Refactor to make more resilient

Author: kpouget

systemd/crc-cluster-status.service

@@ -10,8 +10,7 @@ StartLimitBurst=10
 [Service]
 Type=oneshot
 Restart=on-failure
-RestartSec=40
-EnvironmentFile=-/etc/sysconfig/crc-env
+RestartSec=10
 ExecCondition=/usr/local/bin/crc-self-sufficient-env.sh
 ExecStart=/usr/local/bin/crc-cluster-status.sh
 RemainAfterExit=true

systemd/crc-cluster-status.sh

@@ -7,6 +7,8 @@ set -o errtrace
 set -x
 
 export KUBECONFIG=/opt/kubeconfig
+MAXIMUM_LOGIN_RETRY=10
+RETRY_DELAY=5
 
 if [ ! -f /opt/crc/pass_kubeadmin ]; then
     echo "kubeadmin password file not found"
@@ -21,19 +23,40 @@ fi
 
 
 echo "Logging into OpenShift with kubeadmin user to update $KUBECONFIG"
-COUNTER=1
-MAXIMUM_LOGIN_RETRY=10
 
-# use a `(set +x)` subshell to avoid leaking the password
-until (set +x ; oc login --insecure-skip-tls-verify=true -u kubeadmin -p "$(cat /opt/crc/pass_kubeadmin)" https://api.crc.testing:6443 > /dev/null 2>&1); do
-    if [ "$COUNTER" -ge "$MAXIMUM_LOGIN_RETRY" ]; then
-        echo "Unable to login to the cluster..., authentication failed."
+try_login() {
+    (   # use a `(set +x)` subshell to avoid leaking the password
+        set +x
+        set +e # don't abort on error in this subshell
+        oc login --insecure-skip-tls-verify=true \
+           -u kubeadmin \
+           -p "$(cat /opt/crc/pass_kubeadmin)" \
+           https://api.crc.testing:6443 > /dev/null 2>&1
+    )
+    success="$?"
+    if [[ "$success" == 0 ]]; then
+        echo "Login successed"
+    else
+        echo "Login didn't complete ..."
+    fi
+
+    return "$success"
+}
+
+counter=1
+until try_login; do
+    ((counter++))
+    if [ "$counter" -ge "$MAXIMUM_LOGIN_RETRY" ]; then
+        echo "Unable to login to the cluster after $counter tries..., authentication failed."
         exit 1
     fi
-    echo "Logging into OpenShift with updated credentials try $COUNTER, hang on...."
-    sleep 5
-    ((COUNTER++))
+    sleep "$RETRY_DELAY"
+    echo "Logging into OpenShift with updated credentials try $counter, hang on...."
 done
 
 # need to set a marker to let `crc` know the cluster is ready
 touch /tmp/.crc-cluster-ready
+
+echo "All done"
+
+exit 0

systemd/crc-dnsmasq.service

@@ -8,9 +8,8 @@ StartLimitIntervalSec=30
 [Service]
 Type=oneshot
 Restart=on-failure
-EnvironmentFile=-/etc/sysconfig/crc-env
-ExecStartPre=/bin/systemctl start ovs-configuration.service
 ExecCondition=/usr/local/bin/crc-self-sufficient-env.sh
+ExecStartPre=/bin/systemctl start ovs-configuration.service
 ExecStart=/usr/local/bin/crc-dnsmasq.sh
 ExecStartPost=/usr/bin/systemctl restart NetworkManager.service
 ExecStartPost=/usr/bin/systemctl restart dnsmasq.service

systemd/crc-needs-tap.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+
+set -o pipefail
+set -o errexit
+set -o nounset
+set -o errtrace
+set -x
+
+source /etc/sysconfig/crc-env || echo "WARNING: crc-env not found"
+
+NEED_TAP=0
+DONT_NEED_TAP=1
+
+if systemd-detect-virt | grep -q '^apple$' ; then
+    echo "Running with Apple virtualization. Need tap0."
+    exit $NEED_TAP
+fi
+
+if /usr/local/bin/crc-self-sufficient-env.sh; then
+    echo "Running with a self-sufficient bundle. Don't keep tap0"
+    exit $DONT_NEED_TAP
+fi
+
+echo "No particular environment detected. Don't keep tap0"
+
+exit DONT_NEED_TAP

systemd/crc-no-tap.service

@@ -1,12 +1,13 @@
 [Unit]
-Description=Ensure that tap0 network configuration is absent on Apple Virtualization
+Description=Ensure that tap0 network configuration is disabled when not necessary
 Before=NetworkManager.service
+Before[email protected]
 After=local-fs.target
 RequiresMountsFor=/etc/NetworkManager/system-connections
 
