diff --git a/.github/workflows/ca-container-basic-test.yml b/.github/workflows/ca-container-basic-test.yml index 6c577fd4539..303e16388ed 100644 --- a/.github/workflows/ca-container-basic-test.yml +++ b/.github/workflows/ca-container-basic-test.yml @@ -312,6 +312,9 @@ jobs: - name: Restart CA run: | docker restart ca + sleep 10 + + docker network reload --all # wait for CA to restart docker exec client curl \ diff --git a/.github/workflows/ca-container-existing-certs-test.yml b/.github/workflows/ca-container-existing-certs-test.yml index b388707063a..c44b3e82f21 100644 --- a/.github/workflows/ca-container-existing-certs-test.yml +++ b/.github/workflows/ca-container-existing-certs-test.yml @@ -403,7 +403,9 @@ jobs: - name: Restart CA run: | docker restart ca - sleep 5 + sleep 10 + + docker network reload --all # wait for CA to restart docker exec client curl \ diff --git a/.github/workflows/kra-container-test.yml b/.github/workflows/kra-container-test.yml index a0df464d3b7..0b1a3b84343 100644 --- a/.github/workflows/kra-container-test.yml +++ b/.github/workflows/kra-container-test.yml @@ -487,7 +487,9 @@ jobs: - name: Restart CA run: | docker restart ca - sleep 5 + sleep 10 + + docker network reload --all # wait for CA to restart docker exec client curl \ @@ -623,7 +625,9 @@ jobs: - name: Restart KRA run: | docker restart kra - sleep 5 + sleep 10 + + docker network reload --all # wait for KRA to restart docker exec client curl \ diff --git a/.github/workflows/ocsp-container-test.yml b/.github/workflows/ocsp-container-test.yml index 9a5927042aa..1435edca3ea 100644 --- a/.github/workflows/ocsp-container-test.yml +++ b/.github/workflows/ocsp-container-test.yml @@ -487,7 +487,9 @@ jobs: - name: Restart CA run: | docker restart ca - sleep 5 + sleep 10 + + docker network reload --all # wait for CA to restart docker exec client curl \ @@ -645,7 +647,9 @@ jobs: - name: Restart OCSP run: | docker restart ocsp - sleep 5 + sleep 10 + + docker network reload --all # wait for OCSP to restart docker exec client curl \ diff --git a/.github/workflows/server-container-test.yml b/.github/workflows/server-container-test.yml index b1df856dc97..d8ad9d7022e 100644 --- a/.github/workflows/server-container-test.yml +++ b/.github/workflows/server-container-test.yml @@ -148,7 +148,9 @@ jobs: - name: Restart server run: | docker restart server - sleep 5 + sleep 10 + + docker network reload --all # wait for server to restart docker exec client curl \ diff --git a/.github/workflows/tks-container-test.yml b/.github/workflows/tks-container-test.yml index f5cdbe6ad7b..dea84e94324 100644 --- a/.github/workflows/tks-container-test.yml +++ b/.github/workflows/tks-container-test.yml @@ -428,7 +428,9 @@ jobs: - name: Restart TKS run: | docker restart tks - sleep 5 + sleep 10 + + docker network reload --all # wait for TKS to restart docker exec client curl \ diff --git a/.github/workflows/tps-container-test.yml b/.github/workflows/tps-container-test.yml index 6a5ff8f4791..c12e8523492 100644 --- a/.github/workflows/tps-container-test.yml +++ b/.github/workflows/tps-container-test.yml @@ -415,7 +415,9 @@ jobs: - name: Restart CA run: | docker restart ca - sleep 5 + sleep 10 + + docker network reload --all # wait for CA to restart docker exec client curl \ @@ -785,7 +787,9 @@ jobs: - name: Restart TPS run: | docker restart tps - sleep 5 + sleep 10 + + docker network reload --all # wait for TPS to restart docker exec client curl \ diff --git a/base/ca/bin/pki-ca-run b/base/ca/bin/pki-ca-run index 280e1f6a61c..30a2324b83f 100755 --- a/base/ca/bin/pki-ca-run +++ b/base/ca/bin/pki-ca-run @@ -361,15 +361,20 @@ rm /tmp/sslserver.crt echo "################################################################################" echo "INFO: Starting CA server" +trap "kill -- -$(ps -o pgid= $PID | grep -o '[0-9]*')" TERM + if [ "$UID" = "0" ]; then # In Docker the server runs as root user but it will switch # into pkiuser (UID=17) that belongs to the root group (GID=0). - pki-server run - + pki-server run & + PID=$! + wait $PID else # In OpenShift/Podman the server runs as a non-root user # (with a random UID) that belongs to the root group (GID=0). # # https://www.redhat.com/en/blog/jupyter-on-openshift-part-6-running-as-an-assigned-user-id - pki-server run --as-current-user + pki-server run --as-current-user & + PID=$! + wait $PID fi diff --git a/base/kra/bin/pki-kra-run b/base/kra/bin/pki-kra-run index 4c2b63efc15..5a07cc92521 100755 --- a/base/kra/bin/pki-kra-run +++ b/base/kra/bin/pki-kra-run @@ -199,15 +199,20 @@ find /logs -type d -exec chmod +rwx -- {} + echo "################################################################################" echo "INFO: Starting KRA server" +trap "kill -- -$(ps -o pgid= $PID | grep -o '[0-9]*')" TERM + if [ "$UID" = "0" ]; then # In Docker the server runs as root user but it will switch # into pkiuser (UID=17) that belongs to the root group (GID=0). - pki-server run - + pki-server run & + PID=$! + wait $PID else # In OpenShift/Podman the server runs as a non-root user # (with a random UID) that belongs to the root group (GID=0). # # https://www.redhat.com/en/blog/jupyter-on-openshift-part-6-running-as-an-assigned-user-id - pki-server run --as-current-user + pki-server run --as-current-user & + PID=$! + wait $PID fi diff --git a/base/ocsp/bin/pki-ocsp-run b/base/ocsp/bin/pki-ocsp-run index ebc27fdb7c8..fa6f6b2f94f 100755 --- a/base/ocsp/bin/pki-ocsp-run +++ b/base/ocsp/bin/pki-ocsp-run @@ -180,15 +180,20 @@ find /logs -type d -exec chmod +rwx -- {} + echo "################################################################################" echo "INFO: Starting OCSP server" +trap "kill -- -$(ps -o pgid= $PID | grep -o '[0-9]*')" TERM + if [ "$UID" = "0" ]; then # In Docker the server runs as root user but it will switch # into pkiuser (UID=17) that belongs to the root group (GID=0). - pki-server run - + pki-server run & + PID=$! + wait $PID else # In OpenShift/Podman the server runs as a non-root user # (with a random UID) that belongs to the root group (GID=0). # # https://www.redhat.com/en/blog/jupyter-on-openshift-part-6-running-as-an-assigned-user-id - pki-server run --as-current-user + pki-server run --as-current-user & + PID=$! + wait $PID fi diff --git a/base/server/bin/pki-server-run b/base/server/bin/pki-server-run index 735955d1dbb..42f4d28e0cf 100755 --- a/base/server/bin/pki-server-run +++ b/base/server/bin/pki-server-run @@ -228,15 +228,21 @@ rm /tmp/sslserver.crt echo "################################################################################" echo "INFO: Starting PKI server" +trap "kill -- -$(ps -o pgid= $PID | grep -o '[0-9]*')" TERM + if [ "$UID" = "0" ]; then # In Docker the server runs as root user but it will switch # into pkiuser (UID=17) that belongs to the root group (GID=0). - pki-server run + pki-server run & + PID=$! + wait $PID else # In OpenShift/Podman the server runs as a non-root user # (with a random UID) that belongs to the root group (GID=0). # # https://www.redhat.com/en/blog/jupyter-on-openshift-part-6-running-as-an-assigned-user-id - pki-server run --as-current-user + pki-server run --as-current-user & + PID=$! + wait $PID fi diff --git a/base/tks/bin/pki-tks-run b/base/tks/bin/pki-tks-run index 3845f26723d..270deef951f 100644 --- a/base/tks/bin/pki-tks-run +++ b/base/tks/bin/pki-tks-run @@ -161,15 +161,21 @@ find /logs -type d -exec chmod +rwx -- {} + echo "################################################################################" echo "INFO: Starting TKS server" +trap "kill -- -$(ps -o pgid= $PID | grep -o '[0-9]*')" TERM + if [ "$UID" = "0" ]; then # In Docker the server runs as root user but it will switch # into pkiuser (UID=17) that belongs to the root group (GID=0). - pki-server run + pki-server run & + PID=$! + wait $PID else # In OpenShift/Podman the server runs as a non-root user # (with a random UID) that belongs to the root group (GID=0). # # https://www.redhat.com/en/blog/jupyter-on-openshift-part-6-running-as-an-assigned-user-id - pki-server run --as-current-user + pki-server run --as-current-user & + PID=$! + wait $PID fi diff --git a/base/tps/bin/pki-tps-run b/base/tps/bin/pki-tps-run index dcbc2976a63..87d4f848a9b 100644 --- a/base/tps/bin/pki-tps-run +++ b/base/tps/bin/pki-tps-run @@ -168,15 +168,21 @@ find /logs -type d -exec chmod +rwx -- {} + echo "################################################################################" echo "INFO: Starting TPS server" +trap "kill -- -$(ps -o pgid= $PID | grep -o '[0-9]*')" TERM + if [ "$UID" = "0" ]; then # In Docker the server runs as root user but it will switch # into pkiuser (UID=17) that belongs to the root group (GID=0). - pki-server run + pki-server run & + PID=$! + wait $PID else # In OpenShift/Podman the server runs as a non-root user # (with a random UID) that belongs to the root group (GID=0). # # https://www.redhat.com/en/blog/jupyter-on-openshift-part-6-running-as-an-assigned-user-id - pki-server run --as-current-user + pki-server run --as-current-user & + PID=$! + wait $PID fi