Fix the python requirements. Add the ability to map in etcd client certs and ca.

Dockerfile.web

@@ -71,7 +71,7 @@ RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 # Run the tests
 RUN TEST=true venv/bin/python -m unittest discover
 
-VOLUME ["/conf/stack", "/var/log", "/datastorage", "/tmp"]
+VOLUME ["/conf/stack", "/var/log", "/datastorage", "/tmp", "/conf/etcd"]
 
 EXPOSE 443 80
 

buildman/manager/ephemeral.py

@@ -149,11 +149,14 @@ class EphemeralBuilderManager(BaseManager):
 
     etcd_host = self._manager_config.get('ETCD_HOST', '127.0.0.1')
     etcd_port = self._manager_config.get('ETCD_PORT', 2379)
+    etcd_auth = self._manager_config.get('ETCD_CERT_AND_KEY', None)
+    etcd_ca_cert = self._manager_config.get('ETCD_CA_CERT', None)
     logger.debug('Connecting to etcd on %s:%s', etcd_host, etcd_port)
 
     worker_threads = self._manager_config.get('ETCD_WORKER_THREADS', 5)
     self._async_thread_executor = ThreadPoolExecutor(worker_threads)
-    self._etcd_client = AsyncWrapper(self._etcd_client_klass(host=etcd_host, port=etcd_port),
+    self._etcd_client = AsyncWrapper(self._etcd_client_klass(host=etcd_host, port=etcd_port,
+                                                             cert=etcd_auth, ca_cert=etcd_ca_cert),
                                      executor=self._async_thread_executor)
 
     self._watch_etcd(ETCD_BUILDER_PREFIX, self._handle_builder_expiration)

buildman/manager/executor.py

@@ -53,22 +53,18 @@ class BuilderExecutor(object):
     return 'ws://{0}:'
 
   def generate_cloud_config(self, realm, token, coreos_channel, manager_hostname,
-                            quay_username=None, quay_password=None, etcd_token=None):
+                            quay_username=None, quay_password=None):
     if quay_username is None:
       quay_username = self.executor_config['QUAY_USERNAME']
 
     if quay_password is None:
       quay_password = self.executor_config['QUAY_PASSWORD']
 
-    if etcd_token is None:
-      etcd_token = self.executor_config['ETCD_DISCOVERY_TOKEN']
-
     return TEMPLATE.render(
         realm=realm,
         token=token,
         quay_username=quay_username,
         quay_password=quay_password,
-        etcd_token=etcd_token,
         manager_hostname=manager_hostname,
         coreos_channel=coreos_channel,
     )

buildman/templates/cloudconfig.yaml

@@ -13,12 +13,6 @@ coreos:
     reboot-strategy: off
     group: {{ coreos_channel }}
 
-  etcd:
-    discovery: https://discovery.etcd.io/{{ etcd_token }}
-    # multi-region and multi-cloud deployments need to use $public_ipv4
-    addr: $private_ipv4:4001
-    peer-addr: $private_ipv4:7001
-
   units:
     - name: quay-builder.service
       command: start

requirements-nover.txt

@@ -40,7 +40,7 @@ git+https://github.com/DevTable/aniso8601-fake.git
 git+https://github.com/DevTable/anunidecode.git
 git+https://github.com/DevTable/avatar-generator.git
 git+https://github.com/DevTable/pygithub.git
+git+https://github.com/jplana/python-etcd.git
 gipc
-python-etcd
 cachetools
 mock

requirements.txt

@@ -22,6 +22,7 @@ backports.ssl-match-hostname==3.4.0.2
 beautifulsoup4==4.3.2
 blinker==1.3
 boto==2.35.1
+cachetools==1.0.0
 docker-py==0.7.1
 ecdsa==0.11
 futures==2.2.0
@@ -35,6 +36,7 @@ itsdangerous==0.24
 jsonschema==2.4.0
 marisa-trie==0.7
 mixpanel-py==3.2.1
+mock==1.0.1
 paramiko==1.15.2
 peewee==2.4.5
 psycopg2==2.5.4
@@ -61,3 +63,4 @@ git+https://github.com/DevTable/anunidecode.git
 git+https://github.com/DevTable/avatar-generator.git
 git+https://github.com/DevTable/pygithub.git
 git+https://github.com/NateFerrero/oauth2lib.git
+git+https://github.com/jplana/python-etcd.git