diff --git a/gen3/bin/api.sh b/gen3/bin/api.sh index 4a11c0b7c..5e816d604 100644 --- a/gen3/bin/api.sh +++ b/gen3/bin/api.sh @@ -68,7 +68,9 @@ gen3_access_token() { if [ "$skip_cache" != "true" ]; then gen3_access_token_from_cache "$username" && return 0 fi - g3kubectl exec -c fence $(gen3 pod fence) -- fence-create token-create --scopes openid,user,fence,data,credentials,google_service_account --type access_token --exp ${exp} --username ${username} | tail -1 | gen3_access_token_to_cache "$username" + # Adding a fallback to `poetry run fence-create` to cater to fence containers with amazon linux. + g3kubectl exec -c fence $(gen3 pod fence) -- fence-create token-create --scopes openid,user,fence,data,credentials,google_service_account --type access_token --exp ${exp} --username ${username} | tail -1 | gen3_access_token_to_cache "$username" || \ + g3kubectl exec -c fence $(gen3 pod fence) -- poetry run fence-create token-create --scopes openid,user,fence,data,credentials,google_service_account --type access_token --exp ${exp} --username ${username} | tail -1 | gen3_access_token_to_cache "$username" } # diff --git a/gen3/bin/dcf.sh b/gen3/bin/dcf.sh index cc4481281..114fc00c5 100644 --- a/gen3/bin/dcf.sh +++ b/gen3/bin/dcf.sh @@ -218,9 +218,14 @@ create_gs_bucket() { echo "Start creating gs bucket ...." if [[ $public == "controlled" ]]; then - g3kubectl exec -c fence $(get_pod fence) -- fence-create google-bucket-create --unique-name $bucket_name --storage-class MULTI_REGIONAL --public False --project-auth-id $phsid --access-logs-bucket dcf-logs + # Adding a fallback to `poetry run fence-create` to cater to fence containers with amazon linux. + g3kubectl exec -c fence $(get_pod fence) -- fence-create google-bucket-create --unique-name $bucket_name --storage-class MULTI_REGIONAL --public False --project-auth-id $phsid --access-logs-bucket dcf-logs || \ + g3kubectl exec -c fence $(get_pod fence) -- poetry run fence-create google-bucket-create --unique-name $bucket_name --storage-class MULTI_REGIONAL --public False --project-auth-id $phsid --access-logs-bucket dcf-logs + elif [[ $public == "public" ]]; then - g3kubectl exec -c fence $(get_pod fence) -- fence-create google-bucket-create --unique-name $bucket_name --storage-class MULTI_REGIONAL --public True --access-logs-bucket dcf-logs + # Adding a fallback to `poetry run fence-create` to cater to fence containers with amazon linux. + g3kubectl exec -c fence $(get_pod fence) -- fence-create google-bucket-create --unique-name $bucket_name --storage-class MULTI_REGIONAL --public True --access-logs-bucket dcf-logs || \ + g3kubectl exec -c fence $(get_pod fence) -- poetry run fence-create google-bucket-create --unique-name $bucket_name --storage-class MULTI_REGIONAL --public True --access-logs-bucket dcf-logs else echo "Can not create the bucket. $public is not supported" exit 1 diff --git a/gen3/bin/kube-setup-apache-guacamole.sh b/gen3/bin/kube-setup-apache-guacamole.sh index 31193c526..eac12e58e 100644 --- a/gen3/bin/kube-setup-apache-guacamole.sh +++ b/gen3/bin/kube-setup-apache-guacamole.sh @@ -11,12 +11,21 @@ export namespace=$(gen3 api namespace) new_client() { gen3_log_info "kube-setup-apache-guacamole" "creating fence oidc client for Apache Guacamole" local fence_client="guacamole" - local secrets=$(g3kubectl exec -c fence $(gen3 pod fence) -- fence-create client-create --client $fence_client --urls https://${hostname}/guac/guacamole/#/ --username guacamole --auto-approve --public --external --allowed-scopes openid profile email user | tail -1) + # Adding a fallback to `poetry run fence-create` to cater to fence containers with amazon linux. + + local secrets=$( + (g3kubectl exec -c fence $(gen3 pod fence) -- fence-create client-create --client $fence_client --urls https://${hostname}/guac/guacamole/#/ --username guacamole --auto-approve --public --external --allowed-scopes openid profile email user | tail -1) 2>/dev/null || \ + g3kubectl exec -c fence $(gen3 pod fence) -- poetry run fence-create client-create --client $fence_client --urls https://${hostname}/guac/guacamole/#/ --username guacamole --auto-approve --public --external --allowed-scopes openid profile email user | tail -1 + ) # secrets looks like ('CLIENT_ID', 'CLIENT_SECRET') if [[ ! $secrets =~ (\'(.*)\', None) ]]; then # try delete client - g3kubectl exec -c fence $(gen3 pod fence) -- fence-create client-delete --client $fence_client > /dev/null 2>&1 - secrets=$(g3kubectl exec -c fence $(gen3 pod fence) -- fence-create client-create --client $fence_client --urls https://${hostname}/guac/guacamole/#/ --username guacamole --auto-approve --public --external --allowed-scopes openid profile email user | tail -1) + g3kubectl exec -c fence $(gen3 pod fence) -- fence-create client-delete --client $fence_client > /dev/null 2>&1 || \ + g3kubectl exec -c fence $(gen3 pod fence) -- poetry run fence-create client-delete --client $fence_client > /dev/null 2>&1 + secrets=$( + (g3kubectl exec -c fence $(gen3 pod fence) -- fence-create client-create --client $fence_client --urls https://${hostname}/guac/guacamole/#/ --username guacamole --auto-approve --public --external --allowed-scopes openid profile email user | tail -1) 2>/dev/null || \ + g3kubectl exec -c fence $(gen3 pod fence) -- poetry run fence-create client-create --client $fence_client --urls https://${hostname}/guac/guacamole/#/ --username guacamole --auto-approve --public --external --allowed-scopes openid profile email user | tail -1 + ) if [[ ! $secrets =~ (\'(.