Skip to content

Commit

Permalink
Fix container restart issue
Browse files Browse the repository at this point in the history
When container are restarted with podman the restart will send the TERM
signal to the entry process. Since the main entry for these container is
a script running other script and waiting the signal are not propagated
to the thread group making the restart hanging until a KILL signal is
used but these return with an error code making the automation failing.
  • Loading branch information
fmarco76 committed Dec 18, 2024
1 parent 2b3d75b commit c762794
Show file tree
Hide file tree
Showing 14 changed files with 65 additions and 24 deletions.
2 changes: 2 additions & 0 deletions .github/workflows/ca-container-basic-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -312,9 +312,11 @@ jobs:
- name: Restart CA
run: |
docker restart ca
sleep 10
# wait for CA to restart
docker exec client curl \
-v \
--retry 180 \
--retry-delay 0 \
--retry-connrefused \
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/ca-container-existing-certs-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -403,7 +403,7 @@ jobs:
- name: Restart CA
run: |
docker restart ca
sleep 5
sleep 10
# wait for CA to restart
docker exec client curl \
Expand Down
6 changes: 6 additions & 0 deletions .github/workflows/ca-container-user-service-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,12 @@ jobs:
- name: Install Podman
run: |
docker exec pki dnf install -y podman fuse-overlayfs
echo "cat /usr/share/containers/storage.conf"
docker exec pki cat /usr/share/containers/storage.conf || true
echo "cat /etc/containers/storage.conf"
docker exec pki cat /etc/containers/storage.conf || true
echo "cat /root/.config/containers/storage.conf"
docker exec pki cat /root/.config/containers/storage.conf || true
docker exec pki podman info
- name: Configure rootless container
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/kra-container-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -487,7 +487,7 @@ jobs:
- name: Restart CA
run: |
docker restart ca
sleep 5
sleep 10
# wait for CA to restart
docker exec client curl \
Expand Down Expand Up @@ -623,7 +623,7 @@ jobs:
- name: Restart KRA
run: |
docker restart kra
sleep 5
sleep 10
# wait for KRA to restart
docker exec client curl \
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/ocsp-container-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -487,7 +487,7 @@ jobs:
- name: Restart CA
run: |
docker restart ca
sleep 5
sleep 10
# wait for CA to restart
docker exec client curl \
Expand Down Expand Up @@ -645,7 +645,7 @@ jobs:
- name: Restart OCSP
run: |
docker restart ocsp
sleep 5
sleep 10
# wait for OCSP to restart
docker exec client curl \
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/server-container-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -148,7 +148,7 @@ jobs:
- name: Restart server
run: |
docker restart server
sleep 5
sleep 10
# wait for server to restart
docker exec client curl \
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/tks-container-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -428,7 +428,7 @@ jobs:
- name: Restart TKS
run: |
docker restart tks
sleep 5
sleep 10
# wait for TKS to restart
docker exec client curl \
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/tps-container-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -415,7 +415,7 @@ jobs:
- name: Restart CA
run: |
docker restart ca
sleep 5
sleep 10
# wait for CA to restart
docker exec client curl \
Expand Down Expand Up @@ -785,7 +785,7 @@ jobs:
- name: Restart TPS
run: |
docker restart tps
sleep 5
sleep 10
# wait for TPS to restart
docker exec client curl \
Expand Down
11 changes: 8 additions & 3 deletions base/ca/bin/pki-ca-run
Original file line number Diff line number Diff line change
Expand Up @@ -361,15 +361,20 @@ rm /tmp/sslserver.crt
echo "################################################################################"
echo "INFO: Starting CA server"

trap "kill -- -$(ps -o pgid= $PID | grep -o '[0-9]*')" TERM

if [ "$UID" = "0" ]; then
# In Docker the server runs as root user but it will switch
# into pkiuser (UID=17) that belongs to the root group (GID=0).
pki-server run

pki-server run &
PID=$!
wait $PID
else
# In OpenShift/Podman the server runs as a non-root user
# (with a random UID) that belongs to the root group (GID=0).
#
# https://www.redhat.com/en/blog/jupyter-on-openshift-part-6-running-as-an-assigned-user-id
pki-server run --as-current-user
pki-server run --as-current-user &
PID=$!
wait $PID
fi
11 changes: 8 additions & 3 deletions base/kra/bin/pki-kra-run
Original file line number Diff line number Diff line change
Expand Up @@ -199,15 +199,20 @@ find /logs -type d -exec chmod +rwx -- {} +
echo "################################################################################"
echo "INFO: Starting KRA server"

