Use goss for healthchecks (#223)

* basic healthcheck based on goss * add goss to travis * healtcheck command runs now for all services * add to makefile
2025-10-31 02:17:47 +00:00 · 2019-08-27 14:56:49 +02:00 · 2019-08-27 14:56:49 +02:00 · 4878fc9917
commit 4878fc9917
parent d6744b20e2
28 changed files with 156 additions and 17 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -10,6 +10,7 @@ env:
    - HADOLINT_VERSION=1.17.1
    - DOCKER_COMPOSE_VERSION=1.23.2
    - TRIVY_VERSION=0.1.1
+    - GOSS_VERSION=0.3.7
    - secure: iSwQW1ytg9/ntqlF1nMzYcg0ouT3TifuAzauu//vWMiRfRthAi0bLuz3nBvlkQwtUk/iF3+smdOtwvjlmW7wWdwdf9tzpsyVKVYcS/+1MbxnGXE4OyNLkUJ7KASRk4otfsujMDNO95q/m04sOLJ721dsOWR6dv+5MNJ3LrushsbFfuStHmM1cNyUR6NuPy4g/x4oppv23rbSXU/qS7ULUsOTEUuTsmgvvKQRZiiOFaOgzeHCIEdrX6Dpsx6DPtYQ5az88q6CrkkTaw7GhP1qBXAGNX03NeHPd7YZvsgePoZJEJ/jTRsZVx9LxwkmnVTJDqthgqTGXTBJIvow3oICjKLf/DhURvkHaAJPu+Nxyvxo2xgYaa0Zbau5fmhEblyKU8Q9g+ZXsdjC5uy/vqJjg1rZD9BZjbKXRP9nb5VpxLdzcWE80XpEj7tHMfF4bN7LvIHZ81wINtZdZeFLVW53YzIO0NAoRCDk1SmR6N11T1uE8FrBzO80oETUMud2zYTx9U+J0m/qsNK+fOz2GtxwI3mlU0/bgVlcFE6865lOPuRwcTOhDwGqeWsLbBYsYXaJhqktn6XKiZ/BEeJLx6Z/CvyNXbzexn1i4wyVZAK7xxkhjxFPnWFU9WPan4ibkGLsS9sFsUTLVa4oBszkTO6q5NU7vIycdgJpfZlkdL2V0EA=
    - secure: kj/KcPck6RHSQdcN29+OoxSufHX8KgMXs/ekVUsgcXfWb8iwo0UbfGwyPf+oy1vvjO65e0xsdGHN6Vk++opJT1qaAMpIInfh3+otXmDrT4Uq0s+vBkyQ/EPNeTy6oWK28y5+IVrR3Nd4FMK8CQ4FKzqKAAOQDkusI1182tRL9wDPnCbUD92cNcTPh7aHccSflkBOzw0G6d0v3RFIseOdYMA4DN72YfUV6RHVgOz7PSPmZ9p9lza1Fdbd1fBYoqBapzm3tIWiaU20OkyYNorZzsT+afTTpfHIb5ku+emNCiKDORuX4XQHDiS+PtqDNJRL2WsOsudVf9ckd9wpTkDj5rFnVex7GtS4z47kLDahzNWMQs4gnpDVUi3jbGeU/62EXdiAmuWs0A2kUSPYZwAKVbfIDlp3tAy0dzGivnBfTdN/TYVRm0IDRJZZNp964Tu3rGLazbRCYpGTIYz4KlMRrIN4QJj8JMmvcaOidp/xQJL+MkZTNY653VFHYeu61XEUV3RkGkkhZL967w+VuhkULDppslKExsJzXXX6ITauLu6hqAj+fWrn0WDxn/Km+sx9aJaBNqg4egT8mX5+WeDdoV+3NyODjbYUaEPKSuUkW/Skm+VGlYeyc9apahTSDe1H/W2KUcramkMT17IdPqXTqvlo+HSR97IGoE37OWKdoVM=
    - secure: k5V2o5xIGGQ2vlWaCfWHAn68z7k/FSL8bXgow6/x0svxmsvDxJzRrpnM3xn681ogUEoQP1hQeHWeR0tg88RcDFmjzEObMjVd7Av289YIQ/W6hmFFb+SCa+TmAe49ybPLZA2UNygC/zqH5N6U5iMYsyPrChw4oUv9X9lfDJUz08crRVwffm/JwcEfV1tH722I2WUcEpxKYyqymK9CaO3e2UTXnPaASNOPuZ2v0T3D1lvla+XRNG+JJ6+BJjBRkzMMg584IaBIqGVf9tlImZkGfYmVWUVvBfpuHMSU9OC4CJXBRqy6K/nUlw5bDDsGFbLGA9Tg1qgLzAZsPCSMSCC2Gq0rLxuihudWEJ9e8dnRLIbt+Zxlqa2s7DQ2FTWyofQfR4GL6cD4uSoSh+k9ij6PeJMSEzplaO01Fyh87uRbcVBxwktIXeVuJsBG8uQ2wdWjQ41g4noDHzsV1duJ1nz9b6JRH7Vbp8bKXow3K+EtlFfa9GcD4I64oksbWH+hx+PBBf0qEdUzZnHmw2vEqJyjdlCoQ1k7pX6c9rxzNiKIb8Hsmhu1r7DCNYBYZIZ1pGhVBilxrr9QiU0hGpRsON0QOzTobz6TohW9w+LNgBMPMizLRFi3r14Nqel8GIWcQUP/RBTiXb8Lr+D9oq0oY1Up4QyfEq1SfkJ1yD4qzCOhb5I=
@ -21,8 +22,12 @@ before_install:
  - sudo curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
  - wget https://github.com/knqyf263/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz
  - sudo tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz -C /usr/local/bin trivy
+  - sudo curl -L https://github.com/aelsabbahy/goss/releases/download/v$GOSS_VERSION/goss-linux-amd64 -o /usr/local/bin/goss
+  - sudo curl -L https://raw.githubusercontent.com/fbartels/goss/dcgoss-v2/extras/dcgoss/dcgoss -o /usr/local/bin/dcgoss
  - sudo chmod +rx /usr/local/bin/hadolint
  - sudo chmod +rx /usr/local/bin/docker-compose
+  - sudo chmod +rx /usr/local/bin/goss
+  - sudo chmod +rx /usr/local/bin/dcgoss
  - sudo apt update && sudo apt install -y expect
  - sudo pip install --upgrade pip && sudo pip install yamllint
  - npm install -g eclint
--- a/10
+++ b/10
@ -368,7 +368,15 @@ test-startup: ## Test if all containers start up
 # TODO this needs goss added to travis and dcgoss pulled from my own git repo
 .PHONY: test-goss
 test-goss: ## Test configuration of containers with goss
-	GOSS_FILES_PATH=core GOSS_FILE="goss_server.yaml" dcgoss run kopano_server
+	GOSS_FILES_PATH=core/goss/server dcgoss run kopano_server
+	GOSS_FILES_PATH=core/goss/dagent dcgoss run kopano_dagent
+	GOSS_FILES_PATH=core/goss/gateway dcgoss run kopano_gateway
+	GOSS_FILES_PATH=core/goss/ical dcgoss run kopano_ical
+	GOSS_FILES_PATH=core/goss/grapi dcgoss run kopano_grapi
+	GOSS_FILES_PATH=core/goss/kapi dcgoss run kopano_kapi
+	GOSS_FILES_PATH=core/goss/montor dcgoss run kopano_monitor
+	GOSS_FILES_PATH=core/goss/search dcgoss run kopano_search
+	GOSS_FILES_PATH=core/goss/spooler dcgoss run kopano_spooler
 	GOSS_FILES_PATH=webapp dcgoss run kopano_webapp

