Skip to content

Don't use wait for host port instead use pg_isready #61

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
bastelfreak merged 1 commit into from
Dec 28, 2025
Merged

Don't use wait for host port instead use pg_isready #61

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion openvoxdb/Containerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
org.label-schema.build-date="$build_date"

# Use netcat-openbsd to support IPv6 connectivity checks (netcat-traditional is IPv4 only)

@ekohl ekohl Dec 28, 2025

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And this is now redundant as well.

ARG PACKAGES="ca-certificates curl dnsutils netcat-openbsd dumb-init"
ARG PACKAGES="ca-certificates curl dumb-init postgresql-client postgresql-client-common"

ARG LOGDIR
ENV LOGDIR=${LOGDIR:-/opt/puppetlabs/server/data/puppetdb/logs}
Expand All @@ -29,7 +29,7 @@
ARG SSLDIR
ENV SSLDIR=${SSLDIR:-/opt/puppetlabs/server/data/puppetdb/certs}

ENV \

Check warning on line 32 in openvoxdb/Containerfile

View workflow job for this annotation

GitHub Actions / Scan CI container (8, 8.11.0-1+ubuntu24.04)

Sensitive data should not be used in the ARG or ENV commands 

SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ENV "OPENVOXDB_POSTGRES_PASSWORD")
More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/

Check warning on line 32 in openvoxdb/Containerfile

View workflow job for this annotation

GitHub Actions / Build test container (8, 8.11.0-1+ubuntu24.04)

Sensitive data should not be used in the ARG or ENV commands 

SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ENV "OPENVOXDB_POSTGRES_PASSWORD")
More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/
CERTNAME="openvoxdb" \
DEBIAN_FRONTEND=noninteractive \
DNS_ALT_NAMES="" \
Expand Down
33 changes: 2 additions & 31 deletions openvoxdb/container-entrypoint.d/10-wait-for-hosts.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,6 @@ set -e
# OPENVOXDB_POSTGRES_HOSTNAME Specified in Dockerfile, defaults to postgres
# OPENVOXSERVER_HOSTNAME DNS name of puppetserver to wait on, defaults to puppet


msg() {
echo "($0) $1"
}
Expand All @@ -26,43 +25,18 @@ error() {
exit 1
}

# Alpine as high as 3.9 seems to have failures reaching addresses sporadically
# In local repro scenarios, performing a DNS lookup with dig increases reliability
wait_for_host_name_resolution() {
# host and dig are in the bind-tools Alpine package
# k8s nodes may not be reachable with a ping
# performing a dig prior to a host may help prime the cache in Alpine
# https://github.com/Microsoft/opengcs/issues/303
/wtfc.sh --timeout="${2}" --interval=1 --progress "dig $1 && host $1"
# additionally log the DNS lookup information for diagnostic purposes
NAME_RESOLVED=$?
dig $1
if [ $NAME_RESOLVED -ne 0 ]; then
error "dependent service at $1 cannot be resolved or contacted"
fi
}

wait_for_host_port() {
# -v verbose -w connect / final net read timeout -z scan and don't send data
/wtfc.sh --timeout=${3} --interval=1 --progress "nc -v -w 1 -z '${1}' ${2}"
if [ $? -ne 0 ]; then
error "host $1:$2 does not appear to be listening"
fi
}

OPENVOXDB_WAITFORHOST_SECONDS=${OPENVOXDB_WAITFORHOST_SECONDS:-30}
OPENVOXDB_WAITFORPOSTGRES_SECONDS=${OPENVOXDB_WAITFORPOSTGRES_SECONDS:-60}
OPENVOXDB_WAITFORHEALTH_SECONDS=${OPENVOXDB_WAITFORHEALTH_SECONDS:-360}
OPENVOXDB_POSTGRES_HOSTNAME="${OPENVOXDB_POSTGRES_HOSTNAME:-postgres}"
OPENVOXSERVER_HOSTNAME="${OPENVOXSERVER_HOSTNAME:-puppet}"
OPENVOXSERVER_PORT="${OPENVOXSERVER_PORT:-8140}"

# wait for postgres DNS
wait_for_host_name_resolution $OPENVOXDB_POSTGRES_HOSTNAME $OPENVOXDB_WAITFORHOST_SECONDS
# wait for postgres is ready
/wtfc.sh --timeout="${OPENVOXDB_WAITFORHOST_SECONDS}" --interval=1 --progress "pg_isready -h ${OPENVOXDB_POSTGRES_HOSTNAME} --port '${OPENVOXDB_POSTGRES_PORT:-5432}'"

@ekohl ekohl Dec 28, 2025

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this be using OPENVOXDB_WAITFORPOSTGRES_SECONDS and then drop OPENVOXDB_WAITFORHOST_SECONDS?


# wait for puppetserver DNS, then healthcheck

@ekohl ekohl Dec 28, 2025

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is now outdated

if [ "$USE_OPENVOXSERVER" = true ]; then
wait_for_host_name_resolution $OPENVOXSERVER_HOSTNAME $OPENVOXDB_WAITFORHOST_SECONDS
HEALTH_COMMAND="curl --silent --fail --insecure 'https://${OPENVOXSERVER_HOSTNAME}:"${OPENVOXSERVER_PORT}"/status/v1/simple' | grep -q '^running$'"
fi

Expand All @@ -72,6 +46,3 @@ if [ -n "$HEALTH_COMMAND" ]; then
error "Required health check failed"
fi
fi

# wait for postgres
wait_for_host_port $OPENVOXDB_POSTGRES_HOSTNAME "${OPENVOXDB_POSTGRES_PORT:-5432}" $OPENVOXDB_WAITFORPOSTGRES_SECONDS
Loading