Etcd cert reload (#49)

* sys: no longer need to restart svc, reloads certs on req

etcd-io/etcd@4e21f87

cert-fetcher/main.tf

@@ -0,0 +1,37 @@
+variable "on_calendar" {}
+
+data "ignition_systemd_unit" "cert-fetch-service" {
+  name = "cert-fetch.service"
+
+  content = <<EOS
+[Unit]
+Description=Fetch new certificates from cfssl server
+[Service]
+Type=oneshot
+ExecStart=/opt/bin/cfssl-new-cert
+[Install]
+WantedBy=multi-user.target
+EOS
+}
+
+data "ignition_systemd_unit" "cert-fetch-timer" {
+  name = "cert-fetch.timer"
+
+  content = <<EOS
+[Unit]
+Description=Fetch new certificates from cfssl server
+[Timer]
+OnCalendar=${var.on_calendar}
+AccuracySec=1s
+RandomizedDelaySec=60min
+[Install]
+WantedBy=timers.target
+EOS
+}
+
+output "systemd_units" {
+  value = [
+    "${data.ignition_systemd_unit.cert-fetch-service.id}",
+    "${data.ignition_systemd_unit.cert-fetch-timer.id}",
+  ]
+}

etcd.tf

@@ -118,11 +118,10 @@ data "ignition_systemd_unit" "etcd-member-dropin" {
   }
 }
 
-module "etcd-member-restarter" {
-  source = "./systemd_service_restarter"
+module "etcd-cert-fetcher" {
+  source = "./cert-fetcher"
 
-  service_name = "etcd-member"
-  on_calendar  = "${var.cfssl_node_renew_timer}"
+  on_calendar = "${var.cfssl_node_renew_timer}"
 }
 
 data "ignition_config" "etcd" {
@@ -150,7 +149,7 @@ data "ignition_config" "etcd" {
         element(data.ignition_systemd_unit.etcd-member-dropin.*.id, count.index),
         element(data.ignition_systemd_unit.etcd-disk-mounter.*.id, count.index),
     ),
-    module.etcd-member-restarter.systemd_units,
+    module.etcd-cert-fetcher.systemd_units,
     var.etcd_additional_systemd_units,
   )}"]
 }

resources/etcd-member-dropin.conf

@@ -24,4 +24,3 @@ Environment="RKT_RUN_ARGS=\
   --volume etc-etcd,kind=host,source=/etc/etcd,readOnly=true \
   --mount volume=etc-etcd,target=/etc/etcd"
 ExecStartPre=/usr/bin/mkdir -p /etc/etcd
-ExecStartPre=/opt/bin/cfssl-new-cert