Changes for tests identified by CodeRabbit

2025-12-06 17:15:38 -08:00 · 2025-10-26 15:30:03 +00:00
parent fb02774814
commit d2c28f6a28
14 changed files with 157 additions and 171 deletions
--- a/install/production-filesystem/entrypoint.sh
+++ b/install/production-filesystem/entrypoint.sh
@@ -51,30 +51,29 @@ printf '
   https://netalertx.com

 '
-
 set -u

-NETALERTX_DOCKER_ERROR_CHECK=0
+FAILED_STATUS=""
+echo "Startup pre-checks"
+for script in ${SYSTEM_SERVICES_SCRIPTS}/check-*.sh; do
+    script_name=$(basename "$script" | sed 's/^check-//;s/\.sh$//;s/-/ /g')
+    echo " --> ${script_name}"
+
+    sh "$script"
+    NETALERTX_DOCKER_ERROR_CHECK=$?
+
+    if [ ${NETALERTX_DOCKER_ERROR_CHECK} -ne 0 ]; then
+        # fail but continue checks so user can see all issues
+        FAILED_STATUS="${NETALERTX_DOCKER_ERROR_CHECK}"
+        echo "${script_name}: FAILED with ${FAILED_STATUS}"
+        echo "Failure detected in: ${script}"
+    fi
+done


-# Run all pre-startup checks to validate container environment and dependencies
-if [ "${NETALERTX_DEBUG:-0}" != "1" ]; then
-	echo "Startup pre-checks"
-	for script in ${SYSTEM_SERVICES_SCRIPTS}/check-*.sh; do
-		script_name=$(basename "$script" | sed 's/^check-//;s/\.sh$//;s/-/ /g')
-		echo " --> ${script_name}"
-		
-		sh "$script"
-		NETALERTX_DOCKER_ERROR_CHECK=$?
-		
-		if [ ${NETALERTX_DOCKER_ERROR_CHECK} -ne 0 ]; then
-			
-			echo exit code ${NETALERTX_DOCKER_ERROR_CHECK} from ${script}
-			if [ ${NETALERTX_DOCKER_ERROR_CHECK} -ne 0 ]; then
-			   NETALERTX_CHECK_ONLY=${NETALERTX_DOCKER_ERROR_CHECK}
-			fi
-		fi
-	done
+if [ ${FAILED_STATUS} ]; then
+    echo "Container startup checks failed with exit code ${FAILED_STATUS}."
+    exit ${FAILED_STATUS}
 fi

 # Exit after checks if in check-only mode (for testing)
@@ -91,7 +90,6 @@ bash ${SYSTEM_SERVICES_SCRIPTS}/update_vendors.sh &
 # Service management state variables
 SERVICES=""                 # Space-separated list of active services in format "pid:name"
 FAILED_NAME=""              # Name of service that failed (used for error reporting)
-FAILED_STATUS=0             # Exit status code from failed service or signal

 ################################################################################
 # is_pid_active() - Check if a process is alive and not in zombie/dead state
--- a/install/production-filesystem/services/scripts/check-nonpersistent-storage.sh
+++ b/install/production-filesystem/services/scripts/check-nonpersistent-storage.sh
@@ -34,7 +34,6 @@ warn_if_not_persistent_mount "${NETALERTX_API}" "API JSON cache" || failures=$((
 warn_if_not_persistent_mount "${SYSTEM_SERVICES_RUN}" "Runtime work directory" || failures=$((failures + 1))  

 if [ "${failures}" -ne 0 ]; then
-    sleep 5
    exit 1
 fi

--- a/install/production-filesystem/services/scripts/check-persistent-storage.sh
+++ b/install/production-filesystem/services/scripts/check-persistent-storage.sh
@@ -1,37 +1,38 @@
 #!/bin/sh
 # check-storage.sh - Verify critical paths are persistent mounts.

-# Get the Device ID of the root filesystem (overlayfs/tmpfs)
-# The default, non-persistent container root will have a unique Device ID.
-# Persistent mounts will have a different Device ID (unless it's a bind mount
-# from the host's root, which is a rare and unusual setup for a single volume check).
-ROOT_DEV_ID=$(stat -c '%d' /)
+# Define non-persistent filesystem types to check against
+# NOTE: 'overlay' and 'aufs' are the primary non-persistent types for container roots.
+# 'tmpfs' and 'ramfs' are for specific non-persistent mounts.
+NON_PERSISTENT_FSTYPES="tmpfs|ramfs|overlay|aufs"
+MANDATORY_PERSISTENT_PATHS="/app/db /app/config"

+# This function is now the robust persistence checker.
 is_persistent_mount() {
    target_path="$1"

-    # Stat the path and get its Device ID
-    current_dev_id=$(stat -c '%d' "${target_path}")
+    mount_entry=$(awk -v path="${target_path}" '$2 == path { print $0 }' /proc/mounts)

