From 5ccacebeeaa307156e082eff88e2cbb371aaac17 Mon Sep 17 00:00:00 2001
From: Tom Kirchner <tjk@amazon.com>
Date: Mon, 21 Oct 2019 11:39:30 -0700
Subject: [PATCH 1/4] Use BindsTo= for dependencies that *must* be up

---
 packages/kubernetes/kubelet.service          | 2 +-
 packages/workspaces/host-containers@.service | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/kubernetes/kubelet.service b/packages/kubernetes/kubelet.service
index 24578571a4c..19c1073dca6 100644
--- a/packages/kubernetes/kubelet.service
+++ b/packages/kubernetes/kubelet.service
@@ -3,7 +3,7 @@ Description=Kubelet
 Documentation=https://github.com/kubernetes/kubernetes
 After=containerd.service configured.target
 Wants=configured.target
-Requires=containerd.service
+BindsTo=containerd.service
 
 [Service]
 EnvironmentFile=/etc/kubernetes/kubelet/env
diff --git a/packages/workspaces/host-containers@.service b/packages/workspaces/host-containers@.service
index 993ec60cb7b..6f29c85da68 100644
--- a/packages/workspaces/host-containers@.service
+++ b/packages/workspaces/host-containers@.service
@@ -1,7 +1,7 @@
 [Unit]
 Description=Host container: %i
 After=host-containerd.service
-Requires=host-containerd.service
+BindsTo=host-containerd.service
 
 [Service]
 Type=simple

From 62e2c91e31d863ddb96e88d94bc97574885692ac Mon Sep 17 00:00:00 2001
From: Tom Kirchner <tjk@amazon.com>
Date: Mon, 21 Oct 2019 11:40:04 -0700
Subject: [PATCH 2/4] Remove prepare-var-lib-thar.service

systemd automatically creates directories that represent the mount points
(Where=) of mount units.

We don't change or remove the mkdir in prepare-local.service because /var is a
bind mount and we want to be careful about that behavior.
---
 packages/release/prepare-var-lib-thar.service | 9 ---------
 packages/release/release.spec                 | 4 +---
 packages/release/var-lib-thar.mount           | 3 +--
 3 files changed, 2 insertions(+), 14 deletions(-)
 delete mode 100644 packages/release/prepare-var-lib-thar.service

diff --git a/packages/release/prepare-var-lib-thar.service b/packages/release/prepare-var-lib-thar.service
deleted file mode 100644
index 1e3a1829433..00000000000
--- a/packages/release/prepare-var-lib-thar.service
+++ /dev/null
@@ -1,9 +0,0 @@
-[Unit]
-Description=Prepare Private Directory (/var/lib/thar)
-RequiresMountsFor=/var
-DefaultDependencies=no
-
-[Service]
-Type=oneshot
-ExecStart=-/usr/bin/mkdir -p /var/lib/thar
-RemainAfterExit=false
diff --git a/packages/release/release.spec b/packages/release/release.spec
index 022f87f3096..79f3d14a698 100644
--- a/packages/release/release.spec
+++ b/packages/release/release.spec
@@ -24,7 +24,6 @@ Source1004: host-containerd-config.toml
 Source1006: prepare-local.service
 Source1007: var.mount
 Source1008: opt.mount
-Source1009: prepare-var-lib-thar.service
 Source1010: var-lib-thar.mount
 
 BuildArch: noarch
@@ -102,7 +101,7 @@ VERSION_ID=%{version}
 EOF
 
 install -d %{buildroot}%{_cross_unitdir}
-install -p -m 0644 %{S:1002} %{S:1003} %{S:1006} %{S:1007} %{S:1008} %{S:1009} %{S:1010} %{buildroot}%{_cross_unitdir}
+install -p -m 0644 %{S:1002} %{S:1003} %{S:1006} %{S:1007} %{S:1008} %{S:1010} %{buildroot}%{_cross_unitdir}
 
