From 1a0f63f24e4fa4bc6ea3c85a2f6e258e5da6e3f7 Mon Sep 17 00:00:00 2001
From: Chen Rao <45187622+chenraoCR@users.noreply.github.com>
Date: Mon, 23 Sep 2024 16:59:13 +0800
Subject: [PATCH] =?UTF-8?q?[bitnami/etcd]=20fix:=20healthcheck=20will=20fa?=
 =?UTF-8?q?iled=20when=20startup=20etcd=20with=20on=E2=80=A6=20(#70597)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

[bitnami/etcd] fix: healthcheck will failed when startup etcd with one-way tls authentication (#70554)

Signed-off-by: Chen Rao <chenrao317328@163.com>
---
 .../debian-12/rootfs/opt/bitnami/scripts/etcd/healthcheck.sh | 5 ++++-
 .../debian-12/rootfs/opt/bitnami/scripts/etcd/healthcheck.sh | 5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/bitnami/etcd/3.4/debian-12/rootfs/opt/bitnami/scripts/etcd/healthcheck.sh b/bitnami/etcd/3.4/debian-12/rootfs/opt/bitnami/scripts/etcd/healthcheck.sh
index 28e21f577d1f4..0861753fcdeea 100755
--- a/bitnami/etcd/3.4/debian-12/rootfs/opt/bitnami/scripts/etcd/healthcheck.sh
+++ b/bitnami/etcd/3.4/debian-12/rootfs/opt/bitnami/scripts/etcd/healthcheck.sh
@@ -21,9 +21,12 @@ host="$(parse_uri "${advertised_array[0]}" "host")"
 port="$(parse_uri "${advertised_array[0]}" "port")"
 read -r -a extra_flags <<< "$(etcdctl_auth_flags)"
 extra_flags+=("--endpoints=${host}:${port}")
-if [[ $ETCD_AUTO_TLS = true ]]; then
+
+ # if ETCD_AUTO_TLS true or CA file not exists, just skip server cert verification
+if [[ $ETCD_AUTO_TLS = true ]] || [[ ! -f "$ETCD_TRUSTED_CA_FILE" ]]; then
      extra_flags+=("--insecure-skip-tls-verify")
 fi
+
 if etcdctl endpoint health "${extra_flags[@]}"; then
     exit 0
 else
diff --git a/bitnami/etcd/3.5/debian-12/rootfs/opt/bitnami/scripts/etcd/healthcheck.sh b/bitnami/etcd/3.5/debian-12/rootfs/opt/bitnami/scripts/etcd/healthcheck.sh
index 28e21f577d1f4..0861753fcdeea 100755
--- a/bitnami/etcd/3.5/debian-12/rootfs/opt/bitnami/scripts/etcd/healthcheck.sh
+++ b/bitnami/etcd/3.5/debian-12/rootfs/opt/bitnami/scripts/etcd/healthcheck.sh
@@ -21,9 +21,12 @@ host="$(parse_uri "${advertised_array[0]}" "host")"
 port="$(parse_uri "${advertised_array[0]}" "port")"
 read -r -a extra_flags <<< "$(etcdctl_auth_flags)"
 extra_flags+=("--endpoints=${host}:${port}")
-if [[ $ETCD_AUTO_TLS = true ]]; then
+
+ # if ETCD_AUTO_TLS true or CA file not exists, just skip server cert verification
+if [[ $ETCD_AUTO_TLS = true ]] || [[ ! -f "$ETCD_TRUSTED_CA_FILE" ]]; then
      extra_flags+=("--insecure-skip-tls-verify")
 fi
+
 if etcdctl endpoint health "${extra_flags[@]}"; then
     exit 0
 else