From f426f5c67a22d9eedd941b6033e24cf2cb25f61a Mon Sep 17 00:00:00 2001
From: Gleb Aronsky <gleb.aronsky@windriver.com>
Date: Mon, 18 Sep 2023 05:17:53 -0700
Subject: [PATCH] Update kubelet system overrides on unlock

Add logic to the platform::kubernetes::configuration method
to generate the kubelet's systemd override file. This
change ensures the file is generated every time a host is
unlocked. This facilitates delivery of systemd service changes
via patches to existing installs.

This change is needed by bug 2027810 to ensure that the
orphan volume cleanup script is executed as part of the systemd
ExecStartPre kubelet service override.

This bug is an update for the this reverted commit:
https://review.opendev.org/c/starlingx/stx-puppet/+/895364

Test Plan:

Pass:  - Update the kube-stx-override.conf.erb file
       - Lock the AIO-SX host
       - Unlock the AIO-SX host
       - Verify that kube-stx-override.conf has been updated
       - Verify AIO-SX fresh install
       - Verify Standard Duplex lock/unlock and
         verify that kube-stx-override.conf has been updated
       - Verify Standard Duplex Install

Partial-Bug: 2027810
Change-Id: I4e47bce634c21396acb2e5f1540cac0be3ed34ec
Signed-off-by: Gleb Aronsky <gleb.aronsky@windriver.com>
---
 .../src/modules/platform/manifests/kubernetes.pp         | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/puppet-manifests/src/modules/platform/manifests/kubernetes.pp b/puppet-manifests/src/modules/platform/manifests/kubernetes.pp
index a0a0b8125..d8045dc03 100644
--- a/puppet-manifests/src/modules/platform/manifests/kubernetes.pp
+++ b/puppet-manifests/src/modules/platform/manifests/kubernetes.pp
@@ -114,6 +114,15 @@ class platform::kubernetes::configuration {
     mode   => '0644',
   }
 
+  # Add kubelet service override
+  file { '/etc/systemd/system/kubelet.service.d/kube-stx-override.conf':
+    ensure  => file,
+    content => template('platform/kube-stx-override.conf.erb'),
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
+  }
+
   if ($::personality == 'controller') {
     # Cron job to cleanup stale CNI cache files that are more than
     # 1 day old and are not associated with any currently running pod.