recipe-maintainers/plausible
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2ab49fab62ad49311184c21db3ef86b1d7bb4476
plausible/entrypoint.clickhouse.sh
notplants 2ab49fab62
Some checks failed
cc-ci/testme cc-ci: failure
Details
fix(clickhouse): require backup tool — abort if fetch fails after retries 
Make the clickhouse-backup install REQUIRED: if it cannot be fetched
after all retries the entrypoint aborts (non-zero exit, set -e) and
clickhouse-server is not started, so the deploy fails loudly rather than
coming up without backup/restore capability.
2026-06-09 15:10:07 +00:00

68 lines
2.9 KiB
Bash
Raw Blame History

#!/bin/bash
# clickhouse entrypoint (cc-ci Q4.7b hardening — recipe-PR for recipe-maintainers/plausible).
#
# clickhouse-backup is the BACKUP tool (backupbot pre/post-hooks: `clickhouse-backup create/restore`).
# It is NOT required for clickhouse-SERVER (`/entrypoint.sh`) to run. The published recipe fetched it
# with `set -ex` + a single silenced no-retry wget to ephemeral /tmp, so ANY transient failure of the
# 22 MB GitHub download (rate-limit / network) exited the container BEFORE the server started → swarm
# restarted it → re-downloaded → amplified the throttle → crash-loop → deploy timeout (cc-ci Q4.7).
#
# Hardening (no behaviour change when the download succeeds first try):
# - cache the binary on the PERSISTENT clickhouse data volume (/var/lib/clickhouse) so it is fetched
# at most once and reused on every container restart (no re-download amplification);
# - retry with backoff to ride out transient GitHub failures;
# - un-silenced so a failure is diagnosable in `docker service logs`.
#
# Policy: clickhouse-backup is REQUIRED. If it cannot be installed after all retries the entrypoint
# aborts (non-zero exit) and the server is NOT started — we deliberately fail the deploy loudly rather
# than come up silently without backup/restore capability.
set -e
CLICKHOUSE_BACKUP_VERSION=2.4.2
ARCH=$(uname -m)
if [[ $ARCH =~ "aarch64" ]]; then
ARCH="arm64"
elif [[ $ARCH =~ "armv5l" ]]; then
ARCH="armv5"
elif [[ $ARCH =~ "armv6l" ]]; then
ARCH="armv6"
elif [[ $ARCH =~ "armv7l" ]]; then
ARCH="armv7"
elif [[ $ARCH =~ "x86_64" ]]; then
ARCH="amd64"
fi
CACHE_DIR=/var/lib/clickhouse/.ccci-bin
CACHED="${CACHE_DIR}/clickhouse-backup"
BIN=/usr/local/bin/clickhouse-backup
URL="https://github.com/AlexAkulov/clickhouse-backup/releases/download/v${CLICKHOUSE_BACKUP_VERSION}/clickhouse-backup-linux-${ARCH}.tar.gz"
install_clickhouse_backup() {
mkdir -p "$CACHE_DIR"
if [ -x "$CACHED" ]; then
cp -f "$CACHED" "$BIN"
echo "clickhouse-backup: restored from persistent cache ($CACHED)"
return 0
fi
for attempt in 1 2 3 4 5; do
if wget --continue --output-document=/tmp/clickhouse-backup.tar.gz "$URL" \
&& tar -xf /tmp/clickhouse-backup.tar.gz --directory=/usr/local/bin --strip-components=3; then
cp -f "$BIN" "$CACHED" 2>/dev/null || true
echo "clickhouse-backup: downloaded + cached (attempt ${attempt})"
return 0
fi
echo "clickhouse-backup: fetch attempt ${attempt} failed; backing off $((attempt * 10))s" >&2
sleep $((attempt * 10))
done
echo "clickhouse-backup: fetch FAILED after all retries — aborting; clickhouse-server will NOT start (backup tool is required)" >&2
return 1
}
# Required: if the backup tool cannot be installed after retries, abort (set -e) so the deploy fails
# loudly instead of coming up without backup/restore capability.
install_clickhouse_backup
exec /entrypoint.sh
Reference in New Issue View Git Blame Copy Permalink