platform/*: trigger bootkube/tectonic via path unit (#1852)

* platform/metal: trigger bootkube/tectonic via path unit

This removes the need for the last ssh command to the bootkubing
master, which was triggering/running the bootkube/tectonic service
manually in a synchronous way.
This allows for the bootkubing process to be carried-on across
reboots and other failures. The new bootkube trigger is based
on the existence of the shell scripts in /opt.

* gitignore: mask directories crated by smoke test

* modules/bootkube,tectonic,metal: unify bootkube,tectonic units

This moves tectonic and bootkube service and path units into their
respective modules.

It also updates the metal platform to reference the above.

* modules/aws: use path activation for tectonic and bootkube service

This introduces path activation for tectonic and bootkube service
which is necessary for future torcx bootstrapping.

* modules/azure: use path activation for tectonic and bootkube

* modules/openstack: use path activation for tectonic and bootkube

* modules/vmware: use path activation for tectonic and bootkube

.gitignore

@@ -11,4 +11,6 @@ terraform.tfstate*
 terraform.tfvars
 build/
 bin/
+bin_test/
+matchbox/
 modules/update-payload/generated/

modules/aws/master-asg/ignition.tf

@@ -6,15 +6,17 @@ data "ignition_config" "main" {
     "${data.ignition_file.detect_master.id}",
   ]
 
-  systemd = [
-    "${var.ign_docker_dropin_id}",
-    "${var.ign_locksmithd_service_id}",
-    "${var.ign_kubelet_service_id}",
-    "${var.ign_s3_kubelet_env_service_id}",
-    "${data.ignition_systemd_unit.init_assets.id}",
-    "${data.ignition_systemd_unit.bootkube.id}",
-    "${data.ignition_systemd_unit.tectonic.id}",
-  ]
+  systemd = ["${compact(list(
+    var.ign_docker_dropin_id,
+    var.ign_locksmithd_service_id,
+    var.ign_kubelet_service_id,
+    var.ign_s3_kubelet_env_service_id,
+    data.ignition_systemd_unit.init_assets.id,
+    var.ign_bootkube_service_id,
+    var.ign_tectonic_service_id,
+    var.ign_bootkube_path_unit_id,
+    var.ign_tectonic_path_unit_id,
+   ))}"]
 }
 
 data "ignition_file" "detect_master" {
@@ -41,7 +43,7 @@ data "template_file" "init_assets" {
 
 data "ignition_file" "init_assets" {
   filesystem = "root"
-  path       = "/opt/tectonic/init-assets.sh"
+  path       = "/opt/init-assets.sh"
   mode       = 0755
 
   content {
@@ -54,14 +56,3 @@ data "ignition_systemd_unit" "init_assets" {
   enable  = "${var.assets_s3_location != "" ? true : false}"
   content = "${file("${path.module}/resources/services/init-assets.service")}"
 }
-
-data "ignition_systemd_unit" "bootkube" {
-  name    = "bootkube.service"
-  content = "${var.bootkube_service}"
-}
-
-data "ignition_systemd_unit" "tectonic" {
-  name    = "tectonic.service"
-  enable  = "${var.tectonic_service_disabled == 0 ? true : false}"
-  content = "${var.tectonic_service}"
-}

modules/aws/master-asg/resources/init-assets.sh

@@ -27,9 +27,11 @@ fi
 
 # Download the assets from S3.
 # shellcheck disable=SC2154
-/usr/bin/bash /opt/s3-puller.sh "${assets_s3_location}" /opt/tectonic/tectonic.zip
-unzip -o -d /opt/tectonic/ /opt/tectonic/tectonic.zip
-rm /opt/tectonic/tectonic.zip
+/usr/bin/bash /opt/s3-puller.sh "${assets_s3_location}" /var/tmp/tectonic.zip
+unzip -o -d /var/tmp/tectonic/ /var/tmp/tectonic.zip
+rm /var/tmp/tectonic.zip
+# make files in /opt/tectonic available atomically
+mv /var/tmp/tectonic /opt/tectonic
 
 # Populate the kubelet.env file.
 mkdir -p /etc/kubernetes

modules/aws/master-asg/resources/services/init-assets.service

@@ -1,18 +1,18 @@
 [Unit]
 Description=Download Tectonic Assets
-ConditionPathExists=!/opt/tectonic/init_assets.done
+ConditionPathExists=!/opt/init_assets.done
 Before=bootkube.service kubelet-env.service
 
