fix: allow the healthcheck run in non-privileged containers as well (#3731)

fix: allow the healthcheck running in non-privileged containers as well Fixes #3644 (again). Signed-off-by: Roman Gershman <roman@dragonflydb.io>
2024-11-23 08:02:08 +00:00 · 2024-09-20 08:41:06 +03:00 · 2024-09-20 08:41:06 +03:00 · c9a2334f6d
commit c9a2334f6d
parent ed21867fe9
1 changed files with 14 additions and 3 deletions
--- a/tools/docker/healthcheck.sh
+++ b/tools/docker/healthcheck.sh
@ -3,10 +3,21 @@
 HOST="localhost"
 PORT=$HEALTHCHECK_PORT

+
 if [ -z "$HEALTHCHECK_PORT" ]; then
-    # check all the TCP listening sockets, filter the dragonfly process, and fetch the port.
-    # For cases when dragonfly opens multiple ports, we filter with tail to choose one of them.
-    PORT=$(su dfly -c "netstat -tlnp" | grep "1/dragonfly" | grep -oE ':[0-9]+' | cut -c2- | tail -n 1)
+  # try unpriveleged version first. This should cover cases when the container is running
+  # without root, for example:
+  # docker run  --group-add 999  --cap-drop=ALL --user 999 docker.dragonflydb.io/dragonflydb/dragonfly
+  DF_NET=$(netstat -tlnp | grep "1/dragonfly")
+  if [ -z "$DF_NET" ]; then
+    # if we failed, then lets try the priveleged version. is triggerred by the regular command:
+    # docker run docker.dragonflydb.io/dragonflydb/dragonfly
+    DF_NET=$(su dfly -c "netstat -tlnp" | grep "1/dragonfly")
+  fi
+
+  # check all the TCP ports, and fetch the port.
+  # For cases when dragonfly opens multiple ports, we filter with tail to choose one of them.
+  PORT=$(echo $DF_NET | grep -oE ':[0-9]+' | cut -c2- | tail -n 1)
 fi

 # If we're running with TLS enabled, utilise OpenSSL for the check