From 35fddb2318cdeeb674dc5b969c623a9d07694408 Mon Sep 17 00:00:00 2001
From: imo-ininder <tony840622@gmail.com>
Date: Fri, 20 Oct 2023 15:53:12 +0800
Subject: [PATCH] FEAUTRE: replace docker to nerdctl

---
 main.tf                                  |  6 +++---
 nertctl.tf                               | 27 ++++++++++++++++++++++++
 outputs.tf                               |  5 ++++-
 scripts/etcd-metrics-proxy-wrapper.sh    |  4 ++--
 scripts/etcd-wrapper.sh                  |  6 +++---
 scripts/init-nerdctl.sh                  |  8 +++++++
 templates/etcd-metrics-proxy.service.tpl |  5 +++--
 templates/etcd.service.tpl               |  5 +++--
 templates/init-nerdctl.service.tpl       | 18 ++++++++++++++++
 variables.tf                             |  9 ++++++++
 variables_defaults.tf                    |  9 ++++++++
 11 files changed, 89 insertions(+), 13 deletions(-)
 create mode 100644 nertctl.tf
 create mode 100644 scripts/init-nerdctl.sh
 create mode 100644 templates/init-nerdctl.service.tpl

diff --git a/main.tf b/main.tf
index 484c16f..794e516 100644
--- a/main.tf
+++ b/main.tf
@@ -42,9 +42,9 @@ data "ignition_systemd_unit" "etcd_service" {
 }
 
 data "ignition_file" "etcd_metrics_proxy_wrapper_sh" {
-  overwrite   = true
-  path       = "/opt/etcd/bin/etcd-metrics-proxy-wrapper"
-  mode       = 500
+  overwrite = true
+  path      = "/opt/etcd/bin/etcd-metrics-proxy-wrapper"
+  mode      = 500
 
   content {
     content = file("${path.module}/scripts/etcd-metrics-proxy-wrapper.sh")
diff --git a/nertctl.tf b/nertctl.tf
new file mode 100644
index 0000000..f7356e9
--- /dev/null
+++ b/nertctl.tf
@@ -0,0 +1,27 @@
+
+data "ignition_file" "init_nerdctl" {
+  overwrite = true
+  path      = "/opt/bin/init-nerdctl"
+  mode      = 500
+
+  content {
+    content = file("${path.module}/scripts/init-nerdctl.sh")
+  }
+}
+
+data "ignition_systemd_unit" "init_nerdctl" {
+  name    = "init-nerdctl.service"
+  enabled = true
+  content = templatefile("${path.module}/templates/init-nerdctl.service.tpl", {})
+}
+
+data "ignition_file" "nerdctl" {
+  path      = "/opt/bin/nerdctl.tar.gz"
+  mode      = 500
+  overwrite = true
+
+  source {
+    source       = local.binaries["nerdctl"].source
+    verification = local.binaries["nerdctl"].checksum
+  }
+}
\ No newline at end of file
diff --git a/outputs.tf b/outputs.tf
index 7e5e6f1..b890b01 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -2,6 +2,7 @@ output "systemd_units" {
   value = concat([
     data.ignition_systemd_unit.etcd_service.rendered,
     data.ignition_systemd_unit.etcd_data_mount.rendered,
+    data.ignition_systemd_unit.init_nerdctl.rendered,
     ],
     var.enable_metrics_proxy ? [
       data.ignition_systemd_unit.etcd_metrics_proxy_service.rendered
@@ -19,7 +20,9 @@ output "files" {
     data.ignition_file.etcd_server_cert.rendered,
     data.ignition_file.etcd_server_key.rendered,
     data.ignition_file.etcd_peer_cert.rendered,
-    data.ignition_file.etcd_peer_key.rendered
+    data.ignition_file.etcd_peer_key.rendered,
+    data.ignition_file.init_nerdctl.rendered,
+    data.ignition_file.nerdctl.rendered,
     ],
     var.enable_metrics_proxy ? [
       data.ignition_file.etcd_metrics_proxy_wrapper_sh.rendered
diff --git a/scripts/etcd-metrics-proxy-wrapper.sh b/scripts/etcd-metrics-proxy-wrapper.sh
index 1867c53..ae5af4c 100644
--- a/scripts/etcd-metrics-proxy-wrapper.sh
+++ b/scripts/etcd-metrics-proxy-wrapper.sh
@@ -32,9 +32,9 @@ fi
 
 DOCKER_RUN_ARGS="${DOCKER_RUN_ARGS} ${DOCKER_OPTS}"
 
-DOCKER="${DOCKER:-/usr/bin/docker}"
+NERDCTL="${NERDCTL:-/opt/bin/nerdctl}"
 set -x
-exec ${DOCKER} run \
+exec ${NERDCTL} run \
   -v ${ETCD_CERT_PATH}:${ETCD_CERT_PATH}:ro \
   --env-file=/etc/etcd/config.env \
   --net=host \
diff --git a/scripts/etcd-wrapper.sh b/scripts/etcd-wrapper.sh
index 9d0f828..6432941 100644
--- a/scripts/etcd-wrapper.sh
+++ b/scripts/etcd-wrapper.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# Wrapper for launching etcd via docker.
+# Wrapper for launching etcd via nerdctl.
 