 [Service]
 Type=oneshot
 RemainAfterExit=true
-WorkingDirectory=/opt/tectonic
+WorkingDirectory=/opt
 
 User=root
 Group=root
 
-ExecStart=/usr/bin/bash /opt/tectonic/init-assets.sh
-ExecStartPost=/bin/touch /opt/tectonic/init_assets.done
+ExecStart=/usr/bin/bash /opt/init-assets.sh
+ExecStartPost=/bin/touch /opt/init_assets.done
 
 [Install]
 WantedBy=multi-user.target

modules/aws/master-asg/variables.tf

@@ -19,11 +19,6 @@ variable "base_domain" {
   description = "Domain on which the ELB records will be created"
 }
 
-variable "bootkube_service" {
-  type        = "string"
-  description = "The content of the bootkube systemd service unit"
-}
-
 variable "cl_channel" {
   type = "string"
 }
@@ -134,12 +129,20 @@ variable "subnet_ids" {
   type = "list"
 }
 
-variable "tectonic_service" {
+variable "ign_bootkube_service_id" {
   type        = "string"
-  description = "The content of the tectonic installer systemd service unit"
+  description = "The ID of the bootkube systemd service unit"
 }
 
-variable "tectonic_service_disabled" {
-  description = "Specifies whether the tectonic installer systemd unit will be disabled. If true, no tectonic assets will be deployed"
-  default     = false
+variable "ign_bootkube_path_unit_id" {
+  type = "string"
+}
+
+variable "ign_tectonic_service_id" {
+  type        = "string"
+  description = "The ID of the tectonic installer systemd service unit"
+}
+
+variable "ign_tectonic_path_unit_id" {
+  type = "string"
 }

modules/azure/master-as/ignition-master.tf

@@ -7,14 +7,16 @@ data "ignition_config" "master" {
     "${data.ignition_file.cloud_provider_config.id}",
   ]
 
-  systemd = [
-    "${var.ign_docker_dropin_id}",
-    "${var.ign_locksmithd_service_id}",
-    "${var.ign_kubelet_service_id}",
-    "${data.ignition_systemd_unit.tectonic.id}",
-    "${data.ignition_systemd_unit.bootkube.id}",
-    "${var.ign_tx_off_service_id}",
-  ]
+  systemd = ["${compact(list(
+    var.ign_docker_dropin_id,
+    var.ign_locksmithd_service_id,
+    var.ign_kubelet_service_id,
+    var.ign_tx_off_service_id,
+    var.ign_bootkube_service_id,
+    var.ign_tectonic_service_id,
+    var.ign_bootkube_path_unit_id,
+    var.ign_tectonic_path_unit_id,
+   ))}"]
 
   users = [
     "${data.ignition_user.core.id}",
@@ -48,14 +50,3 @@ data "ignition_file" "cloud_provider_config" {
     content = "${var.cloud_provider_config}"
   }
 }
-
-data "ignition_systemd_unit" "bootkube" {
-  name    = "bootkube.service"
-  content = "${var.bootkube_service}"
-}
-
-data "ignition_systemd_unit" "tectonic" {
-  name    = "tectonic.service"
-  enable  = "${var.tectonic_service_disabled == 0 ? true : false}"
-  content = "${var.tectonic_service}"
-}

modules/azure/master-as/variables.tf

@@ -1,8 +1,3 @@
-variable "bootkube_service" {
-  type        = "string"
-  description = "The content of the bootkube systemd service unit"
-}
-
 variable "cl_channel" {
   type = "string"
 }
@@ -72,17 +67,25 @@ variable "storage_type" {
   description = "Storage account type"
 }
 
-variable "tectonic_service" {
-  type        = "string"
-  description = "The content of the tectonic installer systemd service unit"
-}
-
-variable "tectonic_service_disabled" {
-  description = "Specifies whether the tectonic installer systemd unit will be disabled. If true, no tectonic assets will be deployed"
-  default     = false
-}
-
 variable "vm_size" {
   type        = "string"
   description = "VM Size name"
 }
+
+variable "ign_bootkube_service_id" {
+  type        = "string"
+  description = "The ID of the bootkube systemd service unit"
+}
+
+variable "ign_bootkube_path_unit_id" {
+  type = "string"
+}
+
+variable "ign_tectonic_service_id" {
+  type        = "string"
+  description = "The ID of the tectonic installer systemd service unit"
+}
+
+variable "ign_tectonic_path_unit_id" {
+  type = "string"
+}

modules/bootkube/assets.tf

@@ -179,6 +179,23 @@ data "template_file" "bootkube_service" {
   template = "${file("${path.module}/resources/bootkube.service")}"
 }
 
