From 1b3c13e3a621d3b8ce97df4927b9d2effe93284b Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Wed, 3 Sep 2025 11:34:17 +0200 Subject: [PATCH 1/3] try out restart policy change on one container --- roles/myconext/tasks/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/myconext/tasks/main.yml b/roles/myconext/tasks/main.yml index 469a7c847..c1e1aded6 100644 --- a/roles/myconext/tasks/main.yml +++ b/roles/myconext/tasks/main.yml @@ -128,7 +128,8 @@ name: myconextserver image: ghcr.io/openconext/openconext-myconext/myconext-server:{{ myconext_server_version }} pull: true - restart_policy: "always" + restart_policy: "on-failure" + restart_retries: 3 state: started env: USE_SYSTEM_CA_CERTS: "1" From 3e8a14c1b49f92f7811328f9c65f97578dabf968 Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Thu, 4 Sep 2025 11:46:07 +0200 Subject: [PATCH 2/3] fix restart policy test2 java ccontainers --- roles/dashboard/defaults/main.yml | 2 ++ roles/dashboard/tasks/main.yml | 3 ++- roles/invite/defaults/main.yml | 2 ++ roles/invite/tasks/main.yml | 3 ++- roles/manage/defaults/main.yml | 2 ++ roles/manage/tasks/main.yml | 3 ++- roles/myconext/defaults/main.yml | 2 ++ roles/myconext/tasks/main.yml | 4 ++-- roles/oidc-playground/defaults/main.yml | 2 ++ roles/oidc-playground/tasks/main.yml | 4 ++-- roles/oidcng/defaults/main.yml | 2 ++ roles/oidcng/tasks/main.yml | 3 ++- roles/openaccess/defaults/main.yml | 3 +++ roles/openaccess/tasks/main.yml | 3 ++- roles/pdp/defaults/main.yml | 2 ++ roles/pdp/tasks/main.yml | 3 ++- roles/teams/defaults/main.yml | 2 ++ roles/teams/tasks/main.yml | 3 ++- roles/voot/defaults/main.yml | 2 ++ roles/voot/tasks/main.yml | 3 ++- 20 files changed, 41 insertions(+), 12 deletions(-) create mode 100644 roles/openaccess/defaults/main.yml diff --git a/roles/dashboard/defaults/main.yml b/roles/dashboard/defaults/main.yml index 1a2678d68..c367b0c84 100644 --- a/roles/dashboard/defaults/main.yml +++ b/roles/dashboard/defaults/main.yml @@ -1,2 +1,4 @@ dashboard_organization: SURFconext dashboard_hide_tabs: none +dashboard_server_restart_policy: always +dashboard_server_restart_retries: 3 diff --git a/roles/dashboard/tasks/main.yml b/roles/dashboard/tasks/main.yml index 1a904966f..cffc075cc 100644 --- a/roles/dashboard/tasks/main.yml +++ b/roles/dashboard/tasks/main.yml @@ -27,7 +27,8 @@ TZ: "{{ timezone }}" image: ghcr.io/openconext/openconext-dashboard/dashboard-server:{{ dashboard_server_version }} pull: true - restart_policy: "always" + restart_policy: "{{ dashboard_server_restart_policy }}" + restart_retries: "{{ dashboard_server_restart_retries }}" # Only for restart policy on-failure state: started networks: - name: "loadbalancer" diff --git a/roles/invite/defaults/main.yml b/roles/invite/defaults/main.yml index d6fcaa208..ff194ad42 100644 --- a/roles/invite/defaults/main.yml +++ b/roles/invite/defaults/main.yml @@ -18,3 +18,5 @@ invite_cronjobmaster: true invite_logback_json: true invite_docker_networks: - name: loadbalancer +invite_server_restart_policy: always +invite_server_restart_retries: 3 diff --git a/roles/invite/tasks/main.yml b/roles/invite/tasks/main.yml index d32796d8f..974975db1 100644 --- a/roles/invite/tasks/main.yml +++ b/roles/invite/tasks/main.yml @@ -63,7 +63,8 @@ TZ: "{{ timezone }}" image: ghcr.io/openconext/openconext-invite/inviteserver:{{ invite_server_version }} pull: true - restart_policy: "always" + restart_policy: "{{ invite_server_restart_policy }}" + restart_retries: "{{ invite_server_restart_retries }}" # Only for restart policy on-failure state: started networks: "{{ invite_docker_networks }}" mounts: diff --git a/roles/manage/defaults/main.yml b/roles/manage/defaults/main.yml index bb53ccc23..1474fe837 100644 --- a/roles/manage/defaults/main.yml +++ b/roles/manage/defaults/main.yml @@ -34,3 +34,5 @@ manage_tabs_enabled: - organisation manage_docker_networks: - name: loadbalancer +manage_server_restart_policy: always +manage_server_restart_retries: 3 diff --git a/roles/manage/tasks/main.yml b/roles/manage/tasks/main.yml index 5181c742d..35c20b29a 100644 --- a/roles/manage/tasks/main.yml +++ b/roles/manage/tasks/main.yml @@ -100,7 +100,8 @@ image: ghcr.io/openconext/openconext-manage/manage-server:{{ manage_server_version }} entrypoint: /__cacert_entrypoint.sh pull: true - restart_policy: "always" + restart_policy: "{{ manage_server_restart_policy }}" + restart_retries: "{{ manage_server_restart_retries }}" # Only for restart policy on-failure state: started networks: "{{ manage_docker_networks }}" mounts: diff --git a/roles/myconext/defaults/main.yml b/roles/myconext/defaults/main.yml index 3c6a21613..3ea866739 100644 --- a/roles/myconext/defaults/main.yml +++ b/roles/myconext/defaults/main.yml @@ -3,3 +3,5 @@ myconext_cronjobmaster: true myconext_logback_json: true myconext_docker_networks: - name: loadbalancer +myconext_server_restart_policy: always +myconext_server_restart_retries: 3 diff --git a/roles/myconext/tasks/main.yml b/roles/myconext/tasks/main.yml index c1e1aded6..9689ff47e 100644 --- a/roles/myconext/tasks/main.yml +++ b/roles/myconext/tasks/main.yml @@ -128,8 +128,8 @@ name: myconextserver image: ghcr.io/openconext/openconext-myconext/myconext-server:{{ myconext_server_version }} pull: true - restart_policy: "on-failure" - restart_retries: 3 + restart_policy: "{{ myconext_server_restart_policy }}" + restart_retries: "{{ myconext_server_restart_retries }}" # Only for restart policy on-failure state: started env: USE_SYSTEM_CA_CERTS: "1" diff --git a/roles/oidc-playground/defaults/main.yml b/roles/oidc-playground/defaults/main.yml index 58cb18672..86db0a324 100644 --- a/roles/oidc-playground/defaults/main.yml +++ b/roles/oidc-playground/defaults/main.yml @@ -1 +1,3 @@ oidc_playground_dir: /opt/openconext/oidc-playground +oidc_playground_server_restart_policy: always +oidc_playground_server_restart_retries: 3 diff --git a/roles/oidc-playground/tasks/main.yml b/roles/oidc-playground/tasks/main.yml index 48afef265..c969ee246 100644 --- a/roles/oidc-playground/tasks/main.yml +++ b/roles/oidc-playground/tasks/main.yml @@ -27,8 +27,8 @@ TZ: "{{ timezone }}" image: ghcr.io/openconext/openconext-oidc-playground/oidc-playground-server:{{ oidc_playground_server_version }} pull: true - restart_policy: "always" - state: started + restart_policy: "{{ oidc_playground_server_restart_policy }}" + restart_retries: "{{ oidc_playground_server_restart_retries }}" # Only for restart policy on-failure networks: - name: "loadbalancer" mounts: diff --git a/roles/oidcng/defaults/main.yml b/roles/oidcng/defaults/main.yml index 44641c6c1..2987c34ba 100644 --- a/roles/oidcng/defaults/main.yml +++ b/roles/oidcng/defaults/main.yml @@ -21,3 +21,5 @@ oidcng_manage_provision_samlsp_sign: "True" oidcng_manage_provision_samlsp_trusted_proxy: "True" oidcng_docker_networks: - name: loadbalancer +oidcng_server_restart_policy: always +oidcng_server_restart_retries: 3 diff --git a/roles/oidcng/tasks/main.yml b/roles/oidcng/tasks/main.yml index fa35fac7c..a306fa7f1 100644 --- a/roles/oidcng/tasks/main.yml +++ b/roles/oidcng/tasks/main.yml @@ -101,7 +101,8 @@ image: ghcr.io/openconext/openconext-oidcng/oidcng:{{ oidcng_version }} entrypoint: /__cacert_entrypoint.sh pull: true - restart_policy: "always" + restart_policy: "{{ oidcng_server_restart_policy }}" + restart_retries: "{{ oidcng_server_restart_retries }}" # Only for restart policy on-failure state: started networks: "{{ oidcng_docker_networks }}" mounts: diff --git a/roles/openaccess/defaults/main.yml b/roles/openaccess/defaults/main.yml new file mode 100644 index 000000000..3b4158d92 --- /dev/null +++ b/roles/openaccess/defaults/main.yml @@ -0,0 +1,3 @@ +--- +openaccess_server_restart_policy: always +openaccess_server_restart_retries: 3 diff --git a/roles/openaccess/tasks/main.yml b/roles/openaccess/tasks/main.yml index 30ffc9fad..c3cfb6e4a 100644 --- a/roles/openaccess/tasks/main.yml +++ b/roles/openaccess/tasks/main.yml @@ -33,7 +33,8 @@ TZ: "{{ timezone }}" image: ghcr.io/openconext/openconext-access/accessserver:{{ openconextaccess_server_version }} pull: true - restart_policy: "always" + restart_policy: "{{ openaccess_server_restart_policy }}" + restart_retries: "{{ openaccess_server_restart_retries }}" # Only for restart policy on-failure state: started networks: - name: "loadbalancer" diff --git a/roles/pdp/defaults/main.yml b/roles/pdp/defaults/main.yml index 782635029..8023613b1 100644 --- a/roles/pdp/defaults/main.yml +++ b/roles/pdp/defaults/main.yml @@ -23,3 +23,5 @@ pdp_spring_flyway_enabled: true pdp_manage_push_testmode: true pdp_docker_networks: - name: loadbalancer +pdp_server_restart_policy: always +pdp_server_restart_retries: 3 diff --git a/roles/pdp/tasks/main.yml b/roles/pdp/tasks/main.yml index 2933eb586..f0266493b 100644 --- a/roles/pdp/tasks/main.yml +++ b/roles/pdp/tasks/main.yml @@ -34,7 +34,8 @@ TZ: "{{ timezone }}" image: ghcr.io/openconext/openconext-pdp/pdp-server:{{ pdp_server_version }} pull: true - restart_policy: "always" + restart_policy: "{{ pdp_server_restart_policy }}" + restart_retries: "{{ pdp_server_restart_retries }}" # Only for restart policy on-failure state: started networks: "{{ pdp_docker_networks }}" mounts: diff --git a/roles/teams/defaults/main.yml b/roles/teams/defaults/main.yml index 60d344650..1436c45e4 100644 --- a/roles/teams/defaults/main.yml +++ b/roles/teams/defaults/main.yml @@ -29,3 +29,5 @@ teams_manage_provision_samlsp_sign: false teams_spring_flyway_enabled: true teams_docker_networks: - name: "loadbalancer" +teams_server_restart_policy: always +teams_server_restart_retries: 3 diff --git a/roles/teams/tasks/main.yml b/roles/teams/tasks/main.yml index 2e250d0af..498c99d4c 100644 --- a/roles/teams/tasks/main.yml +++ b/roles/teams/tasks/main.yml @@ -33,7 +33,8 @@ TZ: "{{ timezone }}" image: ghcr.io/openconext/openconext-teams-ng/teams-server:{{ teams_server_version }} pull: true - restart_policy: "always" + restart_policy: "{{ teams_server_restart_policy }}" + restart_retries: "{{ teams_server_restart_retries }}" # Only for restart policy on-failure state: started networks: "{{ teams_docker_networks }}" mounts: diff --git a/roles/voot/defaults/main.yml b/roles/voot/defaults/main.yml index a22394b56..5661cbf95 100644 --- a/roles/voot/defaults/main.yml +++ b/roles/voot/defaults/main.yml @@ -4,3 +4,5 @@ voot_manage_provision_oauth_rs_rp_secret: "{{ voot.oidcng_checkToken_secret }}" voot_manage_provision_oauth_rs_name_en: "{{ instance_name }} VOOT Resource Server" voot_manage_provision_oauth_rs_description_en: "The VOOT API is for group membership information" voot_manage_provision_oauth_rs_scopes: "groups" +voot_server_restart_policy: always +voot_server_restart_retries: 3 diff --git a/roles/voot/tasks/main.yml b/roles/voot/tasks/main.yml index 15403e587..978106249 100644 --- a/roles/voot/tasks/main.yml +++ b/roles/voot/tasks/main.yml @@ -27,7 +27,8 @@ TZ: "{{ timezone }}" image: ghcr.io/openconext/openconext-voot/voot:{{ voot_version }} pull: true - restart_policy: "always" + restart_policy: "{{ voot_server_restart_policy }}" + restart_retries: "{{ voot_server_restart_retries }}" # Only for restart policy on-failure state: started networks: - name: "loadbalancer" From 6ac44f884697d80861b9efd5644351caa9b77095 Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Fri, 5 Sep 2025 13:49:39 +0200 Subject: [PATCH 3/3] defaults to 0, exception is 3 --- roles/dashboard/defaults/main.yml | 2 +- roles/invite/defaults/main.yml | 2 +- roles/manage/defaults/main.yml | 2 +- roles/myconext/defaults/main.yml | 2 +- roles/oidc-playground/defaults/main.yml | 2 +- roles/oidcng/defaults/main.yml | 2 +- roles/openaccess/defaults/main.yml | 2 +- roles/pdp/defaults/main.yml | 2 +- roles/teams/defaults/main.yml | 2 +- roles/voot/defaults/main.yml | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/roles/dashboard/defaults/main.yml