-    # If the Device ID of the target is *different* from the root's Device ID,
-    # it means it resides on a separate filesystem, implying a mount.
-    if [ "${current_dev_id}" != "${ROOT_DEV_ID}" ]; then
-        return 0 # Persistent (different filesystem/device ID)
+    if [ -z "${mount_entry}" ]; then
+        # CRITICAL FIX: If the mount entry is empty, check if it's one of the mandatory paths.
+        if echo "${MANDATORY_PERSISTENT_PATHS}" | grep -w -q "${target_path}"; then
+            # The path is mandatory but not mounted: FAIL (Not persistent)
+            return 1
+        else
+            # Not mandatory and not a mount point: Assume persistence is inherited from parent (pass)
+            return 0 
+        fi
    fi

-    # Fallback to check if it's the root directory itself (which is always mounted)
-    if [ "${target_path}" = "/" ]; then
-        return 0
+    # ... (rest of the original logic remains the same for explicit mounts)
+    fs_type=$(echo "${mount_entry}" | awk '{print $3}')
+    
+    # Check if the filesystem type matches any non-persistent types
+    if echo "${fs_type}" | grep -E -q "^(${NON_PERSISTENT_FSTYPES})$"; then
+        return 1 # Not persistent (matched a non-persistent type)
+    else
+        return 0 # Persistent
    fi
-
-    # Check parent directory recursively
-    parent_dir=$(dirname "${target_path}")
-    if [ "${parent_dir}" != "${target_path}" ]; then
-        is_persistent_mount "${parent_dir}"
-        return $?
-    fi
-
-    return 1 # Not persistent
 }

 warn_if_not_persistent_mount() {
@@ -41,8 +42,6 @@ warn_if_not_persistent_mount() {
        return 0
    fi

-    # ... (Your existing warning message block remains unchanged) ...
-
    failures=1
    YELLOW=$(printf '\033[1;33m')
    RESET=$(printf '\033[0m')
@@ -52,8 +51,7 @@ warn_if_not_persistent_mount() {
 ⚠️  ATTENTION: ${path} is not a persistent mount.

    Your data in this directory may not persist across container restarts or
-    upgrades. To ensure your settings and history are saved, you must mount
-    this directory as a persistent volume.
+    upgrades. The filesystem type for this path is identified as non-persistent.

    Fix: mount ${path} explicitly as a bind mount or a named volume:
        # Bind mount
@@ -82,5 +80,5 @@ warn_if_not_persistent_mount "${NETALERTX_CONFIG}"
 if [ "${failures}" -ne 0 ]; then
    # We only warn, not exit, as this is not a critical failure
    # but the user should be aware of the potential data loss.
-    sleep 5 # Give user time to read the message
+    sleep 1 # Give user time to read the message
 fi
--- a/install/production-filesystem/services/scripts/check-ramdisk.sh
+++ b/install/production-filesystem/services/scripts/check-ramdisk.sh
@@ -42,7 +42,7 @@ warn_if_not_dedicated_mount "${NETALERTX_API}"
 warn_if_not_dedicated_mount "${NETALERTX_LOG}"


-if [ ! -L "${SYSTEM_NGINX_CONFIG}/conf.active" ]; then
-    echo "Note: Using default listen address ${LISTEN_ADDR}:${PORT} (no ${SYSTEM_NGINX_CONFIG}/conf.active override)."
+if [ ! -w "${SYSTEM_NGINX_CONFIG}/conf.active" ]; then
+    echo "Note: Using default listen address 0.0.0.0:20211 instead of ${LISTEN_ADDR}:${PORT} (no ${SYSTEM_NGINX_CONFIG}/conf.active override)."
 fi
 exit 0
--- a/install/production-filesystem/services/scripts/check-root.sh
+++ b/install/production-filesystem/services/scripts/check-root.sh
@@ -29,7 +29,6 @@ if [ "${CURRENT_UID}" -eq 0 ]; then
 ══════════════════════════════════════════════════════════════════════════════
 EOF
    >&2 printf "%s" "${RESET}"
-	sleep 5 # Give user time to read the message
    exit 1
 fi

--- a/install/production-filesystem/services/scripts/check-user-netalertx.sh
+++ b/install/production-filesystem/services/scripts/check-user-netalertx.sh
@@ -39,5 +39,3 @@ RESET=$(printf '\033[0m')
 ══════════════════════════════════════════════════════════════════════════════
 EOF
 >&2 printf "%s" "${RESET}"
-sleep 5 # Give user time to read the message
-exit 0
--- a/install/production-filesystem/services/scripts/update_vendors.sh
+++ b/install/production-filesystem/services/scripts/update_vendors.sh
@@ -19,7 +19,7 @@ TEMP_FILE="/services/run/tmp/ieee-oui.txt.tmp"
 OUTPUT_FILE="/services/run/tmp/ieee-oui.txt"

