From a21a6c0703494ffdd06088c868b6c4551426ad1d Mon Sep 17 00:00:00 2001 From: Himanshu Verma Date: Fri, 5 Jun 2026 21:04:52 +0530 Subject: [PATCH 1/5] feat(docker): add HEALTHCHECK and remove unused cron from Dockerfiles MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Without HEALTHCHECK, docker ps always shows 'Up' even when Java has crashed inside the container. Add HEALTHCHECK to all three Dockerfiles: - Server: curl http://localhost:8080/versions - PD: curl http://localhost:8620/v1/health - Store: curl http://localhost:8520/v1/health Fallback: if HTTP is not yet up but Java is alive (kill -0 on pid file), report healthy. Avoids false unhealthy during startup. Remove cron: Docker containers use foreground mode (-d false) after the entrypoint fix. The cron-based monitor is for VM/bare-metal only and is never started in Docker — removing it shrinks the image and reduces attack surface. Endpoints match what is already used in docker/docker-compose.yml. Related to: #3043 --- hugegraph-pd/Dockerfile | 5 ++++- hugegraph-server/Dockerfile | 5 ++++- hugegraph-store/Dockerfile | 5 ++++- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/hugegraph-pd/Dockerfile b/hugegraph-pd/Dockerfile index 41cac1adb6..2ded0bc4e9 100644 --- a/hugegraph-pd/Dockerfile +++ b/hugegraph-pd/Dockerfile @@ -52,7 +52,6 @@ RUN apt-get -q update \ curl \ lsof \ vim \ - cron \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* @@ -63,5 +62,9 @@ RUN chmod 755 ./docker-entrypoint.sh EXPOSE 8620 VOLUME /hugegraph-pd +HEALTHCHECK --interval=15s --timeout=10s --start-period=90s --retries=3 \ + CMD curl -fsS http://localhost:8620/v1/health >/dev/null \ + || kill -0 "$(cat ./bin/pid 2>/dev/null)" 2>/dev/null + ENTRYPOINT ["/usr/bin/dumb-init", "--"] CMD ["./docker-entrypoint.sh"] diff --git a/hugegraph-server/Dockerfile b/hugegraph-server/Dockerfile index 4b06bdad6c..d1a6f3704e 100644 --- a/hugegraph-server/Dockerfile +++ b/hugegraph-server/Dockerfile @@ -53,7 +53,6 @@ RUN apt-get -q update \ curl \ lsof \ vim \ - cron \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* \ && sed -i "s/^restserver.url.*$/restserver.url=http:\/\/0.0.0.0:8080/g" ./conf/rest-server.properties @@ -67,5 +66,9 @@ RUN chmod 755 ./docker-entrypoint.sh EXPOSE 8080 VOLUME /hugegraph-server +HEALTHCHECK --interval=15s --timeout=10s --start-period=90s --retries=3 \ + CMD curl -fsS http://localhost:8080/versions >/dev/null \ + || kill -0 "$(cat ./bin/pid 2>/dev/null)" 2>/dev/null + ENTRYPOINT ["/usr/bin/dumb-init", "--"] CMD ["./docker-entrypoint.sh"] diff --git a/hugegraph-store/Dockerfile b/hugegraph-store/Dockerfile index 5883f9cbf7..2c218d4bc3 100644 --- a/hugegraph-store/Dockerfile +++ b/hugegraph-store/Dockerfile @@ -52,7 +52,6 @@ RUN apt-get -q update \ curl \ lsof \ vim \ - cron \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* @@ -63,5 +62,9 @@ RUN chmod 755 ./docker-entrypoint.sh EXPOSE 8520 VOLUME /hugegraph-store +HEALTHCHECK --interval=15s --timeout=10s --start-period=90s --retries=3 \ + CMD curl -fsS http://localhost:8520/v1/health >/dev/null \ + || kill -0 "$(cat ./bin/pid 2>/dev/null)" 2>/dev/null + ENTRYPOINT ["/usr/bin/dumb-init", "--"] CMD ["./docker-entrypoint.sh"] From 027e3b7b30379d20e3b5b9032c37b3c220c07dc1 Mon Sep 17 00:00:00 2001 From: Himanshu Verma Date: Fri, 5 Jun 2026 21:32:03 +0530 Subject: [PATCH 2/5] ci(docker): verify HEALTHCHECK is present in built images MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Extend docker-build-ci.yml to inspect image metadata after build and fail if HEALTHCHECK is not configured (except Dockerfile-hstore). Zero CI time cost — docker inspect runs on the already-built image. Prevents accidental removal of HEALTHCHECK in future PRs. Related to: #3043 --- .github/workflows/docker-build-ci.