fix(ops/modules): Increase RestartSec= of oauth2_proxy service

When Keycloak and oauth2_proxy are restarted simultaneously, the
latter might try to come up (repeatedly!) before Keycloak can serve it
properly.

This leads to systemd considering the unit failed.

Since this all happens in the span of a second or so, slightly
increase the restart delay of the service to ensure it comes back
after Keycloak is ready.

A "proper" fix might be to add a script that runs before the actual
service and waits for Keycloak, but I don't want to prioritise that
right now.

Change-Id: I4dadba686de60ffc103fe889ce19f05ca1d7d4fe
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5695
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
This commit is contained in:
Vincent Ambo 2022-05-26 22:47:40 +02:00 committed by tazjin
parent 1521599fe2
commit bdccd2c111

View file

@ -50,6 +50,7 @@ in
serviceConfig = {
Restart = "always";
RestartSec = "5s";
DynamicUser = true;
EnvironmentFile = cfg.secretsFile;
ExecStart = "${pkgs.oauth2_proxy}/bin/oauth2-proxy --config ${configFile}";