[release/v1.1] Avoid second run for bootstrap script

deploy/osps/default/osp-amzn2.yaml

@@ -20,7 +20,7 @@ metadata:
 spec:
   osName: "amzn2"
   osVersion: "2.0"
-  version: "v1.0.3"
+  version: "v1.0.4"
   supportedCloudProviders:
     - name: "aws"
 
@@ -47,14 +47,27 @@ spec:
               #!/bin/bash
               set -xeuo pipefail
 
+              # Check if bootstrap phase has already completed. This is required when we run `cloud-init init` again since it tries to re-run
+              # the bootstrap cloud-config as well, from the userdata.
+              if [ -f /etc/bootstrap-complete ]; then
+                exit 0
+              fi
+
               yum install -y curl jq
 
               curl -s -k -v --header 'Authorization: Bearer {{ .Token }}' {{ .ServerURL }}/api/v1/namespaces/cloud-init-settings/secrets/{{ .SecretName }} | jq '.data["cloud-config"]' -r| base64 -d > /etc/cloud/cloud.cfg.d/{{ .SecretName }}.cfg
               cloud-init clean
               cloud-init --file /etc/cloud/cloud.cfg.d/{{ .SecretName }}.cfg init
               systemctl daemon-reload
-              systemctl restart setup.service
+
+              # cloud-init should only run on the first boot. From this point forward we don't need cloud-init anymore.
+              systemctl disable cloud-init
+              touch /etc/cloud/cloud-init.disabled
+              # Bootstrap phase for the machine is complete.
+              touch /etc/bootstrap-complete
               systemctl disable bootstrap.service
+              # Start provisioning phase for the machine.
+              systemctl restart setup.service
 
       - path: /etc/systemd/system/bootstrap.service
         permissions: 644

deploy/osps/default/osp-centos.yaml

@@ -20,7 +20,7 @@ metadata:
 spec:
   osName: "centos"
   osVersion: "7.7"
-  version: "v1.0.3"
+  version: "v1.0.4"
   supportedCloudProviders:
     - name: "alibaba"
     - name: "aws"
@@ -55,6 +55,13 @@ spec:
             data: |
               #!/bin/bash
               set -xeuo pipefail
+
+              # Check if bootstrap phase has already completed. This is required when we run `cloud-init init` again since it tries to re-run
+              # the bootstrap cloud-config as well, from the userdata.
+              if [ -f /etc/bootstrap-complete ]; then
+                exit 0
+              fi
+
               source /etc/os-release
               if [ "$ID" == "centos" ] && [ "$VERSION_ID" == "8" ]; then
                 sudo sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
@@ -68,8 +75,15 @@ spec:
               cloud-init --file /etc/cloud/cloud.cfg.d/{{ .SecretName }}.cfg init
 
               systemctl daemon-reload
-              systemctl restart setup.service
+
+              # cloud-init should only run on the first boot. From this point forward we don't need cloud-init anymore.
+              systemctl disable cloud-init
+              touch /etc/cloud/cloud-init.disabled
+              # Bootstrap phase for the machine is complete.
+              touch /etc/bootstrap-complete
               systemctl disable bootstrap.service
+              # Start provisioning phase for the machine.
+              systemctl restart setup.service
 
       - path: /etc/systemd/system/bootstrap.service
         permissions: 644

deploy/osps/default/osp-rhel.yaml

@@ -20,7 +20,7 @@ metadata:
 spec:
   osName: "rhel"
   osVersion: "8.5"
-  version: "v1.0.3"
+  version: "v1.0.4"
   supportedCloudProviders:
     - name: "aws"
     - name: "azure"
@@ -51,15 +51,28 @@ spec:
               #!/bin/bash
               set -xeuo pipefail
 
