Last changes for fixing the kmsctl systemd unit

Capgemini · Jul 21, 2017 · 74bbda6 · 74bbda6
1 parent 2e2a1d6
commit 74bbda6
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -33,7 +33,7 @@ ELB creation with attachment to the Masters (Only via port 443)
 ### Kubernetes modules:
 
 Etcd/Master - Currently the etcd cluster is being hosted on the master as per Google recommendation however this can easily be isolated if required. The Master nodes all run Smilodon for EBS and ENI attachment (following the EBS per IP recommendation).
-Bastion - This is configured to allow you to SSH in and run "sudo etcdctl cluster-health" (etcd proxy). An OpenVPN module will be added soon.
+Bastion - This is configured to allow you to SSH in and run "sudo -E etcdctl cluster-health" (etcd proxy). An OpenVPN module will be added soon.
 Kubenodes - Probably the most basic of the bunch, cloud-config similar to the bastion but with the kubelet-wrapper installed.
 
 ### Route53 module:

diff --git a/modules/kubernetes/kubenode/Files/kubenode.yml b/modules/kubernetes/kubenode/Files/kubenode.yml
@@ -21,6 +21,9 @@ coreos:
         PermissionsStartOnly=true
         RuntimeDirectory=etcd2
         RuntimeDirectoryMode=0700
+        ExecStartPre=/usr/bin/mkdir -p /var/lib/etcd2
+        ExecStartPre=/usr/bin/chown -R etcd:etcd /var/lib/etcd2
+        ExecStartPre=/usr/bin/chmod 0744 /var/lib/etcd2
         ExecStartPre=/usr/bin/systemctl --quiet is-active kmsctl-certs.service
         EnvironmentFile=/etc/etcd-environment
         Restart=on-failure
@@ -32,14 +35,11 @@ coreos:
       [Unit]
       Description=KMSCtl - download certs
       [Service]
-      Type=notify
-      NotifyAccess=all
       RemainAfterExit=yes
       ExecStartPre=/usr/bin/mkdir -p /opt/bin
-      ExecStartPre=/usr/bin/mkdir -p /var/lib/etcd2
       ExecStartPre=/usr/bin/mkdir -p /etc/ssl/kubernetes
-      ExecStartPre=/usr/bin/chown -R etcd:etcd /etc/ssl/kubernetes /var/lib/etcd2
-      ExecStartPre=/usr/bin/chmod 0744 /etc/ssl/kubernetes /var/lib/etcd2
+      ExecStartPre=/usr/bin/chown -R etcd:etcd /etc/ssl/kubernetes
+      ExecStartPre=/usr/bin/chmod 0744 /etc/ssl/kubernetes
       ExecStartPre=/usr/bin/wget https://github.com/gambol99/kmsctl/releases/download/v1.0.4/kmsctl-linux-amd64 -O /opt/bin/kmsctl
       ExecStartPre=/usr/bin/chmod +x /opt/bin/kmsctl
       ExecStartPre=/opt/bin/kmsctl --region ${region} get -b ${bucket} -d /etc/ssl/kubernetes/ ${etcdcertobject}
@@ -54,7 +54,7 @@ coreos:
       ExecStartPre=/usr/bin/bash -c "chmod 0644 /etc/ssl/kubernetes/*"
       ExecStartPre=/usr/bin/chown -R etcd:etcd /etc/ssl/kubernetes /var/lib/etcd2
       ExecStartPre=/usr/sbin/update-ca-certificates
-      ExecStart=/usr/bin/systemd-notify --ready --status="successfully downloaded the certs"
+      ExecStart=/bin/ls /etc/ssl/kubernetes/${etcdcertobject} /etc/ssl/kubernetes/${etcdkeyobject} /etc/ssl/kubernetes/${kubenodecertobject} /etc/ssl/kubernetes/${kubenodekeyobject} /etc/ssl/kubernetes/${cacertobject} /etc/ssl/kubernetes/${etcdproxycertobject} /etc/ssl/kubernetes/${etcdproxykeyobject}
       Restart=on-failure
       RestartSec=10
       TimeoutStartSec=300