+data "ignition_systemd_unit" "bootkube_service" {
+  name    = "bootkube.service"
+  enable  = false
+  content = "${data.template_file.bootkube_service.rendered}"
+}
+
+# bootkube.path (available as output variable)
+data "template_file" "bootkube_path_unit" {
+  template = "${file("${path.module}/resources/bootkube.path")}"
+}
+
+data "ignition_systemd_unit" "bootkube_path_unit" {
+  name    = "bootkube.path"
+  enable  = true
+  content = "${data.template_file.bootkube_path_unit.rendered}"
+}
+
 # etcd assets
 data "template_file" "etcd_ca_cert_pem" {
   template = "${var.experimental_enabled || var.etcd_tls_enabled

modules/bootkube/outputs.tf

@@ -56,10 +56,22 @@ output "ca_key" {
   value = "${var.ca_cert == "" ? join(" ", tls_private_key.kube_ca.*.private_key_pem) : var.ca_key}"
 }
 
-output "systemd_service" {
+output "systemd_service_rendered" {
   value = "${data.template_file.bootkube_service.rendered}"
 }
 
+output "systemd_service_id" {
+  value = "${data.ignition_systemd_unit.bootkube_service.id}"
+}
+
+output "systemd_path_unit_rendered" {
+  value = "${data.template_file.bootkube_path_unit.rendered}"
+}
+
+output "systemd_path_unit_id" {
+  value = "${data.ignition_systemd_unit.bootkube_path_unit.id}"
+}
+
 output "kube_dns_service_ip" {
   value = "${cidrhost(var.service_cidr, 10)}"
 }

modules/bootkube/resources/bootkube.path

@@ -0,0 +1,7 @@
+[Unit]
+Description=Trigger for bootkube.service
+[Path]
+PathExists=/opt/tectonic/bootkube.sh
+Unit=bootkube.service
+[Install]
+WantedBy=multi-user.target

modules/openstack/nodes/ignition.tf

@@ -14,13 +14,15 @@ data "ignition_config" "node" {
     "${data.ignition_file.sshd.id}",
   ]
 
-  systemd = [
-    "${var.ign_docker_dropin_id}",
-    "${var.ign_locksmithd_service_id}",
-    "${var.ign_kubelet_service_id}",
-    "${data.ignition_systemd_unit.bootkube.id}",
-    "${data.ignition_systemd_unit.tectonic.id}",
-  ]
+  systemd = ["${compact(list(
+    var.ign_docker_dropin_id,
+    var.ign_locksmithd_service_id,
+    var.ign_kubelet_service_id,
+    var.ign_bootkube_service_id,
+    var.ign_tectonic_service_id,
+    var.ign_bootkube_path_unit_id,
+    var.ign_tectonic_path_unit_id,
+   ))}"]
 }
 
 data "ignition_file" "resolv_conf" {
@@ -61,17 +63,6 @@ data "ignition_file" "kubeconfig" {
   }
 }
 
-data "ignition_systemd_unit" "bootkube" {
-  name    = "bootkube.service"
-  content = "${var.bootkube_service}"
-}
-
-data "ignition_systemd_unit" "tectonic" {
-  name    = "tectonic.service"
-  enable  = "${var.tectonic_service_disabled == 0 ? true : false}"
-  content = "${var.tectonic_service}"
-}
-
 data "ignition_file" "sshd" {
   filesystem = "root"
   path       = "/etc/ssh/sshd_config"

modules/openstack/nodes/variables.tf

@@ -1,7 +1,3 @@
-variable "bootkube_service" {
-  type = "string"
-}
-
 variable "cluster_name" {
   type        = "string"
   description = "The name of the cluster. The master hostnames will be prefixed with this."
@@ -34,11 +30,24 @@ variable "resolv_conf_content" {
   description = "The content of the /etc/resolv.conf file."
 }
 
-variable "tectonic_service" {
-  type = "string"
+variable "ign_bootkube_service_id" {
+  type        = "string"
+  description = "The ID of the bootkube systemd service unit"
+  default     = ""
 }
 
