openstack/tripleo-ansible
Code Issues Proposed changes
tripleo-ansible/tripleo_ansible/roles/tripleo_systemd_wrapper/templates/service_sync.j2
Bogdan Dobrelya 90a05a5f8a Use shared volume for side-car wrapper locks 
The lock used in the wrapper is under /var/lock in the container which
is not shared with the host so the sync script never waits for the
wrapper to be done. Moving the lock file to a path on a shared mount in
the container seems to solve that particular race.

Change-Id: I660b7189a9e1c3197f2cdcc77af62584691dde16
Partial-bug: #1874470
Depends-On: https://review.opendev.org/723522
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2020-04-29 11:05:12 +02:00

72 lines
2.5 KiB
Django/Jinja
Raw Blame History

#!/usr/bin/env bash
{% if tripleo_systemd_wrapper_debug %}
set -x
{% endif %}
function start_service {
local NETNS=$1
shift
local NAME=$1
shift
local CLI='{{ tripleo_systemd_wrapper_container_cli }}'
local CMD="{{ tripleo_systemd_wrapper_service_dir }}/{{ tripleo_systemd_wrapper_service_name }}/command"
local CONTAINER_CMD="ip netns exec ${NETNS} ${CMD}"
{% if tripleo_systemd_wrapper_container_cli == 'podman' %}
local LOGGING="--log-driver k8s-file --log-opt path=/var/log/containers/stdouts/${NAME}.log"
{% else %}
local LOGGING=''
{% endif %}
$CLI stop $NAME &> /dev/null || true
$CLI rm -f $NAME &> /dev/null || true
$CLI run --detach \
-v "{{ tripleo_systemd_wrapper_config_bind_mount }}" \
-v "/run/netns:/run/netns:shared" \
-v "{{ tripleo_systemd_wrapper_service_dir }}:{{ tripleo_systemd_wrapper_service_dir }}:z,shared" \
-v "/dev/log:/dev/log" $LOGGING \
--net host \
--pid host \
--privileged \
-u root \
--name $NAME \
{{ tripleo_systemd_wrapper_image_name }} \
$CONTAINER_CMD $@
}
jobs_file="{{ tripleo_systemd_wrapper_service_dir }}/{{ tripleo_systemd_wrapper_service_name }}/processes"
[ -s "$jobs_file" ] || exit 0 # nothing to do, no need for locking, just exit
exec {lock_fd}>/var/lock/containers/{{ tripleo_systemd_wrapper_service_name }}-processes.lock || exit 1
# In case service_wrapper script already locked the commands, we just wait for a 10 sec.
flock -w 10 "$lock_fd" || exit 1
IFS=$'\n'
for LINE in $(cat ${jobs_file}); do
NETNS=$(echo $LINE | awk '{ print $1 }')
CONTAINER_NAME="{{ tripleo_systemd_wrapper_service_name }}-${NETNS}"
CLI='{{ tripleo_systemd_wrapper_container_cli }}'
# We do a filter to create a short list and then have to exact name match the results. The reason is that
# containers that partially match the filter will show up in the list. This is a little unlikely but there
# is nothing to prevent that.
start_container=yes
container_list=`$CLI ps --format={% raw %}"{{.Names}}"{% endraw %} --filter="name=$CONTAINER_NAME"`
for name in ${container_list};
do
if [ "x$name" = "x$CONTAINER_NAME" ];
then
start_container=no
break
fi
done
if [ "$start_container" = "yes" ];
then
IFS=$' ' ARGS=$(echo $LINE | sed -e "s|$NETNS ||" | xargs)
start_service $NETNS $CONTAINER_NAME $ARGS
fi
done
# truncate the file so we don't start them again
:> "$jobs_file"
flock -u "$lock_fd"
View Git Blame Copy Permalink