*)\', None) ]]; then gen3_log_err "kube-setup-apache-guacamole" "Failed generating oidc client for guacamole: $secrets" return 1 diff --git a/gen3/bin/kube-setup-cedar-wrapper.sh b/gen3/bin/kube-setup-cedar-wrapper.sh index a56bebc40..d0586fdd5 100644 --- a/gen3/bin/kube-setup-cedar-wrapper.sh +++ b/gen3/bin/kube-setup-cedar-wrapper.sh @@ -5,9 +5,15 @@ create_client_and_secret() { local hostname=$(gen3 api hostname) local client_name="cedar_ingest_client" gen3_log_info "kube-setup-cedar-wrapper" "creating fence ${client_name} for $hostname" + +# Adding a fallback to `poetry run fence-create` to cater to fence containers with amazon linux. # delete any existing fence cedar clients - g3kubectl exec -c fence $(gen3 pod fence) -- fence-create client-delete --client ${client_name} > /dev/null 2>&1 - local secrets=$(g3kubectl exec -c fence $(gen3 pod fence) -- fence-create client-create --client ${client_name} --grant-types client_credentials | tail -1) + g3kubectl exec -c fence $(gen3 pod fence) -- fence-create client-delete --client ${client_name} > /dev/null 2>&1 || \ + g3kubectl exec -c fence $(gen3 pod fence) -- poetry run fence-create client-delete --client ${client_name} > /dev/null 2>&1 + local secrets=$( + (g3kubectl exec -c fence $(gen3 pod fence) -- fence-create client-create --client ${client_name} --grant-types client_credentials | tail -1) 2>/dev/null || \ + g3kubectl exec -c fence $(gen3 pod fence) -- poetry run fence-create client-create --client ${client_name} --grant-types client_credentials | tail -1 + ) # secrets looks like ('CLIENT_ID', 'CLIENT_SECRET') if [[ ! $secrets =~ (\'(.*)\', \'(.*)\') ]]; then gen3_log_err "kube-setup-cedar-wrapper" "Failed generating ${client_name}" @@ -36,7 +42,10 @@ setup_creds() { fi local client_name="cedar_ingest_client" - local client_list=$(g3kubectl exec -c fence $(gen3 pod fence) -- fence-create client-list) + local client_list=$( + (g3kubectl exec -c fence $(gen3 pod fence) -- fence-create client-list) 2>/dev/null || \ + g3kubectl exec -c fence $(gen3 pod fence) -- poetry run fence-create client-list + ) local client_count=$(echo "$client_list=" | grep -cE "'name':.*'${client_name}'") gen3_log_info "CEDAR client count = ${client_count}" diff --git a/gen3/bin/kube-setup-metadata-delete-expired-objects-cronjob.sh b/gen3/bin/kube-setup-metadata-delete-expired-objects-cronjob.sh index 1879dc8dc..0e2699080 100644 --- a/gen3/bin/kube-setup-metadata-delete-expired-objects-cronjob.sh +++ b/gen3/bin/kube-setup-metadata-delete-expired-objects-cronjob.sh @@ -12,12 +12,22 @@ setup_config() { if [[ ! -f "$secretsFolder/config.json" ]]; then local hostname=$(gen3 api hostname) gen3_log_info "kube-setup-metadata-delete-expired-objects-job" "creating fence oidc client for $hostname" - local secrets=$(g3kubectl exec -c fence $(gen3 pod fence) -- fence-create client-create --client metadata-delete-expired-objects-job --grant-types client_credentials | tail -1) + # Adding a fallback to `poetry run fence-create` to cater to fence containers with amazon linux. + local secrets=$( + (g3kubectl exec -c fence $(gen3 pod fence) -- fence-create client-create --client metadata-delete-expired-objects-job --grant-types client_credentials | tail -1) 2>/dev/null || \ + g3kubectl exec -c fence $(gen3 pod fence) -- poetry run fence-create client-create --client metadata-delete-expired-objects-job --grant-types client_credentials | tail -1 + + ) # secrets looks like ('CLIENT_ID', 'CLIENT_SECRET') if [[ ! $secrets =~ (\'(.*)\', \'(.*)\') ]]; then # try delete client - g3kubectl exec -c fence $(gen3 pod fence) -- fence-create client-delete --client metadata-delete-expired-objects-job > /dev/null 2>&1 - secrets=$(g3kubectl exec -c fence $(gen3 pod fence) -- fence-create client-create --client metadata-delete-expired-objects-job --grant-types client_credentials | tail -1) + g3kubectl exec -c fence $(gen3 pod fence) -- fence-create client-delete --client metadata-delete-expired-objects-job > /dev/null 2>&1 || \ + g3kubectl exec -c fence $(gen3 pod fence) -- poetry run fence-create client-delete --client metadata-delete-expired-objects-job > /dev/null 2>&1 + secrets=$( + (g3kubectl exec -c fence $(gen3 pod fence) -- fence-create client-create --client metadata-delete-expired-objects-job --grant-types client_credentials | tail -1) 2>/dev/null || \ + g3kubectl exec -c fence $(gen3 pod fence) -- poetry run fence-create client-create --client metadata-delete-expired-objects-job --grant-types client_credentials | tail -1 + + ) if [[ ! $secrets =~ (\'(.*)\', \'(.*)\') ]]; then gen3_log_err "kube-setup-metadata-delete-expired-objects-job" "Failed generating oidc client: $secrets" return 1 diff --git a/gen3/bin/kube-setup-ohdsi.sh b/gen3/bin/kube-setup-ohdsi.sh index 3d8165547..b32069c36 100644 --- a/gen3/bin/kube-setup-ohdsi.sh +++ b/gen3/bin/kube-setup-ohdsi.sh @@ -11,7 +11,13 @@ export namespace=$(gen3 api namespace) new_client() { atlas_hostname="atlas.${hostname}" gen3_log_info "kube-setup-ohdsi" "creating fence oidc client for $atlas_hostname" - local secrets=$(g3kubectl exec -c fence $(gen3 pod fence) -- fence-create client-create --client atlas --urls https://${atlas_hostname}/WebAPI/user/oauth/callback?client_name=OidcClient --username atlas --allowed-scopes openid profile email user | tail -1) + + # Adding a fallback to `poetry run fence-create` to cater to fence containers with amazon linux. + local secrets=$( + (g3kubectl exec -c fence $(gen3 pod fence) -- fence-create client-create --client atlas --urls https://${atlas_hostname}/WebAPI/user/oauth/callback?client_name=OidcClient --username atlas --allowed-scopes openid profile email user | tail -1) 2>/dev/null || \ + g3kubectl exec -c fence $(gen3 pod fence) -- poetry run fence-create client-create --client atlas --urls https://${atlas_hostname}/WebAPI/user/oauth/callback?client_name=OidcClient --username atlas --allowed-scopes openid profile email user | tail -1 + + ) # secrets looks like ('CLIENT_ID', 'CLIENT_SECRET') if [[ ! $secrets =~ (\'(.