+              # Check if bootstrap phase has already completed. This is required when we run `cloud-init init` again since it tries to re-run
+              # the bootstrap cloud-config as well, from the userdata.
+              if [ -f /etc/bootstrap-complete ]; then
+                exit 0
+              fi
+
               yum install -y curl jq
 
               curl -s -k -v --header 'Authorization: Bearer {{ .Token }}' {{ .ServerURL }}/api/v1/namespaces/cloud-init-settings/secrets/{{ .SecretName }} | jq '.data["cloud-config"]' -r| base64 -d > /etc/cloud/cloud.cfg.d/{{ .SecretName }}.cfg
               cloud-init clean
               cloud-init --file /etc/cloud/cloud.cfg.d/{{ .SecretName }}.cfg init
 
               systemctl daemon-reload
-              systemctl restart setup.service
+
+              # cloud-init should only run on the first boot. From this point forward we don't need cloud-init anymore.
+              systemctl disable cloud-init
+              touch /etc/cloud/cloud-init.disabled
+              # Bootstrap phase for the machine is complete.
+              touch /etc/bootstrap-complete
               systemctl disable bootstrap.service
+              # Start provisioning phase for the machine.
+              systemctl restart setup.service
 
       - path: /etc/systemd/system/bootstrap.service
         permissions: 644

deploy/osps/default/osp-rockylinux.yaml

@@ -20,7 +20,7 @@ metadata:
 spec:
   osName: "rockylinux"
   osVersion: "8.6"
-  version: "v1.0.3"
+  version: "v1.0.4"
   supportedCloudProviders:
     - name: "aws"
     - name: "azure"
@@ -54,15 +54,28 @@ spec:
               #!/bin/bash
               set -xeuo pipefail
 
+              # Check if bootstrap phase has already completed. This is required when we run `cloud-init init` again since it tries to re-run
+              # the bootstrap cloud-config as well, from the userdata.
+              if [ -f /etc/bootstrap-complete ]; then
+                exit 0
+              fi
+
               yum install -y curl jq
 
               curl -s -k -v --header 'Authorization: Bearer {{ .Token }}' {{ .ServerURL }}/api/v1/namespaces/cloud-init-settings/secrets/{{ .SecretName }} | jq '.data["cloud-config"]' -r| base64 -d > /etc/cloud/cloud.cfg.d/{{ .SecretName }}.cfg
               cloud-init clean
               cloud-init --file /etc/cloud/cloud.cfg.d/{{ .SecretName }}.cfg init
 
               systemctl daemon-reload
-              systemctl restart setup.service
+
+              # cloud-init should only run on the first boot. From this point forward we don't need cloud-init anymore.
+              systemctl disable cloud-init
+              touch /etc/cloud/cloud-init.disabled
+              # Bootstrap phase for the machine is complete.
+              touch /etc/bootstrap-complete
               systemctl disable bootstrap.service
+              # Start provisioning phase for the machine.
+              systemctl restart setup.service
 
       - path: /etc/systemd/system/bootstrap.service
         permissions: 644

deploy/osps/default/osp-sles.yaml

@@ -20,7 +20,7 @@ metadata:
 spec:
   osName: sles
   osVersion: "15-SP-1"
-  version: "v1.0.3"
+  version: "v1.0.4"
   supportedCloudProviders:
     - name: "aws"
 
@@ -47,6 +47,12 @@ spec:
               #!/bin/bash
               set -xeuo pipefail
 
+              # Check if bootstrap phase has already completed. This is required when we run `cloud-init init` again since it tries to re-run
+              # the bootstrap cloud-config as well, from the userdata.
+              if [ -f /etc/bootstrap-complete ]; then
+                exit 0
+              fi
+
               # Install JQ
               zypper -n --quiet addrepo -C https://download.opensuse.org/repositories/utilities/openSUSE_Leap_15.3/utilities.repo
               zypper -n --no-gpg-checks refresh
@@ -60,8 +66,15 @@ spec:
               cloud-init --file /etc/cloud/cloud.cfg.d/{{ .SecretName }}.cfg init
 
               systemctl daemon-reload
-              systemctl restart setup.service
+
+              # cloud-init should only run on the first boot. From this point forward we don't need cloud-init anymore.
+              systemctl disable cloud-init
+              touch /etc/cloud/cloud-init.disabled
+              # Bootstrap phase for the machine is complete.
+              touch /etc/bootstrap-complete
               systemctl disable bootstrap.service
+              # Start provisioning phase for the machine.
+              systemctl restart setup.service
 
