RHDH: Fix post start script (#8921)

* RHDH: Fix post start script * update
redhat-cop · Dec 11, 2024 · 07a685a · 07a685a
1 parent b0c67aa
commit 07a685a
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 25 deletions.
diff --git a/...es_ocp_workloads/ocp4_workload_redhat_developer_hub/templates/cronjob-vault-es-fix.yml.j2 b/...es_ocp_workloads/ocp4_workload_redhat_developer_hub/templates/cronjob-vault-es-fix.yml.j2
@@ -21,22 +21,28 @@ spec:
               - '-ec'
               - >-
                 while true; do
-                  oc exec vault-0 -n vault -c vault -- /bin/bash -c "ls" > /dev/null 2>&1;
-                  if [[ $? == 0 ]]; then
+                  VAULT_POD_PHASE=$(oc get pod vault-0 -n vault --no-headers --ignore-not-found=true --output json | jq -r .status.phase);
+                  echo 'Vault pod status: ' $VAULT_POD_PHASE
+                  if [[ ! -z "${VAULT_POD_PHASE}" ]] && [ "${VAULT_POD_PHASE}" == "Running" ]; then
                     break;
-                  else
-                    sleep 5;
                   fi
+                  sleep 5
                 done
 
-                VAULT_SEALED=$(oc exec vault-0 -n vault -- /bin/bash -c "vault status -format=json" | jq -r '.sealed')
-
-                echo 'Vault sealed: ' $VAULT_SEALED
-
-                if [[ "${VAULT_SEALED}" == "true"  ]]; then
-                  echo 'Unsealing vault...'
-                  oc exec vault-0 -n vault -- /bin/bash -c "cat /vault/data/unseal.sh 2>/dev/null && sh /vault/data/unseal.sh || echo ''"
-                fi
+                while true; do
+                  VAULT_SEALED=$(oc exec vault-0 -n vault -- /bin/bash -c "vault status -format=json" | jq -r '.sealed')
+                  echo 'Vault sealed: ' $VAULT_SEALED
+                  if [[ ! -z "${VAULT_SEALED}" ]]; then
+                    if [[ "${VAULT_SEALED}" == "true" ]]; then
+                      echo 'Unsealing vault...'
+                      oc exec vault-0 -n vault -- /bin/bash -c "cat /vault/data/unseal.sh 2>/dev/null && sh /vault/data/unseal.sh || echo ''"
+                      break;
+                    elif [[ "${VAULT_SEALED}" == "false" ]]; then
+                      break;
+                    fi
+                  fi
+                  sleep 5
+                done
 
                 SECRET_STORE_STATUS=$(oc get ClusterSecretStore vault-secret-store --no-headers | awk '{ print $3}')
 

diff --git a/...orkloads/ocp4_workload_trusted_application_pipeline/templates/cronjob-vault-es-fix.yml.j2 b/...orkloads/ocp4_workload_trusted_application_pipeline/templates/cronjob-vault-es-fix.yml.j2
@@ -21,24 +21,29 @@ spec:
               - '-ec'
               - >-
                 while true; do
-                  VAULT=$(oc get statefulset vault -n vault --no-headers --ignore-not-found=true);
-                  if [[ ! -z "${VAULT}" ]]; then
-                    VAULT_STATUS=$(echo $VAULT | awk '{print $2}');
-                    if [[ "${VAULT_STATUS}" == "1/1" ]]; then
+                  VAULT_POD_PHASE=$(oc get pod vault-0 -n vault --no-headers --ignore-not-found=true --output json | jq -r .status.phase);
+                  echo 'Vault pod status: ' $VAULT_POD_PHASE
+                  if [[ ! -z "${VAULT_POD_PHASE}" ]] && [ "${VAULT_POD_PHASE}" == "Running" ]; then
+                    break;
+                  fi
+                  sleep 5
+                done
+
+                while true; do
+                  VAULT_SEALED=$(oc exec vault-0 -n vault -- /bin/bash -c "vault status -format=json" | jq -r '.sealed')
+                  echo 'Vault sealed: ' $VAULT_SEALED
+                  if [[ ! -z "${VAULT_SEALED}" ]]; then
+                    if [[ "${VAULT_SEALED}" == "true" ]]; then
+                      echo 'Unsealing vault...'
+                      oc exec vault-0 -n vault -- /bin/bash -c "cat /vault/data/unseal.sh 2>/dev/null && sh /vault/data/unseal.sh || echo ''"
+                      break;
+                    elif [[ "${VAULT_SEALED}" == "false" ]]; then
                       break;
                     fi
                   fi
+                  sleep 5
                 done
 
-                VAULT_SEALED=$(oc exec vault-0 -n vault -- /bin/bash -c "vault status -format=json" | jq -r '.sealed')
-
-                echo 'Vault sealed: ' $VAULT_SEALED
-
-                if [[ "${VAULT_SEALED}" == "true"  ]]; then
-                  echo 'Unsealing vault...'
-                  oc exec vault-0 -n vault -- /bin/bash -c "cat /vault/data/unseal.sh 2>/dev/null && sh /vault/data/unseal.sh || echo ''"
-                fi
-
                 SECRET_STORE_STATUS=$(oc get ClusterSecretStore vault-secret-store --no-headers | awk '{ print $3}')
 
                 echo 'Secret Store Status: ' $SECRET_STORE_STATUS