 [Service]
 Type=oneshot
-EnvironmentFile=-/etc/sysconfig/crc-env
+ExecCondition=!/usr/local/bin/crc-needs-tap.sh
 ExecStart=/usr/local/bin/crc-no-tap.sh
 
 [Install]

systemd/crc-no-tap.sh

@@ -1,10 +1,14 @@
 #!/bin/bash
 
-# Return true if running under Apple Virtualization or CRC_SELF_SUFFICIENT is set, otherwise false
+set -o pipefail
+set -o errexit
+set -o nounset
+set -o errtrace
+set -x
 
-if systemd-detect-virt | grep -q '^apple$' || [ -n "$CRC_SELF_SUFFICIENT" ]; then
-    rm -f /etc/NetworkManager/system-connections/tap0.nmconnection
-    systemctl disable --now gv-user-network@tap0.service
-fi
+echo "Disabling the tap0 network configuration ..."
+
+rm -f /etc/NetworkManager/system-connections/tap0.nmconnection
+systemctl disable --now [email protected]
 
 exit 0

systemd/crc-pullsecret.service

@@ -8,8 +8,7 @@ ConditionPathExists=!/opt/crc/%n.done
 [Service]
 Type=oneshot
 Restart=on-failure
-RestartSec=40
-EnvironmentFile=-/etc/sysconfig/crc-env
+RestartSec=10
 ExecCondition=/usr/local/bin/crc-self-sufficient-env.sh
 ExecStart=/usr/local/bin/crc-pullsecret.sh
 ExecStartPost=-touch /opt/crc/%n.done

systemd/crc-pullsecret.sh

@@ -9,22 +9,32 @@ set -x
 source /usr/local/bin/crc-systemd-common.sh
 export KUBECONFIG="/opt/kubeconfig"
 
-wait_for_resource secret
+wait_for_resource_or_die secret
+
+set +x # disable the logging to avoid leaking the pull secrets
 
 set +x # disable the logging to avoid leaking the pull secrets
 
 # check if existing pull-secret is valid if not add the one from /opt/crc/pull-secret
-existingPsB64=$(oc get secret pull-secret -n openshift-config -o jsonpath="{['data']['\.dockerconfigjson']}")
-existingPs=$(echo "${existingPsB64}" | base64 -d)
+existingPs=$(oc get secret pull-secret -n openshift-config \
+                   -o jsonpath="{['data']['\.dockerconfigjson']}" \
+                    | base64 -d)
 
 # check if the .auths field is there
-if echo "${existingPs}" | jq -e 'has("auths")' >/dev/null 2>&1; then
+echo "${existingPs}" | jq -e '.auths' > /dev/null
+has_auths_field=$?
+
+if [[ "$has_auths_field" == 0 ]]; then
     echo "Cluster already has the pull secrets, nothing to do"
     exit 0
 fi
 
 echo "Cluster doesn't have the pull secrets. Setting them from /opt/crc/pull-secret ..."
-pullSecretB64=$(base64 -w0 < /opt/crc/pull-secret)
-oc patch secret pull-secret -n openshift-config --type merge -p "{\"data\":{\".dockerconfigjson\":\"${pullSecretB64}\"}}"
+pullSecretB64=$(cat /opt/crc/pull-secret | base64 -w0)
+oc patch secret pull-secret -n openshift-config --type merge \
+   -p '{"data":{".dockerconfigjson": "'${pullSecretB64}'"}}'
+
+
+echo "All done"
 
 exit 0

systemd/crc-routes-controller.service

@@ -8,7 +8,7 @@ StartLimitBurst=10
 Type=oneshot
 Restart=on-failure
 RestartSec=40
-EnvironmentFile=-/etc/sysconfig/crc-env
+ExecCondition=/usr/local/bin/crc-user-mode-networking.sh
 ExecCondition=/usr/local/bin/crc-self-sufficient-env.sh
 ExecStart=/usr/local/bin/crc-routes-controller.sh
 

systemd/crc-routes-controller.sh

@@ -1,16 +1,20 @@
 #!/bin/bash
 
+set -o pipefail
+set -o errexit
+set -o nounset
+set -o errtrace
 set -x
 
-if [[ ${CRC_NETWORK_MODE_USER} -eq 0 ]]; then
-    echo -n "network-mode 'system' detected: skipping routes-controller pod deployment"
-    exit 0
-fi
+ROUTE_CONTROLLER=/opt/crc/routes-controller.yaml
 
 source /usr/local/bin/crc-systemd-common.sh
+
 export KUBECONFIG=/opt/kubeconfig
 
-wait_for_resource pods
+wait_for_resource_or_die pods
+wait_for_resource_or_die deployments
 
-oc apply -f /opt/crc/routes-controller.yaml
+oc apply -f "$ROUTE_CONTROLLER"
 
+exit 0