       - path: /etc/systemd/system/bootstrap.service
         permissions: 644

deploy/osps/default/osp-ubuntu.yaml

@@ -20,7 +20,7 @@ metadata:
 spec:
   osName: "ubuntu"
   osVersion: "20.04"
-  version: "v1.0.3"
+  version: "v1.0.4"
   supportedCloudProviders:
     - name: "alibaba"
     - name: "aws"
@@ -58,6 +58,12 @@ spec:
               #!/bin/bash
               set -xeuo pipefail
 
+              # Check if bootstrap phase has already completed. This is required when we run `cloud-init init` again since it tries to re-run
+              # the bootstrap cloud-config as well, from the userdata.
+              if [ -f /etc/bootstrap-complete ]; then
+                exit 0
+              fi
+
               export DEBIAN_FRONTEND=noninteractive
               apt update && apt install -y curl jq
               curl -s -k -v --header 'Authorization: Bearer {{ .Token }}'	{{ .ServerURL }}/api/v1/namespaces/cloud-init-settings/secrets/{{ .SecretName }} | jq '.data["cloud-config"]' -r| base64 -d > /etc/cloud/cloud.cfg.d/{{ .SecretName }}.cfg
@@ -78,8 +84,15 @@ spec:
               {{- end }}
 
               systemctl daemon-reload
-              systemctl restart setup.service
+
+              # cloud-init should only run on the first boot. From this point forward we don't need cloud-init anymore.
+              systemctl disable cloud-init
+              touch /etc/cloud/cloud-init.disabled
+              # Bootstrap phase for the machine is complete.
+              touch /etc/bootstrap-complete
               systemctl disable bootstrap.service
+              # Start provisioning phase for the machine.
+              systemctl restart setup.service
 
       - path: /etc/systemd/system/bootstrap.service
         permissions: 644

pkg/controllers/osc/testdata/osc-kubelet-configuration-containerd.yaml

@@ -23,13 +23,20 @@ spec:
       permissions: 755
     - content:
         inline:
-          data: "#!/bin/bash\nset -xeuo pipefail\n\nexport DEBIAN_FRONTEND=noninteractive\napt
-            update && apt install -y curl jq\ncurl -s -k -v --header 'Authorization:
-            Bearer top-secret'\thttps://foo.bar:6443/api/v1/namespaces/cloud-init-settings/secrets/kubelet-configuration-kube-system-provisioning-config
+          data: "#!/bin/bash\nset -xeuo pipefail\n\n# Check if bootstrap phase has
+            already completed. This is required when we run `cloud-init init` again
+            since it tries to re-run\n# the bootstrap cloud-config as well, from the
+            userdata.\nif [ -f /etc/bootstrap-complete ]; then\n  exit 0\nfi\n\nexport
+            DEBIAN_FRONTEND=noninteractive\napt update && apt install -y curl jq\ncurl
+            -s -k -v --header 'Authorization: Bearer top-secret'\thttps://foo.bar:6443/api/v1/namespaces/cloud-init-settings/secrets/kubelet-configuration-kube-system-provisioning-config
             | jq '.data[\"cloud-config\"]' -r| base64 -d > /etc/cloud/cloud.cfg.d/kubelet-configuration-kube-system-provisioning-config.cfg\ncloud-init
             clean\n\ncloud-init --file /etc/cloud/cloud.cfg.d/kubelet-configuration-kube-system-provisioning-config.cfg
-            init\nsystemctl daemon-reload\n\nsystemctl daemon-reload\nsystemctl restart
-            setup.service\nsystemctl disable bootstrap.service\n"
+            init\nsystemctl daemon-reload\n\nsystemctl daemon-reload\n\n# cloud-init
+            should only run on the first boot. From this point forward we don't need
+            cloud-init anymore.\nsystemctl disable cloud-init\ntouch /etc/cloud/cloud-init.disabled\n#
+            Bootstrap phase for the machine is complete.\ntouch /etc/bootstrap-complete\nsystemctl
+            disable bootstrap.service\n# Start provisioning phase for the machine.\nsystemctl
+            restart setup.service\n"
           encoding: b64
       path: /opt/bin/bootstrap
       permissions: 755

