \ + --env ETCD_DATA_DIR=/var/lib/etcd \ + --network host \ + --user=$(id --user etcd) \ + '${ETCD_IMAGE}' \ + /usr/local/bin/etcd \ + --name=my-test-cluster-etcd-{{.etcd_index}}.installer.team.coreos.systems \ + --advertise-client-urls=https://my-test-cluster-etcd-{{.etcd_index}}.installer.team.coreos.systems:2379 \ + --cert-file=/etc/ssl/etcd/system:etcd-server:my-test-cluster-etcd-{{.etcd_index}}.installer.team.coreos.systems.crt \ + --key-file=/etc/ssl/etcd/system:etcd-server:my-test-cluster-etcd-{{.etcd_index}}.installer.team.coreos.systems.key \ + --trusted-ca-file=/etc/ssl/etcd/ca.crt \ + --client-cert-auth=true \ + --peer-cert-file=/etc/ssl/etcd/system:etcd-peer:my-test-cluster-etcd-{{.etcd_index}}.installer.team.coreos.systems.crt \ + --peer-key-file=/etc/ssl/etcd/system:etcd-peer:my-test-cluster-etcd-{{.etcd_index}}.installer.team.coreos.systems.key \ + --peer-trusted-ca-file=/etc/ssl/etcd/ca.crt \ + --peer-client-cert-auth=true \ + --initial-cluster='my-test-cluster-etcd-0.installer.team.coreos.systems=https://my-test-cluster-etcd-0.installer.team.coreos.systems:2380,my-test-cluster-etcd-1.installer.team.coreos.systems=https://my-test-cluster-etcd-1.installer.team.coreos.systems:2380,my-test-cluster-etcd-2.installer.team.coreos.systems=https://my-test-cluster-etcd-2.installer.team.coreos.systems:2380' \ + --initial-advertise-peer-urls=https://my-test-cluster-etcd-{{.etcd_index}}.installer.team.coreos.systems:2380 \ + --listen-client-urls=https://0.0.0.0:2379 \ + --listen-peer-urls=https://0.0.0.0:2380 \ + " [Install] WantedBy=multi-user.target diff --git a/templates/_base/master/units/etcd-member.yaml b/templates/_base/master/units/etcd-member.yaml index 51ab6adf65..d1321e4a45 100644 --- a/templates/_base/master/units/etcd-member.yaml +++ b/templates/_base/master/units/etcd-member.yaml @@ -8,6 +8,7 @@ contents: | Wants=network-online.target [Service] + Type=notify Restart=on-failure RestartSec=10s TimeoutStartSec=0 @@ -69,6 +70,7 @@ contents: | --rm \ --name etcd-member \ --volume /run/systemd/system:/run/systemd/system:ro,z \ + --volume /run/systemd/notify:/run/systemd/notify:rw,z \ --volume /etc/ssl/certs:/etc/ssl/certs:ro,z \ --volume /etc/ssl/etcd:/etc/ssl/etcd:ro,z \ --volume /var/lib/etcd:/var/lib/etcd:rw,z \