search

FusionAuth / fusionauth-containers

Container definitions for docker, kubernetes, helm, and whatever containers come next!
https://fusionauth.io/
219 stars 68 forks source link

How to perform healthchecks? #66

Closed danielporto closed 3 years ago

danielporto commented 3 years ago

I tried to add healthchecks to my docker-compose files and noticed that there is no curl installed. Is there another way to test when the system is loaded and ready?

for context I tried: healthcheck: test: [ "CMD-SHELL", "curl", "--silent", "--fail", "http://localhost:9011/api/status || exit 1" ] interval: 30s timeout: 10s retries: 5 start_period: 30s

looking at the logs I noticed the "curl command not found". Thanks

mooreds commented 3 years ago

Hmmm. Seems like we'd need to install curl in the image (or you could roll your own docker file and do so).

Do you have a second system with curl installed which could call that url (maybe from a proxy)?

danielporto commented 3 years ago

Here I share what worked. created a new Dockerfile with the content:

FROM fusionauth/fusionauth-app:1.22.2
USER root
RUN apt update && \
    apt install -y curl &&\
    rm -rf /var/lib/apt/lists/*
USER fusionauth

and appended to the docker-compose.yaml the following:

...
    healthcheck:
      test: [ "CMD-SHELL", "curl -f http://localhost:9011/api/status || exit 1" ]
      interval: 30s
      timeout: 10s
      retries: 5
      start_period: 30s

If not too much, I think it may not be a problem adding curl (or any internal custom testing script) to the image.

Side note: security concerns. Adding curl augment the surface of attack (another tool with libs, just for testing...) ideally a custom script included in the image should do the job. Maybe a small java program? Here I've found one small enough to be stripped to the bare minimum for this purpose: https://github.com/rockswang/java-curl

Thanks

mooreds commented 3 years ago

Thanks for sharing @danielporto !

Would you mind adding a feature request ("please add java curl to the docker image so that healthchecks can be performed without creating a new image") to the github issues list: https://github.com/FusionAuth/fusionauth-issues/issues/new?template=feature_request.md

That is our central issue repository and how we track community contributions to our roadmap: https://fusionauth.io/docs/v1/tech/core-concepts/roadmap/ so adding an issue there will ensure that this doesn't get lost/dropped.

danielporto commented 3 years ago

Sure, thanks a lot!