fix(ops/modules): Increase RestartSec=
of oauth2_proxy service
When Keycloak and oauth2_proxy are restarted simultaneously, the latter might try to come up (repeatedly!) before Keycloak can serve it properly. This leads to systemd considering the unit failed. Since this all happens in the span of a second or so, slightly increase the restart delay of the service to ensure it comes back after Keycloak is ready. A "proper" fix might be to add a script that runs before the actual service and waits for Keycloak, but I don't want to prioritise that right now. Change-Id: I4dadba686de60ffc103fe889ce19f05ca1d7d4fe Reviewed-on: https://cl.tvl.fyi/c/depot/+/5695 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
This commit is contained in:
parent
1521599fe2
commit
bdccd2c111
1 changed files with 1 additions and 0 deletions
|
@ -50,6 +50,7 @@ in
|
|||
|
||||
serviceConfig = {
|
||||
Restart = "always";
|
||||
RestartSec = "5s";
|
||||
DynamicUser = true;
|
||||
EnvironmentFile = cfg.secretsFile;
|
||||
ExecStart = "${pkgs.oauth2_proxy}/bin/oauth2-proxy --config ${configFile}";
|
||||
|
|
Loading…
Reference in a new issue