b/roles/dashboard/defaults/main.yml index c367b0c84..e18cfbac3 100644 --- a/roles/dashboard/defaults/main.yml +++ b/roles/dashboard/defaults/main.yml @@ -1,4 +1,4 @@ dashboard_organization: SURFconext dashboard_hide_tabs: none dashboard_server_restart_policy: always -dashboard_server_restart_retries: 3 +dashboard_server_restart_retries: 0 diff --git a/roles/invite/defaults/main.yml b/roles/invite/defaults/main.yml index ff194ad42..a32f7600a 100644 --- a/roles/invite/defaults/main.yml +++ b/roles/invite/defaults/main.yml @@ -19,4 +19,4 @@ invite_logback_json: true invite_docker_networks: - name: loadbalancer invite_server_restart_policy: always -invite_server_restart_retries: 3 +invite_server_restart_retries: 0 diff --git a/roles/manage/defaults/main.yml b/roles/manage/defaults/main.yml index 1474fe837..41c6f34d4 100644 --- a/roles/manage/defaults/main.yml +++ b/roles/manage/defaults/main.yml @@ -35,4 +35,4 @@ manage_tabs_enabled: manage_docker_networks: - name: loadbalancer manage_server_restart_policy: always -manage_server_restart_retries: 3 +manage_server_restart_retries: 0 diff --git a/roles/myconext/defaults/main.yml b/roles/myconext/defaults/main.yml index 3ea866739..3e8c209c4 100644 --- a/roles/myconext/defaults/main.yml +++ b/roles/myconext/defaults/main.yml @@ -4,4 +4,4 @@ myconext_logback_json: true myconext_docker_networks: - name: loadbalancer myconext_server_restart_policy: always -myconext_server_restart_retries: 3 +myconext_server_restart_retries: 0 diff --git a/roles/oidc-playground/defaults/main.yml b/roles/oidc-playground/defaults/main.yml index 86db0a324..91c4346a8 100644 --- a/roles/oidc-playground/defaults/main.yml +++ b/roles/oidc-playground/defaults/main.yml @@ -1,3 +1,3 @@ oidc_playground_dir: /opt/openconext/oidc-playground oidc_playground_server_restart_policy: always -oidc_playground_server_restart_retries: 3 +oidc_playground_server_restart_retries: 0 diff --git a/roles/oidcng/defaults/main.yml b/roles/oidcng/defaults/main.yml index 2987c34ba..3dcbd97b3 100644 --- a/roles/oidcng/defaults/main.yml +++ b/roles/oidcng/defaults/main.yml @@ -22,4 +22,4 @@ oidcng_manage_provision_samlsp_trusted_proxy: "True" oidcng_docker_networks: - name: loadbalancer oidcng_server_restart_policy: always -oidcng_server_restart_retries: 3 +oidcng_server_restart_retries: 0 diff --git a/roles/openaccess/defaults/main.yml b/roles/openaccess/defaults/main.yml index 3b4158d92..ba813a4c8 100644 --- a/roles/openaccess/defaults/main.yml +++ b/roles/openaccess/defaults/main.yml @@ -1,3 +1,3 @@ --- openaccess_server_restart_policy: always -openaccess_server_restart_retries: 3 +openaccess_server_restart_retries: 0 diff --git a/roles/pdp/defaults/main.yml b/roles/pdp/defaults/main.yml index 8023613b1..902c68c6e 100644 --- a/roles/pdp/defaults/main.yml +++ b/roles/pdp/defaults/main.yml @@ -24,4 +24,4 @@ pdp_manage_push_testmode: true pdp_docker_networks: - name: loadbalancer pdp_server_restart_policy: always -pdp_server_restart_retries: 3 +pdp_server_restart_retries: 0 diff --git a/roles/teams/defaults/main.yml b/roles/teams/defaults/main.yml index 1436c45e4..c0e6deeb3 100644 --- a/roles/teams/defaults/main.yml +++ b/roles/teams/defaults/main.yml @@ -30,4 +30,4 @@ teams_spring_flyway_enabled: true teams_docker_networks: - name: "loadbalancer" teams_server_restart_policy: always -teams_server_restart_retries: 3 +teams_server_restart_retries: 0 diff --git a/roles/voot/defaults/main.yml b/roles/voot/defaults/main.yml index 5661cbf95..503efce44 100644 --- a/roles/voot/defaults/main.yml +++ b/roles/voot/defaults/main.yml @@ -5,4 +5,4 @@ voot_manage_provision_oauth_rs_name_en: "{{ instance_name }} VOOT Resource Serve voot_manage_provision_oauth_rs_description_en: "The VOOT API is for group membership information" voot_manage_provision_oauth_rs_scopes: "groups" voot_server_restart_policy: always -voot_server_restart_retries: 3 +voot_server_restart_retries: 0