Remove the stale Puma pidfile if it exists

cyberark · Mar 1, 2022 · e0b420b · e0b420b
1 parent bce792d
commit e0b420b
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -47,6 +47,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ### Fixed
 - IAM Authn bug fix - Take rexml gem to production configuration [#2493](https://github.com/cyberark/conjur/pull/2493)
+- Fixed a bug that causes docker restart of conjur server to fail sometimes due to a stale puma pidfile
+  [#2381](https://github.com/cyberark/conjur/issues/2381)
 
 ### Security
 - Updated nokogiri to 1.13.3 to resolve CVE-2022-23308 and CVE-2021-30560

diff --git a/bin/conjur-cli/commands/server.rb b/bin/conjur-cli/commands/server.rb
@@ -31,6 +31,9 @@ def call
       create_account
       load_bootstrap_policy
 
+      # Remove a stale puma PID file, if it exists
+      cleanup_pidfile
+
       # Start the Conjur API and service
       # processes
       fork_server_process
@@ -85,6 +88,19 @@ def load_bootstrap_policy
       ) || exit(($CHILD_STATUS.exitstatus))
     end
 
+    # This method is needed because in some versions of conjur server it has been observed that
+    # docker restart of the conjur server results in an error stating that the puma PID file is still present.
+    # Hence we check to see if this stale PID File exists and delete it, which ensures a smooth restart.
+    # This issue is described in detail in Issue 2381.
+
+    def cleanup_pidfile
+      pid_file_path = '/opt/conjur-server/tmp/pids/server.pid'
+      return unless File.exist?(pid_file_path)
+
+      puts("Removing existing PID file: #{pid_file_path}")
+      File.delete(pid_file_path)
+    end
+
     def fork_server_process
       Process.fork do
         puts("Conjur v#{conjur_version} starting up...")

diff --git a/spec/conjurctl/server_spec.rb b/spec/conjurctl/server_spec.rb
@@ -47,5 +47,19 @@ def wait_for_conjur
       expect(Slosilo["authn:demo"]).to be
       expect(Role["demo:user:admin"]).to be
     end
+
+    it "should have puma pid file after conjur server starts" do
+      # Run in background to easily kill process later
+      system("conjurctl server --account demo &")
+      wait_for_conjur
+      pid_file_path = '/opt/conjur-server/tmp/pids/server.pid'
+      expect(File).to exist(pid_file_path)
+    end
+
+    it "puma pid file shouldn't exist" do
+      # the pid should only exist when conjur server is started
+      pid_file_path = '/opt/conjur-server/tmp/pids/server.pid'
+      expect(File).not_to exist(pid_file_path)
+    end  
   end
 end