Use goss for healthchecks (#223)

* basic healthcheck based on goss
* add goss to travis
* healtcheck command runs now for all services
* add to makefile

.travis.yml

@@ -10,6 +10,7 @@ env:
     - HADOLINT_VERSION=1.17.1
     - DOCKER_COMPOSE_VERSION=1.23.2
     - TRIVY_VERSION=0.1.1
+    - GOSS_VERSION=0.3.7
     - secure: iSwQW1ytg9/ntqlF1nMzYcg0ouT3TifuAzauu//vWMiRfRthAi0bLuz3nBvlkQwtUk/iF3+smdOtwvjlmW7wWdwdf9tzpsyVKVYcS/+1MbxnGXE4OyNLkUJ7KASRk4otfsujMDNO95q/m04sOLJ721dsOWR6dv+5MNJ3LrushsbFfuStHmM1cNyUR6NuPy4g/x4oppv23rbSXU/qS7ULUsOTEUuTsmgvvKQRZiiOFaOgzeHCIEdrX6Dpsx6DPtYQ5az88q6CrkkTaw7GhP1qBXAGNX03NeHPd7YZvsgePoZJEJ/jTRsZVx9LxwkmnVTJDqthgqTGXTBJIvow3oICjKLf/DhURvkHaAJPu+Nxyvxo2xgYaa0Zbau5fmhEblyKU8Q9g+ZXsdjC5uy/vqJjg1rZD9BZjbKXRP9nb5VpxLdzcWE80XpEj7tHMfF4bN7LvIHZ81wINtZdZeFLVW53YzIO0NAoRCDk1SmR6N11T1uE8FrBzO80oETUMud2zYTx9U+J0m/qsNK+fOz2GtxwI3mlU0/bgVlcFE6865lOPuRwcTOhDwGqeWsLbBYsYXaJhqktn6XKiZ/BEeJLx6Z/CvyNXbzexn1i4wyVZAK7xxkhjxFPnWFU9WPan4ibkGLsS9sFsUTLVa4oBszkTO6q5NU7vIycdgJpfZlkdL2V0EA=
     - secure: kj/KcPck6RHSQdcN29+OoxSufHX8KgMXs/ekVUsgcXfWb8iwo0UbfGwyPf+oy1vvjO65e0xsdGHN6Vk++opJT1qaAMpIInfh3+otXmDrT4Uq0s+vBkyQ/EPNeTy6oWK28y5+IVrR3Nd4FMK8CQ4FKzqKAAOQDkusI1182tRL9wDPnCbUD92cNcTPh7aHccSflkBOzw0G6d0v3RFIseOdYMA4DN72YfUV6RHVgOz7PSPmZ9p9lza1Fdbd1fBYoqBapzm3tIWiaU20OkyYNorZzsT+afTTpfHIb5ku+emNCiKDORuX4XQHDiS+PtqDNJRL2WsOsudVf9ckd9wpTkDj5rFnVex7GtS4z47kLDahzNWMQs4gnpDVUi3jbGeU/62EXdiAmuWs0A2kUSPYZwAKVbfIDlp3tAy0dzGivnBfTdN/TYVRm0IDRJZZNp964Tu3rGLazbRCYpGTIYz4KlMRrIN4QJj8JMmvcaOidp/xQJL+MkZTNY653VFHYeu61XEUV3RkGkkhZL967w+VuhkULDppslKExsJzXXX6ITauLu6hqAj+fWrn0WDxn/Km+sx9aJaBNqg4egT8mX5+WeDdoV+3NyODjbYUaEPKSuUkW/Skm+VGlYeyc9apahTSDe1H/W2KUcramkMT17IdPqXTqvlo+HSR97IGoE37OWKdoVM=
     - secure: k5V2o5xIGGQ2vlWaCfWHAn68z7k/FSL8bXgow6/x0svxmsvDxJzRrpnM3xn681ogUEoQP1hQeHWeR0tg88RcDFmjzEObMjVd7Av289YIQ/W6hmFFb+SCa+TmAe49ybPLZA2UNygC/zqH5N6U5iMYsyPrChw4oUv9X9lfDJUz08crRVwffm/JwcEfV1tH722I2WUcEpxKYyqymK9CaO3e2UTXnPaASNOPuZ2v0T3D1lvla+XRNG+JJ6+BJjBRkzMMg584IaBIqGVf9tlImZkGfYmVWUVvBfpuHMSU9OC4CJXBRqy6K/nUlw5bDDsGFbLGA9Tg1qgLzAZsPCSMSCC2Gq0rLxuihudWEJ9e8dnRLIbt+Zxlqa2s7DQ2FTWyofQfR4GL6cD4uSoSh+k9ij6PeJMSEzplaO01Fyh87uRbcVBxwktIXeVuJsBG8uQ2wdWjQ41g4noDHzsV1duJ1nz9b6JRH7Vbp8bKXow3K+EtlFfa9GcD4I64oksbWH+hx+PBBf0qEdUzZnHmw2vEqJyjdlCoQ1k7pX6c9rxzNiKIb8Hsmhu1r7DCNYBYZIZ1pGhVBilxrr9QiU0hGpRsON0QOzTobz6TohW9w+LNgBMPMizLRFi3r14Nqel8GIWcQUP/RBTiXb8Lr+D9oq0oY1Up4QyfEq1SfkJ1yD4qzCOhb5I=
@@ -21,8 +22,12 @@ before_install:
   - sudo curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
   - wget https://github.com/knqyf263/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz
   - sudo tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz -C /usr/local/bin trivy
+  - sudo curl -L https://github.com/aelsabbahy/goss/releases/download/v$GOSS_VERSION/goss-linux-amd64 -o /usr/local/bin/goss
+  - sudo curl -L https://raw.githubusercontent.com/fbartels/goss/dcgoss-v2/extras/dcgoss/dcgoss -o /usr/local/bin/dcgoss
   - sudo chmod +rx /usr/local/bin/hadolint
   - sudo chmod +rx /usr/local/bin/docker-compose
+  - sudo chmod +rx /usr/local/bin/goss
+  - sudo chmod +rx /usr/local/bin/dcgoss
   - sudo apt update && sudo apt install -y expect
   - sudo pip install --upgrade pip && sudo pip install yamllint
   - npm install -g eclint

