From 5b49ced20620556350a4afa2bd2bc81a6431bf6c Mon Sep 17 00:00:00 2001 From: Brian Seeders Date: Wed, 4 Oct 2023 17:50:55 -0400 Subject: [PATCH 1/3] Add healthcheck for shibboleth-idp in idp-fixture --- x-pack/test/idp-fixture/build.gradle | 1 + x-pack/test/idp-fixture/docker-compose.yml | 17 ++++++++++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/x-pack/test/idp-fixture/build.gradle b/x-pack/test/idp-fixture/build.gradle index 0f5363a278f60..b645afd4922ba 100644 --- a/x-pack/test/idp-fixture/build.gradle +++ b/x-pack/test/idp-fixture/build.gradle @@ -6,6 +6,7 @@ apply plugin: 'elasticsearch.test.fixtures' dockerCompose { composeAdditionalArgs = ['--compatibility'] + upAdditionalArgs = ["--wait"] } tasks.named("preProcessFixture").configure { diff --git a/x-pack/test/idp-fixture/docker-compose.yml b/x-pack/test/idp-fixture/docker-compose.yml index 11a8ec7a7bb3d..0d28a55e9003e 100644 --- a/x-pack/test/idp-fixture/docker-compose.yml +++ b/x-pack/test/idp-fixture/docker-compose.yml @@ -1,4 +1,4 @@ -version: '3.7' +version: "3.7" services: openldap: command: --copy-service --loglevel debug @@ -37,6 +37,21 @@ services: links: - openldap:openldap restart: always #ensure ephemeral port mappings are properly updated + healthcheck: + test: + [ + "CMD", + "curl", + "-f", + "--http0.9", + "http://localhost:4443", + "--output", + "-", + ] + interval: 10s + timeout: 2s + retries: 30 + start_period: 10s oidc-provider: build: From 6b33fb8dc2edbfb8104880638d2429fdaabf3a22 Mon Sep 17 00:00:00 2001 From: Brian Seeders Date: Thu, 5 Oct 2023 12:01:46 -0400 Subject: [PATCH 2/3] Adjust health check timing values --- x-pack/test/idp-fixture/docker-compose.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/x-pack/test/idp-fixture/docker-compose.yml b/x-pack/test/idp-fixture/docker-compose.yml index 0d28a55e9003e..ec8862723871a 100644 --- a/x-pack/test/idp-fixture/docker-compose.yml +++ b/x-pack/test/idp-fixture/docker-compose.yml @@ -45,12 +45,16 @@ services: "-f", "--http0.9", "http://localhost:4443", + "--connect-timeout", + "10", + "--max-time", + "10", "--output", "-", ] interval: 10s - timeout: 2s - retries: 30 + timeout: 20s + retries: 60 start_period: 10s oidc-provider: From 0ed09dd2c6afcadf968f6f724e0c425c2a0fe1ad Mon Sep 17 00:00:00 2001 From: Brian Seeders Date: Thu, 5 Oct 2023 13:07:21 -0400 Subject: [PATCH 3/3] Fix health check and let jetty restart internally one time --- x-pack/test/idp-fixture/docker-compose.yml | 17 ++--------------- x-pack/test/idp-fixture/idp/bin/run-jetty.sh | 17 ++++++++++++++++- 2 files changed, 18 insertions(+), 16 deletions(-) diff --git a/x-pack/test/idp-fixture/docker-compose.yml b/x-pack/test/idp-fixture/docker-compose.yml index ec8862723871a..e431fa4ede611 100644 --- a/x-pack/test/idp-fixture/docker-compose.yml +++ b/x-pack/test/idp-fixture/docker-compose.yml @@ -38,21 +38,8 @@ services: - openldap:openldap restart: always #ensure ephemeral port mappings are properly updated healthcheck: - test: - [ - "CMD", - "curl", - "-f", - "--http0.9", - "http://localhost:4443", - "--connect-timeout", - "10", - "--max-time", - "10", - "--output", - "-", - ] - interval: 10s + test: curl -f -s --http0.9 http://localhost:4443 --connect-timeout 10 --max-time 10 --output - > /dev/null + interval: 5s timeout: 20s retries: 60 start_period: 10s diff --git a/x-pack/test/idp-fixture/idp/bin/run-jetty.sh b/x-pack/test/idp-fixture/idp/bin/run-jetty.sh index af795963b9712..24ece94c2715d 100644 --- a/x-pack/test/idp-fixture/idp/bin/run-jetty.sh +++ b/x-pack/test/idp-fixture/idp/bin/run-jetty.sh @@ -10,4 +10,19 @@ fi export JETTY_ARGS="jetty.sslContext.keyStorePassword=$JETTY_BROWSER_SSL_KEYSTORE_PASSWORD jetty.backchannel.sslContext.keyStorePassword=$JETTY_BACKCHANNEL_SSL_KEYSTORE_PASSWORD" sed -i "s/^-Xmx.*$/-Xmx$JETTY_MAX_HEAP/g" /opt/shib-jetty-base/start.ini -exec /opt/jetty-home/bin/jetty.sh run +# For some reason, this container always immediately (in less than 1 second) exits with code 0 when starting for the first time +# Even with a health check, docker-compose will immediately report the container as unhealthy when using --wait instead of waiting for it to become healthy +# So, let's just start it a second time if it exits quickly +set +e +start_time=$(date +%s) +/opt/jetty-home/bin/jetty.sh run +exit_code=$? +end_time=$(date +%s) + +duration=$((end_time - start_time)) +if [ $duration -lt 5 ]; then + /opt/jetty-home/bin/jetty.sh run + exit_code=$? +fi + +exit $exit_code