Merge pull request #12386 from kristip17/SplitOffBoulderTests

Issue 12345 and 12400: Add read/write for WSKeyStore, merge REST revoke test into Boulder tests
OpenLiberty · Jun 1, 2020 · 9974f20 · 9974f20
2 parents b021df3 + a62a1fa
commit 9974f20
Show file tree

Hide file tree

Showing 9 changed files with 500 additions and 84 deletions.
diff --git a/dev/com.ibm.ws.security.acme/src/com/ibm/ws/security/acme/internal/AcmeCertCheckerTask.java b/dev/com.ibm.ws.security.acme/src/com/ibm/ws/security/acme/internal/AcmeCertCheckerTask.java
@@ -19,6 +19,8 @@
 
 import com.ibm.websphere.ras.Tr;
 import com.ibm.websphere.ras.TraceComponent;
+import com.ibm.ws.ffdc.annotation.FFDCIgnore;
+import com.ibm.wsspi.kernel.service.utils.FrameworkState;
 
 /**
  * The AcmeCertCheckerTask runs in the background and periodically checks if the
@@ -103,10 +105,18 @@ protected synchronized void startCertificateChecker(ScheduledExecutorService ser
 	 * it continues to run, but is rescheduled on the error schedule.
 	 */
 	@Override
+	@FFDCIgnore(Throwable.class)
 	public void run() {
 
 		boolean isExpired = false, isRevoked = false;
 		List<X509Certificate> currentCert = null;
+
+		if (FrameworkState.isStopping()) {
+			if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
+				Tr.debug(tc, "Server is marked as stopping, cert checker returning.");
+			}
+			return;
+		}
 
 		acmeProviderImpl.acquireWriteLock();
 		try {
@@ -155,6 +165,12 @@ public void run() {
 			}
 
 		} catch (Throwable t) {
+			if (FrameworkState.isStopping()) {
+				if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
+					Tr.debug(tc, "Caught an exception, but server is marked as stopping, cert checker returning.");
+				}
+				return;
+			}
 			try {
 				if (tc.isDebugEnabled()) {
 					Tr.debug(tc, "Requested a new certificate, but request failed.", t);

diff --git a/dev/com.ibm.ws.security.acme_fat/fat/src/com/ibm/ws/security/acme/docker/CAContainer.java b/dev/com.ibm.ws.security.acme_fat/fat/src/com/ibm/ws/security/acme/docker/CAContainer.java
@@ -52,6 +52,16 @@ public abstract class CAContainer extends GenericContainer<CAContainer> {
 	 * reachable.
 	 */
 	private final int dnsManagementPort;
+
+	/**
+	 * Number of attemps to start containers again after catch an exception
+	 */
+	protected final static int NUM_RESTART_ATTEMPTS_ON_EXCEPTION = 3;
+
+	/**
+	 * Value to put into withStartupAttempts on container config
+	 */
+	protected final static int WITH_STARTUP_ATTEMPTS = 20;
 
 	/**
 	 * Instantiate a new {@link CAContainer} instance.

diff --git a/...s.security.acme_fat/fat/src/com/ibm/ws/security/acme/docker/boulder/BoulderContainer.java b/...s.security.acme_fat/fat/src/com/ibm/ws/security/acme/docker/boulder/BoulderContainer.java
@@ -20,11 +20,11 @@
 import org.testcontainers.containers.GenericContainer;
 import org.testcontainers.containers.Network;
 
+import com.github.dockerjava.api.exception.DockerException;
 import com.github.dockerjava.api.model.ContainerNetwork;
 import com.github.dockerjava.api.model.ContainerNetwork.Ipam;
 import com.ibm.websphere.simplicity.log.Log;
 import com.ibm.ws.security.acme.docker.CAContainer;
-import com.ibm.ws.security.acme.docker.pebble.PebbleContainer;
 
 /**
  * Testcontainer implementation for the letsencrypt/boulder container.
@@ -76,7 +76,7 @@ public class BoulderContainer extends CAContainer {
 	/**
 	 * Container that runs MariaDB
 	 */
-	public final GenericContainer<?> bmysql = new GenericContainer<>("mariadb:10.3").withNetwork(bluenet)
+	public final GenericContainer<?> bmysql = new GenericContainer<>("mariadb:10.3").withNetwork(bluenet).withNetworkMode("host")
 			.withExposedPorts(3306).withNetworkAliases("boulder-mysql").withEnv("MYSQL_ALLOW_EMPTY_PASSWORD", "yes")
 			.withCommand(
 					"mysqld --bind-address=0.0.0.0 --slow-query-log --log-output=TABLE --log-queries-not-using-indexes=ON")
@@ -117,9 +117,9 @@ public BoulderContainer() {
 			throw new IllegalStateException("Failed to set default mock DNS A and AAAA record IP addresses.", e);
 		}
 