 set -e
 
@@ -60,9 +60,9 @@ fi
 
 DOCKER_RUN_ARGS="${DOCKER_RUN_ARGS} ${DOCKER_OPTS}"
 
-DOCKER="${DOCKER:-/usr/bin/docker}"
+NERDCTL="${NERDCTL:-/opt/bin/nerdctl}"
 set -x
-exec ${DOCKER} run \
+exec ${NERDCTL} run \
   -v ${ETCD_DATA_DIR}:${ETCD_DATA_DIR}:rw \
   -v /etc/ssl/certs:/etc/ssl/certs:ro \
   -v ${ETCD_CERT_PATH}:${ETCD_CERT_PATH}:rw \
diff --git a/scripts/init-nerdctl.sh b/scripts/init-nerdctl.sh
new file mode 100644
index 0000000..2793413
--- /dev/null
+++ b/scripts/init-nerdctl.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+# Wrapper script for initing nerdctl.
+
+set -eu
+
+NERDCTL_BIN_PATH=${NERDCTL_BIN_PATH:="/opt/bin"}
+mkdir -p ${NERDCTL_BIN_PATH}
+sudo tar -xvf /opt/bin/nerdctl.tar.gz -C ${NERDCTL_BIN_PATH}
\ No newline at end of file
diff --git a/templates/etcd-metrics-proxy.service.tpl b/templates/etcd-metrics-proxy.service.tpl
index dfe0b6e..f8bbb4e 100644
--- a/templates/etcd-metrics-proxy.service.tpl
+++ b/templates/etcd-metrics-proxy.service.tpl
@@ -1,13 +1,14 @@
 [Unit]
 Description=etcd-metrics-proxy service
+After=init-nerdctl.service
 Requires=network-online.target
 
 [Service]
 Environment="PATH=/opt/bin:/opt/etcd/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin"
 EnvironmentFile=/etc/etcd/config.env
-ExecStartPre=-/usr/bin/docker rm -f etcd-metrics-proxy
+ExecStartPre=-/opt/bin/nerdctl rm -f etcd-metrics-proxy
 ExecStart=/opt/etcd/bin/etcd-metrics-proxy-wrapper
-ExecStop=-/usr/bin/docker stop etcd-metrics-proxy
+ExecStop=-/opt/bin/nerdctl stop etcd-metrics-proxy
 
 Restart=always
 RestartSec=10
diff --git a/templates/etcd.service.tpl b/templates/etcd.service.tpl
index 234b791..aaec631 100644
--- a/templates/etcd.service.tpl
+++ b/templates/etcd.service.tpl
@@ -1,13 +1,14 @@
 [Unit]
 Description=etcd service
+After=init-nerdctl.service
 Requires=network-online.target
 
 [Service]
 Environment="PATH=/opt/bin:/opt/etcd/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin"
 EnvironmentFile=/etc/etcd/config.env
-ExecStartPre=-/usr/bin/docker rm -f etcd
+ExecStartPre=-/opt/bin/nerdctl rm -f etcd
 ExecStart=/opt/etcd/bin/etcd-wrapper
-ExecStop=-/usr/bin/docker stop etcd
+ExecStop=-/opt/bin/nerdctl stop etcd
 
 Restart=always
 RestartSec=10
diff --git a/templates/init-nerdctl.service.tpl b/templates/init-nerdctl.service.tpl
new file mode 100644
index 0000000..48e5bd1
--- /dev/null
+++ b/templates/init-nerdctl.service.tpl
@@ -0,0 +1,18 @@
+[Unit]
+Description=init nerdctl service
+ConditionPathExists = !/opt/bin/init-configs.done
+Requires=network-online.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=true
+
+User=root
+Group=root
+
+Environment="PATH=/opt/bin:/opt/etcd/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin"
+ExecStart=/opt/bin/init-nerdctl
+ExecStartPost=/bin/touch /opt/bin/init-configs.done
+
+[Install]
+WantedBy=multi-user.target
\ No newline at end of file
diff --git a/variables.tf b/variables.tf
index 9f89971..372f997 100644
--- a/variables.tf
+++ b/variables.tf
@@ -12,6 +12,15 @@ variable "containers" {
   default = {}
 }
 
+variable "binaries" {
+  description = "Desired addon binaries url and checksum."
+  type = map(object({
+    source   = string
+    checksum = string
+  }))
+  default = {}
+}
+
 variable "cloud_provider" {
   description = "The name of public cloud."
   type        = string
diff --git a/variables_defaults.tf b/variables_defaults.tf
index 9502f8d..90293bd 100644
--- a/variables_defaults.tf
+++ b/variables_defaults.tf
@@ -13,4 +13,13 @@ locals {
   extra_flags = merge({
     "log-level" = var.log_level
   }, var.extra_flags)
+
+  binaries = merge(
+    {
+      nerdctl = {
+        source   = "https://github.com/containerd/nerdctl/releases/download/v1.6.0/nerdctl-1.6.0-linux-amd64.tar.gz"
+        checksum = "sha512-89dcba32badfd1481d88cd5f4179ff99348578af5004a7e96daa05101e99ba7448685596692ada3186f718ffd1166768ac6a22e041c5887e416e6dc7fda97f24"
+      }
+  }, var.binaries)
+
 }