Addresses several issues during the re-start of the core container

.gitignore

@@ -109,3 +109,4 @@ venv.bak/
 *.war
 
 .flaskenv.secret
+bom.json

requirements.txt

@@ -1,6 +1,6 @@
 Flask==3.1.1
 python-dotenv
 Flask_Cors==6.0.0
-requests==2.32.4
+requests==2.33.0
 PyYAML
 setuptools

src/d2_docker/config/dhis2-core-entrypoint.sh

@@ -14,7 +14,7 @@ DHIS2HOME=/DHIS2_home
 DATA_DIR=/data
 GLOWROOT_ZIP="/opt/glowroot.zip"
 GLOWROOT_DIR="/opt/glowroot"
-
+APPROOT=$TOMCATDIR/webapps/ROOT
 
 debug() {
     echo "[dhis2-core-entrypoint] $*" >&2
@@ -95,8 +95,8 @@ setup_glowroot() {
 
 if [ "$(id -u)" = "0" ]; then
     if [ -f $WARFILE ]; then
-        unzip -q $WARFILE -d $TOMCATDIR/webapps/ROOT
-        rm -v $WARFILE # just to save space
+        unzip -q $WARFILE -d $APPROOT
+        rm -v $WARFILE  # just to save space
     fi
 
     setup_glowroot

src/d2_docker/config/dhis2-core-start.sh

@@ -15,6 +15,9 @@ set -e -u -o pipefail
 
 export PGPASSWORD="dhis"
 
+# Default to 10 seconds
+[[ "$STOP_GRACE_PERIOD" =~ ^[0-9]+$ ]] || STOP_GRACE_PERIOD=10
+
 dhis2_url="http://localhost:8080/$DEPLOY_PATH"
 dhis2_url_with_auth="http://$DHIS2_AUTH@localhost:8080/$DEPLOY_PATH"
 psql_base_cmd="psql --quiet -h db -U dhis dhis2"
@@ -29,16 +32,34 @@ post_db_path="/data/db/post"
 source_apps_path="/data/apps"
 source_documents_path="/data/document"
 source_datavalues_path="/data/dataValue"
-files_path="/DHIS2_home/files/"
-tomcat_conf_dir="/usr/local/tomcat/conf"
+home_path="/DHIS2_home"
+files_path="$home_path/files/"
+tomcatdir=/usr/local/tomcat
+tomcat_conf_dir="$tomcatdir/conf"
+approot="$tomcatdir/webapps/ROOT"
+flag_sql_error="$home_path/flag-sql-error"
+
 
 debug() {
     echo "[dhis2-core-start] $*" >&2
 }
 
+setup_error_page() {
+    debug "Setting up error page (application removed)"
+    rm -rf "$approot"
+    mkdir -p -m 750 "$approot"
+    chown tomcat:tomcat "$approot"
+    echo '<!DOCTYPE html><title>Error</title>
+    Error during preparation of the service' > "$approot/index.html"
+}
+
 run_sql_files() {
     base_db_path=$(test "${LOAD_FROM_DATA}" = "yes" && echo "$root_db_path" || echo "$post_db_path")
     debug "Files in data path"
+    if [[ ! -d "$base_db_path" ]] ; then
+        debug " -- NO FILES -- "
+        return 0
+    fi
     find "$base_db_path" >&2
 
     find "$base_db_path" -type f \( -name '*.dump' \) |
@@ -53,16 +74,24 @@ run_sql_files() {
         zcat "$path" | $psql_cmd || true
     done
 
-    find "$base_db_path" -type f \( -name '*.sql' \) |
-        sort | while read -r path; do
+    local sql_error=0
+    while read -r path; do
         echo "Load SQL: $path"
         exit_code=0
         run_psql_cmd "$path" || exit_code=$?
         if [ "$exit_code" -gt 0 ]; then
             echo "Exit code: $exit_code"
-            exit "$exit_code"
+            sql_error=1
+            break
         fi
-    done
+    done < <(find "$base_db_path" -type f \( -name '*.sql' \) | sort)
+
+    if [ "$sql_error" -gt 0 ]; then
+        touch "$flag_sql_error"
+        setup_error_page
+        return 1
+    fi
+    return 0
 }
 
 run_psql_cmd() {
@@ -122,9 +151,9 @@ copy_non_empty_files() {
 setup_tomcat() {
     debug "Setup tomcat"
 