-variable "tectonic_service_disabled" {
-  description = "Specifies whether the tectonic installer systemd unit will be disabled. If true, no tectonic assets will be deployed"
-  default     = false
+variable "ign_bootkube_path_unit_id" {
+  type    = "string"
+  default = ""
+}
+
+variable "ign_tectonic_service_id" {
+  type        = "string"
+  description = "The ID of the tectonic installer systemd service unit"
+  default     = ""
+}
+
+variable "ign_tectonic_path_unit_id" {
+  type    = "string"
+  default = ""
 }

modules/tectonic/assets.tf

@@ -129,3 +129,20 @@ resource "local_file" "tectonic_rkt" {
 data "template_file" "tectonic_service" {
   template = "${file("${path.module}/resources/tectonic.service")}"
 }
+
+data "ignition_systemd_unit" "tectonic_service" {
+  name    = "tectonic.service"
+  enable  = false
+  content = "${data.template_file.tectonic_service.rendered}"
+}
+
+# tectonic.path (available as output variable)
+data "template_file" "tectonic_path" {
+  template = "${file("${path.module}/resources/tectonic.path")}"
+}
+
+data "ignition_systemd_unit" "tectonic_path" {
+  name    = "tectonic.path"
+  enable  = true
+  content = "${data.template_file.tectonic_path.rendered}"
+}

modules/tectonic/output.tf

@@ -19,10 +19,22 @@ output "id" {
   value = "${sha1("${template_dir.tectonic.id} ${local_file.tectonic.id}")}"
 }
 
-output "systemd_service" {
+output "systemd_service_rendered" {
   value = "${data.template_file.tectonic_service.rendered}"
 }
 
+output "systemd_service_id" {
+  value = "${data.ignition_systemd_unit.tectonic_service.id}"
+}
+
+output "systemd_path_unit_rendered" {
+  value = "${data.template_file.tectonic_path.rendered}"
+}
+
+output "systemd_path_unit_id" {
+  value = "${data.ignition_systemd_unit.tectonic_path.id}"
+}
+
 output "cluster_id" {
   value = "${format(
     "%s-%s-%s-%s-%s",

modules/tectonic/resources/tectonic.path

@@ -0,0 +1,7 @@
+[Unit]
+Description=Trigger for tectonic.service
+[Path]
+PathExists=/opt/tectonic/tectonic-rkt.sh
+Unit=tectonic.service
+[Install]
+WantedBy=multi-user.target

modules/vmware/node/ignition.tf

@@ -11,14 +11,16 @@ data "ignition_config" "node" {
     "${var.ign_kubelet_env_id}",
   ]
 
-  systemd = [
-    "${var.ign_docker_dropin_id}",
-    "${var.ign_locksmithd_service_id}",
-    "${var.ign_kubelet_service_id}",
-    "${var.ign_kubelet_env_service_id}",
-    "${data.ignition_systemd_unit.bootkube.id}",
-    "${data.ignition_systemd_unit.tectonic.id}",
-  ]
+  systemd = ["${compact(list(
+    var.ign_docker_dropin_id,
+    var.ign_locksmithd_service_id,
+    var.ign_kubelet_service_id,
+    var.ign_kubelet_env_service_id,
+    var.ign_bootkube_service_id,
+    var.ign_tectonic_service_id,
+    var.ign_bootkube_path_unit_id,
+    var.ign_tectonic_path_unit_id,
+   ))}"]
 
   networkd = [
     "${data.ignition_networkd_unit.vmnetwork.*.id[count.index]}",
@@ -30,17 +32,6 @@ data "ignition_user" "core" {
   ssh_authorized_keys = ["${var.core_public_keys}"]
 }
 
-data "ignition_systemd_unit" "bootkube" {
-  name    = "bootkube.service"
-  content = "${var.bootkube_service}"
-}
-
-data "ignition_systemd_unit" "tectonic" {
-  name    = "tectonic.service"
-  enable  = "${var.tectonic_service_disabled == 0 ? true : false}"
-  content = "${var.tectonic_service}"
-}
-
 data "ignition_networkd_unit" "vmnetwork" {
   count = "${var.instance_count}"
   name  = "00-ens192.network"

modules/vmware/node/variables.tf

@@ -2,11 +2,6 @@ variable "base_domain" {
   type = "string"
 }
 
-variable "bootkube_service" {
-  type        = "string"
-  description = "The content of the bootkube systemd service unit"
-}
-
 variable "container_images" {
   description = "Container images to use"
   type        = "map"
@@ -37,16 +32,6 @@ variable "private_key" {
   default     = ""
 }
 