Makefile

@@ -368,7 +368,15 @@ test-startup: ## Test if all containers start up
 # TODO this needs goss added to travis and dcgoss pulled from my own git repo
 .PHONY: test-goss
 test-goss: ## Test configuration of containers with goss
-	GOSS_FILES_PATH=core GOSS_FILE="goss_server.yaml" dcgoss run kopano_server
+	GOSS_FILES_PATH=core/goss/server dcgoss run kopano_server
+	GOSS_FILES_PATH=core/goss/dagent dcgoss run kopano_dagent
+	GOSS_FILES_PATH=core/goss/gateway dcgoss run kopano_gateway
+	GOSS_FILES_PATH=core/goss/ical dcgoss run kopano_ical
+	GOSS_FILES_PATH=core/goss/grapi dcgoss run kopano_grapi
+	GOSS_FILES_PATH=core/goss/kapi dcgoss run kopano_kapi
+	GOSS_FILES_PATH=core/goss/montor dcgoss run kopano_monitor
+	GOSS_FILES_PATH=core/goss/search dcgoss run kopano_search
+	GOSS_FILES_PATH=core/goss/spooler dcgoss run kopano_spooler
 	GOSS_FILES_PATH=webapp dcgoss run kopano_webapp
 
 test-security: ## Scan containers with Trivy for known security risks (not part of CI workflow for now).