*)\', \'(.*)\') ]]; then gen3_log_err "kube-setup-ohdsi" "Failed generating oidc client for atlas: $secrets" diff --git a/gen3/bin/kube-setup-pelicanjob.sh b/gen3/bin/kube-setup-pelicanjob.sh index 907b9f045..030610150 100644 --- a/gen3/bin/kube-setup-pelicanjob.sh +++ b/gen3/bin/kube-setup-pelicanjob.sh @@ -28,12 +28,20 @@ if ! g3kubectl describe secret pelicanservice-g3auto | grep config.json > /dev/n # setup fence OIDC client with client_credentials grant for access to MDS API hostname=$(gen3 api hostname) gen3_log_info "kube-setup-sower-jobs" "creating fence oidc client for $hostname" - secrets=$(g3kubectl exec -c fence $(gen3 pod fence) -- fence-create client-create --client pelican-export-job --grant-types client_credentials | tail -1) + # Adding a fallback to `poetry run fence-create` to cater to fence containers with amazon linux. + secrets=$( + (g3kubectl exec -c fence $(gen3 pod fence) -- fence-create client-create --client pelican-export-job --grant-types client_credentials | tail -1) 2>/dev/null || \ + g3kubectl exec -c fence $(gen3 pod fence) -- poetry run fence-create client-create --client pelican-export-job --grant-types client_credentials | tail -1 + ) # secrets looks like ('CLIENT_ID', 'CLIENT_SECRET') if [[ ! $secrets =~ (\'(.*)\', \'(.*)\') ]]; then # try delete client - g3kubectl exec -c fence $(gen3 pod fence) -- fence-create client-delete --client pelican-export-job > /dev/null 2>&1 - secrets=$(g3kubectl exec -c fence $(gen3 pod fence) -- fence-create client-create --client pelican-export-job --grant-types client_credentials | tail -1) + g3kubectl exec -c fence $(gen3 pod fence) -- fence-create client-delete --client pelican-export-job > /dev/null 2>&1 || \ + g3kubectl exec -c fence $(gen3 pod fence) -- poetry run fence-create client-delete --client pelican-export-job > /dev/null 2>&1 + secrets=$( + (g3kubectl exec -c fence $(gen3 pod fence) -- fence-create client-create --client pelican-export-job --grant-types client_credentials | tail -1) 2>/dev/null || \ + g3kubectl exec -c fence $(gen3 pod fence) -- poetry run fence-create client-create --client pelican-export-job --grant-types client_credentials | tail -1 + ) if [[ ! $secrets =~ (\'(.*)\', \'(.*)\') ]]; then gen3_log_err "kube-setup-sower-jobs" "Failed generating oidc client: $secrets" return 1 diff --git a/gen3/bin/kube-setup-superset.sh b/gen3/bin/kube-setup-superset.sh index 0f1219695..04cefb64d 100644 --- a/gen3/bin/kube-setup-superset.sh +++ b/gen3/bin/kube-setup-superset.sh @@ -8,12 +8,20 @@ new_client() { local hostname=$(gen3 api hostname) superset_hostname="superset.${hostname}" gen3_log_info "kube-setup-superset" "creating fence oidc client for $superset_hostname" - local secrets=$(g3kubectl exec -c fence $(gen3 pod fence) -- fence-create client-create --client superset --urls https://${superset_hostname}/oauth-authorized/fence --username superset | tail -1) + # Adding a fallback to `poetry run fence-create` to cater to fence containers with amazon linux. + local secrets=$( + (g3kubectl exec -c fence $(gen3 pod fence) -- fence-create client-create --client superset --urls https://${superset_hostname}/oauth-authorized/fence --username superset | tail -1) 2>/dev/null || \ + g3kubectl exec -c fence $(gen3 pod fence) -- poetry run fence-create client-create --client superset --urls https://${superset_hostname}/oauth-authorized/fence --username superset | tail -1 + ) # secrets looks like ('CLIENT_ID', 'CLIENT_SECRET') if [[ ! $secrets =~ (\'(.*)\', \'(.*)\') ]]; then # try delete client - g3kubectl exec -c fence $(gen3 pod fence) -- fence-create client-delete --client superset > /dev/null 2>&1 - secrets=$(g3kubectl exec -c fence $(gen3 pod fence) -- fence-create client-create --client superset --urls https://${superset_hostname}/oauth-authorized/fence --username superset | tail -1) + g3kubectl exec -c fence $(gen3 pod fence) -- fence-create client-delete --client superset > /dev/null 2>&1 || \ + g3kubectl exec -c fence $(gen3 pod fence) -- poetry run fence-create client-delete --client superset > /dev/null 2>&1 + secrets=$( + (g3kubectl exec -c fence $(gen3 pod fence) -- fence-create client-create --client superset --urls https://${superset_hostname}/oauth-authorized/fence --username superset | tail -1) 2>/dev/null || \ + g3kubectl exec -c fence $(gen3 pod fence) -- poetry run fence-create client-create --client superset --urls https://${superset_hostname}/oauth-authorized/fence --username superset | tail -1 + ) if [[ ! $secrets =~ (\'(.*)\', \'(.*)\') ]]; then gen3_log_err "kube-setup-superset" "Failed generating oidc client for superset: $secrets" return 1 diff --git a/gen3/bin/kube-setup-wts.sh b/gen3/bin/kube-setup-wts.sh index ad8211d03..a2f1608cf 100644 --- a/gen3/bin/kube-setup-wts.sh +++ b/gen3/bin/kube-setup-wts.sh @@ -14,12 +14,20 @@ gen3_load "gen3/lib/kube-setup-init" new_client() { local hostname=$(gen3 api hostname) gen3_log_info "kube-setup-wts" "creating fence oidc client for $hostname" - local secrets=$(g3kubectl exec -c fence $(gen3 pod fence) -- fence-create client-create --client wts --urls "https://${hostname}/wts/oauth2/authorize" --username wts --auto-approve | tail -1) + # Adding a fallback to `poetry run fence-create` to cater to fence containers with amazon linux. + local secrets=$( + (g3kubectl exec -c fence $(gen3 pod fence) -- fence-create client-create --client wts --urls "https://${hostname}/wts/oauth2/authorize" --username wts --auto-approve | tail -1) 1>/dev/null || \ + g3kubectl exec -c fence $(gen3 pod fence) -- poetry run fence-create client-create --client wts --urls "https://${hostname}/wts/oauth2/authorize" --username wts --auto-approve | tail -1 + ) # secrets looks like ('CLIENT_ID', 'CLIENT_SECRET') if [[ ! $secrets =~ (\'(.*)\', \'(.*)\') ]]; then # try delete client - g3kubectl exec -c fence $(gen3 pod fence) -- fence-create client-delete --client wts > /dev/null 2>&1 - secrets=$(g3kubectl exec -c fence $(gen3 pod fence) -- fence-create client-create --client wts --urls "https://${hostname}/wts/oauth2/authorize" --username wts --auto-approve | tail -1) + g3kubectl exec -c fence $(gen3 pod fence) -- fence-create client-delete --client wts > /dev/null 2>&1 || \ + g3kubectl exec -c fence $(gen3 pod fence) -- poetry run fence-create client-delete --client wts > /dev/null 2>&1 + secrets=$( + (g3kubectl exec -c fence $(gen3 pod fence) -- fence-create client-create --client wts --urls "https://${hostname}/wts/oauth2/authorize" --username wts --auto-approve | tail -1) 1>/dev/null || \ + g3kubectl exec -c fence $(gen3 pod fence) -- poetry run fence-create client-create --client wts --urls "https://${hostname}/wts/oauth2/authorize" --username wts --auto-approve | tail -1 + ) if [[ ! $secrets =~ (\'(.*)\', \'(.*)\') ]]; then gen3_log_err "kube-setup-wts" "Failed generating oidc client for workspace token service: $secrets" return 1 diff --git a/gen3/lib/testData/default/expectedFenceResult.yaml b/gen3/lib/testData/default/expectedFenceResult.yaml index 84a3a296d..85646a8fd 100644 --- a/gen3/lib/testData/default/expectedFenceResult.yaml +++ b/gen3/lib/testData/default/expectedFenceResult.yaml @@ -257,10 +257,10 @@ spec: - | echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" poetry run python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml || python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml - if fence-create migrate --help > /dev/null 2>&1; then + if (fence-create migrate --help || poetry run fence-create migrate --help) > /dev/null 2>&1; then if ! grep -E 'ENABLE_DB_MIGRATION"?: *false' /var/www/fence/fence-config.yaml; then echo "Running db migration: fence-create migrate" - fence-create migrate + fence-create migrate || poetry run fence-create migrate else echo "Db migration disabled in fence-config" fi diff --git a/gen3/lib/testData/test1.manifest.g3k/expectedFenceResult.yaml b/gen3/lib/testData/test1.manifest.g3k/expectedFenceResult.yaml index 8a3fc7c52..3fe1defaa 100644 --- a/gen3/lib/testData/test1.manifest.g3k/expectedFenceResult.yaml +++ b/gen3/lib/testData/test1.manifest.g3k/expectedFenceResult.yaml @@ -263,11 +263,11 @@ spec: - | echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" poetry run python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml || python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml - if fence-create migrate --help > /dev/null 2>&1; then + if (fence-create migrate --help || poetry run fence-create migrate --help) > /dev/null 2>&1; then if ! grep -E 'ENABLE_DB_MIGRATION"?: *false' /var/www/fence/fence-config.yaml; then echo "Running db migration: fence-create migrate" cd /fence - fence-create migrate + fence-create migrate || poetry run fence-create migrate else echo "Db migration disabled in fence-config" fi diff --git a/kube/services/argo/workflows/fence-usersync-wf.yaml b/kube/services/argo/workflows/fence-usersync-wf.yaml index 5c0eb1fb1..c2217460a 100644 --- a/kube/services/argo/workflows/fence-usersync-wf.yaml +++ b/kube/services/argo/workflows/fence-usersync-wf.yaml @@ -215,7 +215,10 @@ spec: if [[ "$SYNC_FROM_DBGAP" != True && "$ADD_DBGAP" != "true" ]]; then if [[ -f /mnt/shared/user.yaml ]]; then echo "running fence-create" - time fence-create sync --arborist http://arborist-service --yaml /mnt/shared/user.yaml + time ( + fence-create sync --arborist http://arborist-service --yaml /mnt/shared/user.yaml || \ + poetry run fence-create sync --arborist http://arborist-service --yaml /mnt/shared/user.yaml + ) else echo "/mnt/shared/user.yaml did not appear within timeout :-(" false # non-zero exit code @@ -225,10 +228,16 @@ spec: output=$(mktemp "/tmp/fence-create-output_XXXXXX") if [[ -f /mnt/shared/user.yaml && "$ONLY_DBGAP" != "true" ]]; then echo "Running fence-create dbgap-sync with user.yaml - see $output" - time fence-create sync --arborist http://arborist-service --sync_from_dbgap "True" --projects /var/www/fence/projects.yaml --yaml /mnt/shared/user.yaml 2>&1 | tee "$output" + time ( + fence-create sync --arborist http://arborist-service --sync_from_dbgap "True" --projects /var/www/fence/projects.yaml --yaml /mnt/shared/user.yaml 2>&1 | tee "$output" || \ + poetry run fence-create sync --arborist http://arborist-service --sync_from_dbgap "True" --projects /var/www/fence/projects.yaml --yaml /mnt/shared/user.yaml 2>&1 | tee "$output" + ) else echo "Running fence-create dbgap-sync without user.yaml - see $output" - time fence-create sync --arborist http://arborist-service --sync_from_dbgap "True" --projects /var/www/fence/projects.yaml 2>&1 | tee "$output" + time ( + fence-create sync --arborist http://arborist-service --sync_from_dbgap "True" --projects /var/www/fence/projects.yaml 2>&1 | tee "$output" || \ + poetry run fence-create sync --arborist http://arborist-service --sync_from_dbgap "True" --projects /var/www/fence/projects.yaml 2>&1 | tee "$output" + ) fi exitcode="${PIPESTATUS[0]}" echo "$output" diff --git a/kube/services/datasim/datasim-deploy.yaml b/kube/services/datasim/datasim-deploy.yaml index 4aa66d607..4e20a8be0 100644 --- a/kube/services/datasim/datasim-deploy.yaml +++ b/kube/services/datasim/datasim-deploy.yaml @@ -188,7 +188,10 @@ spec: sleepTime=10 # retry loop while [[ $count -lt 3 && $success == false ]]; do - if fence-create --path fence token-create --type access_token --username $SUBMISSION_USER --scopes openid,user,test-client --exp 36000 > "$tempFile"; then + if ( + fence-create --path fence token-create --type access_token --username $SUBMISSION_USER --scopes openid,user,test-client --exp 36000 || \ + poetry run fence-create --path fence token-create --type access_token --username $SUBMISSION_USER --scopes openid,user,test-client --exp 36000 + ) > "$tempFile"; then echo "fence-create success!" tail -1 "$tempFile" > /mnt/shared/access_token.txt # base64 --decode complains about invalid characters - don't know why diff --git a/kube/services/fence/fence-deploy.yaml b/kube/services/fence/fence-deploy.yaml index 6e8894a55..50128b92d 100644 --- a/kube/services/fence/fence-deploy.yaml +++ b/kube/services/fence/fence-deploy.yaml @@ -263,11 +263,11 @@ spec: - | echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" poetry run python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml || python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml - if fence-create migrate --help > /dev/null 2>&1; then + if (fence-create migrate --help || poetry run fence-create migrate --help) > /dev/null 2>&1; then if ! grep -E 'ENABLE_DB_MIGRATION"?: *false' /var/www/fence/fence-config.yaml; then echo "Running db migration: fence-create migrate" cd /fence - fence-create migrate + fence-create migrate || poetry run fence-create migrate else echo "Db migration disabled in fence-config" fi diff --git a/kube/services/jobs/client-modify-job.yaml b/kube/services/jobs/client-modify-job.yaml index 3e41ba957..5b497e117 100644 --- a/kube/services/jobs/client-modify-job.yaml +++ b/kube/services/jobs/client-modify-job.yaml @@ -125,11 +125,11 @@ spec: echo Starting to collect client list - CLIENT_LIST=$(fence-create client-list | grep "'name'") + CLIENT_LIST=$((fence-create client-list || poetry run fence-create client-list) | grep "'name'") CLIENT_LIST=${CLIENT_LIST//"'name': "/} CLIENT_LIST=${CLIENT_LIST//"'"/} CLIENT_LIST=${CLIENT_LIST//","/} - CLIENT_LIST=($(echo $CLIENT_LIST | tr " ")) + CLIENT_LIST=($(echo $CLIENT_LIST | xargs)) if [[ -z "$FIELD_NAME" ]]; then echo Cannot update field. FIELD_NAME variable must be sepcified. @@ -151,7 +151,7 @@ spec: for index in "${!CLIENT_LIST[@]}" do - $create_command --client ${CLIENT_LIST[index]} + $create_command --client ${CLIENT_LIST[index]} || poetry run $create_command --client ${CLIENT_LIST[index]} done if [[ $? != 0 ]]; then diff --git a/kube/services/jobs/fence-cleanup-expired-ga4gh-info-cronjob.yaml b/kube/services/jobs/fence-cleanup-expired-ga4gh-info-cronjob.yaml index 02b65dffc..50ed6ce33 100644 --- a/kube/services/jobs/fence-cleanup-expired-ga4gh-info-cronjob.yaml +++ b/kube/services/jobs/fence-cleanup-expired-ga4gh-info-cronjob.yaml @@ -74,7 +74,7 @@ spec: echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" poetry run python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml || python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml echo 'options use-vc' >> /etc/resolv.conf - fence-create cleanup-expired-ga4gh-information + fence-create cleanup-expired-ga4gh-information || poetry run fence-create cleanup-expired-ga4gh-information if [[ $? != 0 ]]; then echo "WARNING: non zero exit code: $?" else diff --git a/kube/services/jobs/fence-cleanup-expired-ga4gh-info-job.yaml b/kube/services/jobs/fence-cleanup-expired-ga4gh-info-job.yaml index d917d8e82..1b0c954ba 100644 --- a/kube/services/jobs/fence-cleanup-expired-ga4gh-info-job.yaml +++ b/kube/services/jobs/fence-cleanup-expired-ga4gh-info-job.yaml @@ -62,7 +62,7 @@ spec: - | echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" poetry run python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml || python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml - fence-create cleanup-expired-ga4gh-information + fence-create cleanup-expired-ga4gh-information || poetry run fence-create cleanup-expired-ga4gh-information if [[ $? != 0 ]]; then echo "WARNING: non zero exit code: $?" fi diff --git a/kube/services/jobs/fence-db-migrate-job.yaml b/kube/services/jobs/fence-db-migrate-job.yaml index b626b991b..c855481d7 100644 --- a/kube/services/jobs/fence-db-migrate-job.yaml +++ b/kube/services/jobs/fence-db-migrate-job.yaml @@ -102,7 +102,7 @@ spec: echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" poetry run python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml || python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml cd /fence - fence-create migrate + fence-create migrate || poetry run fence-create migrate if [[ $? != 0 ]]; then echo "WARNING: non zero exit code: $?" fi diff --git a/kube/services/jobs/fence-delete-expired-clients-job.yaml b/kube/services/jobs/fence-delete-expired-clients-job.yaml