From 55044246a44f4c643c08ad73bb68ab9ad9c4b72e Mon Sep 17 00:00:00 2001 From: cgbautista Date: Tue, 17 Mar 2026 18:32:32 +0100 Subject: [PATCH 1/2] Addresses several issues: - The first `d2-docker start ... -k` changes the LOAD_FROM_DATA env variable, destroying the core and data containers in the process, but keeping the volumes. That means that the INIT_DONE_FILE in the core container is no longer present and will always try to copy apps, documents, datavalues and will try to run sql files and pre-scripts. As the data container is run first and sees the LOAD_FROM_DATA=no, it will remove ALL contents under /data, so no apps, documents, datavalues or SQL files should be present for the core container but the mapped volume /data/db/post is still there, but not reachable (there is no /data/db, so `find /data/db/post` fails). Two safelines here: data container will create /data/db after deleting /data/*; the core container will check if there is a directory or not for base_db_path - Second: core container launches catalina.sh run in background, then waits for it to be ready and runs post-scripts. After that hangs in a wait until the container is stopped. When stopping the container, the term signal is not reaching tomcat and after 10 seconds the container is killed, thus generating a RC=137. As the docker-compose.yml has a restart:no, this prevents the core image from loading up automatically after a reboot (a manual d2-docker start will work as it does not depend on the RC of the previous stop). So the TERM signal is captured and it launches a catalina.sh stop and waits a little for it to finish. In any case, the RC from both the wait and the cleanup is forced to 0 to avoid errors. --- .gitignore | 1 + src/d2_docker/config/dhis2-core-start.sh | 28 +++++++++++++++++++++++- src/d2_docker/docker-compose.yml | 1 + src/d2_docker/images/dhis2-data/run.sh | 2 ++ 4 files changed, 31 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index f16235a..1af21a7 100644 --- a/.gitignore +++ b/.gitignore @@ -109,3 +109,4 @@ venv.bak/ *.war .flaskenv.secret +bom.json diff --git a/src/d2_docker/config/dhis2-core-start.sh b/src/d2_docker/config/dhis2-core-start.sh index 508fcde..7c89265 100755 --- a/src/d2_docker/config/dhis2-core-start.sh +++ b/src/d2_docker/config/dhis2-core-start.sh @@ -39,6 +39,10 @@ debug() { run_sql_files() { base_db_path=$(test "${LOAD_FROM_DATA}" = "yes" && echo "$root_db_path" || echo "$post_db_path") debug "Files in data path" + if [[ ! -d "$base_db_path" ]] ; then + debug " -- NO FILES -- " + return 0 + fi find "$base_db_path" >&2 find "$base_db_path" -type f \( -name '*.dump' \) | @@ -149,6 +153,27 @@ wait_for_tomcat() { done } +cleanup() { + debug "--- [SIGNAL RECEIVED] ---" + debug "Stopping tomcat" + catalina.sh stop & + STOP_PID=$! + count=0 + # if need more than 10 seconds (default), remember to configure stop_grace_period in docker-compose.yml accordingly + while [ $count -lt 10 ]; do + if ! kill -0 $STOP_PID 2>/dev/null; then + debug "Tomcat has stopped." + exit 0 + fi + sleep 1 + count=$((count + 1)) + done + exit 0 +} + +trap cleanup SIGTERM SIGINT + + INIT_DONE_FILE="/tmp/dhis2-core-start.done" is_init_done() { @@ -178,10 +203,11 @@ run() { fi start_tomcat & + LAST_PID=$! wait_for_tomcat run_post_scripts || true debug "DHIS2 instance ready" - wait + wait $LAST_PID || true } env diff --git a/src/d2_docker/docker-compose.yml b/src/d2_docker/docker-compose.yml index f0f8d22..a910e97 100644 --- a/src/d2_docker/docker-compose.yml +++ b/src/d2_docker/docker-compose.yml @@ -21,6 +21,7 @@ services: DHIS2_AUTH: "${DHIS2_AUTH}" entrypoint: bash /config/dhis2-core-entrypoint.sh command: bash /config/dhis2-core-start.sh + stop_grace_period: 10s restart: "no" depends_on: - "db" diff --git a/src/d2_docker/images/dhis2-data/run.sh b/src/d2_docker/images/dhis2-data/run.sh index 183a5c8..a283392 100755 --- a/src/d2_docker/images/dhis2-data/run.sh +++ b/src/d2_docker/images/dhis2-data/run.sh @@ -10,6 +10,8 @@ main() { local volume=$1 chmod -R u+rwX,go+rX,go-w $volume else rm -rf /$volume/* + # To avoid leaving dhis2-core without a path to /data/db/post after clearing up all /data + mkdir /$volume/db fi } From 