-    cp -v $configdir/DHIS2_home/* "/DHIS2_home/"
-    cp -v $homedir/* /DHIS2_home/ || true
-    copy_non_empty_files "$configdir/override/dhis2/" "/DHIS2_home/"
+    cp -v $configdir/DHIS2_home/* "$home_path/"
+    cp -v $homedir/* $home_path/ || true
+    copy_non_empty_files "$configdir/override/dhis2/" "$home_path/"
 
     cp -v "$configdir/server.xml" "$tomcat_conf_dir/server.xml"
     copy_non_empty_files "$configdir/override/tomcat/" "$tomcat_conf_dir/"
@@ -142,13 +171,49 @@ start_tomcat() {
     catalina.sh run
 }
 
+manage_tomcat_lifecycle() {
+    local msg="${1:-}"
+    local callback="${2:-}"
+
+    start_tomcat &
+    LAST_PID=$!
+
+    if [ -n "$callback" ]; then
+        $callback
+    fi
+
+    [ -n "$msg" ] && debug "$msg"
+
+    wait $LAST_PID || true
+}
+
 wait_for_tomcat() {
     debug "Waiting for Tomcat to start: $dhis2_url"
     while ! curl -sS -i "$dhis2_url" 2>/dev/null | grep "^Location"; do
         sleep 1
     done
 }
 
+cleanup() {
+    debug "--- [SIGNAL RECEIVED] ---"
+    debug "Stopping tomcat"
+    catalina.sh stop &
+    STOP_PID=$!
+    count=0
+    while [ $count -lt $STOP_GRACE_PERIOD ]; do
+        if ! kill -0 $STOP_PID 2>/dev/null; then
+            debug "Tomcat has stopped."
+            exit 0
+        fi
+        sleep 1
+        count=$((count + 1))
+    done
+    exit 0
+}
+
+trap cleanup SIGTERM SIGINT
+
+
 INIT_DONE_FILE="/tmp/dhis2-core-start.done"
 
 is_init_done() {
@@ -163,6 +228,16 @@ run() {
     local host=$1 psql_port=$2
 
     setup_tomcat
+
+    # If a previous SQL error was flagged (persisted in named volume), keep showing error page
+    if [ -f "$flag_sql_error" ]; then
+        debug "SQL error flag detected from a previous run. Container will start with error page only."
+        setup_error_page
+        manage_tomcat_lifecycle \
+            "Container is running with error page. Fix the SQL issue and remove the flag ($flag_sql_error) to recover."
+        return
+    fi
+
     if is_init_done; then
         debug "Container: already configured. Skip DB load and keeping other changes"
     else
@@ -172,16 +247,24 @@ run() {
         copy_datavalues
         debug "Container: clean. Load DB"
         wait_for_postgres
-        run_sql_files
+        if ! run_sql_files; then
+            debug "SQL error detected. Container will start with error page only."
+            manage_tomcat_lifecycle \
+                "Fix the SQL issue and remove the flag ($flag_sql_error) to recover."
+            return
+        fi
         run_pre_scripts || true
         init_done
     fi
 
-    start_tomcat &
-    wait_for_tomcat
-    run_post_scripts || true
-    debug "DHIS2 instance ready"
-    wait
+    post_start_actions() {
+        wait_for_tomcat
+        run_post_scripts || true
+    }
+
+    manage_tomcat_lifecycle \
+        "DHIS2 instance ready" \
+        post_start_actions
 }
 
 env

src/d2_docker/docker-compose.yml

@@ -19,9 +19,11 @@ services:
             LOAD_FROM_DATA: "${LOAD_FROM_DATA}"
             DEPLOY_PATH: "${DEPLOY_PATH}"
             DHIS2_AUTH: "${DHIS2_AUTH}"
+            STOP_GRACE_PERIOD: 10  # This MUST be equal to the stop_grace_period, but without units
+        stop_grace_period: 10s
+        restart: unless-stopped
         entrypoint: bash /config/dhis2-core-entrypoint.sh
         command: bash /config/dhis2-core-start.sh
-        restart: "no"
         depends_on:
             - "db"
             - "data"