-		Log.info(PebbleContainer.class, "BoulderContainer", "ContainerIpAddress: " + getContainerIpAddress());
-		Log.info(PebbleContainer.class, "BoulderContainer", "DockerImageName:    " + getDockerImageName());
-		Log.info(PebbleContainer.class, "BoulderContainer", "ContainerInfo:      " + getContainerInfo());
+		Log.info(BoulderContainer.class, "BoulderContainer", "ContainerIpAddress: " + getContainerIpAddress());
+		Log.info(BoulderContainer.class, "BoulderContainer", "DockerImageName:    " + getDockerImageName());
+		Log.info(BoulderContainer.class, "BoulderContainer", "ContainerInfo:      " + getContainerInfo());
 	}
 
 	@Override
@@ -162,9 +162,106 @@ public void start() {
 		 * We need to start up the containers in an orderly fashion so that we
 		 * can pass the IP address of the DNS server to the Boulder server.
 		 */
-		bmysql.start();
-		bhsm.start();
-		super.start();
+		bmysql.withStartupAttempts(WITH_STARTUP_ATTEMPTS);
+
+		for (int i = 1; i < NUM_RESTART_ATTEMPTS_ON_EXCEPTION + 1; i ++) {
+			try {
+				bmysql.start();
+				break;
+			} catch (Throwable t) {
+				Log.info(BoulderContainer.class, "start", "Failed to start bmysql, try again. " + t);
+				bmysql.stop();
+				Throwable cause = t.getCause();
+				while (cause != null) {
+					if (t instanceof DockerException) {
+						Log.info(BoulderContainer.class, "start", "Hit a Docker exception, trying a long sleep and retry");
+						try {
+							Thread.sleep(120000);
+						} catch (InterruptedException e) {
+						}
+						break;
+					}
+					cause = cause.getCause();
+				}
+
+				if (cause == null) { // do a short sleep and retry
+					try {
+						Thread.sleep(1000);
+					} catch (InterruptedException e) {
+					}
+				}
+			}
+		}
+		if (!bmysql.isRunning()) {
+			bmysql.start();
+		}
+
+		bhsm.withStartupAttempts(WITH_STARTUP_ATTEMPTS);
+		for (int i = 1; i < NUM_RESTART_ATTEMPTS_ON_EXCEPTION + 1; i ++) {
+			try {
+				bhsm.start();
+				break;
+			} catch (Throwable t) {
+				Log.info(BoulderContainer.class, "start", "Failed to start bhsm, try again. " + t);
+				bhsm.stop();
+				Throwable cause = t.getCause();
+				while (cause != null) {
+					if (t instanceof DockerException) {
+						Log.info(BoulderContainer.class, "start", "Hit a Docker exception, trying a long sleep and retry");
+						try {
+							Thread.sleep(120000);
+						} catch (InterruptedException e) {
+						}
+						break;
+					}
+					cause = cause.getCause();
+				}
+
+				if (cause == null) { // do a short sleep and retry
+					try {
+						Thread.sleep(1000);
+					} catch (InterruptedException e) {
+					}
+				}
+			}
+		}
+		if (!bhsm.isRunning()) {
+			bhsm.start();
+		}
+
+		super.withStartupAttempts(WITH_STARTUP_ATTEMPTS);
+		for (int i = 1; i < NUM_RESTART_ATTEMPTS_ON_EXCEPTION + 1; i ++) {
+			try {
+				super.start();
+				break;
+			} catch (Throwable t) {
+				Log.info(BoulderContainer.class, "start", "Failed to start boulder, try again. " + t);
+				super.stop();
+				Throwable cause = t.getCause();
+				while (cause != null) {
+					if (t instanceof DockerException) {
+						Log.info(BoulderContainer.class, "start", "Hit a Docker exception, trying a long sleep and retry");
+						try {
+							Thread.sleep(120000);
+						} catch (InterruptedException e) {
+						}
+						break;
+					}
+					cause = cause.getCause();
+				}
+
+				if (cause == null) { // do a short sleep and retry
+					try {
+						Thread.sleep(1000);
+					} catch (InterruptedException e) {
+					}
+				}
+			}
+		}
+		if (!super.isRunning()) {
+			super.start();
+		}
+
 	}
 
 	@Override

diff --git a/....ws.security.acme_fat/fat/src/com/ibm/ws/security/acme/docker/pebble/PebbleContainer.java b/....ws.security.acme_fat/fat/src/com/ibm/ws/security/acme/docker/pebble/PebbleContainer.java
@@ -13,6 +13,7 @@
 
 import static junit.framework.Assert.fail;
 import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
 
 import java.io.File;
 import java.io.IOException;
@@ -25,6 +26,7 @@
 import org.testcontainers.containers.output.OutputFrame;
 import org.testcontainers.images.builder.ImageFromDockerfile;
 