8aea1768be95e0e0a536e632972055e073309df0 Mon Sep 17 00:00:00 2001 From: cgbautista Date: Tue, 24 Mar 2026 18:00:32 +0100 Subject: [PATCH 2/2] On feature/stop_on_error the docker-compose.yml was changed in order for the core container to not be restarted upon exit, to avoid mandatory SQL to be bypassed and exposing data that should have been altered/deleted. This had the side effect of not starting the core container upon server restart. As the core container is needed for the service, the logic has been changed so upon mandatory-SQL execution error, instead of just stopping, it removes the application and creates a flag in a named volume to persist this behavior upon core restart: it will delete the application and show a generic error, but will keep the container up and running. This achieves a better result in both scenarios: - In case of SQL error, the application won't work until the error is addressed. The db container would be working and the SQL could be run to fix the issue and adjust the SQL script accordingly. - In case all works as intended, even after server restart, the container will behave just like the other two db/gateway containers. --- src/d2_docker/config/dhis2-core-start.sh | 21 ++++++++++++++----- src/d2_docker/docker-compose.yml | 2 +- .../images/dhis2-core/docker-entrypoint.sh | 12 +++++++++-- 3 files changed, 27 insertions(+), 8 deletions(-) diff --git a/src/d2_docker/config/dhis2-core-start.sh b/src/d2_docker/config/dhis2-core-start.sh index 7c89265..0a35fde 100755 --- a/src/d2_docker/config/dhis2-core-start.sh +++ b/src/d2_docker/config/dhis2-core-start.sh @@ -29,8 +29,13 @@ post_db_path="/data/db/post" source_apps_path="/data/apps" source_documents_path="/data/document" source_datavalues_path="/data/dataValue" -files_path="/DHIS2_home/files/" -tomcat_conf_dir="/usr/local/tomcat/conf" +home_path="/DHIS2_home" +files_path="$home_path/files/" +tomcatdir=/usr/local/tomcat +tomcat_conf_dir="$tomcatdir/conf" +approot="$tomcatdir/webapps/ROOT" +flag_sql_error="$home_path/flag-sql-error" + debug() { echo "[dhis2-core-start] $*" >&2 @@ -64,6 +69,12 @@ run_sql_files() { run_psql_cmd "$path" || exit_code=$? if [ "$exit_code" -gt 0 ]; then echo "Exit code: $exit_code" + touch "$flag_sql_error" + rf -rvf $approot + mkdir -p -m 750 $approot + chown tomcat:tomcat $approot + echo 'Error + Error during preparation of the service' > $approot/index.html exit "$exit_code" fi done @@ -126,9 +137,9 @@ copy_non_empty_files() { setup_tomcat() { debug "Setup tomcat" - cp -v $configdir/DHIS2_home/* "/DHIS2_home/" - cp -v $homedir/* /DHIS2_home/ || true - copy_non_empty_files "$configdir/override/dhis2/" "/DHIS2_home/" + cp -v $configdir/DHIS2_home/* "$home_path/" + cp -v $homedir/* $home_path/ || true + copy_non_empty_files "$configdir/override/dhis2/" "$home_path/" cp -v "$configdir/server.xml" "$tomcat_conf_dir/server.xml" copy_non_empty_files "$configdir/override/tomcat/" "$tomcat_conf_dir/" diff --git a/src/d2_docker/docker-compose.yml b/src/d2_docker/docker-compose.yml index a910e97..cc6afde 100644 --- a/src/d2_docker/docker-compose.yml +++ b/src/d2_docker/docker-compose.yml @@ -22,7 +22,7 @@ services: entrypoint: bash /config/dhis2-core-entrypoint.sh command: bash /config/dhis2-core-start.sh stop_grace_period: 10s - restart: "no" + restart: unless-stopped depends_on: - "db" - "data" diff --git a/src/d2_docker/images/dhis2-core/docker-entrypoint.sh b/src/d2_docker/images/dhis2-core/docker-entrypoint.sh index 27844fb..3a387e3 100644 --- a/src/d2_docker/images/dhis2-core/docker-entrypoint.sh +++ b/src/d2_docker/images/dhis2-core/docker-entrypoint.sh @@ -8,10 +8,18 @@ WARFILE=/usr/local/tomcat/webapps/ROOT.war TOMCATDIR=/usr/local/tomcat DHIS2HOME=/DHIS2_home DATA_DIR=/data +FLAG_SQL_ERROR=$DHIS2HOME/flag_sql_error +APPROOT=$TOMCATDIR/webapps/ROOT if [ "$(id -u)" = "0" ]; then - if [ -f $WARFILE ]; then - unzip -q $WARFILE -d $TOMCATDIR/webapps/ROOT + if [ -f $FLAG_SQL_ERROR ]; then + rf -rvf $APPROOT + mkdir -p -m 750 $APPROOT + chown tomcat:tomcat $APPROOT + echo 'Error + Error during preparation of the service' > $APPROOT/index.html + elif [ -f $WARFILE ]; then + unzip -q $WARFILE -d $APPROOT rm -v $WARFILE # just to save space fi