From 18ef28d883f770bc1064148c533b89ec9b616ca6 Mon Sep 17 00:00:00 2001
From: "W. Trevor King" <wking@tremily.us>
Date: Fri, 14 Sep 2018 13:45:57 -0700
Subject: [PATCH 1/2] pkg/rhcos/ami: Bump to ami-0af8953af3ec06b7c

Details on this build:

  $ curl -s http://aos-ostree.rhev-ci-vms.eng.rdu2.redhat.com/rhcos/images/aws-us-east-1-tested.json | jq -S
  {
    "HVM": "ami-0af8953af3ec06b7c",
    "S3Object": "s3://openshift-qe-images/rhcos/cloud/rhcos-4.0.5595-aws.vmdk",
    "SnapshotID": "snap-07b2295a6b24ebf60"
  }
  $ curl -s http://aos-ostree.rhev-ci-vms.eng.rdu2.redhat.com/rhcos/images/cloud/4.0.5595-1/meta.json | jq -S
  {
    "git-commit": "3863c9670d95ed950e5f68ca5e93947dfd214ef1",
    "image-genver": "1",
    "image-version": "4.0.5595-1",
    "ostree-commit": "622abd584071ebd426ff33b3d5b17cf08e16eff7d7fd2a9d97ace8ad24e3cedc",
    "ostree-version": "4.0.5595"
  }
  $ curl -s http://aos-ostree.rhev-ci-vms.eng.rdu2.redhat.com/rhcos/images/cloud/4.0.5595-1/pkglist.txt | grep 'docker\|runc'
   docker-2:1.13.1-75.git8633870.el7_5.x86_64
   docker-client-2:1.13.1-75.git8633870.el7_5.x86_64
   docker-common-2:1.13.1-75.git8633870.el7_5.x86_64
   docker-lvm-plugin-2:1.13.1-75.git8633870.el7_5.x86_64
   docker-novolume-plugin-2:1.13.1-75.git8633870.el7_5.x86_64
   docker-rhel-push-plugin-2:1.13.1-75.git8633870.el7_5.x86_64
   runc-1.0.0-52.dev.git70ca035.el7_5.x86_64

After a brief window without either Docker or a working CRI-O, we've
got a new RHCOS with Docker back on.  Let's use it.  This bump should
also pull in runc-1.0.0-52.dev.git70ca035.el7_5.x86_64 needed by the
next commit.

Generated with:

  $ sed -i s/ami-07307c397daf4d02e/ami-0af8953af3ec06b7c/g $(git grep -l ami-07307c397daf4d02e)
---
 installer/pkg/config-generator/fixtures/kube-system.yaml | 2 +-
 installer/pkg/workflow/fixtures/terraform.tfvars         | 2 +-
 modules/aws/bootstrap/README.md                          | 2 +-
 pkg/rhcos/ami.go                                         | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/installer/pkg/config-generator/fixtures/kube-system.yaml b/installer/pkg/config-generator/fixtures/kube-system.yaml
index 0652cef9d5a..0c2934533c6 100644
--- a/installer/pkg/config-generator/fixtures/kube-system.yaml
+++ b/installer/pkg/config-generator/fixtures/kube-system.yaml
@@ -89,7 +89,7 @@ data:
       availabilityZone: ""
       clusterID: ""
       clusterName: test
-      image: ami-07307c397daf4d02e
+      image: ami-0af8953af3ec06b7c
       region: us-east-1
       replicas: 3
     kind: machineAPIOperatorConfig
diff --git a/installer/pkg/workflow/fixtures/terraform.tfvars b/installer/pkg/workflow/fixtures/terraform.tfvars
index 7040562fda5..f60c5d7b37a 100644
--- a/installer/pkg/workflow/fixtures/terraform.tfvars
+++ b/installer/pkg/workflow/fixtures/terraform.tfvars
@@ -1,7 +1,7 @@
 {
   "tectonic_admin_email": "fake-email@example.com",
   "tectonic_admin_password": "fake-password",
-  "tectonic_aws_ec2_ami_override": "ami-07307c397daf4d02e",
+  "tectonic_aws_ec2_ami_override": "ami-0af8953af3ec06b7c",
   "tectonic_aws_endpoints": "all",
   "tectonic_aws_master_ec2_type": "m4.large",
   "tectonic_aws_master_root_volume_iops": 100,
diff --git a/modules/aws/bootstrap/README.md b/modules/aws/bootstrap/README.md
index 01a9478254a..d0d5608298e 100644
--- a/modules/aws/bootstrap/README.md
+++ b/modules/aws/bootstrap/README.md
@@ -29,7 +29,7 @@ resource "aws_subnet" "example" {
 module "bootstrap" {
   source = "github.com/openshift/installer//modules/aws/bootstrap"
 
-  ami            = "ami-07307c397daf4d02e"
+  ami            = "ami-0af8953af3ec06b7c"
   bucket         = "${aws_s3_bucket.example.id}"
   cluster_name   = "my-cluster"
   ignition       = "{\"ignition\": {\"version\": \"2.2.0\"}}",
diff --git a/pkg/rhcos/ami.go b/pkg/rhcos/ami.go
index fb883717133..bb0172c266f 100644
--- a/pkg/rhcos/ami.go
+++ b/pkg/rhcos/ami.go
@@ -14,5 +14,5 @@ func AMI(channel, region string) (ami string, err error) {
 		return "", fmt.Errorf("region %q is not yet supported", region)
 	}
 
-	return "ami-07307c397daf4d02e", nil
+	return "ami-0af8953af3ec06b7c", nil
 }

From 201fce490a5a3b64227b70f86f3731db24e964ab Mon Sep 17 00:00:00 2001
From: "W. Trevor King" <wking@tremily.us>
Date: Fri, 14 Sep 2018 13:39:54 -0700
Subject: [PATCH 2/2] modules/bootkube/resources/bootkube: Restore --tmpfs

We'd removed this in c234fc3f (*: use podman instead of docker,
2018-09-05, #207) to work around [1,2].  Now that RHCOS is up to:

  $ curl -s http://aos-ostree.rhev-ci-vms.eng.rdu2.redhat.com/rhcos/images/cloud/latest/pkglist.txt | grep runc
   runc-1.0.0-52.dev.git70ca035.el7_5.x86_64

we can restore the option.

[1]: https://github.com/openshift/os/issues/284
[2]: https://github.com/containers/libpod/issues/1396
---
 modules/bootkube/resources/bootkube.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/bootkube/resources/bootkube.sh b/modules/bootkube/resources/bootkube.sh
index 144f96392f9..a8bfa0567f2 100644
--- a/modules/bootkube/resources/bootkube.sh
+++ b/modules/bootkube/resources/bootkube.sh
@@ -64,6 +64,7 @@ trap "podman rm --force etcd-signer" ERR
 podman run \
 	--name etcd-signer \
 	--detach \
+	--tmpfs /tmp \
 	--volume /opt/tectonic/tls:/opt/tectonic/tls:ro,z \
 	--network host \
 	"${etcd_cert_signer_image}" \