Quickstart wait for certs in quickstart docker-compose.yaml
Zookeeper, Zuul, and Nodepool services need the zk certs to be present before starting. Without this they cannot communicate with each other with TLS which is required. Docker-compose doesn't do a strict startup ordering waiting for each service to be ready. It just ensures processes begin in the right order. Fix this with a new wait script and override container commands to run the wait script as necessary to ensure certs are present before we begin. Change-Id: I8179159ae7d6a15155066549dfe245607646d433
This commit is contained in:
parent
86285fece2
commit
3b7cf3dbaa
|
@ -31,16 +31,10 @@ services:
|
|||
image: zookeeper
|
||||
hostname: examples_zk_1.examples_default
|
||||
volumes:
|
||||
- "./playbooks/:/var/playbooks/:z"
|
||||
- "certs:/var/certs:z"
|
||||
- "./zoo.cfg:/conf/zoo.cfg:z"
|
||||
# introduced for 3.7.0: zookeeper shall wait for certificates to be available
|
||||
# examples_zk_1.examples_default.pem is the last file created by ./tools/zk-ca.sh
|
||||
command: |
|
||||
/bin/sh -c '\
|
||||
while [ ! -f /var/certs/keystores/examples_zk_1.examples_default.pem ] ; do \
|
||||
sleep 1; \
|
||||
done; \
|
||||
zkServer.sh start-foreground'
|
||||
command: "sh -c '/var/playbooks/wait-to-start-certs.sh && zkServer.sh start-foreground'"
|
||||
mysql:
|
||||
image: mariadb
|
||||
environment:
|
||||
|
@ -60,7 +54,10 @@ services:
|
|||
- https_proxy
|
||||
- no_proxy=${no_proxy},gerrit
|
||||
- ZUUL_MYSQL_PASSWORD=secret
|
||||
command: "sh -c '/var/playbooks/wait-to-start.sh && zuul-scheduler -f'"
|
||||
command: |
|
||||
sh -c '/var/playbooks/wait-to-start-certs.sh && \
|
||||
/var/playbooks/wait-to-start.sh && \
|
||||
zuul-scheduler -f'
|
||||
# FIXME: The scheduler has no ansible anymore so use the executor image.
|
||||
# This needs to be changes such that ansible is not required for startup.
|
||||
image: zuul/zuul-scheduler
|
||||
|
@ -70,7 +67,10 @@ services:
|
|||
- "sshkey:/var/ssh:z"
|
||||
- "certs:/var/certs:z"
|
||||
web:
|
||||
command: "sh -c '/var/playbooks/wait-to-start-gearman.sh && zuul-web -f'"
|
||||
command: |
|
||||
sh -c '/var/playbooks/wait-to-start-certs.sh && \
|
||||
/var/playbooks/wait-to-start-gearman.sh && \
|
||||
zuul-web -f'
|
||||
depends_on:
|
||||
- scheduler
|
||||
- mysql
|
||||
|
@ -99,6 +99,7 @@ services:
|
|||
- "sshkey:/var/ssh:z"
|
||||
- "logs:/srv/static/logs:z"
|
||||
- "certs:/var/certs:z"
|
||||
command: "sh -c '/var/playbooks/wait-to-start-certs.sh && zuul-executor -f'"
|
||||
node:
|
||||
build:
|
||||
dockerfile: node-Dockerfile
|
||||
|
@ -114,10 +115,12 @@ services:
|
|||
- zk
|
||||
image: zuul/nodepool-launcher
|
||||
volumes:
|
||||
- "./playbooks/:/var/playbooks/:z"
|
||||
- "./etc_nodepool/:/etc/nodepool/:z"
|
||||
- "certs:/var/certs:z"
|
||||
ports:
|
||||
- "8022:8022"
|
||||
command: "sh -c '/var/playbooks/wait-to-start-certs.sh && nodepool-launcher -f'"
|
||||
logs:
|
||||
build:
|
||||
dockerfile: logs-Dockerfile
|
||||
|
|
|
@ -0,0 +1,19 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Zuul needs ssl certs to be present to talk to zookeeper before it
|
||||
# starts.
|
||||
|
||||
wait_for_certs() {
|
||||
echo `date -Iseconds` "Wait for certs to be present"
|
||||
for i in $(seq 1 120); do
|
||||
# Introduced for 3.7.0: zookeeper shall wait for certificates to be available
|
||||
# examples_zk_1.examples_default.pem is the last file created by ./tools/zk-ca.sh
|
||||
[ -f /var/certs/keystores/examples_zk_1.examples_default.pem ] && return
|
||||
sleep 1
|
||||
done;
|
||||
|
||||
echo `date -Iseconds` "Timeout waiting for certs"
|
||||
exit 1
|
||||
}
|
||||
|
||||
wait_for_certs
|
Loading…
Reference in New Issue