base/Dockerfile

@@ -48,7 +48,14 @@ RUN apt-get update && \
     fi
 
 ENV DOCKERIZE_VERSION v0.11.0
-RUN curl -sfL https://github.com/powerman/dockerize/releases/download/"$DOCKERIZE_VERSION"/dockerize-"$(uname -s)"-"$(uname -m)" | install /dev/stdin /usr/local/bin/dockerize
+RUN curl -sfL https://github.com/powerman/dockerize/releases/download/"$DOCKERIZE_VERSION"/dockerize-"$(uname -s)"-"$(uname -m)" \
+    | install /dev/stdin /usr/local/bin/dockerize && \
+    dockerize --version
+
+ENV GOSS_VERSION v0.3.7
+RUN curl -L https://github.com/aelsabbahy/goss/releases/download/$GOSS_VERSION/goss-linux-amd64 -o /usr/local/bin/goss && \
+    chmod +rx /usr/local/bin/goss && \
+    goss --version
 
 RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
     sed -i -e 's/# de_DE.UTF-8 UTF-8/de_DE.UTF-8 UTF-8/' /etc/locale.gen && \

core/Dockerfile

@@ -59,7 +59,8 @@ ENV LANG=en_US.UTF-8
 
 ENV SERVICE_TO_START=server
 
-COPY defaultconfigs/ start-service.sh /kopano/
+COPY defaultconfigs/ start-service.sh healthcheck.sh /kopano/
+COPY goss/ /kopano/goss
 
 WORKDIR /kopano/path
 
@@ -67,5 +68,5 @@ ENTRYPOINT ["/usr/bin/dumb-init", "--"]
 
 CMD [ "/kopano/start-service.sh" ]
 
-HEALTHCHECK --interval=5m --timeout=60s \
+HEALTHCHECK --interval=1m --timeout=10s \
     CMD /kopano/healthcheck.sh

core/goss/dagent/goss.yaml

@@ -0,0 +1,6 @@
+port:
+  tcp6:2003:
+    listening: true
+process:
+  kopano-dagent:
+    running: true

core/goss/gateway/goss.yaml

@@ -0,0 +1,3 @@
+process:
+  kopano-gateway:
+    running: true

core/goss/gateway/goss_wait.yaml

@@ -0,0 +1,3 @@
+process:
+  kopano-gateway:
+    running: true

core/goss/grapi/goss.yaml

@@ -0,0 +1,7 @@
+file:
+  /var/run/kopano/grapi:
+    exists: true
+    mode: "0755"
+    owner: kapi
+    group: kopano
+    filetype: directory

core/goss/grapi/goss_wait.yaml

@@ -0,0 +1,7 @@
+file:
+  /var/run/kopano/grapi:
+    exists: true
+    mode: "0755"
+    owner: kapi
+    group: kopano
+    filetype: directory

core/goss/ical/goss.yaml

@@ -0,0 +1,3 @@
+process:
+  kopano-ical:
+    running: true

core/goss/ical/goss_wait.yaml

@@ -0,0 +1,3 @@
+process:
+  kopano-ical:
+    running: true

core/goss/kapi/goss.yaml

@@ -0,0 +1,3 @@
+process:
+  kapid:
+    running: true

core/goss/kapi/goss_wait.yaml

@@ -0,0 +1,3 @@
+process:
+  kapid:
+    running: true

core/goss/monitor/goss.yaml

@@ -0,0 +1,3 @@
+process:
+  kopano-monitor:
+    running: true

core/goss/monitor/goss_wait.yaml

@@ -0,0 +1,3 @@
+process:
+  kopano-monitor:
+    running: true

core/goss/search/goss.yaml

@@ -0,0 +1,9 @@
+file:
+  /var/run/kopano/search.sock:
+    exists: true
+    mode: "0700"
+    size: 0
+    owner: kopano
+    group: kopano
+    filetype: socket
+    contains: []

core/goss/search/goss_wait.yaml

@@ -0,0 +1,9 @@
+file:
+  /var/run/kopano/search.sock:
+    exists: true
+    mode: "0700"
+    size: 0
+    owner: kopano
+    group: kopano
+    filetype: socket
+    contains: []

