What's the best way to test the health of Keycloak configured as cluster deployed as docker swarm service?
I tried the below healthcheck for testing availability in Keycloak service descriptor:
healthcheck:
test: ["CMD-SHELL", "curl http://localhost:8080/auth/realms/[realm_name]"]
interval: 30s
timeout: 10s
retries: 10
start_period: 1m
Are there more things to check for?
Couldn't find the documentation for this.
I prefer to listen directly the 'master' realm.
Morover most recent Keycloak versions uses a different path (omitting 'auth'):
healthcheck:
test: ["CMD", "curl", "-f", "http://0.0.0.0:8080/realms/master"]
start_period: 10s
interval: 30s
retries: 3
timeout: 5s
One can also use the /health endpoint on the KeyCloak container as follows:
"healthCheck": {
"retries": 3,
"command": [
"CMD-SHELL",
"curl -f http://localhost:8080/health || exit 1"
],
"timeout": 5,
"interval": 60,
"startPeriod": 300
}
Related
i have been trying to fine tune the docker compose settings but i am not satisfied with the result and the docs are so unspecific for the healthcheck and update_config options.
The scenario are react apps which need to run build and start during entrypoint execution. The builds can not be done on Dockerfile because then i would need to tag redundant images for each environment (amongst other inconveniences)
Because of the build and run steps the container is deployed and after the healthcheck will give a positive from node server it takes about 30 secs.
Now in a rollig update zero downtime scenario what settings would i use? The thing is i dont need more then 1 replica. The ideal config option would be wait_rolling_update_delay or something that would provoke docker to replace containers never before this wait time. i am playing around with the healthcheck.start_period but i am not seeing a difference.
deploy:
mode: replicated
replicas: 1
placement:
constraints:
- node.role == worker
labels:
- "APP=name"
- "traefik.http.services.name.loadbalancer.server.port=1338"
restart_policy:
condition: any
delay: 10s
max_attempts: 3
window: 60s
update_config:
parallelism: 1
delay: 10s
monitor: 10s
order: start-first
failure_action: rollback
healthcheck:
test: "curl --silent --fail http://localhost:1338/_health || exit 1"
interval: 10s
timeout: 120s
retries: 10
start_period: 120s
I was looking through docker hub, etc and generally I can find a mechanism to look up healthchecks for different containers. I didnt see any for FluentD though.
I would like to essentially do a curl from the container to confirm it is healthy.
My issue is that i have underlying containers which will start immediately but fail because 24224 on fluentd is not available.
So what I thought to do was to write similar to:
version: "3.3"
services:
fluentd:
ports:
- "24224:24224"
- "24224:24224/udp"
healthcheck:
test: curl --fail -s http://localhost:24224 || exit 1
interval: 30s
timeout: 30s
retries: 5
start_period: 30s
sample:
depends_on:
fluentd:
condition: container_healthy
In this sample test, It seems that the Curl command I set up was not the correct command to validate the health of fluentd.
I did not seem to find anything specific to this from my searches, but maybe others might know what to do.
My error was: Error response from daemon: failed to initialize logging driver: dial tcp [::1]:24224: connect: connection refused when it attempts to set up logging to fluentd.
The healthcheck is failing when deploying a mssql database on AWS ECS.
Below is a copy of the service form the docker-compose.yml file
sql_server_db:
image: 'mcr.microsoft.com/mssql/server:2017-latest'
environment:
SA_PASSWORD: Password123#
ACCEPT_EULA: "Y"
labels:
- traefik.enable=false
deploy:
resources:
limits:
cpus: '1'
memory: 8Gb
reservations:
cpus: '0.5'
memory: 4GB
healthcheck:
test: ["/opt/mssql-tools/bin/sqlcmd", "-U", "sa", "-P", "Password123#", "-Q", "SELECT 1"]
interval: 1m
retries: 10
start_period: 60s
I have the same issue, when checking the "inspect" for the container I was getting "Login fails for SA"
this was disturbing because the password was the same (I used the .env variable) ... but for some reason the special characters seems to mess up the check.
I simply created a oneliner script
/opt/mssql-tools/bin/sqlcmd -S localhost -U SA -P $SA_PASSWORD -Q "Select 1"
and then I called it as HC
healthcheck:
test: ["CMD","bash","/healthcheck.sh", ]
and it works
I don't really like it but I will keep it until I find a better one (I am not sure it can actually fails )
I setup mosquitto password using a password file
volumes:
- /password:/mosquitto/config
How can I add healthcheck in docker-compose? I tried the below solution provided here
Script to check mosquitto is healthy
healthcheck:
test: ["CMD-SHELL", "timeout -t 5 mosquitto_sub -t '$$SYS/#' -C 1 | grep -v Error || exit 1"]
interval: 10s
timeout: 10s
retries: 6
Also, I tried a couple of other options but they are asking me to pass username and password. Can't I use this password file?
update:
mosquitto.conf
allow_anonymous false
password_file /mosquitto/config/pwfile
port 1883
listener 9001
persistence true
persistence_location /mosquitto/data/
log_dest file /mosquitto/log/mosquitto.log
At a push you could enable listener with MQTT over Websockets as the protocol and then use a basic curl get request to check it the broker is up.
e.g. add this to the mosquitto.conf
listener 8080 127.0.0.1
protocol websockets
and a health check something like
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080" ]
interval: 10s
timeout: 10s
retries: 6
The raw HTTP GET request should complete without needing to authenticate.
The other option is re-enable anonymous users and to add readonly access to the anonymous user to access the $SYS/# topic pattern using a acl file (acl_file)
docker-compose.yml
services:
{{ app }}{{ env_id }}-{{stage_name}}:
image: "{{ registry_url }}/{{ app }}-{{ stage_name }}:{{ tag }}"
ports:
- {{ port }}:3000
volumes:
- /var/log/{{ app }}/logs:/app/logs
networks:
- net{{ env_id }}
hostname: "{{contain_name}}"
logging:
driver: syslog
options:
tag: "{{ app }}"
stop_grace_period: 20s
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3000/version"]
interval: 5s
timeout: 10s
retries: 3
start_period: 5s
deploy:
replicas: 4
update_config:
parallelism: 1
order: start-first
failure_action: rollback
monitor: 15s
rollback_config:
order: start-first
restart_policy:
condition: any
delay: 5s
resources:
limits:
memory: 7G
networks:
net{{ env_id }}:
name: {{ app }}{{ env_id }}_network
use the docker-compose.yml,I can get a swarm stack and four contains, but contains have same hostname,I want they named like
"contain_name1
contain_name2
contain_name3
contain_name4"
How to do it?
Unfortunately, this functionality is not yet supported. https://github.com/docker/swarmkit/issues/1242
Kubernetes can resolve this problem by using StatefulSet. https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/