From b6d272992a738147429b373af0ea92b81885c78f Mon Sep 17 00:00:00 2001
From: Jason Woltje <jason@diversecanvas.com>
Date: Sun, 15 Feb 2026 00:08:12 -0600
Subject: [PATCH] fix(devops): fix OpenBao healthcheck URL truncation with
 CMD-SHELL

The CMD exec form drops everything after & in the healthcheck URL,
causing uninitcode=200 and sealedcode=200 params to be lost. Without
them, OpenBao returns 501 when uninitialized, healthcheck fails, and
Swarm kills the container before the init sidecar can reach it.

Switch to CMD-SHELL with single-quoted URL to preserve query params.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 docker-compose.openbao.yml   | 7 ++-----
 docker-compose.portainer.yml | 9 ++++-----
 docker-compose.swarm.yml     | 7 ++-----
 docker/docker-compose.yml    | 7 ++-----
 4 files changed, 10 insertions(+), 20 deletions(-)

diff --git a/docker-compose.openbao.yml b/docker-compose.openbao.yml
index 5b6e6fb..5a56a00 100644
--- a/docker-compose.openbao.yml
+++ b/docker-compose.openbao.yml
@@ -27,11 +27,8 @@ services:
     healthcheck:
       test:
         [
-          "CMD",
-          "wget",
-          "--spider",
-          "--quiet",
-          "http://localhost:8200/v1/sys/health?standbyok=true&uninitcode=200&sealedcode=200",
+          "CMD-SHELL",
+          "wget --spider --quiet 'http://localhost:8200/v1/sys/health?standbyok=true&uninitcode=200&sealedcode=200'",
         ]
       interval: 10s
       timeout: 5s
diff --git a/docker-compose.portainer.yml b/docker-compose.portainer.yml
index d15af76..fc40242 100644
--- a/docker-compose.portainer.yml
+++ b/docker-compose.portainer.yml
@@ -40,11 +40,10 @@ services:
       - IPC_LOCK
     healthcheck:
       test:
-        - CMD
-        - wget
-        - --spider
-        - --quiet
-        - http://localhost:8200/v1/sys/health?standbyok=true
+        [
+          "CMD-SHELL",
+          "wget --spider --quiet 'http://localhost:8200/v1/sys/health?standbyok=true&uninitcode=200&sealedcode=200'",
+        ]
       interval: 10s
       timeout: 5s
       retries: 5
diff --git a/docker-compose.swarm.yml b/docker-compose.swarm.yml
index b70d720..398e05a 100644
--- a/docker-compose.swarm.yml
+++ b/docker-compose.swarm.yml
@@ -97,11 +97,8 @@ services:
     healthcheck:
       test:
         [
-          "CMD",
-          "wget",
-          "--spider",
-          "--quiet",
-          "http://localhost:8200/v1/sys/health?standbyok=true&uninitcode=200&sealedcode=200",
+          "CMD-SHELL",
+          "wget --spider --quiet 'http://localhost:8200/v1/sys/health?standbyok=true&uninitcode=200&sealedcode=200'",
         ]
       interval: 10s
       timeout: 5s
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
index 880b97a..c1fe544 100644
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -89,11 +89,8 @@ services:
     healthcheck:
       test:
         [
-          "CMD",
-          "wget",
-          "--spider",
-          "--quiet",
-          "http://127.0.0.1:8200/v1/sys/health?standbyok=true&uninitcode=200&sealedcode=200",
+          "CMD-SHELL",
+          "wget --spider --quiet 'http://127.0.0.1:8200/v1/sys/health?standbyok=true&uninitcode=200&sealedcode=200'",
         ]
       interval: 10s
       timeout: 5s