-variable "tectonic_service" {
-  type        = "string"
-  description = "The content of the tectonic installer systemd service unit"
-}
-
-variable "tectonic_service_disabled" {
-  description = "Specifies whether the tectonic installer systemd unit will be disabled. If true, no tectonic assets will be deployed"
-  default     = false
-}
-
 variable "vmware_folder" {
   type        = "string"
   description = "Name of the VMware folder to create objects in"
@@ -120,4 +105,27 @@ variable "vmware_datacenter" {
 variable "ign_kubelet_env_service_id" {
   type        = "string"
   description = "The kubelet env service to use"
+  default     = ""
+}
+
+variable "ign_bootkube_service_id" {
+  type        = "string"
+  description = "The ID of the bootkube systemd service unit"
+  default     = ""
+}
+
+variable "ign_bootkube_path_unit_id" {
+  type    = "string"
+  default = ""
+}
+
+variable "ign_tectonic_service_id" {
+  type        = "string"
+  description = "The ID of the tectonic installer systemd service unit"
+  default     = ""
+}
+
+variable "ign_tectonic_path_unit_id" {
+  type    = "string"
+  default = ""
 }

platforms/aws/main.tf

@@ -102,7 +102,6 @@ module "masters" {
   assets_s3_location           = "${aws_s3_bucket_object.tectonic_assets.bucket}/${aws_s3_bucket_object.tectonic_assets.key}"
   autoscaling_group_extra_tags = "${var.tectonic_autoscaling_group_extra_tags}"
   base_domain                  = "${var.tectonic_base_domain}"
-  bootkube_service             = "${module.bootkube.systemd_service}"
   cl_channel                   = "${var.tectonic_cl_channel}"
   cluster_id                   = "${module.tectonic.cluster_id}"
   cluster_name                 = "${var.tectonic_cluster_name}"
@@ -124,15 +123,17 @@ module "masters" {
   root_volume_type             = "${var.tectonic_aws_master_root_volume_type}"
   ssh_key                      = "${var.tectonic_aws_ssh_key}"
   subnet_ids                   = "${module.vpc.master_subnet_ids}"
-  tectonic_service             = "${module.tectonic.systemd_service}"
-  tectonic_service_disabled    = "${var.tectonic_vanilla_k8s}"
 
+  ign_bootkube_path_unit_id     = "${module.bootkube.systemd_path_unit_id}"
+  ign_bootkube_service_id       = "${module.bootkube.systemd_service_id}"
   ign_docker_dropin_id          = "${module.ignition_masters.docker_dropin_id}"
   ign_kubelet_service_id        = "${module.ignition_masters.kubelet_service_id}"
   ign_locksmithd_service_id     = "${module.ignition_masters.locksmithd_service_id}"
   ign_max_user_watches_id       = "${module.ignition_masters.max_user_watches_id}"
   ign_s3_kubelet_env_service_id = "${module.ignition_masters.kubelet_env_service_id}"
   ign_s3_puller_id              = "${module.ignition_masters.s3_puller_id}"
+  ign_tectonic_path_unit_id     = "${var.tectonic_vanilla_k8s ? "" : module.tectonic.systemd_path_unit_id}"
+  ign_tectonic_service_id       = "${module.tectonic.systemd_service_id}"
 }
 
 module "ignition_workers" {

platforms/azure/main.tf

@@ -109,31 +109,31 @@ module "ignition_masters" {
 module "masters" {
   source = "../../modules/azure/master-as"
 
