Bug #19271

installing the custom CA cert results in restarting a running docker service

Added by Stephen Benjamin about 1 year ago. Updated 11 months ago.

Status:Closed
Priority:High
Assigned To:Stephen Benjamin
Category:Installer
Target version:-
Difficulty: Pull request:https://github.com/Katello/puppet-certs/pull/156
Bugzilla link:1312422
Story points-
Velocity based estimate-
ReleaseKatello 3.4.1Release relationshipAuto

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1312422

Description of problem:
When preparing to register a content host, installing the custom CA from the satellite via # rpm -Uvh http://sat6.lyletech.lab/pub/katello-ca-consumer-latest.noarch.rpm will restart a running docker service, resulting in any containers running on that service to stop

Version-Release number of selected component (if applicable):
katello-ca-consumer-latest.noarch.rpm

How reproducible:
always

Steps to Reproduce:

1)Configure docker repo
  1. sudo tee /etc/yum.repos.d/docker.repo <<-EOF
    [dockerrepo]
    name=Docker Repository
    baseurl=https://yum.dockerproject.org/repo/main/centos/7
    enabled=1
    gpgcheck=1
    gpgkey=https://yum.dockerproject.org/gpg
    EOF
2) install docker
  1. yum install docker-engine
3) start the service
  1. systemctl start docker.service
4) install the ca from satellite 6
  1. rpm -Uvh http://sat6.lyletech.lab/pub/katello-ca-consumer-latest.noarch.rpm

Actual results:
The docker daemon is restarted, and all running containers are stopped as a part of that

Feb 26 07:32:25 localhost systemd: Stopping Docker Application Container Engine...
Feb 26 07:32:25 localhost docker: time="2016-02-26T07:32:25.834120906-05:00" level=info msg="Processing signal 'terminated'"
Feb 26 07:32:25 localhost systemd: Stopping Docker Socket for the API.
Feb 26 07:32:25 localhost systemd: Starting Docker Socket for the API.
Feb 26 07:32:25 localhost systemd: Listening on Docker Socket for the API.
Feb 26 07:32:25 localhost systemd: Starting Docker Application Container Engine...
Feb 26 07:32:25 localhost docker: time="2016-02-26T07:32:25.902235735-05:00" level=warning msg="devmapper: Usage of loopback devices is strongly discouraged for production use. Please use `--storage-opt dm.thinpooldev` or use `man docker` to refer to dm.thinpooldev section."
Feb 26 07:32:25 localhost systemd: Device dev-disk-by\x2duuid-520e3171\x2dc715\x2d42b8\x2d8d75\x2dbeeaa17b2cdd.device appeared twice with different sysfs paths /sys/devices/virtual/block/loop0 and /sys/devices/virtual/block/dm-1
Feb 26 07:32:25 localhost docker: time="2016-02-26T07:32:25.911991914-05:00" level=warning msg="devmapper: Base device already exists and has filesystem xfs on it. User specified filesystem will be ignored."
Feb 26 07:32:25 localhost docker: time="2016-02-26T07:32:25.915409421-05:00" level=info msg="[graphdriver] using prior storage driver \"devicemapper\""
Feb 26 07:32:25 localhost docker: time="2016-02-26T07:32:25.915694159-05:00" level=info msg="Graph migration to content-addressability took 0.00 seconds"
Feb 26 07:32:25 localhost docker: time="2016-02-26T07:32:25.924557829-05:00" level=info msg="Firewalld running: false"
Feb 26 07:32:25 localhost docker: time="2016-02-26T07:32:25.959092750-05:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"
Feb 26 07:32:26 localhost docker: time="2016-02-26T07:32:26.002059141-05:00" level=info msg="Loading containers: start."
Feb 26 07:32:26 localhost docker: time="2016-02-26T07:32:26.002096026-05:00" level=info msg="Loading containers: done."
Feb 26 07:32:26 localhost docker: time="2016-02-26T07:32:26.002103382-05:00" level=info msg="Daemon has completed initialization"
Feb 26 07:32:26 localhost docker: time="2016-02-26T07:32:26.002112994-05:00" level=info msg="Docker daemon" commit=c3959b1 execdriver=native-0.2 graphdriver=devicemapper version=1.10.2
Feb 26 07:32:26 localhost systemd: Started Docker Application Container Engine.
Feb 26 07:32:26 localhost docker: time="2016-02-26T07:32:26.006647271-05:00" level=info msg="API listen on /var/run/docker.sock"

Expected results:
Would not expect the rpm to restart a running service

Additional info:
~~~
rpm -qp --scripts katello-ca-consumer-latest.noarch.rpm

  1. restart docker if it is installed and running
    if [ -f /usr/lib/systemd/system/docker.service ]; then
    systemctl status docker >/dev/null && \
    systemctl restart docker >/dev/null 2&>1
    elif [ -f /etc/init.d/docker ]; then
    service docker status >/dev/null && \
    service docker restart >/dev/null 2&>1
    ~~~

Perhaps remove this behavior from the RPM, and we could update the docs telling users they will need to restart the docker service prior to being able to build containers with Satellite?

Associated revisions

Revision 82517205
Added by Ashish Humbe 11 months ago

Fixes #19271 - reload docker instead of restart (#156)

History

#1 Updated by John Mitsch about 1 year ago

  • Subject changed from installing the custom CA cert results in restarting a running docker service to installing the custom CA cert results in restarting a running docker service
  • Assigned To set to Stephen Benjamin
  • Release set to Katello 3.4.1

#2 Updated by Justin Sherrill 11 months ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/Katello/puppet-certs/pull/156 added

#3 Updated by Ashish Humbe 11 months ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF