From 60502091c21d9bad466232db2cf824e7742fdf66 Mon Sep 17 00:00:00 2001 From: Valentin Lab Date: Sun, 16 Dec 2018 17:25:34 +0100 Subject: [PATCH] new: [docker-host] don't restart docker for certificate installation if it is not needed. --- precise/host/hooks/install.d/70-0k.sh | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/precise/host/hooks/install.d/70-0k.sh b/precise/host/hooks/install.d/70-0k.sh index a1cd02b..8f01942 100755 --- a/precise/host/hooks/install.d/70-0k.sh +++ b/precise/host/hooks/install.d/70-0k.sh @@ -162,16 +162,30 @@ apt-get install -y curl /etc/ssl/ca.0k.io.pem -cat /etc/ssl/ca.0k.io.pem >> /etc/ssl/certs/ca-certificates.crt +curl http://docker.0k.io/get/ca.0k.io.pem > "$ca" +if [[ "$(md5sum "$ca")" != "$oldmd5" ]]; then + need_restart=1 + cat "$ca" >> /etc/ssl/certs/ca-certificates.crt +fi ## This is the new way: https://docs.docker.com/engine/security/certificates/ -mkdir -p /etc/docker/certs.d/docker.0k.io -ln -sfn /etc/ssl/ca.0k.io.pem /etc/docker/certs.d/docker.0k.io/ca.crt - +ca_ln="/etc/docker/certs.d/docker.0k.io/ca.crt" +mkdir -p "$(dirname "$ca_ln")" +if ! [ -L "$ca_ln" ] || [ "$(realpath "$ca_ln")" != "$ca" ] ; then + ln -sfn "$ca" "$ca_ln" + need_restart=1 +fi -service docker restart +if [ "$need_restart" ]; then + service docker restart +fi echo "Login into our server." docker login -u vm -p iamavm https://docker.0k.io