-  bootkube_service          = "${module.bootkube.systemd_service}"
-  cl_channel                = "${var.tectonic_cl_channel}"
-  cloud_provider_config     = "${jsonencode(data.null_data_source.cloud_provider.inputs)}"
-  cluster_id                = "${module.tectonic.cluster_id}"
-  cluster_name              = "${var.tectonic_cluster_name}"
-  extra_tags                = "${var.tectonic_azure_extra_tags}"
-  kubeconfig_content        = "${module.bootkube.kubeconfig}"
-  location                  = "${var.tectonic_azure_location}"
-  master_count              = "${var.tectonic_master_count}"
-  network_interface_ids     = "${module.vnet.master_network_interface_ids}"
-  public_ssh_key            = "${var.tectonic_azure_ssh_key}"
-  resource_group_name       = "${module.resource_group.name}"
-  storage_id                = "${module.resource_group.storage_id}"
-  storage_type              = "${var.tectonic_azure_master_storage_type}"
-  tectonic_service          = "${module.tectonic.systemd_service}"
-  tectonic_service_disabled = "${var.tectonic_vanilla_k8s}"
-  vm_size                   = "${var.tectonic_azure_master_vm_size}"
+  cl_channel            = "${var.tectonic_cl_channel}"
+  cloud_provider_config = "${jsonencode(data.null_data_source.cloud_provider.inputs)}"
+  cluster_id            = "${module.tectonic.cluster_id}"
+  cluster_name          = "${var.tectonic_cluster_name}"
+  extra_tags            = "${var.tectonic_azure_extra_tags}"
+  kubeconfig_content    = "${module.bootkube.kubeconfig}"
+  location              = "${var.tectonic_azure_location}"
+  master_count          = "${var.tectonic_master_count}"
+  network_interface_ids = "${module.vnet.master_network_interface_ids}"
+  public_ssh_key        = "${var.tectonic_azure_ssh_key}"
+  resource_group_name   = "${module.resource_group.name}"
+  storage_id            = "${module.resource_group.storage_id}"
+  storage_type          = "${var.tectonic_azure_master_storage_type}"
+  vm_size               = "${var.tectonic_azure_master_vm_size}"
 
   ign_azure_udev_rules_id   = "${module.ignition_masters.azure_udev_rules_id}"
-  ign_docker_dropin_id      = "${module.ignition_masters.docker_dropin_id}"
+  ign_bootkube_path_unit_id = "${module.bootkube.systemd_path_unit_id}"
+  ign_bootkube_service_id   = "${module.bootkube.systemd_service_id}"
   ign_docker_dropin_id      = "${module.ignition_masters.docker_dropin_id}"
   ign_kubelet_env_id        = "${module.ignition_masters.kubelet_env_id}"
   ign_kubelet_service_id    = "${module.ignition_masters.kubelet_service_id}"
   ign_locksmithd_service_id = "${module.ignition_masters.locksmithd_service_id}"
   ign_max_user_watches_id   = "${module.ignition_masters.max_user_watches_id}"
+  ign_tectonic_path_unit_id = "${var.tectonic_vanilla_k8s ? "" : module.tectonic.systemd_path_unit_id}"
+  ign_tectonic_service_id   = "${module.tectonic.systemd_service_id}"
   ign_tx_off_service_id     = "${module.ignition_masters.tx_off_service_id}"
 }
 

platforms/azure/tectonic.tf

@@ -122,7 +122,6 @@ resource "null_resource" "tectonic" {
       "sudo mkdir -p /opt",
       "sudo rm -rf /opt/tectonic",
       "sudo mv /home/core/tectonic /opt/",
-      "sudo systemctl start ${var.tectonic_vanilla_k8s ? "bootkube.service" : "tectonic.service"}",
     ]
   }
 }

platforms/metal/cl/bootkube-controller.yaml.tmpl

@@ -47,41 +47,19 @@ systemd:
     - name: kubelet.service
       enable: true
       contents: {{.ign_kubelet_service_json}}
+    - name: bootkube.path
+      enable: true
+      contents: {{.ign_bootkube_path_unit_json}}
     - name: bootkube.service
-      contents: |
-        [Unit]
-        Description=Bootstrap a Kubernetes cluster
-        ConditionPathExists=!/opt/tectonic/init_bootkube.done
-        Wants=kubelet.service
-        After=kubelet.service
-        [Service]
-        Type=oneshot
-        RemainAfterExit=true
-        WorkingDirectory=/opt/tectonic
-        User=root
-        Group=root
-        ExecStart=/usr/bin/bash /opt/tectonic/bootkube.sh
-        ExecStartPost=/bin/touch /opt/tectonic/init_bootkube.done
-        [Install]
-        WantedBy=multi-user.target
+      enable: false
+      contents: {{.ign_bootkube_service_json}}
 {{ if eq .exclude_tectonic "0" }}
+    - name: tectonic.path
+      enable: true
+      contents: {{.ign_tectonic_path_unit_json}}
     - name: tectonic.service
-      contents: |
-        [Unit]
-        Description=Bootstrap a Tectonic cluster
-        ConditionPathExists=!/opt/tectonic/init_tectonic.done
-        Requires=bootkube.service
-        After=bootkube.service
-        [Service]
-        Type=oneshot
-        RemainAfterExit=true
-        WorkingDirectory=/opt/tectonic
-        User=root
-        Group=root
-        ExecStart=/usr/bin/bash /opt/tectonic/tectonic-rkt.sh
-        ExecStartPost=/bin/touch /opt/tectonic/init_tectonic.done
-        [Install]
-        WantedBy=multi-user.target
+      enable: false
+      contents: {{.ign_tectonic_service_json}}
 {{end}}
 storage:
   files:

platforms/metal/matchers.tf

@@ -64,10 +64,14 @@ resource "matchbox_group" "controller" {
     kubelet_image_url = "${replace(var.tectonic_container_images["hyperkube"],var.tectonic_image_re,"$1")}"
     kubelet_image_tag = "${replace(var.tectonic_container_images["hyperkube"],var.tectonic_image_re,"$2")}"
 
-    ign_docker_dropin_json    = "${jsonencode(module.ignition_masters.docker_dropin_rendered)}"
-    ign_kubelet_env_json      = "${jsonencode(module.ignition_masters.kubelet_env_rendered)}"
-    ign_kubelet_service_json  = "${jsonencode(module.ignition_masters.kubelet_service_rendered)}"
-    ign_max_user_watches_json = "${jsonencode(module.ignition_masters.max_user_watches_rendered)}"
+    ign_bootkube_path_unit_json = "${jsonencode(module.bootkube.systemd_path_unit_rendered)}"
+    ign_bootkube_service_json   = "${jsonencode(module.bootkube.systemd_service_rendered)}"
+    ign_docker_dropin_json      = "${jsonencode(module.ignition_masters.docker_dropin_rendered)}"
+    ign_kubelet_env_json        = "${jsonencode(module.ignition_masters.kubelet_env_rendered)}"
+    ign_kubelet_service_json    = "${jsonencode(module.ignition_masters.kubelet_service_rendered)}"
+    ign_max_user_watches_json   = "${jsonencode(module.ignition_masters.max_user_watches_rendered)}"
+    ign_tectonic_path_unit_json = "${jsonencode(module.tectonic.systemd_path_unit_rendered)}"
+    ign_tectonic_service_json   = "${jsonencode(module.tectonic.systemd_service_rendered)}"
   }
 }
 

platforms/metal/remote.tf

@@ -94,7 +94,6 @@ resource "null_resource" "bootstrap" {
       "sudo mkdir -p /opt",
       "sudo rm -rf /opt/tectonic",
       "sudo mv /home/core/tectonic /opt/",
-      "sudo systemctl start ${var.tectonic_vanilla_k8s ? "bootkube" : "tectonic"}",
     ]
   }
 }

platforms/openstack/neutron/main.tf

@@ -136,20 +136,21 @@ search ${var.tectonic_base_domain}
 ${join("\n", formatlist("nameserver %s", var.tectonic_openstack_dns_nameservers))}
 EOF
 
-  bootkube_service          = "${module.bootkube.systemd_service}"
-  cluster_name              = "${var.tectonic_cluster_name}"
-  core_public_keys          = ["${module.secrets.core_public_key_openssh}"]
-  hostname_infix            = "master"
-  instance_count            = "${var.tectonic_master_count}"
-  kubeconfig_content        = "${module.bootkube.kubeconfig}"
-  tectonic_service          = "${module.tectonic.systemd_service}"
-  tectonic_service_disabled = "${var.tectonic_vanilla_k8s}"
+  cluster_name       = "${var.tectonic_cluster_name}"
+  core_public_keys   = ["${module.secrets.core_public_key_openssh}"]
+  hostname_infix     = "master"
+  instance_count     = "${var.tectonic_master_count}"
+  kubeconfig_content = "${module.bootkube.kubeconfig}"
 
+  ign_bootkube_path_unit_id = "${module.bootkube.systemd_path_unit_id}"
+  ign_bootkube_service_id   = "${module.bootkube.systemd_service_id}"
   ign_docker_dropin_id      = "${module.ignition_masters.docker_dropin_id}"
   ign_kubelet_env_id        = "${module.ignition_masters.kubelet_env_id}"
   ign_kubelet_service_id    = "${module.ignition_masters.kubelet_service_id}"
   ign_locksmithd_service_id = "${module.ignition_masters.locksmithd_service_id}"
   ign_max_user_watches_id   = "${module.ignition_masters.max_user_watches_id}"
+  ign_tectonic_path_unit_id = "${var.tectonic_vanilla_k8s ? "" : module.tectonic.systemd_path_unit_id}"
+  ign_tectonic_service_id   = "${module.tectonic.systemd_service_id}"
 }
 
 module "ignition_workers" {
@@ -171,14 +172,11 @@ search ${var.tectonic_base_domain}
 ${join("\n", formatlist("nameserver %s", var.tectonic_openstack_dns_nameservers))}
 EOF
 