pkg/controllers/osc/testdata/osc-kubelet-configuration-docker.yaml

@@ -23,13 +23,20 @@ spec:
       permissions: 755
     - content:
         inline:
-          data: "#!/bin/bash\nset -xeuo pipefail\n\nexport DEBIAN_FRONTEND=noninteractive\napt
-            update && apt install -y curl jq\ncurl -s -k -v --header 'Authorization:
-            Bearer top-secret'\thttps://foo.bar:6443/api/v1/namespaces/cloud-init-settings/secrets/kubelet-configuration-kube-system-provisioning-config
+          data: "#!/bin/bash\nset -xeuo pipefail\n\n# Check if bootstrap phase has
+            already completed. This is required when we run `cloud-init init` again
+            since it tries to re-run\n# the bootstrap cloud-config as well, from the
+            userdata.\nif [ -f /etc/bootstrap-complete ]; then\n  exit 0\nfi\n\nexport
+            DEBIAN_FRONTEND=noninteractive\napt update && apt install -y curl jq\ncurl
+            -s -k -v --header 'Authorization: Bearer top-secret'\thttps://foo.bar:6443/api/v1/namespaces/cloud-init-settings/secrets/kubelet-configuration-kube-system-provisioning-config
             | jq '.data[\"cloud-config\"]' -r| base64 -d > /etc/cloud/cloud.cfg.d/kubelet-configuration-kube-system-provisioning-config.cfg\ncloud-init
             clean\n\ncloud-init --file /etc/cloud/cloud.cfg.d/kubelet-configuration-kube-system-provisioning-config.cfg
-            init\nsystemctl daemon-reload\n\nsystemctl daemon-reload\nsystemctl restart
-            setup.service\nsystemctl disable bootstrap.service\n"
+            init\nsystemctl daemon-reload\n\nsystemctl daemon-reload\n\n# cloud-init
+            should only run on the first boot. From this point forward we don't need
+            cloud-init anymore.\nsystemctl disable cloud-init\ntouch /etc/cloud/cloud-init.disabled\n#
+            Bootstrap phase for the machine is complete.\ntouch /etc/bootstrap-complete\nsystemctl
+            disable bootstrap.service\n# Start provisioning phase for the machine.\nsystemctl
+            restart setup.service\n"
           encoding: b64
       path: /opt/bin/bootstrap
       permissions: 755

pkg/controllers/osc/testdata/osc-rhel-8.x-azure-containerd.yaml

@@ -27,15 +27,28 @@ spec:
             #!/bin/bash
             set -xeuo pipefail
 
+            # Check if bootstrap phase has already completed. This is required when we run `cloud-init init` again since it tries to re-run
+            # the bootstrap cloud-config as well, from the userdata.
+            if [ -f /etc/bootstrap-complete ]; then
+              exit 0
+            fi
+
             yum install -y curl jq
 
             curl -s -k -v --header 'Authorization: Bearer top-secret' https://foo.bar:6443/api/v1/namespaces/cloud-init-settings/secrets/osp-rhel-azure-kube-system-provisioning-config | jq '.data["cloud-config"]' -r| base64 -d > /etc/cloud/cloud.cfg.d/osp-rhel-azure-kube-system-provisioning-config.cfg
             cloud-init clean
             cloud-init --file /etc/cloud/cloud.cfg.d/osp-rhel-azure-kube-system-provisioning-config.cfg init
 
             systemctl daemon-reload
-            systemctl restart setup.service
+
+            # cloud-init should only run on the first boot. From this point forward we don't need cloud-init anymore.
+            systemctl disable cloud-init
+            touch /etc/cloud/cloud-init.disabled
+            # Bootstrap phase for the machine is complete.
+            touch /etc/bootstrap-complete
             systemctl disable bootstrap.service
+            # Start provisioning phase for the machine.
+            systemctl restart setup.service
           encoding: b64
       path: /opt/bin/bootstrap
       permissions: 755

