Run a glean-early service to mount configdrive

Currently for the systemd/udev path, every device activated by udev
runs the "glean.sh" script, which attempts to mount the config drive
and set the ssh keys/hostname.

We should run an early service that mounts the config drive and does
this common setup.  Then each interface activated by udev only needs
to configure it's own network settings by calling the glean tool
directly.

This modifies things to run a glean-early.service, which does the
mounting, etc.  This runs the "glean-early.sh" script, which replaces
the no-longer necessary generic "glean.sh" script (an earlier change
moved legacy users depending on glean to iterate interfaces to use
"glean-legacy.sh").

Each of the udev-activated services is updated to depend on this early
configuration.  These now call "python-glean", which is our small
wrapper to call the glean python tool under the interpreter it was
installed with.

Change-Id: I4b36e99ff8ee10e0b855733d97ec4ee12f941c11

glean/init/glean-early.service

@@ -0,0 +1,16 @@
+[Unit]
+Description=Early glean execution
+Before=network-pre.target
+Wants=network-pre.target
+After=local-fs.target
+
+[Service]
+Type=oneshot
+User=root
+ExecStart=%%GLEANSH_PATH%%/glean-early.sh --debug
+RemainAfterExit=true
+
+StandardOutput=journal+console
+
+[Install]
+WantedBy=multi-user.target

glean/init/glean-early.sh

@@ -19,8 +19,12 @@ set -o pipefail
 
 PATH=/usr/local/bin:/bin:/sbin:/usr/bin:/usr/sbin
 
+# Try and mount the config-drive; if it exists, then update ssh keys
+# and hostname.  udev events will fire and run glean for each of the
+# available network interfaces.
+
 # python-glean is installed alongside us and runs glean (the python
-# tool that actually does stuff).
+# tool that acutally does stuff).
 _GLEAN_PATH=$(dirname "$0")
 
 # NOTE(mnaser): Depending on the cloud, it may have `vfat` config drive which
@@ -33,12 +37,6 @@ elif blkid -t LABEL="CONFIG-2" ; then
     CONFIG_DRIVE_LABEL="CONFIG-2"
 fi
 
-# If the config drive exists we update the ssh keys, hostname and network
-# interfaces. Otherwise we only update network interfaces with a dhcp
-# fallback.
-#
-# Note we want to run as few glean processes as possible to cut down on
-# runtime in resource constrained environments.
 if [ -n "$CONFIG_DRIVE_LABEL" ]; then
     # Mount config drive
     mkdir -p /mnt/config
@@ -51,7 +49,6 @@ if [ -n "$CONFIG_DRIVE_LABEL" ]; then
     else
         mount -o mode=0700 "${BLOCKDEV}" /mnt/config || true
     fi
-    $_GLEAN_PATH/python-glean --ssh --hostname $@
-else
-    $_GLEAN_PATH/python-glean $@
+    # Note networking is skipped here; udev rules will configure
+    exec $_GLEAN_PATH/python-glean --skip-network --ssh --hostname $@
 fi

glean/init/glean-networkd.service

@@ -1,12 +1,14 @@
 [Unit]
 Description=Glean system configuration
 Before=systemd-networkd.service
+After=glean-early.service
 Requires=systemd-networkd.service
+Wants=glean-early.service
 
 [Service]
 Type=oneshot
 User=root
-ExecStart=%%GLEANSH_PATH%%/glean.sh --distro networkd %%EXTRA_ARGS%%
+ExecStart=%%GLEANSH_PATH%%/python-glean --distro networkd %%EXTRA_ARGS%%
 RemainAfterExit=true
 
 [Install]

glean/init/glean-nm@.service

@@ -1,8 +1,8 @@
 [Unit]
 Description=Glean for interface %I with NetworkManager
 Before=network-pre.target
-Wants=network-pre.target
-After=local-fs.target
+Wants=network-pre.target glean-early.service
+After=local-fs.target glean-early.service
 
 # Red Hat
 ConditionPathExists=!/etc/sysconfig/network-scripts/ifcfg-%I
@@ -13,7 +13,7 @@ ConditionPathExists=!/etc/sysconfig/network/ifcfg-%I
 Type=oneshot
 User=root
 Environment="ARGS=--interface %I"
-ExecStart=%%GLEANSH_PATH%%/glean.sh --use-nm --debug $ARGS %%EXTRA_ARGS%%
+ExecStart=%%GLEANSH_PATH%%/python-glean --use-nm --debug %%EXTRA_ARGS%% $ARGS
 RemainAfterExit=true
 
 StandardOutput=journal+console

glean/init/glean@.service

@@ -2,7 +2,8 @@
 Description=Glean for interface %I
 DefaultDependencies=no
 Before=network-pre.target
-Wants=network-pre.target
+After = glean-early.service
+Wants=network-pre.target glean-early.service
 
 # Red Hat
 ConditionPathExists=!/etc/sysconfig/network-scripts/ifcfg-%I
@@ -15,7 +16,7 @@ ConditionPathExists=!/etc/network/interfaces.d/%I.cfg
 Type=oneshot
 User=root
 Environment="ARGS=--interface %I"
-ExecStartPre=%%GLEANSH_PATH%%/glean.sh ${ARGS} %%EXTRA_ARGS%%
+ExecStartPre=%%GLEANSH_PATH%%/python-glean %%EXTRA_ARGS%% ${ARGS}
 ExecStart=/sbin/ifup %I
 RemainAfterExit=true
 

glean/install.py

@@ -27,9 +27,6 @@ def _find_gleansh_path():
     # glean.sh is a script installed by setup.cfg as a sibling to this
     # script
     p = pkg_resources.resource_filename(__name__, "init")
-    if not os.path.exists(os.path.join(p, "glean.sh")):
-        log.error("Unable to find glean.sh!")
-        sys.exit(1)
     return p
 
 
@@ -132,6 +129,13 @@ def main():
         log.info("Installing systemd services")
         log.info("glean.sh in %s" % p)
 
+        log.info("Install early service")
+        install(
+            'glean-early.service',
+            '/usr/lib/systemd/system/glean-early.service',
+            mode='0644',
+            replacements={'GLEANSH_PATH': p})
+        subprocess.call(['systemctl', 'enable', 'glean-early.service'])
         if os.path.exists('/etc/gentoo-release'):
             install(
                 'glean-networkd.service',