[WIP] Appliance systemd overhaul #1266
Conversation
ghost
requested review from
|
After rebooting I got this in This caused Admiral and Harbor to not start. I did So I think we need reinit to refresh tokens and restart all dependent services |
| @@ -1,11 +1,12 @@ | |||
| [Unit] | |||
| Description=PSC Get Token | |||
| Documentation=http://github.com/vmware/vic-product/installer | |||
| Before=harbor_startup.service | |||
| Requires=vic-appliance-wait-psc-config.service | |||
| After=vic-vic-appliance-wait-psc-config.service | |||
| [Unit] | ||
| Description=Wait for PSC token to be present. | ||
| Documentation=https://github.com/vmware/vic-product | ||
| Before=get_token.service |
There was a problem hiding this comment.
Is something upstream of this After network online? I think the issue I commented on with get_token results from not having network to lookup a hostname.
There was a problem hiding this comment.
Ah - great point. Actually it seems like we should wait here for vic-appliance-ready.service which would guarantee network connectivity.
| *** Test Cases *** | ||
| Verify OVA services |
There was a problem hiding this comment.
@morris-jason Just realized that you need to update 1-01-Install.md by removing corresponding test steps.
| Documentation=http://github.com/vmware/vic-product/installer | ||
|
|
||
| [Path] | ||
| PathModified=/etc/vmware/psc/admiral/psc-config.properties |
There was a problem hiding this comment.
should this watch the paths for harbor and engine too? unless that might trigger this multiple times
| @@ -89,11 +87,6 @@ func registerWithPSC(ctx context.Context) error { | |||
| // Register all VIC components with PSC | |||
| cmdName := "/usr/bin/java" | |||
| for _, client := range []string{"harbor", "engine", "admiral"} { | |||
| pscConfFile := filepath.Join(pscConfDir, client, pscConfFileName) | |||
There was a problem hiding this comment.
When this is removed, what happens when the user uses the Re-initialize the VIC appliance button? get_token.service would get activated, however, I don't see where we restart Admiral and Harbor. IIRC, at least Admiral needs to be restarted after re-registering with PSC, otherwise the Admiral URL shows a blank/error page.
There was a problem hiding this comment.
If possible I think we should have the reinit button refresh tokens and restart all services (maybe stop services before refresh)
There was a problem hiding this comment.
confirmed that reinit runs get_token but doesn't restart services right now
There was a problem hiding this comment.
@anchal-agrawal @andrewtchin I've added a line to the get_token service to restart harbor and admiral after get_token.sh executes.
| @@ -16,7 +16,6 @@ | |||
| Documentation Test 3-01 Admiral UI | |||
| Resource ../../resources/Util.robot | |||
| Test Timeout 20 minutes | |||
| Test Setup Run Keyword Setup Base State | |||
There was a problem hiding this comment.
Is this expected change where there is no SSO login required now?
There was a problem hiding this comment.
I was just testing changes. That one didn't help :)
There was a problem hiding this comment.
The change to restart Admiral and Harbor every hour is a big behavioral change and needs discussion. While we have to restart the services every time we register with PSC, we don't every time we run get_token. It's also not optimal to restart the services every hour, as there may be users actively using them at the time.
| [Service] | ||
| Type=oneshot | ||
| ExecStart=/usr/bin/bash /etc/vmware/psc/get_token.sh | ||
| ExecStartPost=/usr/bin/systemctl --no-block restart admiral harbor |
There was a problem hiding this comment.
The get_token service runs every hour and this would restart Admiral and Harbor every time.
There was a problem hiding this comment.
if the services don't need to be restarted when the token is refreshed maybe we can have a registration unit separate from get_token that restarts the service after registration?
There was a problem hiding this comment.
@andrewtchin that was my intent, I'll move this out, it was for testing. I'll mark this WIP and ping @anchal-agrawal when it's ready for final review. Sorry for the confusion.
ghost
mentioned this pull request
Minor unit name fixes Revert bad changes to component services
Update test markdown Fix bad test variable name Fix broken keyword Add extra time for selenium tests Bump wait time some more Sleep before adding default users
Dont block on harbor/admiral restart Final fixes for startup units
Decrease harbor and admiral test timeouts
ghost
closed this
|
Closing this and opening #1266 and hopefully drone starts behaving. |
ghost
mentioned this pull request
Fixes #1215, fixes #1265, fixes #1267, and improves the reliability of our systemd configuration.
This change introduces a new systemd target,
psc-ready.target, that component services relying on psc tokens may use as aRequiresdependency.A new service,
vic-appliance-wait-psc-config.service, has be been introduced that mimics the functionality of systemd'swait-network-online, where the waiting unit is triggered asactivewhen a psc configuration is present. This replaces the use of path files in the vic 1.3 ova.Changes also introduce another target,
vic-appliance.targetthat is used as the boot-level target as a systemd best practice.