Stop the container when configuring or upgrading IPA fails.

cloyne · Dec 14, 2015 · bf768d9 · bf768d9
1 parent d48eb5a
commit bf768d9
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 2 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -17,10 +17,11 @@ RUN echo LANG=C > /etc/locale.conf
 RUN for i in swap.target local-fs.target rhel-autorelabel-mark.service systemd-update-done.service rpcbind.socket rhel-dmesg.service systemd-user-sessions.service network.service rhsmcertd.service proc-fs-nfsd.mount nfs-config.service nfs-client.target systemd-hwdb-update.service ldconfig.service slices.target dnf-makecache.service dnf-makecache.timer fedora-autorelabel-mark.service named.service ; do rm -f /usr/lib/systemd/system/$i ; ln -s /dev/null /usr/lib/systemd/system/$i ; done
 RUN /sbin/ldconfig -X
 
-COPY init-data ipa-server-configure-first ipa-volume-upgrade-* /usr/sbin/
-RUN chmod -v +x /usr/sbin/init-data /usr/sbin/ipa-server-configure-first /usr/sbin/ipa-volume-upgrade-*
+COPY init-data ipa-server-configure-first exit-with-status ipa-volume-upgrade-* /usr/sbin/
+RUN chmod -v +x /usr/sbin/init-data /usr/sbin/ipa-server-configure-first /usr/sbin/exit-with-status /usr/sbin/ipa-volume-upgrade-*
 COPY ipa-server-configure-first.service ipa-server-upgrade.service ipa-server-update-self-ip-address.service /usr/lib/systemd/system/
 RUN systemctl enable ipa-server-configure-first.service
+RUN mkdir -p /usr/lib/systemd/system/systemd-poweroff.service.d && ( echo '[Service]' ; echo 'ExecStartPre=/usr/bin/systemctl switch-root /usr /sbin/exit-with-status' ) > /usr/lib/systemd/system/systemd-poweroff.service.d/exit-via-chroot.conf
 
 RUN groupadd -g 389 dirsrv ; useradd -u 389 -g 389 -c 'DS System User' -d '/var/lib/dirsrv' --no-create-home -s '/sbin/nologin' dirsrv
 RUN groupadd -g 288 kdcproxy ; useradd -u 288 -g 288 -c 'IPA KDC Proxy User' -d '/var/lib/kdcproxy' -s '/sbin/nologin' kdcproxy

diff --git a/exit-with-status b/exit-with-status
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+exit_code=$( cat /run/ipa/exit_code )
+exit $exit_code
diff --git a/ipa-server-configure-first b/ipa-server-configure-first
@@ -14,6 +14,14 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+mark_exit_code () {
+	exit_code=$?
+	echo $exit_code > /run/ipa/exit_code
+	exit $exit_code
+}
+mkdir -p /run/ipa
+trap mark_exit_code ERR EXIT
+
 set -e
 
 if ! [ -t /dev/stdout ] ; then

diff --git a/ipa-server-configure-first.service b/ipa-server-configure-first.service
@@ -4,6 +4,7 @@ Description=Configure IPA server upon the first start
 [Service]
 Type=oneshot
 ExecStart=/usr/sbin/ipa-server-configure-first
+FailureAction=poweroff
 
 [Install]
 WantedBy=multi-user.target
diff --git a/ipa-server-upgrade.service b/ipa-server-upgrade.service
@@ -5,6 +5,7 @@ Before=ipa.service
 [Service]
 Type=oneshot
 ExecStart=/usr/sbin/ipa-server-configure-first upgrade
+FailureAction=poweroff
 
 [Install]
 WantedBy=multi-user.target