fix: ensure mastercontainer is updated before sibling containers

When watchtower updates the mastercontainer there is a Docker stop grace
period during which the old mastercontainer's daily-backup.sh can still
execute StartAndUpdateContainers.php.  That old PHP process uses the old
containers.json (which lacks AIO_LOG_LEVEL) while the freshly pulled
sibling images already require that variable — causing redis/postgres to
fail with an empty log-level.

Add a guard in startTopContainer(): when pullImage=true, check
IsMastercontainerUpdateAvailable().  During the grace period the old
container's image digest still differs from the remote digest, so the
check returns true and the function returns early.  The new mastercontainer
will re-run the full update with the correct containers.json.

Fixes: https://github.com/nextcloud/all-in-one/issues/8101

Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/cbe966e6-1731-480e-a359-b98d9510844f

Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>

Containers/borgbackup/start.sh

@@ -4,9 +4,6 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
     set -x
 fi
 
-# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
-AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
-
 if [ "$AIO_LOG_LEVEL" = "warn" ]; then
     BORG_LOG_LEVEL_FLAG="--warning"
 else

Containers/collabora/start.sh

@@ -4,9 +4,6 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
     set -x
 fi
 
-# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
-AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
-
 if [ "$AIO_LOG_LEVEL" = "warn" ]; then
     COLLABORA_LOG_LEVEL="warning"
 elif [ "$AIO_LOG_LEVEL" = "info" ]; then

Containers/fulltextsearch/start.sh

@@ -4,9 +4,6 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
     set -x
 fi
 
-# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
-AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
-
 ELASTIC_LOG_LEVEL="$(echo "$AIO_LOG_LEVEL" | tr '[:lower:]' '[:upper:]')"
 
 exec env "logger.level=$ELASTIC_LOG_LEVEL" /usr/local/bin/docker-entrypoint.sh "$@"

Containers/imaginary/start.sh

@@ -4,15 +4,11 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
     set -x
 fi
 
-# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
-AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
-
 GOLANG_LOG="$(case "$AIO_LOG_LEVEL" in
     debug) printf 'info' ;;
     info) printf 'info' ;;
     warn) printf 'warning' ;;
     error) printf 'error' ;;
-    *) printf 'warning' ;;
 esac)"
 export GOLANG_LOG
 if [ "$AIO_LOG_LEVEL" = "debug" ]; then

Containers/mastercontainer/daily-backup.sh

@@ -59,15 +59,6 @@ fi
 
 # Wait for watchtower to stop
 if [ "$AUTOMATIC_UPDATES" = 1 ]; then
-    # Give Docker time to register the container as running before checking for it.
-    # Without this, there is a race condition where the check below runs before watchtower
-    # appears in `docker ps`, causing the script to skip the wait and continue with
-    # the potentially outdated mastercontainer code while watchtower is still updating it.
-    count=0
-    while ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$" && [ "$count" -lt 12 ]; do
-        sleep 5
-        count=$((count + 1))
-    done
     if ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; then
         echo "Something seems to be wrong: Watchtower should be started at this step."
     fi

Containers/nextcloud/entrypoint.sh

@@ -14,9 +14,6 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
     set -x
 fi
 
-# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
-AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
-
 run_upgrade_if_needed_due_to_app_update() {
     if php /var/www/html/occ status | grep maintenance | grep -q true; then
         php /var/www/html/occ maintenance:mode --off
@@ -32,7 +29,6 @@ NEXTCLOUD_LOG_LEVEL="$(case "$AIO_LOG_LEVEL" in
     info) printf '1' ;;
     warn) printf '2' ;;
     error) printf '3' ;;
-    *) printf '2' ;;
 esac)"
 export NEXTCLOUD_LOG_LEVEL
 

Containers/notify-push/start.sh

@@ -4,9 +4,6 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
     set -x
 fi
 
-# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
-AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
-
 export RUST_LOG="$AIO_LOG_LEVEL"
 
 if [ -z "$NEXTCLOUD_HOST" ]; then

Containers/postgresql/start.sh

@@ -4,15 +4,11 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
     set -x
 fi
 
-# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
-AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
-
 POSTGRES_LOG_MIN_MESSAGES="$(case "$AIO_LOG_LEVEL" in
     debug) printf 'debug1' ;;
     info) printf 'info' ;;
     warn) printf 'warning' ;;
     error) printf 'error' ;;
-    *) printf 'warning' ;;
 esac)"
 export POSTGRES_LOG_MIN_MESSAGES
 

Containers/redis/start.sh

@@ -4,9 +4,6 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
     set -x
 fi
 
-# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
-AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
-
 # Redis only supports [debug, verbose, notice, warning, nothing] as log level
 if [ "$AIO_LOG_LEVEL" = "warn" ] || [ "$AIO_LOG_LEVEL" = "error" ]; then
     REDIS_LOG_LEVEL="warning"

Containers/talk-recording/start.sh

@@ -4,15 +4,11 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
     set -x
 fi
 
-# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
-AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
-
 TALK_RECORDING_LOG_LEVEL="$(case "$AIO_LOG_LEVEL" in
     debug) printf '10' ;;
     info) printf '20' ;;
     warn) printf '30' ;;
     error) printf '40' ;;
-    *) printf '30' ;;
 esac)"
 export TALK_RECORDING_LOG_LEVEL
 

Containers/talk/start.sh

@@ -4,9 +4,6 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
     set -x
 fi
 
-# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
-AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
-
 if [ "$AIO_LOG_LEVEL" = "warn" ]; then
     ETURNAL_LOG_LEVEL="warning"
 else
@@ -18,7 +15,6 @@ JANUS_LOG_LEVEL="$(case "$AIO_LOG_LEVEL" in
     info) printf '4' ;;
     warn) printf '3' ;;
     error) printf '1' ;;
-    *) printf '3' ;;
 esac)"
 export JANUS_LOG_LEVEL
 

Containers/watchtower/start.sh

@@ -4,9 +4,6 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
     set -x
 fi
 
-# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
-AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
-
 # Check if socket is available and readable
 if ! [ -e "/var/run/docker.sock" ]; then
     echo "Docker socket is not available. Cannot continue."

Containers/whiteboard/start.sh

@@ -4,9 +4,6 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
     set -x
 fi
 
-# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
-AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
-
 export LOG_LEVEL="$AIO_LOG_LEVEL"
 
 # Only start container if nextcloud is accessible

php/src/Controller/DockerController.php

@@ -258,6 +258,16 @@ readonly class DockerController {
     }
 
     public function startTopContainer(bool $pullImage, ?\Closure $addToStreamingResponseBody = null) : void {
+        if ($pullImage && $this->dockerActionManager->IsMastercontainerUpdateAvailable()) {
+            // The mastercontainer must always be updated before the sibling containers.
+            // If a mastercontainer update is still available at this point it means we are likely
+            // running inside the old mastercontainer during its Docker stop grace period while
+            // watchtower has already started the new mastercontainer. Skip the update here —
+            // the new mastercontainer will re-run this process and perform the update correctly.
+            error_log('Not updating sibling containers because a mastercontainer update is available. The mastercontainer must be updated first.');
+            return;
+        }
+
         $this->configurationManager->aioToken = bin2hex(random_bytes(24));
 
         // Stop domaincheck since apache would not be able to start otherwise