+import com.github.dockerjava.api.exception.DockerException;
 import com.github.dockerjava.api.model.ContainerNetwork;
 import com.ibm.websphere.simplicity.log.Log;
 import com.ibm.ws.security.acme.docker.CAContainer;
@@ -80,8 +82,49 @@ public PebbleContainer() {
 						.copy("pebble-config.json", "/test/config/pebble-config.json").build())
 				.withFileFromFile("pebble-config.json", new File("lib/LibertyFATTestFiles/pebble-config.json")), 5002,
 				14000, 15000);
+		challtestsrv.withStartupAttempts(20);
+		challtestsrv.withStartupTimeout(Duration.ofSeconds(60));
 
-		challtestsrv.start();
+		for (int i = 1; i < NUM_RESTART_ATTEMPTS_ON_EXCEPTION + 1; i ++) {
+			try {
+				challtestsrv.start();
+				Log.info(PebbleContainer.class, "PebbleContainer", "challtestsrv started");
+				break;
+			} catch (Throwable t) {
+				Log.info(PebbleContainer.class, "PebbleContainer", "Failed to start challtestsrv, try again. " + t);
+				challtestsrv.stop();
+				Throwable cause = t.getCause();
+				while (cause != null) {
+					if (t instanceof DockerException) {
+						Log.info(PebbleContainer.class, "PebbleContainer", "Hit a Docker exception, trying a long sleep and retry");
+						try {
+							Thread.sleep(120000);
+						} catch (InterruptedException e) {
+						}
+						break;
+					}
+					cause = cause.getCause();
+				}
+
+				if (cause == null) { // do a short sleep and retry
+					try {
+						Thread.sleep(1000);
+					} catch (InterruptedException e) {
+					}
+				}
+			}
+		}
+		if (!challtestsrv.isRunning()) {
+			challtestsrv.start();
+			Log.info(PebbleContainer.class, "PebbleContainer", "challtestsrv started");
+
+			/**
+			 * Intermittently getting a null calling getIntraContainerIP, determine what is null
+			 */
+			assertNotNull("challtestsrv.getContainerInfo()", challtestsrv.getContainerInfo());
+			assertNotNull("challtestsrv.getContainerInfo().getNetworkSettings()", challtestsrv.getContainerInfo().getNetworkSettings());
+			assertNotNull("challtestsrv.getContainerInfo().getNetworkSettings().getNetworks().entrySet()", challtestsrv.getContainerInfo().getNetworkSettings().getNetworks().entrySet());
+		}
 
 		String dnsServer = getIntraContainerIP() + ":" + DNS_PORT;
 
@@ -90,12 +133,43 @@ public PebbleContainer() {
 		this.withExposedPorts(getDnsManagementPort(), getAcmeListenPort());
 		this.withNetwork(network);
 		this.withLogConsumer(PebbleContainer::log);
-		this.withStartupAttempts(3);
+		this.withStartupAttempts(20);
 		this.withStartupTimeout(Duration.ofSeconds(60));
 
 		Testcontainers.exposeHostPorts(5002);
 
-		start();
+		for (int i = 1; i < NUM_RESTART_ATTEMPTS_ON_EXCEPTION + 1; i ++) {
+			try {
+				start();
+				break;
+			} catch (Throwable t) {
+				Log.info(PebbleContainer.class, "PebbleContainer", "Failed to start pebble, try again. " + t);
+				super.stop();
+				Throwable cause = t.getCause();
+				while (cause != null) {
+					if (t instanceof DockerException) {
+						Log.info(PebbleContainer.class, "PebbleContainer", "Hit a Docker exception, trying a long sleep and retry");
+						try {
+							Thread.sleep(120000);
+						} catch (InterruptedException e) {
+						}
+						break;
+					}
+					cause = cause.getCause();
+				}
+
+				if (cause == null) { // do a short sleep and retry
+					try {
+						Thread.sleep(1000);
+					} catch (InterruptedException e) {
+					}
+				}
+			}
+		}
+
+		if (!isRunning()) {
+			start();
+		}
 
 		try {
 			/*
@@ -115,6 +189,7 @@ public PebbleContainer() {
 
 		Log.info(PebbleContainer.class, "PebbleContainer", "ContainerIpAddress: " + getContainerIpAddress());
 		Log.info(PebbleContainer.class, "PebbleContainer", "DockerImageName:    " + getDockerImageName());
+		assertNotNull("getContainerInfo()", getContainerInfo());
 		Log.info(PebbleContainer.class, "PebbleContainer", "ContainerInfo:      " + getContainerInfo());
 	}