search

ctdk / goiardi

A Chef server written in Go, able to run entirely in memory, with optional persistence with saving the in-memory data to disk or using MySQL or Postgres as the data storage backend. Docs: http://goiardi.readthedocs.io/en/latest/index.html
http://goiardi.gl
Apache License 2.0
280 stars 39 forks source link

Anonymous api endpoint for a load balancer healthcheck? #70

Closed d-averkiev closed 4 years ago

d-averkiev commented 4 years ago

Hello. I'm currently running goiardi as docker containers in AWS ECS. Btw, it working well as multiple instances behind the balancer (postgres and s3 storage enabled), so it works as a cluster now. When I'm setting use_auth=true every anonymous http request returns HTTP 401. Which is not good because of AWS load balancer using http requests to evaluate container health. Do goiardi supports any endpoint which returns HTTP 200 for anonymous requests when authentication is enabled. Thank you.

ctdk commented 4 years ago

That's wonderful to hear about it working well with multiple instances. Are you using the postgres search as well, or the in-memory one? (If the former, remember about vacuuming periodically.)

There are a few endpoints that don't require authentication, although I see that an actual /alive type endpoint would be valuable for this. For the moment, try /principals/admin (or /principals/<any user or client> - there's a bit of overhead because it requires a lookup of the user, but the others either are POST only or have much more overhead. I'll add an actual basic alive type endpoint, though. Thanks for bringing that to my attention.

d-averkiev commented 4 years ago

With the /principals/... endpoint load balancer's healthcheck works well. No more "auth errors" in the log. Thank you a lot.

ctdk commented 4 years ago

Wonderful. I'll close this out for now, then, and add a less intensive health check later on. Thanks again.