Skip to content

Commit

Permalink
Add stale lockfile removal mechanism for confd critical sections
Browse files Browse the repository at this point in the history 
On underpowered machines, services may get terminated on healthcheck
failures and leave behind stale lockfiles. This mechanism should mitigate
this, by removing lock files older than 5m (300s), configurable.

change-type: patch
  • Loading branch information
@ab77
ab77 committed Aug 22, 2024
1 parent c2c5d9c commit 1bc8fc9
Showing 1 changed file with 26 additions and 1 deletion.
27 changes: 26 additions & 1 deletion src/configure-balena.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ CONF=${CONF:-/balena/${TLD}.env}
CERTS=${CERTS:-/certs}
HOSTS_CONFIG=${HOSTS_CONFIG:-ALERTMANAGER_HOST:alertmanager,ADMIN_HOST:admin,API_HOST:api,BUILDER_HOST:builder,DATA_HOST:data,DELTA_HOST:delta,DELTA_S3_HOST:s3,DEVICE_URLS_BASE:devices,FILES_HOST:files,GIT_HOST:git,GIT_HOSTNAME:git,IMAGE_MAKER_HOST:img,IMAGE_MAKER_S3_HOST:s3,LOKI_HOST:loki,MONITOR_HOST:monitor,PROXY_HOST:devices,REDIS_HOST:redis,REGISTRY2_HOST:registry2,REGISTRY_PROXY_HOST:registry-proxy,TOKEN_AUTH_CERT_ISSUER:api,REGISTRY2_TOKEN_AUTH_ISSUER:api,REGISTRY2_TOKEN_AUTH_REALM:api,UI_HOST:dashboard,VPN_HOST:cloudlink,WEBRESOURCES_S3_HOST:s3}
TOKENS_CONFIG=${TOKENS_CONFIG:-API_SERVICE_API_KEY:hex,AUTH_RESINOS_REGISTRY_CODE:hex,BUILDER_SERVICE_API_KEY:hex,COOKIE_SESSION_SECRET:hex,DELTA_SERVICE_API_KEY:hex,DIGITIZER_API_KEY:hex,GEOIP_LICENCE_KEY:hex,GEOIP_USER_ID:hex,GIT_API_KEY:hex,IMG_S3_ACCESS_KEY:hex,IMG_S3_SECRET_KEY:hex,JF_OAUTH_APP_SECRET:hex,JSON_WEB_TOKEN_SECRET:hex,MAPS_API_KEY:hex,MIXPANEL_TOKEN:hex,MONITOR_OAUTH_COOKIE_SECRET:hex,MONITOR_SECRET_TOKEN:hex,PROXY_SERVICE_API_KEY:hex,REGISTRY2_SECRETKEY:hex,TOKEN_AUTH_BUILDER_TOKEN:hex,VPN_GUEST_API_KEY:hex,VPN_SERVICE_API_KEY:hex,API_VPN_SERVICE_API_KEY:API_SERVICE_API_KEY,DELTA_API_KEY:DELTA_SERVICE_API_KEY,DELTA_S3_KEY:IMG_S3_ACCESS_KEY,DELTA_S3_SECRET:IMG_S3_SECRET_KEY,GIT_SERVICE_API_KEY:GIT_API_KEY,MDNS_API_TOKEN:PROXY_SERVICE_API_KEY,REGISTRY2_TOKEN:TOKEN_AUTH_BUILDER_TOKEN,S3_MINIO_ACCESS_KEY:IMG_S3_ACCESS_KEY,S3_MINIO_SECRET_KEY:IMG_S3_SECRET_KEY,S3_MINIO_ACCESS_KEY:REGISTRY2_S3_KEY,S3_MINIO_SECRET_KEY:REGISTRY2_S3_SECRET,WEBRESOURCES_S3_ACCESS_KEY:IMG_S3_ACCESS_KEY,WEBRESOURCES_S3_SECRET_KEY:IMG_S3_SECRET_KEY}
LOCK_TIMEOUT=${LOCK_TIMEOUT:-300}

declare -A HOST_ENVVARS
hosts_config=($(echo "${HOSTS_CONFIG}" | tr ',' ' '))
Expand Down Expand Up @@ -65,20 +66,44 @@ function cleanup() {
}
trap 'cleanup' EXIT

function get_lock_age {
if [[ -d "$(dirname "${CONF}")" ]]; then
if [[ -f "${CONF}.lock" ]]; then
echo "$(( $(date +%s) - $(date -r "${CONF}.lock" +%s) ))"
fi
fi
}

function set_update_lock {
if [[ -d "$(dirname "${CONF}")" ]]; then
echo "create lockfile ${CONF}.lock with ${LOCK_TIMEOUT}s age timeout"
lockfile "${CONF}.lock"
fi
}

function check_update_lock() {
if [[ -d "$(dirname "${CONF}")" ]]; then
[[ -f "${CONF}.lock" ]] || return 0
if [[ -f "${CONF}.lock" ]]; then
# remove stale lockfile
if [[ $(get_lock_age) -gt $LOCK_TIMEOUT ]]; then
remove_update_lock
return 0
fi
return 1
else
return 0
fi
! test -f "${CONF}.lock"
fi
}

function remove_update_lock() {
if [[ -d "$(dirname "${CONF}")" ]]; then
if [[ -f "${CONF}.lock" ]]; then
lock_age="$(get_lock_age)"
echo "remove lockfile ${CONF}.lock, aged ${lock_age}s"
fi
fi
rm -f "${CONF}.lock"
}

Expand Down

0 comments on commit 1bc8fc9

Please sign in to comment.