sys: use etcd binary (#113)

etcd.tf

@@ -21,6 +21,16 @@ data "template_file" "etcd-cfssl-new-cert" {
   }
 }
 
+data "ignition_file" "etcd" {
+  mode       = 493
+  filesystem = "root"
+  path       = "/opt/bin/etcd.tar.gz"
+
+  source {
+    source = "https://storage.googleapis.com/etcd/${var.etcd_image_tag}/etcd-${var.etcd_image_tag}-linux-amd64.tar.gz"
+  }
+}
+
 data "ignition_file" "etcd-cfssl-new-cert" {
   count      = length(var.etcd_addresses)
   mode       = 493
@@ -45,6 +55,15 @@ data "ignition_file" "etcd-prom-machine-role" {
   }
 }
 
+data "template_file" "etcd-setup" {
+  template = file("${path.module}/resources/etcd-setup.service")
+}
+
+data "ignition_systemd_unit" "etcd-setup" {
+  name    = "etcd-setup.service"
+  content = data.template_file.etcd-setup.rendered
+}
+
 data "template_file" "etcdctl-wrapper" {
   count    = length(var.etcd_addresses)
   template = file("${path.module}/resources/etcdctl-wrapper")
@@ -97,28 +116,23 @@ resource "null_resource" "etcd_member" {
   }
 }
 
-data "template_file" "etcd-member-dropin" {
+data "template_file" "etcd-member" {
   count    = length(var.etcd_addresses)
-  template = file("${path.module}/resources/etcd-member-dropin.conf")
+  template = file("${path.module}/resources/etcd-member.service")
 
   vars = {
     etcd_image_url       = var.etcd_image_url
     etcd_image_tag       = var.etcd_image_tag
     index                = count.index
     etcd_initial_cluster = join(",", formatlist("member%s=https://%s:2380", null_resource.etcd_member.*.triggers.index, var.etcd_addresses))
     private_ipv4         = var.etcd_addresses[count.index]
-    uuid_file            = "/var/lib/${var.container_linux_distribution}/etcd-member-wrapper.uuid"
   }
 }
 
-data "ignition_systemd_unit" "etcd-member-dropin" {
-  count = length(var.etcd_addresses)
-  name  = "etcd-member.service"
-
-  dropin {
-    name    = "10-custom-options.conf"
-    content = element(data.template_file.etcd-member-dropin.*.rendered, count.index)
-  }
+data "ignition_systemd_unit" "etcd-member" {
+  count   = length(var.etcd_addresses)
+  name    = "etcd-member.service"
+  content = element(data.template_file.etcd-member.*.rendered, count.index)
 }
 
 module "etcd-cert-fetcher" {
@@ -135,6 +149,7 @@ data "ignition_config" "etcd" {
       data.ignition_file.cfssl.id,
       data.ignition_file.cfssljson.id,
       data.ignition_file.cfssl-client-config.id,
+      data.ignition_file.etcd.id,
       element(data.ignition_file.etcd-cfssl-new-cert.*.id, count.index),
       data.ignition_file.etcd-prom-machine-role.id,
       element(data.ignition_file.etcdctl-wrapper.*.id, count.index),
@@ -149,7 +164,8 @@ data "ignition_config" "etcd" {
       data.ignition_systemd_unit.locksmithd_etcd.id,
       data.ignition_systemd_unit.docker-opts-dropin.id,
       data.ignition_systemd_unit.node-exporter.id,
-      element(data.ignition_systemd_unit.etcd-member-dropin.*.id, count.index),
+      data.ignition_systemd_unit.etcd-setup.id,
+      element(data.ignition_systemd_unit.etcd-member.*.id, count.index),
       element(data.ignition_systemd_unit.etcd-disk-mounter.*.id, count.index)
     ],
     module.etcd-cert-fetcher.systemd_units,

resources/etcd-member-dropin.conf → resources/etcd-member.service

@@ -1,9 +1,22 @@
+# Replacing /usr/lib/systemd/system/etcd-member.service
+
 [Unit]
-After=disk-mounter.service
-Requires=disk-mounter.service
+Description=etcd (System Application Container)
+Documentation=https://github.com/coreos/etcd
+Wants=network-online.target network.target
+Requires=disk-mounter.service etcd-setup.service cert-fetch.service
+After=network-online.target disk-mounter.service etcd-setup.service cert-fetch.service
+Conflicts=etcd.service
+Conflicts=etcd2.service
+
 [Service]
-Environment="ETCD_IMAGE_URL=${etcd_image_url}"
-Environment="ETCD_IMAGE_TAG=${etcd_image_tag}"
+Type=notify
+Restart=on-failure
+RestartSec=10s
+TimeoutStartSec=0
+LimitNOFILE=40000
+
+Environment="ETCD_DATA_DIR=/var/lib/etcd"
 Environment="ETCD_NAME=member${index}"
 Environment="ETCD_INITIAL_CLUSTER=${etcd_initial_cluster}"
 Environment="ETCD_LISTEN_PEER_URLS=https://${private_ipv4}:2380"
@@ -19,8 +32,8 @@ Environment="ETCD_PEER_CLIENT_CERT_AUTH=true"
 Environment="ETCD_PEER_TRUSTED_CA_FILE=/etc/etcd/ssl/ca.pem"
 Environment="ETCD_PEER_CERT_FILE=/etc/etcd/ssl/node.pem"
 Environment="ETCD_PEER_KEY_FILE=/etc/etcd/ssl/node-key.pem"
-Environment="RKT_RUN_ARGS=\
-  --uuid-file-save=${uuid_file} \
-  --volume etc-etcd,kind=host,source=/etc/etcd,readOnly=true \
-  --mount volume=etc-etcd,target=/etc/etcd"
-ExecStartPre=/usr/bin/mkdir -p /etc/etcd
+
+ExecStart=/opt/bin/etcd
+
+[Install]
+WantedBy=multi-user.target

resources/etcd-setup.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=Setup etcd binaries
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStartPre=mkdir -p /tmp/etcd
+ExecStart=tar xzvf /opt/bin/etcd.tar.gz -C /tmp/etcd --strip-components=1
+ExecStart=mv /tmp/etcd/etcd /opt/bin/etcd
+ExecStart=mv /tmp/etcd/etcdctl /opt/bin/etcdctl
+ExecStartPost=rm -rf /tmp/etcd
+ExecStartPost=rm -f /opt/bin/etcd.tar.gz
+[Install]
+WantedBy=multi-user.target

resources/etcdctl-wrapper

@@ -2,7 +2,6 @@
 docker run --rm \
     -i \
     -v /etc/etcd/ssl:/etc/etcd/ssl \
-    -e ETCDCTL_API=3 \
     --entrypoint /usr/local/bin/etcdctl \
     ${etcd_image_url}:${etcd_image_tag} \
     --cacert /etc/etcd/ssl/ca.pem \

variables.tf

@@ -1,8 +1,3 @@
-variable "container_linux_distribution" {
-  description = "The distribution of Container Linux ('coreos' or 'flatcar')."
-  default     = "flatcar"
-}
-
 variable "enable_container_linux_update-engine" {
   description = "Whether to enable automatic updates for Container Linux."
   default     = true