src/d2_docker/images/dhis2-core/docker-entrypoint.sh

@@ -8,10 +8,11 @@ WARFILE=/usr/local/tomcat/webapps/ROOT.war
 TOMCATDIR=/usr/local/tomcat
 DHIS2HOME=/DHIS2_home
 DATA_DIR=/data
+APPROOT=$TOMCATDIR/webapps/ROOT
 
 if [ "$(id -u)" = "0" ]; then
     if [ -f $WARFILE ]; then
-        unzip -q $WARFILE -d $TOMCATDIR/webapps/ROOT
+        unzip -q $WARFILE -d $APPROOT
         rm -v $WARFILE  # just to save space
     fi
 

src/d2_docker/images/dhis2-core/java-11/Dockerfile

@@ -1,7 +1,6 @@
 FROM tomcat:9.0.64-jre11-openjdk-slim-bullseye
 
 ENV DHIS2_HOME=/DHIS2_home
-ENV DHIS2_CERT=/DHIS2_home/who_pub_cert.cert
 ENV DATA_DIR=/data
 
 COPY docker-entrypoint.sh /usr/local/bin/
@@ -14,11 +13,6 @@ RUN rm -rf /usr/local/tomcat/webapps/* && \
     addgroup root tomcat && \
     useradd --shell /bin/bash --uid 101 --gid tomcat tomcat
 
-COPY who_pub_cert.cert $DHIS2_CERT
-RUN  chmod +rx $DHIS2_CERT
-RUN keytool -importcert -alias who_mail_ichigoout -file $DHIS2_CERT -keystore /usr/local/openjdk-11/lib/security/cacerts -storepass changeit -noprompt
-
-
 RUN apt-get update
 RUN echo 'You can disregard the warning in noninteractive installations:' \
          '"debconf: delaying package configuration, since apt-utils is not installed"'

src/d2_docker/images/dhis2-core/java-17-tomcat-10/Dockerfile

@@ -1,7 +1,6 @@
 FROM tomcat:10.1.36-jre21-temurin
 
 ENV DHIS2_HOME=/DHIS2_home
-ENV DHIS2_CERT=/DHIS2_home/who_pub_cert.cert
 ENV DATA_DIR=/data
 
 COPY docker-entrypoint.sh /usr/local/bin/
@@ -14,10 +13,6 @@ RUN rm -rf /usr/local/tomcat/webapps/* && \
     usermod -aG tomcat root && \
     useradd --shell /bin/bash --uid 101 --gid tomcat tomcat
 
-COPY who_pub_cert.cert $DHIS2_CERT
-RUN  chmod +rx $DHIS2_CERT
-RUN keytool -importcert -alias who_mail_ichigoout -file $DHIS2_CERT -keystore /opt/java/openjdk/lib/security/cacerts -storepass changeit -noprompt
-
 
 RUN apt-get update
 RUN echo 'You can disregard the warning in noninteractive installations:' \

src/d2_docker/images/dhis2-core/java-17-tomcat-10/docker-entrypoint.sh

@@ -0,0 +1 @@
+../docker-entrypoint.sh

src/d2_docker/images/dhis2-core/java-17/Dockerfile

@@ -1,7 +1,6 @@
 FROM tomcat:9.0.85-jre17-temurin-jammy
 
 ENV DHIS2_HOME=/DHIS2_home
-ENV DHIS2_CERT=/DHIS2_home/who_pub_cert.cert
 ENV DATA_DIR=/data
 
 COPY docker-entrypoint.sh /usr/local/bin/
@@ -14,10 +13,6 @@ RUN rm -rf /usr/local/tomcat/webapps/* && \
     addgroup root tomcat && \
     useradd --shell /bin/bash --uid 101 --gid tomcat tomcat
 
-COPY who_pub_cert.cert $DHIS2_CERT
-RUN  chmod +rx $DHIS2_CERT
-RUN keytool -importcert -alias who_mail_ichigoout -file $DHIS2_CERT -keystore /opt/java/openjdk/lib/security/cacerts -storepass changeit -noprompt
-
 
 RUN apt-get update
 RUN echo 'You can disregard the warning in noninteractive installations:' \