 # Download the file using wget to stdout and process it
-if ! wget --timeout=30 --tries=3 "https://standards-oui.ieee.org/oui/oui.txt" -O /dev/stdout | \
+if ! wget --timeout=30 --tries=3 "https://standards-oui.ieee.org/oui/oui.txt" -O /dev/stdout 2>/dev/null | \
 	sed -E 's/ *\(base 16\)//' | \
 	awk -F' ' '{printf "%s\t%s\n", $1, substr($0, index($0, $2))}' | \
 	sort | \
--- a/install/production-filesystem/services/start-backend.sh
+++ b/install/production-filesystem/services/start-backend.sh
@@ -11,5 +11,5 @@ done
 # Force kill if graceful shutdown failed
 killall -KILL python3 &>/dev/null

-echo "python3 $(cat /services/config/python/backend-extra-launch-parameters 2>/dev/null) -m server > /app/log/stdout.log 2> >(tee /app/log/stderr.log >&2)"
+echo "Starting python3 $(cat /services/config/python/backend-extra-launch-parameters 2>/dev/null) -m server > /app/log/stdout.log 2> >(tee /app/log/stderr.log >&2)"
 exec python3 $(cat /services/config/python/backend-extra-launch-parameters 2>/dev/null) -m server > /app/log/stdout.log 2> >(tee /app/log/stderr.log >&2)
--- a/install/production-filesystem/services/start-crond.sh
+++ b/install/production-filesystem/services/start-crond.sh
@@ -1,7 +1,6 @@
 #!/bin/bash
 set -euo pipefail

-echo "Starting crond..."

 crond_pid=""

@@ -24,7 +23,7 @@ done
 trap cleanup EXIT
 trap forward_signal INT TERM

-echo "/usr/sbin/crond -c \"${SYSTEM_SERVICES_CROND}\" -f -L \"${LOG_CROND}\" >>\"${LOG_CROND}\" 2>&1 &"
+echo "Starting /usr/sbin/crond -c \"${SYSTEM_SERVICES_CROND}\" -f -L \"${LOG_CROND}\" >>\"${LOG_CROND}\" 2>&1 &"

 /usr/sbin/crond -c "${SYSTEM_SERVICES_CROND}" -f -L "${LOG_CROND}" >>"${LOG_CROND}" 2>&1 &
 crond_pid=$!
--- a/install/production-filesystem/services/start-nginx.sh
+++ b/install/production-filesystem/services/start-nginx.sh
@@ -11,7 +11,6 @@ SYSTEM_NGINX_CONFIG_FILE="/services/config/nginx/conf.active/netalertx.conf"
 # Create directories if they don't exist
 mkdir -p "${LOG_DIR}" "${RUN_DIR}" "${TMP_DIR}"

-echo "Starting nginx..."

 nginx_pid=""

@@ -48,8 +47,8 @@ trap forward_signal INT TERM

 # Execute nginx with overrides
 # echo the full nginx command then run it
-echo "nginx	-p \"${RUN_DIR}/\" -c \"${SYSTEM_NGINX_CONFIG_FILE}\" -g \"error_log /dev/stderr; error_log ${NETALERTX_LOG}/nginx-error.log; pid ${RUN_DIR}/nginx.pid; daemon off;\" &"
-nginx \
+echo "Starting /usr/sbin/nginx -p \"${RUN_DIR}/\" -c \"${SYSTEM_NGINX_CONFIG_FILE}\" -g \"error_log /dev/stderr; error_log ${NETALERTX_LOG}/nginx-error.log; pid ${RUN_DIR}/nginx.pid; daemon off;\" &"
+/usr/sbin/nginx \
 	-p "${RUN_DIR}/" \
 	-c "${SYSTEM_NGINX_CONFIG_FILE}" \
 	-g "error_log /dev/stderr; error_log ${NETALERTX_LOG}/nginx-error.log; pid ${RUN_DIR}/nginx.pid; daemon off;" &
--- a/install/production-filesystem/services/start-php-fpm.sh
+++ b/install/production-filesystem/services/start-php-fpm.sh
@@ -1,8 +1,6 @@
 #!/bin/bash
 set -euo pipefail

-echo "Starting php-fpm..."
-
 php_fpm_pid=""

 cleanup() {
@@ -24,8 +22,8 @@ done
 trap cleanup EXIT
 trap forward_signal INT TERM

-echo "/usr/sbin/php-fpm83 -y \"${PHP_FPM_CONFIG_FILE}\" -F >>\"${LOG_APP_PHP_ERRORS}\" 2>&1 &"
-/usr/sbin/php-fpm83 -y "${PHP_FPM_CONFIG_FILE}" -F >>"${LOG_APP_PHP_ERRORS}" 2>&1 &
+echo "Starting /usr/sbin/php-fpm83 -y \"${PHP_FPM_CONFIG_FILE}\" -F >>\"${LOG_APP_PHP_ERRORS}\" 2>/dev/stderr &"
+/usr/sbin/php-fpm83 -y "${PHP_FPM_CONFIG_FILE}" -F >>"${LOG_APP_PHP_ERRORS}" 2> /dev/stderr &
 php_fpm_pid=$!

 wait "${php_fpm_pid}"