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker-build-ci.yml b/.github/workflows/docker-build-ci.yml index 2d88b72e7a..92868371ec 100644 --- a/.github/workflows/docker-build-ci.yml +++ b/.github/workflows/docker-build-ci.yml @@ -45,4 +45,10 @@ jobs: - name: Build ${{ matrix.dockerfile }} run: | - docker build -f ${{ matrix.dockerfile }} . + IMAGE_ID=$(docker build -q -f ${{ matrix.dockerfile }} .) + echo "Built: $IMAGE_ID" + HC=$(docker inspect --format='{{json .Config.Healthcheck}}' "$IMAGE_ID") + echo "Healthcheck: $HC" + if [[ "${{ matrix.dockerfile }}" != *"hstore"* ]]; then + [[ "$HC" != "null" ]] || { echo "ERROR: HEALTHCHECK missing in ${{ matrix.dockerfile }}"; exit 1; } + fi From b8984c8d0302eee4c7e5533e4800a7feb9c4fa68 Mon Sep 17 00:00:00 2001 From: Himanshu Verma Date: Fri, 5 Jun 2026 21:42:44 +0530 Subject: [PATCH 3/5] feat(docker): add HEALTHCHECK and remove cron from Dockerfile-hstore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Missed in the previous commit. Dockerfile-hstore has the same runtime stage as hugegraph-server/Dockerfile (same WORKDIR, same port 8080), so the same HEALTHCHECK applies. Also remove the hstore exclusion from docker-build-ci.yml — all four Dockerfiles now have HEALTHCHECK and are checked unconditionally. Related to: #3043 --- .github/workflows/docker-build-ci.yml | 4 +--- hugegraph-server/Dockerfile-hstore | 5 ++++- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/docker-build-ci.yml b/.github/workflows/docker-build-ci.yml index 92868371ec..8d31ff266f 100644 --- a/.github/workflows/docker-build-ci.yml +++ b/.github/workflows/docker-build-ci.yml @@ -49,6 +49,4 @@ jobs: echo "Built: $IMAGE_ID" HC=$(docker inspect --format='{{json .Config.Healthcheck}}' "$IMAGE_ID") echo "Healthcheck: $HC" - if [[ "${{ matrix.dockerfile }}" != *"hstore"* ]]; then - [[ "$HC" != "null" ]] || { echo "ERROR: HEALTHCHECK missing in ${{ matrix.dockerfile }}"; exit 1; } - fi + [[ "$HC" != "null" ]] || { echo "ERROR: HEALTHCHECK missing in ${{ matrix.dockerfile }}"; exit 1; } diff --git a/hugegraph-server/Dockerfile-hstore b/hugegraph-server/Dockerfile-hstore index 54494dbad2..76cffc2cb7 100644 --- a/hugegraph-server/Dockerfile-hstore +++ b/hugegraph-server/Dockerfile-hstore @@ -55,7 +55,6 @@ RUN apt-get -q update \ curl \ lsof \ vim \ - cron \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* \ && sed -i "s/^restserver.url.*$/restserver.url=http:\/\/0.0.0.0:8080/g" ./conf/rest-server.properties @@ -69,5 +68,9 @@ RUN chmod 755 ./docker-entrypoint.sh EXPOSE 8080 VOLUME /hugegraph-server +HEALTHCHECK --interval=15s --timeout=10s --start-period=90s --retries=3 \ + CMD curl -fsS http://localhost:8080/versions >/dev/null \ + || kill -0 "$(cat ./bin/pid 2>/dev/null)" 2>/dev/null + ENTRYPOINT ["/usr/bin/dumb-init", "--"] CMD ["./docker-entrypoint.sh"] From 9b3f6c4507f7c7811af8414841ef1f076aa34e37 Mon Sep 17 00:00:00 2001 From: Himanshu Verma Date: Sun, 7 Jun 2026 11:59:57 +0530 Subject: [PATCH 4/5] =?UTF-8?q?fix(docker):=20remove=20kill-0=20fallback?