fix: allow the healthcheck run in non-privileged containers as well (#…

…3731) fix: allow the healthcheck running in non-privileged containers as well Fixes #3644 (again). Signed-off-by: Roman Gershman <[email protected]>
dragonflydb · Sep 20, 2024 · c9a2334 · c9a2334
1 parent ed21867
commit c9a2334
Showing 1 changed file with 14 additions and 3 deletions.
diff --git a/tools/docker/healthcheck.sh b/tools/docker/healthcheck.sh
@@ -3,10 +3,21 @@
 HOST="localhost"
 PORT=$HEALTHCHECK_PORT
 
+
 if [ -z "$HEALTHCHECK_PORT" ]; then
-    # check all the TCP listening sockets, filter the dragonfly process, and fetch the port.
-    # For cases when dragonfly opens multiple ports, we filter with tail to choose one of them.
-    PORT=$(su dfly -c "netstat -tlnp" | grep "1/dragonfly" | grep -oE ':[0-9]+' | cut -c2- | tail -n 1)
+  # try unpriveleged version first. This should cover cases when the container is running
+  # without root, for example:
+  # docker run  --group-add 999  --cap-drop=ALL --user 999 docker.dragonflydb.io/dragonflydb/dragonfly
+  DF_NET=$(netstat -tlnp | grep "1/dragonfly")
+  if [ -z "$DF_NET" ]; then
+    # if we failed, then lets try the priveleged version. is triggerred by the regular command:
+    # docker run docker.dragonflydb.io/dragonflydb/dragonfly
+    DF_NET=$(su dfly -c "netstat -tlnp" | grep "1/dragonfly")
+  fi
+
+  # check all the TCP ports, and fetch the port.
+  # For cases when dragonfly opens multiple ports, we filter with tail to choose one of them.
+  PORT=$(echo $DF_NET | grep -oE ':[0-9]+' | cut -c2- | tail -n 1)
 fi
 
 # If we're running with TLS enabled, utilise OpenSSL for the check