From c9a2334f6d30ab3abcb5f0829bf725df7270be8d Mon Sep 17 00:00:00 2001 From: Roman Gershman Date: Fri, 20 Sep 2024 08:41:06 +0300 Subject: [PATCH] fix: allow the healthcheck run in non-privileged containers as well (#3731) fix: allow the healthcheck running in non-privileged containers as well Fixes #3644 (again). Signed-off-by: Roman Gershman --- tools/docker/healthcheck.sh | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/tools/docker/healthcheck.sh b/tools/docker/healthcheck.sh index c6c385a8df22..04f193871e8a 100755 --- a/tools/docker/healthcheck.sh +++ b/tools/docker/healthcheck.sh @@ -3,10 +3,21 @@ HOST="localhost" PORT=$HEALTHCHECK_PORT + if [ -z "$HEALTHCHECK_PORT" ]; then - # check all the TCP listening sockets, filter the dragonfly process, and fetch the port. - # For cases when dragonfly opens multiple ports, we filter with tail to choose one of them. - PORT=$(su dfly -c "netstat -tlnp" | grep "1/dragonfly" | grep -oE ':[0-9]+' | cut -c2- | tail -n 1) + # try unpriveleged version first. This should cover cases when the container is running + # without root, for example: + # docker run --group-add 999 --cap-drop=ALL --user 999 docker.dragonflydb.io/dragonflydb/dragonfly + DF_NET=$(netstat -tlnp | grep "1/dragonfly") + if [ -z "$DF_NET" ]; then + # if we failed, then lets try the priveleged version. is triggerred by the regular command: + # docker run docker.dragonflydb.io/dragonflydb/dragonfly + DF_NET=$(su dfly -c "netstat -tlnp" | grep "1/dragonfly") + fi + + # check all the TCP ports, and fetch the port. + # For cases when dragonfly opens multiple ports, we filter with tail to choose one of them. + PORT=$(echo $DF_NET | grep -oE ':[0-9]+' | cut -c2- | tail -n 1) fi # If we're running with TLS enabled, utilise OpenSSL for the check