dind: ensure node certs are generated serially

The cert gen commands are not intended to be run concurrently.
openshift · Oct 11, 2016 · 58230c2 · 58230c2
1 parent 606716e
commit 58230c2
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/images/dind/node/openshift-generate-node-config.sh b/images/dind/node/openshift-generate-node-config.sh
@@ -8,6 +8,14 @@ source /usr/local/bin/openshift-dind-lib.sh
 # Should set OPENSHIFT_NETWORK_PLUGIN
 source /data/network-plugin
 
+function os::dind::lock() {
+  local config_path=$1
+
+  exec 200>"${config_path}"/.openshift-generate-node-config.exclusivelock
+
+  flock -n 200
+}
+
 function ensure-node-config() {
   local deployed_config_path="/var/lib/origin/openshift.local.config/node"
   local deployed_config_file="${deployed_config_path}/node-config.yaml"
@@ -40,6 +48,10 @@ function ensure-node-config() {
     local ip_addr
     ip_addr="$(ip addr | grep inet | grep eth0 | awk '{print $2}' | sed -e 's+/.*++')"
 
+    # Wait for the node cert gen lock to be held
+    local condition="lock ${config_path}"
+    os::util::wait-for-condition "cert gen lock" "${condition}" "${OS_WAIT_FOREVER}"
+
     /usr/local/bin/openshift admin create-node-config \
       --node-dir="${config_path}" \
       --node="${host}" \