pkg/controllers/osc/testdata/osc-ubuntu-aws-containerd.yaml

@@ -23,13 +23,20 @@ spec:
       permissions: 755
     - content:
         inline:
-          data: "#!/bin/bash\nset -xeuo pipefail\n\nexport DEBIAN_FRONTEND=noninteractive\napt
-            update && apt install -y curl jq\ncurl -s -k -v --header 'Authorization:
-            Bearer top-secret'\thttps://foo.bar:6443/api/v1/namespaces/cloud-init-settings/secrets/ubuntu-aws-kube-system-provisioning-config
+          data: "#!/bin/bash\nset -xeuo pipefail\n\n# Check if bootstrap phase has
+            already completed. This is required when we run `cloud-init init` again
+            since it tries to re-run\n# the bootstrap cloud-config as well, from the
+            userdata.\nif [ -f /etc/bootstrap-complete ]; then\n  exit 0\nfi\n\nexport
+            DEBIAN_FRONTEND=noninteractive\napt update && apt install -y curl jq\ncurl
+            -s -k -v --header 'Authorization: Bearer top-secret'\thttps://foo.bar:6443/api/v1/namespaces/cloud-init-settings/secrets/ubuntu-aws-kube-system-provisioning-config
             | jq '.data[\"cloud-config\"]' -r| base64 -d > /etc/cloud/cloud.cfg.d/ubuntu-aws-kube-system-provisioning-config.cfg\ncloud-init
             clean\n\ncloud-init --file /etc/cloud/cloud.cfg.d/ubuntu-aws-kube-system-provisioning-config.cfg
-            init\nsystemctl daemon-reload\n\nsystemctl daemon-reload\nsystemctl restart
-            setup.service\nsystemctl disable bootstrap.service\n"
+            init\nsystemctl daemon-reload\n\nsystemctl daemon-reload\n\n# cloud-init
+            should only run on the first boot. From this point forward we don't need
+            cloud-init anymore.\nsystemctl disable cloud-init\ntouch /etc/cloud/cloud-init.disabled\n#
+            Bootstrap phase for the machine is complete.\ntouch /etc/bootstrap-complete\nsystemctl
+            disable bootstrap.service\n# Start provisioning phase for the machine.\nsystemctl
+            restart setup.service\n"
           encoding: b64
       path: /opt/bin/bootstrap
       permissions: 755

pkg/controllers/osc/testdata/osc-ubuntu-aws-docker.yaml

@@ -23,13 +23,20 @@ spec:
       permissions: 755
     - content:
         inline:
-          data: "#!/bin/bash\nset -xeuo pipefail\n\nexport DEBIAN_FRONTEND=noninteractive\napt
-            update && apt install -y curl jq\ncurl -s -k -v --header 'Authorization:
-            Bearer top-secret'\thttps://foo.bar:6443/api/v1/namespaces/cloud-init-settings/secrets/ubuntu-aws-kube-system-provisioning-config
+          data: "#!/bin/bash\nset -xeuo pipefail\n\n# Check if bootstrap phase has
+            already completed. This is required when we run `cloud-init init` again
+            since it tries to re-run\n# the bootstrap cloud-config as well, from the
+            userdata.\nif [ -f /etc/bootstrap-complete ]; then\n  exit 0\nfi\n\nexport
+            DEBIAN_FRONTEND=noninteractive\napt update && apt install -y curl jq\ncurl
+            -s -k -v --header 'Authorization: Bearer top-secret'\thttps://foo.bar:6443/api/v1/namespaces/cloud-init-settings/secrets/ubuntu-aws-kube-system-provisioning-config
             | jq '.data[\"cloud-config\"]' -r| base64 -d > /etc/cloud/cloud.cfg.d/ubuntu-aws-kube-system-provisioning-config.cfg\ncloud-init
             clean\n\ncloud-init --file /etc/cloud/cloud.cfg.d/ubuntu-aws-kube-system-provisioning-config.cfg
-            init\nsystemctl daemon-reload\n\nsystemctl daemon-reload\nsystemctl restart
-            setup.service\nsystemctl disable bootstrap.service\n"
+            init\nsystemctl daemon-reload\n\nsystemctl daemon-reload\n\n# cloud-init
+            should only run on the first boot. From this point forward we don't need
+            cloud-init anymore.\nsystemctl disable cloud-init\ntouch /etc/cloud/cloud-init.disabled\n#
+            Bootstrap phase for the machine is complete.\ntouch /etc/bootstrap-complete\nsystemctl
+            disable bootstrap.service\n# Start provisioning phase for the machine.\nsystemctl
+            restart setup.service\n"
           encoding: b64
       path: /opt/bin/bootstrap
       permissions: 755