= =?UTF-8?q?=20from=20HEALTHCHECK=20=E2=80=94=20HTTP-only?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The || kill -0 fallback allowed a container to stay healthy when the REST endpoint was down but Java was alive. --start-period=90s already covers the startup window, so the fallback is redundant and weakens the health signal. Addresses review feedback from imbajin on #3052. --- hugegraph-pd/Dockerfile | 3 +-- hugegraph-server/Dockerfile | 3 +-- hugegraph-store/Dockerfile | 3 +-- 3 files changed, 3 insertions(+), 6 deletions(-) diff --git a/hugegraph-pd/Dockerfile b/hugegraph-pd/Dockerfile index 2ded0bc4e9..15d19c6f76 100644 --- a/hugegraph-pd/Dockerfile +++ b/hugegraph-pd/Dockerfile @@ -63,8 +63,7 @@ EXPOSE 8620 VOLUME /hugegraph-pd HEALTHCHECK --interval=15s --timeout=10s --start-period=90s --retries=3 \ - CMD curl -fsS http://localhost:8620/v1/health >/dev/null \ - || kill -0 "$(cat ./bin/pid 2>/dev/null)" 2>/dev/null + CMD curl -fsS http://localhost:8620/v1/health >/dev/null ENTRYPOINT ["/usr/bin/dumb-init", "--"] CMD ["./docker-entrypoint.sh"] diff --git a/hugegraph-server/Dockerfile b/hugegraph-server/Dockerfile index d1a6f3704e..068719318f 100644 --- a/hugegraph-server/Dockerfile +++ b/hugegraph-server/Dockerfile @@ -67,8 +67,7 @@ EXPOSE 8080 VOLUME /hugegraph-server HEALTHCHECK --interval=15s --timeout=10s --start-period=90s --retries=3 \ - CMD curl -fsS http://localhost:8080/versions >/dev/null \ - || kill -0 "$(cat ./bin/pid 2>/dev/null)" 2>/dev/null + CMD curl -fsS http://localhost:8080/versions >/dev/null ENTRYPOINT ["/usr/bin/dumb-init", "--"] CMD ["./docker-entrypoint.sh"] diff --git a/hugegraph-store/Dockerfile b/hugegraph-store/Dockerfile index 2c218d4bc3..43daa48e94 100644 --- a/hugegraph-store/Dockerfile +++ b/hugegraph-store/Dockerfile @@ -63,8 +63,7 @@ EXPOSE 8520 VOLUME /hugegraph-store HEALTHCHECK --interval=15s --timeout=10s --start-period=90s --retries=3 \ - CMD curl -fsS http://localhost:8520/v1/health >/dev/null \ - || kill -0 "$(cat ./bin/pid 2>/dev/null)" 2>/dev/null + CMD curl -fsS http://localhost:8520/v1/health >/dev/null ENTRYPOINT ["/usr/bin/dumb-init", "--"] CMD ["./docker-entrypoint.sh"] From f6f7c14e733c28d180d7138c60a9def4afa5bb3a Mon Sep 17 00:00:00 2001 From: Himanshu Verma Date: Sun, 7 Jun 2026 12:01:10 +0530 Subject: [PATCH 5/5] fix(docker): remove kill-0 fallback from Dockerfile-hstore HEALTHCHECK MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Missed in 9b3f6c4 — same fix as the other three Dockerfiles. Addresses review feedback from imbajin on #3052. --- hugegraph-server/Dockerfile-hstore | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/hugegraph-server/Dockerfile-hstore b/hugegraph-server/Dockerfile-hstore index 76cffc2cb7..6d3b82b5dc 100644 --- a/hugegraph-server/Dockerfile-hstore +++ b/hugegraph-server/Dockerfile-hstore @@ -69,8 +69,7 @@ EXPOSE 8080 VOLUME /hugegraph-server HEALTHCHECK --interval=15s --timeout=10s --start-period=90s --retries=3 \ - CMD curl -fsS http://localhost:8080/versions >/dev/null \ - || kill -0 "$(cat ./bin/pid 2>/dev/null)" 2>/dev/null + CMD curl -fsS http://localhost:8080/versions >/dev/null ENTRYPOINT ["/usr/bin/dumb-init", "--"] CMD ["./docker-entrypoint.sh"]