From 60a1309be22e811369936304bb799593069f82a7 Mon Sep 17 00:00:00 2001 From: Jay Faulkner Date: Fri, 25 Apr 2014 13:39:13 -0700 Subject: [PATCH] Use systemd-nspawn instead of docker for image Using systemd-nspawn gives us more flexibility in what hardware the agent can see. With this setup, the network is not virtualized, and the /dev inside the container looks nearly identical to the one in the host. Also added RestartSec=30s to the unit file because without this, systemd will respawn the agent every 100ms if it dies (say, because DHCP hasn't completed yet). Since it retries a max of 5 times per 60s, unless the restart value is set higher it will be marked 'failed' forever and not retry. Adding this prevents that. Change-Id: Ic64ab4b0824595683e5428464512594dd90eed83 --- imagebuild/coreos/coreos-oem-inject.py | 2 +- imagebuild/coreos/oem/run.sh | 9 ++------- imagebuild/coreos/oem/system/ironic-python-agent.service | 3 ++- 3 files changed, 5 insertions(+), 9 deletions(-) diff --git a/imagebuild/coreos/coreos-oem-inject.py b/imagebuild/coreos/coreos-oem-inject.py index d19aa879b..0baf7399a 100755 --- a/imagebuild/coreos/coreos-oem-inject.py +++ b/imagebuild/coreos/coreos-oem-inject.py @@ -8,7 +8,7 @@ import tempfile import shutil from plumbum import local, cmd -COREOS_VERSION="197.0.0" +COREOS_VERSION="250.0.0" COREOS_ARCH="amd64-generic" COREOS_BASE_URL="http://storage.core-os.net/coreos/{}/{}".format(COREOS_ARCH, COREOS_VERSION) diff --git a/imagebuild/coreos/oem/run.sh b/imagebuild/coreos/oem/run.sh index 914a4a3f1..36e3e5c18 100755 --- a/imagebuild/coreos/oem/run.sh +++ b/imagebuild/coreos/oem/run.sh @@ -20,13 +20,8 @@ fi chown -R core:core /home/core/.ssh/ -# We have to wait until docker is started to proceed -# In a perfect world I'd use inotifywait, but that doesn't exist on coreos -while [ ! -e /var/run/docker.sock ]; do - sleep 1; -done - -docker import - oemdocker:latest < container.tar.gz +mkdir -p /media/state/ironic-python-agent +tar -x -C /media/state/ironic-python-agent -f container.tar.gz systemctl enable --runtime /usr/share/oem/system/* systemctl start ironic-python-agent.service diff --git a/imagebuild/coreos/oem/system/ironic-python-agent.service b/imagebuild/coreos/oem/system/ironic-python-agent.service index 355fa9b4d..f04845aec 100644 --- a/imagebuild/coreos/oem/system/ironic-python-agent.service +++ b/imagebuild/coreos/oem/system/ironic-python-agent.service @@ -1,6 +1,7 @@ [Service] -ExecStart=/usr/bin/docker run -p 9999:9999 -privileged=true -v=/sys:/mnt/sys oemdocker /usr/local/bin/ironic-python-agent +ExecStart=/usr/bin/systemd-nspawn -D /media/state/ironic-python-agent --share-system --capability=all --machine=ironic_python_agent --bind=/dev:/dev --bind=/dev/pts:/dev/pts --bind=/usr/share/oem:/mnt --user=root --keep-unit /usr/local/bin/ironic-python-agent Restart=always +RestartSec=30s [Install] WantedBy=oem.target