diff --git a/.github/workflows/ca-container-basic-test.yml b/.github/workflows/ca-container-basic-test.yml index 6c577fd4539..5a261d60ed4 100644 --- a/.github/workflows/ca-container-basic-test.yml +++ b/.github/workflows/ca-container-basic-test.yml @@ -312,9 +312,11 @@ jobs: - name: Restart CA run: | docker restart ca + sleep 10 # wait for CA to restart docker exec client curl \ + -v \ --retry 180 \ --retry-delay 0 \ --retry-connrefused \ diff --git a/.github/workflows/ca-container-existing-certs-test.yml b/.github/workflows/ca-container-existing-certs-test.yml index b388707063a..18c23ad5ca3 100644 --- a/.github/workflows/ca-container-existing-certs-test.yml +++ b/.github/workflows/ca-container-existing-certs-test.yml @@ -403,7 +403,7 @@ jobs: - name: Restart CA run: | docker restart ca - sleep 5 + sleep 10 # wait for CA to restart docker exec client curl \ diff --git a/.github/workflows/ca-container-user-service-test.yml b/.github/workflows/ca-container-user-service-test.yml index 004938d7456..745e11405fc 100644 --- a/.github/workflows/ca-container-user-service-test.yml +++ b/.github/workflows/ca-container-user-service-test.yml @@ -52,6 +52,12 @@ jobs: - name: Install Podman run: | docker exec pki dnf install -y podman fuse-overlayfs + echo "cat /usr/share/containers/storage.conf" + docker exec pki cat /usr/share/containers/storage.conf || true + echo "cat /etc/containers/storage.conf" + docker exec pki cat /etc/containers/storage.conf || true + echo "cat /root/.config/containers/storage.conf" + docker exec pki cat /root/.config/containers/storage.conf || true docker exec pki podman info - name: Configure rootless container diff --git a/.github/workflows/kra-container-test.yml b/.github/workflows/kra-container-test.yml index a0df464d3b7..821820a5985 100644 --- a/.github/workflows/kra-container-test.yml +++ b/.github/workflows/kra-container-test.yml @@ -487,7 +487,7 @@ jobs: - name: Restart CA run: | docker restart ca - sleep 5 + sleep 10 # wait for CA to restart docker exec client curl \ @@ -623,7 +623,7 @@ jobs: - name: Restart KRA run: | docker restart kra - sleep 5 + sleep 10 # wait for KRA to restart docker exec client curl \ diff --git a/.github/workflows/ocsp-container-test.yml b/.github/workflows/ocsp-container-test.yml index 9a5927042aa..53e08de031c 100644 --- a/.github/workflows/ocsp-container-test.yml +++ b/.github/workflows/ocsp-container-test.yml @@ -487,7 +487,7 @@ jobs: - name: Restart CA run: | docker restart ca - sleep 5 + sleep 10 # wait for CA to restart docker exec client curl \ @@ -645,7 +645,7 @@ jobs: - name: Restart OCSP run: | docker restart ocsp - sleep 5 + sleep 10 # wait for OCSP to restart docker exec client curl \ diff --git a/.github/workflows/server-container-test.yml b/.github/workflows/server-container-test.yml index b1df856dc97..f5d2b314bd7 100644 --- a/.github/workflows/server-container-test.yml +++ b/.github/workflows/server-container-test.yml @@ -148,7 +148,7 @@ jobs: - name: Restart server run: | docker restart server - sleep 5 + sleep 10 # wait for server to restart docker exec client curl \ diff --git a/.github/workflows/tks-container-test.yml b/.github/workflows/tks-container-test.yml index f5cdbe6ad7b..c559008f586 100644 --- a/.github/workflows/tks-container-test.yml +++ b/.github/workflows/tks-container-test.yml @@ -428,7 +428,7 @@ jobs: - name: Restart TKS run: | docker restart tks - sleep 5 + sleep 10 # wait for TKS to restart docker exec client curl \ diff --git a/.github/workflows/tps-container-test.yml b/.github/workflows/tps-container-test.yml index 6a5ff8f4791..158a87f991a 100644 --- a/.github/workflows/tps-container-test.yml +++ b/.github/workflows/tps-container-test.yml @@ -415,7 +415,7 @@ jobs: - name: Restart CA run: | docker restart ca - sleep 5 + sleep 10 # wait for CA to restart docker exec client curl \ @@ -785,7 +785,7 @@ jobs: - name: Restart TPS run: | docker restart tps - sleep 5 + sleep 10 # wait for TPS to restart docker exec client curl \ diff --git a/base/ca/bin/pki-ca-run b/base/ca/bin/pki-ca-run index 280e1f6a61c..30a2324b83f 100755 --- a/base/ca/bin/pki-ca-run +++ b/base/ca/bin/pki-ca-run @@ -361,15 +361,20 @@ rm /tmp/sslserver.crt echo "################################################################################" echo "INFO: Starting CA server" +trap "kill -- -$(ps -o pgid= $PID | grep -o '[0-9]*')" TERM + if [ "$UID" = "0" ]; then # In Docker the server runs as root user but it will switch # into pkiuser (UID=17) that belongs to the root group (GID=0). - pki-server run - + pki-server run & + PID=$! + wait $PID else # In OpenShift/Podman the server runs as a non-root user # (with a random UID) that belongs to the root group (GID=0). # # https://www.redhat.com/en/blog/jupyter-on-openshift-part-6-running-as-an-assigned-user-id - pki-server run --as-current-user + pki-server run --as-current-user & + PID=$! + wait $PID fi diff --git a/base/kra/bin/pki-kra-run b/base/kra/bin/pki-kra-run index 4c2b63efc15..5a07cc92521 100755 --- a/base/kra/bin/pki-kra-run +++ b/base/kra/bin/pki-kra-run @@ -199,15 +199,20 @@ find /logs -type d -exec chmod +rwx -- {} + echo "################################################################################" echo "INFO: Starting KRA server" +trap "kill -- -$(ps -o pgid= $PID | grep -o '[0-9]*')" TERM + if [ "$UID" = "0" ]; then # In Docker the server runs as root user but it will switch # into pkiuser (UID=17) that belongs to the root group (GID=0). - pki-server run - + pki-server run & + PID=$! + wait $PID else # In OpenShift/Podman the server runs as a non-root user # (with a random UID) that belongs to the root group (GID=0). # # https://www.redhat.com/en/blog/jupyter-on-openshift-part-6-running-as-an-assigned-user-id - pki-server run --as-current-user + pki-server run --as-current-user & + PID=$! + wait $PID fi diff --git a/base/ocsp/bin/pki-ocsp-run b/base/ocsp/bin/pki-ocsp-run index ebc27fdb7c8..fa6f6b2f94f 100755 --- a/base/ocsp/bin/pki-ocsp-run +++ b/base/ocsp/bin/pki-ocsp-run @@ -180,15 +180,20 @@ find /logs -type d -exec chmod +rwx -- {} + echo "################################################################################" echo "INFO: Starting OCSP server" +trap "kill -- -$(ps -o pgid= $PID | grep -o '[0-9]*')" TERM + if [ "$UID" = "0" ]; then # In Docker the server runs as root user but it will switch # into pkiuser (UID=17) that belongs to the root group (GID=0). - pki-server run - + pki-server run & + PID=$! + wait $PID else # In OpenShift/Podman the server runs as a non-root user # (with a random UID) that belongs to the root group (GID=0). # # https://www.redhat.com/en/blog/jupyter-on-openshift-part-6-running-as-an-assigned-user-id - pki-server run --as-current-user + pki-server run --as-current-user & + PID=$! + wait $PID fi diff --git a/base/server/bin/pki-server-run b/base/server/bin/pki-server-run index 735955d1dbb..42f4d28e0cf 100755 --- a/base/server/bin/pki-server-run +++ b/base/server/bin/pki-server-run @@ -228,15 +228,21 @@ rm /tmp/sslserver.crt echo "################################################################################" echo "INFO: Starting PKI server" +trap "kill -- -$(ps -o pgid= $PID | grep -o '[0-9]*')" TERM + if [ "$UID" = "0" ]; then # In Docker the server runs as root user but it will switch # into pkiuser (UID=17) that belongs to the root group (GID=0). - pki-server run + pki-server run & + PID=$! + wait $PID else # In OpenShift/Podman the server runs as a non-root user # (with a random UID) that belongs to the root group (GID=0). # # https://www.redhat.com/en/blog/jupyter-on-openshift-part-6-running-as-an-assigned-user-id - pki-server run --as-current-user + pki-server run --as-current-user & + PID=$! + wait $PID fi diff --git a/base/tks/bin/pki-tks-run b/base/tks/bin/pki-tks-run index 3845f26723d..270deef951f 100644 --- a/base/tks/bin/pki-tks-run +++ b/base/tks/bin/pki-tks-run @@ -161,15 +161,21 @@ find /logs -type d -exec chmod +rwx -- {} + echo "################################################################################" echo "INFO: Starting TKS server" +trap "kill -- -$(ps -o pgid= $PID | grep -o '[0-9]*')" TERM + if [ "$UID" = "0" ]; then # In Docker the server runs as root user but it will switch # into pkiuser (UID=17) that belongs to the root group (GID=0). - pki-server run + pki-server run & + PID=$! + wait $PID else # In OpenShift/Podman the server runs as a non-root user # (with a random UID) that belongs to the root group (GID=0). # # https://www.redhat.com/en/blog/jupyter-on-openshift-part-6-running-as-an-assigned-user-id - pki-server run --as-current-user + pki-server run --as-current-user & + PID=$! + wait $PID fi diff --git a/base/tps/bin/pki-tps-run b/base/tps/bin/pki-tps-run index dcbc2976a63..87d4f848a9b 100644 --- a/base/tps/bin/pki-tps-run +++ b/base/tps/bin/pki-tps-run @@ -168,15 +168,21 @@ find /logs -type d -exec chmod +rwx -- {} + echo "################################################################################" echo "INFO: Starting TPS server" +trap "kill -- -$(ps -o pgid= $PID | grep -o '[0-9]*')" TERM + if [ "$UID" = "0" ]; then # In Docker the server runs as root user but it will switch # into pkiuser (UID=17) that belongs to the root group (GID=0). - pki-server run + pki-server run & + PID=$! + wait $PID else # In OpenShift/Podman the server runs as a non-root user # (with a random UID) that belongs to the root group (GID=0). # # https://www.redhat.com/en/blog/jupyter-on-openshift-part-6-running-as-an-assigned-user-id - pki-server run --as-current-user + pki-server run --as-current-user & + PID=$! + wait $PID fi