core/goss/server/goss.yaml

@@ -0,0 +1,33 @@
+file:
+  /kopano/data/attachments/0:
+    exists: true
+    mode: "0750"
+    owner: kopano
+    group: kopano
+    filetype: directory
+  /run/kopano/prio.sock:
+    exists: true
+    mode: "0660"
+    owner: kopano
+    group: kopano
+    filetype: socket
+  /run/kopano/server.pid:
+    exists: true
+    mode: "0644"
+    owner: kopano
+    group: kopano
+    filetype: file
+  /run/kopano/server.sock:
+    exists: true
+    mode: "0666"
+    owner: kopano
+    group: kopano
+    filetype: socket
+http:
+  http://localhost:236:
+    status: 405
+    timeout: 5000
+  https://localhost:237:
+    status: 405
+    allow-insecure: true
+    timeout: 5000

core/goss/server/goss_wait.yaml

@@ -0,0 +1,11 @@
+port:
+  tcp6:236:
+    listening: true
+file:
+  /run/kopano/server.pid:
+    exists: true
+    mode: "0644"
+    owner: kopano
+    group: kopano
+    filetype: file
+

core/goss/spooler/goss.yaml

@@ -0,0 +1,3 @@
+process:
+  kopano-spooler:
+    running: true

core/goss_server.yaml

@@ -1,3 +0,0 @@
-port:
-  tcp6:236:
-    listening: true

core/goss_wait.yaml

@@ -1,3 +0,0 @@
-port:
-  tcp6:236:
-    listening: true

core/healthcheck.sh

@@ -1,5 +1,14 @@
 #!/bin/bash
 
-set -ex
+set -e
+
+case "$SERVICE_TO_START" in
+server|dagent|gateway|ical|grapi|kapi|monitor|search|spooler)
+	goss -g /kopano/goss/"$SERVICE_TO_START"/goss.yaml validate --format json_oneline
+	;;
+*)
+	echo "This service still needs a proper check"
+	;;
+esac
 
 exit 0

core/start-service.sh

@@ -10,6 +10,7 @@ if [ ! -e /kopano/"$SERVICE_TO_START".py ]; then
 	exit 1
 fi
 
+# TODO this needs fixing as now apt update is always salled (since the value is at least "")
 [ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && apt update
 [ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && for installpkg in $(echo "$ADDITIONAL_KOPANO_PACKAGES" | tr -d '"'); do
 	# shellcheck disable=SC2016 disable=SC2086
@@ -86,7 +87,7 @@ grapi)
 	unset "${!KCCONF_@}"
 	exec kopano-grapi serve
 	;;
-kapid)
+kapi)
 	if [ "$KCCONF_KAPID_INSECURE" = "yes" ]; then
 		dockerize \
 		-skip-tls-verify \

docker-compose.yml

@@ -293,7 +293,7 @@ services:
       - kopanossl/:/kopano/ssl
       - kopanosocket/:/run/kopano
     environment:
-      - SERVICE_TO_START=kapid
+      - SERVICE_TO_START=kapi
       - TZ=${TZ}
       - KCCONF_KAPID_LOG_LEVEL=DEBUG
       - KCCONF_KAPID_OIDC_ISSUER_IDENTIFIER=https://${FQDN}

webapp/Dockerfile

@@ -65,6 +65,7 @@ RUN \
     && rm -rf /var/cache/apt /var/lib/apt/lists
 
 COPY start.sh /kopano/start.sh
+COPY goss* /goss/
 
 ENV LANG en_US.UTF-8
 
@@ -72,3 +73,6 @@ WORKDIR /kopano/path
 
 ENTRYPOINT ["/usr/bin/dumb-init", "--"]
 CMD [ "/kopano/start.sh" ]
+
+HEALTHCHECK --interval=1m --timeout=10s \
+    CMD goss -g /goss/goss.yaml validate --format json_oneline

webapp/goss.yaml

@@ -1,8 +1,9 @@
-port:
-  tcp6:9080:
-    listening: true
 process:
   kwebd:
     running: true
   php-fpm7.0:
     running: true
+http:
+  http://localhost:9080/webapp:
+    status: 200
+    timeout: 5000