index 05c8e1916..36244ac58 100644 --- a/kube/services/jobs/fence-delete-expired-clients-job.yaml +++ b/kube/services/jobs/fence-delete-expired-clients-job.yaml @@ -70,9 +70,9 @@ spec: echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" poetry run python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml || python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml if [[ "$slackWebHook" =~ ^http ]]; then - fence-create client-delete-expired --slack-webhook $slackWebHook --warning-days 7 + fence-create client-delete-expired --slack-webhook $slackWebHook --warning-days 7 || poetry run fence-create client-delete-expired --slack-webhook $slackWebHook --warning-days 7 else - fence-create client-delete-expired + fence-create client-delete-expired || poetry run fence-create client-delete-expired fi exit $? restartPolicy: Never diff --git a/kube/services/jobs/fence-visa-update-cronjob.yaml b/kube/services/jobs/fence-visa-update-cronjob.yaml index 3083d10d4..88e9b1aec 100644 --- a/kube/services/jobs/fence-visa-update-cronjob.yaml +++ b/kube/services/jobs/fence-visa-update-cronjob.yaml @@ -119,7 +119,7 @@ spec: create_command+=" --concurrency $CONCURRENCY" fi - $create_command + $create_command || poetry run $create_command exitcode=$? if [ "${slackWebHook}" != 'None' ]; then diff --git a/kube/services/jobs/fence-visa-update-job.yaml b/kube/services/jobs/fence-visa-update-job.yaml index 496cba896..080e011f0 100644 --- a/kube/services/jobs/fence-visa-update-job.yaml +++ b/kube/services/jobs/fence-visa-update-job.yaml @@ -113,7 +113,7 @@ spec: create_command+=" --concurrency $CONCURRENCY" fi - $create_command + $create_command || poetry run $create_command exitcode=$? if [ "${slackWebHook}" != 'None' ]; then diff --git a/kube/services/jobs/gen3qa-check-bucket-access-job.yaml b/kube/services/jobs/gen3qa-check-bucket-access-job.yaml index d4e8c9805..585463864 100644 --- a/kube/services/jobs/gen3qa-check-bucket-access-job.yaml +++ b/kube/services/jobs/gen3qa-check-bucket-access-job.yaml @@ -140,7 +140,10 @@ spec: sleepTime=10 # retry loop while [[ $count -lt 3 && $success == false ]]; do - if fence-create --path fence token-create --type access_token --username $TEST_OPERATOR --scopes openid,user,test-client,data --exp $TOKEN_EXPIRATION > "$tempFile"; then + if ( + fence-create --path fence token-create --type access_token --username $TEST_OPERATOR --scopes openid,user,test-client,data --exp $TOKEN_EXPIRATION || \ + poetry run fence-create --path fence token-create --type access_token --username $TEST_OPERATOR --scopes openid,user,test-client,data --exp $TOKEN_EXPIRATION + ) > "$tempFile"; then echo "fence-create success!" tail -1 "$tempFile" > /mnt/shared/access_token.txt # base64 --decode complains about invalid characters - don't know why diff --git a/kube/services/jobs/gentestdata-job.yaml b/kube/services/jobs/gentestdata-job.yaml index bf40062ee..1840607f7 100644 --- a/kube/services/jobs/gentestdata-job.yaml +++ b/kube/services/jobs/gentestdata-job.yaml @@ -203,7 +203,10 @@ spec: sleepTime=10 # retry loop while [[ $count -lt 3 && $success == false ]]; do - if fence-create --path fence token-create --type access_token --username $SUBMISSION_USER --scopes openid,user,test-client --exp $TOKEN_EXPIRATION > "$tempFile"; then + if ( + fence-create --path fence token-create --type access_token --username $SUBMISSION_USER --scopes openid,user,test-client --exp $TOKEN_EXPIRATION || \ + poetry run fence-create --path fence token-create --type access_token --username $SUBMISSION_USER --scopes openid,user,test-client --exp $TOKEN_EXPIRATION + )> "$tempFile"; then echo "fence-create success!" tail -1 "$tempFile" > /mnt/shared/access_token.txt # base64 --decode complains about invalid characters - don't know why diff --git a/kube/services/jobs/google-create-bucket-job.yaml b/kube/services/jobs/google-create-bucket-job.yaml index 2fff1b4ce..7cc65f196 100644 --- a/kube/services/jobs/google-create-bucket-job.yaml +++ b/kube/services/jobs/google-create-bucket-job.yaml @@ -192,7 +192,7 @@ spec: create_command+=" --access-logs-bucket $ACCESS_LOGS_BUCKET" fi - fence-create ${create_command} + fence-create ${create_command} || poetry run fence-create ${create_command} if [[ $? != 0 ]]; then echo "WARNING: non zero exit code: $?" diff --git a/kube/services/jobs/google-delete-expired-access-cronjob.yaml b/kube/services/jobs/google-delete-expired-access-cronjob.yaml index 5ccb468cd..8087abfee 100644 --- a/kube/services/jobs/google-delete-expired-access-cronjob.yaml +++ b/kube/services/jobs/google-delete-expired-access-cronjob.yaml @@ -88,7 +88,7 @@ spec: echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" poetry run python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml || python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml echo 'options use-vc' >> /etc/resolv.conf - fence-create delete-expired-google-access + fence-create delete-expired-google-access || poetry run fence-create delete-expired-google-access if [[ $? != 0 ]]; then echo "WARNING: non zero exit code: $?" else diff --git a/kube/services/jobs/google-delete-expired-access-job.yaml b/kube/services/jobs/google-delete-expired-access-job.yaml index 659e71db3..64230d5a1 100644 --- a/kube/services/jobs/google-delete-expired-access-job.yaml +++ b/kube/services/jobs/google-delete-expired-access-job.yaml @@ -76,7 +76,7 @@ spec: - | echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" poetry run python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml || python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml - fence-create delete-expired-google-access + fence-create delete-expired-google-access || poetry run fence-create delete-expired-google-access if [[ $? != 0 ]]; then echo "WARNING: non zero exit code: $?" fi diff --git a/kube/services/jobs/google-delete-expired-service-account-cronjob.yaml b/kube/services/jobs/google-delete-expired-service-account-cronjob.yaml index 56be969c4..0ba1aa6b3 100644 --- a/kube/services/jobs/google-delete-expired-service-account-cronjob.yaml +++ b/kube/services/jobs/google-delete-expired-service-account-cronjob.yaml @@ -127,7 +127,7 @@ spec: echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" poetry run python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml || python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml echo 'options use-vc' >> /etc/resolv.conf - fence-create expired-service-account-delete + fence-create expired-service-account-delete || poetry run fence-create expired-service-account-delete if [[ $? != 0 ]]; then echo "WARNING: non zero exit code: $?" else diff --git a/kube/services/jobs/google-delete-expired-service-account-job.yaml b/kube/services/jobs/google-delete-expired-service-account-job.yaml index 89685c26d..9fe841ee7 100644 --- a/kube/services/jobs/google-delete-expired-service-account-job.yaml +++ b/kube/services/jobs/google-delete-expired-service-account-job.yaml @@ -114,7 +114,7 @@ spec: - | echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" poetry run python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml || python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml - fence-create expired-service-account-delete + fence-create expired-service-account-delete || poetry run fence-create expired-service-account-delete if [[ $? != 0 ]]; then echo "WARNING: non zero exit code: $?" fi diff --git a/kube/services/jobs/google-init-proxy-groups-cronjob.yaml b/kube/services/jobs/google-init-proxy-groups-cronjob.yaml index ea4689609..53d0f46ff 100644 --- a/kube/services/jobs/google-init-proxy-groups-cronjob.yaml +++ b/kube/services/jobs/google-init-proxy-groups-cronjob.yaml @@ -133,7 +133,7 @@ spec: echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" poetry run python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml || python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml echo 'options use-vc' >> /etc/resolv.conf - fence-create google-init + fence-create google-init || poetry run fence-create google-init if [[ $? != 0 ]]; then echo "WARNING: non zero exit code: $?" else diff --git a/kube/services/jobs/google-init-proxy-groups-job.yaml b/kube/services/jobs/google-init-proxy-groups-job.yaml index f7bc800ac..ef9ea5dd3 100644 --- a/kube/services/jobs/google-init-proxy-groups-job.yaml +++ b/kube/services/jobs/google-init-proxy-groups-job.yaml @@ -120,7 +120,7 @@ spec: - | echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" poetry run python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml || python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml - fence-create google-init + fence-create google-init || poetry run fence-create google-init if [[ $? != 0 ]]; then echo "WARNING: non zero exit code: $?" fi diff --git a/kube/services/jobs/google-manage-account-access-cronjob.yaml b/kube/services/jobs/google-manage-account-access-cronjob.yaml index e1368228c..c8330a81a 100644 --- a/kube/services/jobs/google-manage-account-access-cronjob.yaml +++ b/kube/services/jobs/google-manage-account-access-cronjob.yaml @@ -127,7 +127,7 @@ spec: echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" poetry run python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml || python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml echo 'options use-vc' >> /etc/resolv.conf - fence-create google-manage-account-access + fence-create google-manage-account-access || poetry run fence-create google-manage-account-access if [[ $? != 0 ]]; then echo "WARNING: non zero exit code: $?" else diff --git a/kube/services/jobs/google-manage-account-access-job.yaml b/kube/services/jobs/google-manage-account-access-job.yaml index db0b014d2..ff9e927f3 100644 --- a/kube/services/jobs/google-manage-account-access-job.yaml +++ b/kube/services/jobs/google-manage-account-access-job.yaml @@ -114,7 +114,7 @@ spec: - | echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" poetry run python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml || python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml - fence-create google-manage-account-access + fence-create google-manage-account-access || poetry run fence-create google-manage-account-access if [[ $? != 0 ]]; then echo "WARNING: non zero exit code: $?" fi diff --git a/kube/services/jobs/google-manage-keys-cronjob.yaml b/kube/services/jobs/google-manage-keys-cronjob.yaml index 351634e96..5a7f95558 100644 --- a/kube/services/jobs/google-manage-keys-cronjob.yaml +++ b/kube/services/jobs/google-manage-keys-cronjob.yaml @@ -127,7 +127,7 @@ spec: echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" poetry run python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml || python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml echo 'options use-vc' >> /etc/resolv.conf - fence-create google-manage-keys + fence-create google-manage-keys || poetry run fence-create google-manage-keys if [[ $? != 0 ]]; then echo "WARNING: non zero exit code: $?" else diff --git a/kube/services/jobs/google-manage-keys-job.yaml