-  bootkube_service          = ""
-  cluster_name              = "${var.tectonic_cluster_name}"
-  core_public_keys          = ["${module.secrets.core_public_key_openssh}"]
-  hostname_infix            = "worker"
-  instance_count            = "${var.tectonic_worker_count}"
-  kubeconfig_content        = "${module.bootkube.kubeconfig}"
-  tectonic_service          = ""
-  tectonic_service_disabled = "${var.tectonic_vanilla_k8s}"
+  cluster_name       = "${var.tectonic_cluster_name}"
+  core_public_keys   = ["${module.secrets.core_public_key_openssh}"]
+  hostname_infix     = "worker"
+  instance_count     = "${var.tectonic_worker_count}"
+  kubeconfig_content = "${module.bootkube.kubeconfig}"
 
   ign_docker_dropin_id      = "${module.ignition_workers.docker_dropin_id}"
   ign_kubelet_env_id        = "${module.ignition_masters.kubelet_env_id}"

platforms/openstack/neutron/nodes.tf

@@ -143,7 +143,6 @@ resource "null_resource" "tectonic" {
       "sudo mkdir -p /opt",
       "sudo rm -rf /opt/tectonic",
       "sudo mv /home/core/tectonic /opt/",
-      "sudo systemctl start ${var.tectonic_vanilla_k8s ? "bootkube.service" : "tectonic.service"}",
     ]
   }
 }

platforms/vmware/main.tf

@@ -53,10 +53,7 @@ module "masters" {
   ip_address       = "${var.tectonic_vmware_master_ip}"
   gateway          = "${var.tectonic_vmware_master_gateway}"
 
-  container_images          = "${var.tectonic_container_images}"
-  bootkube_service          = "${module.bootkube.systemd_service}"
-  tectonic_service          = "${module.tectonic.systemd_service}"
-  tectonic_service_disabled = "${var.tectonic_vanilla_k8s}"
+  container_images = "${var.tectonic_container_images}"
 
   vmware_datacenter       = "${var.tectonic_vmware_datacenter}"
   vmware_cluster          = "${var.tectonic_vmware_cluster}"
@@ -71,12 +68,16 @@ module "masters" {
   private_key             = "${var.tectonic_vmware_ssh_private_key_path}"
   image_re                = "${var.tectonic_image_re}"
 
+  ign_bootkube_path_unit_id  = "${module.bootkube.systemd_path_unit_id}"
+  ign_bootkube_service_id    = "${module.bootkube.systemd_service_id}"
   ign_docker_dropin_id       = "${module.ignition_masters.docker_dropin_id}"
   ign_kubelet_env_id         = "${module.ignition_masters.kubelet_env_id}"
   ign_kubelet_env_service_id = "${module.ignition_masters.kubelet_env_service_id}"
   ign_kubelet_service_id     = "${module.ignition_masters.kubelet_service_id}"
   ign_locksmithd_service_id  = "${module.ignition_masters.locksmithd_service_id}"
   ign_max_user_watches_id    = "${module.ignition_masters.max_user_watches_id}"
+  ign_tectonic_path_unit_id  = "${var.tectonic_vanilla_k8s ? "" : module.tectonic.systemd_path_unit_id}"
+  ign_tectonic_service_id    = "${module.tectonic.systemd_service_id}"
 }
 
 module "ignition_workers" {
@@ -101,8 +102,6 @@ module "workers" {
   gateway          = "${var.tectonic_vmware_worker_gateway}"
 
   container_images = "${var.tectonic_container_images}"
-  bootkube_service = ""
-  tectonic_service = ""
 
   vmware_datacenter       = "${var.tectonic_vmware_datacenter}"
   vmware_cluster          = "${var.tectonic_vmware_cluster}"

platforms/vmware/remote.tf

@@ -17,7 +17,6 @@ resource "null_resource" "bootstrap" {
       "sudo mkdir -p /opt",
       "sudo rm -rf /opt/tectonic",
       "sudo mv /home/core/tectonic /opt/",
-      "sudo systemctl start ${var.tectonic_vanilla_k8s ? "bootkube.service" : "tectonic.service"}",
     ]
   }
 }