[arvados] created: 2.7.0-5931-g831a23e99e
git repository hosting
git at public.arvados.org
Tue Jan 30 16:56:41 UTC 2024
at 831a23e99ef489047bd8c93b9f0be4bb3e889268 (commit)
commit 831a23e99ef489047bd8c93b9f0be4bb3e889268
Author: Brett Smith <brett.smith at curii.com>
Date: Tue Jan 30 11:54:58 2024 -0500
21429: Remember and restore Docker service state
At least with systemd, which should cover all modern production
deployments. This makes the behavior of ensure-encrypted-partitions less
surprising in deployments where it runs in coordination with other
deployment scripts.
Arvados-DCO-1.1-Signed-off-by: Brett Smith <brett.smith at curii.com>
diff --git a/tools/compute-images/scripts/usr-local-bin-ensure-encrypted-partitions-aws-ebs-autoscale.sh b/tools/compute-images/scripts/usr-local-bin-ensure-encrypted-partitions-aws-ebs-autoscale.sh
index abc63a2e92..6f0970b17f 100644
--- a/tools/compute-images/scripts/usr-local-bin-ensure-encrypted-partitions-aws-ebs-autoscale.sh
+++ b/tools/compute-images/scripts/usr-local-bin-ensure-encrypted-partitions-aws-ebs-autoscale.sh
@@ -22,9 +22,16 @@ ensure_umount() {
# First make sure docker is not using /tmp, then unmount everything under it.
if [ -d /etc/sv/docker.io ]
then
+ # TODO: Actually detect Docker state with runit
+ DOCKER_ACTIVE=true
sv stop docker.io || service stop docker.io || true
else
- systemctl disable --now docker.service docker.socket || true
+ if systemctl --quiet is-active docker.service docker.socket; then
+ systemctl stop docker.service docker.socket || true
+ DOCKER_ACTIVE=true
+ else
+ DOCKER_ACTIVE=false
+ fi
fi
ensure_umount "$MOUNTPATH/docker/aufs"
@@ -38,13 +45,18 @@ cat <<EOF > /etc/docker/daemon.json
}
EOF
+if ! $DOCKER_ACTIVE; then
+ # Nothing else to do
+ exit 0
+fi
+
# restart docker
if [ -d /etc/sv/docker.io ]
then
## runit
sv up docker.io
else
- systemctl enable --now docker.service docker.socket
+ systemctl start docker.service docker.socket || true
fi
end=$((SECONDS+60))
diff --git a/tools/compute-images/scripts/usr-local-bin-ensure-encrypted-partitions.sh b/tools/compute-images/scripts/usr-local-bin-ensure-encrypted-partitions.sh
index a76dc12109..726ff0cdcd 100644
--- a/tools/compute-images/scripts/usr-local-bin-ensure-encrypted-partitions.sh
+++ b/tools/compute-images/scripts/usr-local-bin-ensure-encrypted-partitions.sh
@@ -119,9 +119,16 @@ mkfs.xfs -f "$CRYPTPATH"
# First make sure docker is not using /tmp, then unmount everything under it.
if [ -d /etc/sv/docker.io ]
then
+ # TODO: Actually detect Docker state with runit
+ DOCKER_ACTIVE=true
sv stop docker.io || service stop docker.io || true
else
- systemctl disable --now docker.service docker.socket || true
+ if systemctl --quiet is-active docker.service docker.socket; then
+ systemctl stop docker.service docker.socket || true
+ DOCKER_ACTIVE=true
+ else
+ DOCKER_ACTIVE=false
+ fi
fi
ensure_umount "$MOUNTPATH/docker/aufs"
@@ -137,13 +144,18 @@ cat <<EOF > /etc/docker/daemon.json
}
EOF
+if ! $DOCKER_ACTIVE; then
+ # Nothing else to do
+ exit 0
+fi
+
# restart docker
if [ -d /etc/sv/docker.io ]
then
## runit
sv up docker.io
else
- systemctl enable --now docker.service docker.socket || true
+ systemctl start docker.service docker.socket || true
fi
end=$((SECONDS+60))
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list