 install -d %{buildroot}%{_cross_templatedir}
 install -p -m 0644 %{S:200} %{buildroot}%{_cross_templatedir}/hostname
@@ -121,7 +120,6 @@ install -p -m 0644 %{S:200} %{buildroot}%{_cross_templatedir}/hostname
 %{_cross_unitdir}/configured.target
 %{_cross_unitdir}/host-containerd.service
 %{_cross_unitdir}/prepare-local.service
-%{_cross_unitdir}/prepare-var-lib-thar.service
 %{_cross_unitdir}/var.mount
 %{_cross_unitdir}/opt.mount
 %{_cross_unitdir}/var-lib-thar.mount
diff --git a/packages/release/var-lib-thar.mount b/packages/release/var-lib-thar.mount
index a15ee5d41d2..2f4726582f3 100644
--- a/packages/release/var-lib-thar.mount
+++ b/packages/release/var-lib-thar.mount
@@ -2,9 +2,8 @@
 Description=Private Directory (/var/lib/thar)
 DefaultDependencies=no
 Conflicts=umount.target
+RequiresMountsFor=/var
 Before=local-fs.target umount.target
-Wants=prepare-var-lib-thar.service
-After=prepare-var-lib-thar.service
 
 [Mount]
 What=/dev/disk/by-partlabel/THAR-PRIVATE

From b23d21a5cbf908d6c0ef110a10daca4ad69c5e6d Mon Sep 17 00:00:00 2001
From: Tom Kirchner <tjk@amazon.com>
Date: Mon, 21 Oct 2019 11:42:07 -0700
Subject: [PATCH 3/4] Remove network.target from apiserver.service dependencies

Since we're now binding to a Unix-domain socket, we no longer need any network
interfaces up to bind to them.
---
 packages/workspaces/apiserver.service | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/workspaces/apiserver.service b/packages/workspaces/apiserver.service
index 5a9f2a906e1..e3d0c4302aa 100644
--- a/packages/workspaces/apiserver.service
+++ b/packages/workspaces/apiserver.service
@@ -1,7 +1,7 @@
 [Unit]
 Description=Thar API server
-After=network.target storewolf.service migrator.service
-Requires=network.target storewolf.service migrator.service
+After=storewolf.service migrator.service
+Requires=storewolf.service migrator.service
 
 [Service]
 Type=notify

From c4e56ef6e1fd675e52742f6e44452b2e1b48e8cb Mon Sep 17 00:00:00 2001
From: Tom Kirchner <tjk@amazon.com>
Date: Mon, 21 Oct 2019 11:43:01 -0700
Subject: [PATCH 4/4] Join systemd dependency lines

This is consistent with other units, and arguably easier to find/read the
dependency list if it's on a single line.

Also add comments to clarify one of the dependencies.
---
 packages/workspaces/moondog.service | 7 +++----
 packages/workspaces/sundog.service  | 8 +++-----
 2 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/packages/workspaces/moondog.service b/packages/workspaces/moondog.service
index 1fd7642e852..e93ed7581f6 100644
--- a/packages/workspaces/moondog.service
+++ b/packages/workspaces/moondog.service
@@ -1,9 +1,8 @@
 [Unit]
 Description=Thar userdata configuration system
-After=network-online.target
-After=apiserver.service
-Requires=network-online.target
-Requires=apiserver.service
+# Need network online to talk to IMDS.
+After=network-online.target apiserver.service
+Requires=network-online.target apiserver.service
 # We only want to run once, at first boot.  This file is created by moondog
 # after a successful run.
 ConditionPathExists=!/var/lib/thar/moondog.ran
diff --git a/packages/workspaces/sundog.service b/packages/workspaces/sundog.service
index 29578b41a82..65a8c4d10bd 100644
--- a/packages/workspaces/sundog.service
+++ b/packages/workspaces/sundog.service
@@ -1,10 +1,8 @@
 [Unit]
 Description=User-specified setting generators
-After=network-online.target
-After=apiserver.service
-After=moondog.service
-Requires=network-online.target
-Requires=apiserver.service
+# Need network access to support commands talking to IMDS.
+After=network-online.target apiserver.service moondog.service
+Requires=network-online.target apiserver.service
 
 [Service]
 Type=oneshot