b/kube/services/jobs/google-manage-keys-job.yaml index 288d64a1a..9c9bb635b 100644 --- a/kube/services/jobs/google-manage-keys-job.yaml +++ b/kube/services/jobs/google-manage-keys-job.yaml @@ -117,7 +117,7 @@ spec: - | echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" poetry run python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml || python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml - fence-create google-manage-keys + fence-create google-manage-keys || poetry run fence-create google-manage-keys if [[ $? != 0 ]]; then echo "WARNING: non zero exit code: $?" fi diff --git a/kube/services/jobs/google-verify-bucket-access-group-cronjob.yaml b/kube/services/jobs/google-verify-bucket-access-group-cronjob.yaml index 09873b39f..011727046 100644 --- a/kube/services/jobs/google-verify-bucket-access-group-cronjob.yaml +++ b/kube/services/jobs/google-verify-bucket-access-group-cronjob.yaml @@ -127,7 +127,7 @@ spec: echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" poetry run python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml || python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml echo 'options use-vc' >> /etc/resolv.conf - fence-create bucket-access-group-verify + fence-create bucket-access-group-verify || poetry run fence-create bucket-access-group-verify if [[ $? != 0 ]]; then echo "WARNING: non zero exit code: $?" else diff --git a/kube/services/jobs/google-verify-bucket-access-group-job.yaml b/kube/services/jobs/google-verify-bucket-access-group-job.yaml index 3a9025551..98691143f 100644 --- a/kube/services/jobs/google-verify-bucket-access-group-job.yaml +++ b/kube/services/jobs/google-verify-bucket-access-group-job.yaml @@ -114,7 +114,7 @@ spec: - | echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" poetry run python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml || python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml - fence-create bucket-access-group-verify + fence-create bucket-access-group-verify || poetry run fence-create bucket-access-group-verify if [[ $? != 0 ]]; then echo "WARNING: non zero exit code: $?" fi diff --git a/kube/services/jobs/usersync-job.yaml b/kube/services/jobs/usersync-job.yaml index e9ecfd714..a4aa57382 100644 --- a/kube/services/jobs/usersync-job.yaml +++ b/kube/services/jobs/usersync-job.yaml @@ -201,7 +201,10 @@ spec: if [[ "$SYNC_FROM_DBGAP" != True && "$ADD_DBGAP" != "true" ]]; then if [[ -f /mnt/shared/user.yaml ]]; then echo "running fence-create" - time fence-create sync --arborist http://arborist-service --yaml /mnt/shared/user.yaml + time ( + fence-create sync --arborist http://arborist-service --yaml /mnt/shared/user.yaml || \ + poetry run fence-create sync --arborist http://arborist-service --yaml /mnt/shared/user.yaml + ) else echo "/mnt/shared/user.yaml did not appear within timeout :-(" false # non-zero exit code @@ -211,10 +214,16 @@ spec: output=$(mktemp "/tmp/fence-create-output_XXXXXX") if [[ -f /mnt/shared/user.yaml && "$ONLY_DBGAP" != "true" ]]; then echo "Running fence-create dbgap-sync with user.yaml - see $output" - time fence-create sync --arborist http://arborist-service --sync_from_dbgap "True" --projects /var/www/fence/projects.yaml --yaml /mnt/shared/user.yaml 2>&1 | tee "$output" + time ( + fence-create sync --arborist http://arborist-service --sync_from_dbgap "True" --projects /var/www/fence/projects.yaml --yaml /mnt/shared/user.yaml 2>&1 | tee "$output" || \ + poetry run fence-create sync --arborist http://arborist-service --sync_from_dbgap "True" --projects /var/www/fence/projects.yaml --yaml /mnt/shared/user.yaml 2>&1 | tee "$output" + ) else echo "Running fence-create dbgap-sync without user.yaml - see $output" - time fence-create sync --arborist http://arborist-service --sync_from_dbgap "True" --projects /var/www/fence/projects.yaml 2>&1 | tee "$output" + time ( + fence-create sync --arborist http://arborist-service --sync_from_dbgap "True" --projects /var/www/fence/projects.yaml 2>&1 | tee "$output" || \ + poetry run fence-create sync --arborist http://arborist-service --sync_from_dbgap "True" --projects /var/www/fence/projects.yaml 2>&1 | tee "$output" + ) fi exitcode="${PIPESTATUS[0]}" echo "$output" diff --git a/kube/services/jobs/useryaml-job.yaml b/kube/services/jobs/useryaml-job.yaml index 16871c6eb..4121076c3 100644 --- a/kube/services/jobs/useryaml-job.yaml +++ b/kube/services/jobs/useryaml-job.yaml @@ -149,9 +149,11 @@ spec: echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" poetry run python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml || python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml if [ "$SYNC_FROM_DBGAP" = True ]; then - fence-create sync --arborist http://arborist-service --sync_from_dbgap $(SYNC_FROM_DBGAP) --projects /var/www/fence/projects.yaml --yaml /var/www/fence/user.yaml + fence-create sync --arborist http://arborist-service --sync_from_dbgap $(SYNC_FROM_DBGAP) --projects /var/www/fence/projects.yaml --yaml /var/www/fence/user.yaml || \ + poetry run fence-create sync --arborist http://arborist-service --sync_from_dbgap $(SYNC_FROM_DBGAP) --projects /var/www/fence/projects.yaml --yaml /var/www/fence/user.yaml else - fence-create sync --arborist http://arborist-service --yaml /var/www/fence/user.yaml + fence-create sync --arborist http://arborist-service --yaml /var/www/fence/user.yaml || \ + poetry run fence-create sync --arborist http://arborist-service --yaml /var/www/fence/user.yaml fi echo "Exit code: $?" restartPolicy: Never