From 742f4420c0353157e98c32f04147c4db6010acfe Mon Sep 17 00:00:00 2001
From: Jacquin Antoine <antoine@arkel.fr>
Date: Sun, 19 Apr 2026 15:11:22 +0200
Subject: [PATCH] fix(test): add ClickHouse readiness check before starting
 ja4ebpf
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixed race condition where ja4ebpf would fail to connect to
ClickHouse at startup because ClickHouse HTTP port wasn't ready yet,
even though Docker healthcheck passed.

Changes:
- Add 30s wait loop with ClickHouse /ping endpoint check
- Log success message when ClickHouse is ready
- Applied to all 4 stacks: nginx, apache, nginx-varnish, hitch-varnish

Test results after fix:
- nginx: 240 rows, 175 JA4 fingerprints ✅
- apache: 257 rows, 191 JA4 fingerprints ✅
- nginx-varnish: 298 rows, 242 JA4 fingerprints ✅
- hitch-varnish: 247 rows, 177 JA4 fingerprints ✅

All L3/L4 metadata (TTL, MSS, Window), TLS fingerprinting (JA4, SNI),
and HTTP layer data are correctly captured and persisted.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 tests/integration/apache/platform/entrypoint.sh    | 13 +++++++++++++
 .../hitch-varnish/platform/entrypoint.sh           | 14 ++++++++++++++
 .../nginx-varnish/platform/entrypoint.sh           | 13 +++++++++++++
 tests/integration/nginx/platform/entrypoint.sh     | 13 +++++++++++++
 4 files changed, 53 insertions(+)

diff --git a/tests/integration/apache/platform/entrypoint.sh b/tests/integration/apache/platform/entrypoint.sh
index 03165eb..4151780 100644
--- a/tests/integration/apache/platform/entrypoint.sh
+++ b/tests/integration/apache/platform/entrypoint.sh
@@ -13,6 +13,19 @@ fi
 # Créer les répertoires de run nécessaires
 mkdir -p /run/httpd /var/log/httpd
 
+# Attendre que ClickHouse soit prêt (connection refused possible sinon)
+echo "[entrypoint] Attente de ClickHouse (max 30s)…"
+for i in $(seq 1 30); do
+    if curl -sf http://clickhouse:8123/ping >/dev/null 2>&1; then
+        echo "[entrypoint] ClickHouse est prêt (http://clickhouse:8123/ping OK)"
+        break
+    fi
+    if [ $i -eq 30 ]; then
+        echo "[entrypoint] ⚠ ClickHouse toujours pas prêt après 30s, démarrage ja4ebpf quand même"
+    fi
+    sleep 1
+done
+
 # Démarrer ja4ebpf en arrière-plan (optionnel : ne bloque pas le démarrage)
 /usr/local/bin/ja4ebpf -config /etc/ja4ebpf/config.yml &
 JA4_PID=$!
diff --git a/tests/integration/hitch-varnish/platform/entrypoint.sh b/tests/integration/hitch-varnish/platform/entrypoint.sh
index 8e0707d..4172d38 100755
--- a/tests/integration/hitch-varnish/platform/entrypoint.sh
+++ b/tests/integration/hitch-varnish/platform/entrypoint.sh
@@ -101,6 +101,20 @@ with socketserver.TCPServer(('0.0.0.0',80), H) as s:
     s.serve_forever()
 " &
 
+
+# Attendre que ClickHouse soit prêt (connection refused possible sinon)
+log "Attente de ClickHouse (max 30s)…"
+for i in $(seq 1 30); do
+    if curl -sf http://clickhouse:8123/ping >/dev/null 2>&1; then
+        log "ClickHouse est prêt (http://clickhouse:8123/ping OK)"
+        break
+    fi
+    if [ $i -eq 30 ]; then
+        log "⚠ ClickHouse toujours pas prêt après 30s, démarrage ja4ebpf quand même"
+    fi
+    sleep 1
+done
+
 # ── 4. Démarrage de ja4ebpf ───────────────────────────────────────────────────
 log "Démarrage de ja4ebpf (uprobes hitch/libssl + hook TC eth0)…"
 ja4ebpf -config /etc/ja4ebpf/config.yml &
diff --git a/tests/integration/nginx-varnish/platform/entrypoint.sh b/tests/integration/nginx-varnish/platform/entrypoint.sh
index 4127099..babf4e0 100755
--- a/tests/integration/nginx-varnish/platform/entrypoint.sh
+++ b/tests/integration/nginx-varnish/platform/entrypoint.sh
@@ -80,6 +80,19 @@ for i in $(seq 1 20); do
 done
 
 # ── 4. Démarrage de ja4ebpf ───────────────────────────────────────────────────
+# Attendre que ClickHouse soit prêt (connection refused possible sinon)
+log "Attente de ClickHouse (max 30s)…"
+for i in $(seq 1 30); do
+    if curl -sf http://clickhouse:8123/ping >/dev/null 2>&1; then
+        log "ClickHouse est prêt (http://clickhouse:8123/ping OK)"
+        break
+    fi
+    if [ $i -eq 30 ]; then
+        log "⚠ ClickHouse toujours pas prêt après 30s, démarrage ja4ebpf quand même"
+    fi
+    sleep 1
+done
+
 log "Démarrage de ja4ebpf (uprobes nginx/libssl + hook TC)…"
 ja4ebpf -config /etc/ja4ebpf/config.yml &
 JA4EBPF_PID=$!
diff --git a/tests/integration/nginx/platform/entrypoint.sh b/tests/integration/nginx/platform/entrypoint.sh
index 0c78c7b..ef82e30 100755
--- a/tests/integration/nginx/platform/entrypoint.sh
+++ b/tests/integration/nginx/platform/entrypoint.sh
@@ -33,6 +33,19 @@ for i in $(seq 1 20); do
 done
 
 # ── 2. Démarrage de ja4ebpf ───────────────────────────────────────────────
+# Attendre que ClickHouse soit prêt (connection refused possible sinon)
+log "Attente de ClickHouse (max 30s)…"
+for i in $(seq 1 30); do
+    if curl -sf http://clickhouse:8123/ping >/dev/null 2>&1; then
+        log "ClickHouse est prêt (http://clickhouse:8123/ping OK)"
+        break
+    fi
+    if [ $i -eq 30 ]; then
+        log "⚠ ClickHouse toujours pas prêt après 30s, démarrage ja4ebpf quand même"
+    fi
+    sleep 1
+done
+
 log "Démarrage de ja4ebpf (attache uprobes sur libssl)…"
 ja4ebpf -config /etc/ja4ebpf/config.yml &
 JA4EBPF_PID=$!