trap "kill -- -$(ps -o pgid= $PID | grep -o '[0-9]*')" TERM

if [ "$UID" = "0" ]; then
# In Docker the server runs as root user but it will switch
# into pkiuser (UID=17) that belongs to the root group (GID=0).
pki-server run

pki-server run &
PID=$!
wait $PID
else
# In OpenShift/Podman the server runs as a non-root user
# (with a random UID) that belongs to the root group (GID=0).
#
# https://www.redhat.com/en/blog/jupyter-on-openshift-part-6-running-as-an-assigned-user-id
pki-server run --as-current-user
pki-server run --as-current-user &
PID=$!
wait $PID
fi
11 changes: 8 additions & 3 deletions base/ocsp/bin/pki-ocsp-run
Original file line number Diff line number Diff line change
Expand Up @@ -180,15 +180,20 @@ find /logs -type d -exec chmod +rwx -- {} +
echo "################################################################################"
echo "INFO: Starting OCSP server"

trap "kill -- -$(ps -o pgid= $PID | grep -o '[0-9]*')" TERM

if [ "$UID" = "0" ]; then
# In Docker the server runs as root user but it will switch
# into pkiuser (UID=17) that belongs to the root group (GID=0).
pki-server run

pki-server run &
PID=$!
wait $PID
else
# In OpenShift/Podman the server runs as a non-root user
# (with a random UID) that belongs to the root group (GID=0).
#
# https://www.redhat.com/en/blog/jupyter-on-openshift-part-6-running-as-an-assigned-user-id
pki-server run --as-current-user
pki-server run --as-current-user &
PID=$!
wait $PID
fi
10 changes: 8 additions & 2 deletions base/server/bin/pki-server-run
Original file line number Diff line number Diff line change
Expand Up @@ -228,15 +228,21 @@ rm /tmp/sslserver.crt
echo "################################################################################"
echo "INFO: Starting PKI server"

trap "kill -- -$(ps -o pgid= $PID | grep -o '[0-9]*')" TERM

if [ "$UID" = "0" ]; then
# In Docker the server runs as root user but it will switch
# into pkiuser (UID=17) that belongs to the root group (GID=0).
pki-server run
pki-server run &
PID=$!
wait $PID

else
# In OpenShift/Podman the server runs as a non-root user
# (with a random UID) that belongs to the root group (GID=0).
#
# https://www.redhat.com/en/blog/jupyter-on-openshift-part-6-running-as-an-assigned-user-id
pki-server run --as-current-user
pki-server run --as-current-user &
PID=$!
wait $PID
fi
10 changes: 8 additions & 2 deletions base/tks/bin/pki-tks-run
Original file line number Diff line number Diff line change
Expand Up @@ -161,15 +161,21 @@ find /logs -type d -exec chmod +rwx -- {} +
echo "################################################################################"
echo "INFO: Starting TKS server"

trap "kill -- -$(ps -o pgid= $PID | grep -o '[0-9]*')" TERM

if [ "$UID" = "0" ]; then
# In Docker the server runs as root user but it will switch
# into pkiuser (UID=17) that belongs to the root group (GID=0).
pki-server run
pki-server run &
PID=$!
wait $PID

else
# In OpenShift/Podman the server runs as a non-root user
# (with a random UID) that belongs to the root group (GID=0).
#
# https://www.redhat.com/en/blog/jupyter-on-openshift-part-6-running-as-an-assigned-user-id
pki-server run --as-current-user
pki-server run --as-current-user &
PID=$!
wait $PID
fi
10 changes: 8 additions & 2 deletions base/tps/bin/pki-tps-run
Original file line number Diff line number Diff line change
Expand Up @@ -168,15 +168,21 @@ find /logs -type d -exec chmod +rwx -- {} +
echo "################################################################################"
echo "INFO: Starting TPS server"

trap "kill -- -$(ps -o pgid= $PID | grep -o '[0-9]*')" TERM

if [ "$UID" = "0" ]; then
# In Docker the server runs as root user but it will switch
# into pkiuser (UID=17) that belongs to the root group (GID=0).
pki-server run
pki-server run &
PID=$!
wait $PID

else
# In OpenShift/Podman the server runs as a non-root user
# (with a random UID) that belongs to the root group (GID=0).
#
# https://www.redhat.com/en/blog/jupyter-on-openshift-part-6-running-as-an-assigned-user-id
pki-server run --as-current-user
pki-server run --as-current-user &
PID=$!
wait $PID
fi

0 comments on commit c762794

Please sign in to comment.