 test-security: ## Scan containers with Trivy for known security risks (not part of CI workflow for now).
--- a/base/Dockerfile
+++ b/base/Dockerfile
@ -48,7 +48,14 @@ RUN apt-get update && \
    fi

 ENV DOCKERIZE_VERSION v0.11.0
-RUN curl -sfL https://github.com/powerman/dockerize/releases/download/"$DOCKERIZE_VERSION"/dockerize-"$(uname -s)"-"$(uname -m)" | install /dev/stdin /usr/local/bin/dockerize
+RUN curl -sfL https://github.com/powerman/dockerize/releases/download/"$DOCKERIZE_VERSION"/dockerize-"$(uname -s)"-"$(uname -m)" \
+    | install /dev/stdin /usr/local/bin/dockerize && \
+    dockerize --version
+
+ENV GOSS_VERSION v0.3.7
+RUN curl -L https://github.com/aelsabbahy/goss/releases/download/$GOSS_VERSION/goss-linux-amd64 -o /usr/local/bin/goss && \
+    chmod +rx /usr/local/bin/goss && \
+    goss --version

 RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
    sed -i -e 's/# de_DE.UTF-8 UTF-8/de_DE.UTF-8 UTF-8/' /etc/locale.gen && \
--- a/core/Dockerfile
+++ b/core/Dockerfile
@ -59,7 +59,8 @@ ENV LANG=en_US.UTF-8

 ENV SERVICE_TO_START=server

-COPY defaultconfigs/ start-service.sh /kopano/
+COPY defaultconfigs/ start-service.sh healthcheck.sh /kopano/
+COPY goss/ /kopano/goss

 WORKDIR /kopano/path

@ -67,5 +68,5 @@ ENTRYPOINT ["/usr/bin/dumb-init", "--"]

 CMD [ "/kopano/start-service.sh" ]

-HEALTHCHECK --interval=5m --timeout=60s \
+HEALTHCHECK --interval=1m --timeout=10s \
    CMD /kopano/healthcheck.sh
--- a/core/defaultconfigs/kapid.py
+++ b/core/defaultconfigs/kapid.py
--- a/core/goss/dagent/goss.yaml
+++ b/core/goss/dagent/goss.yaml
@ -0,0 +1,6 @@
+port:
+  tcp6:2003:
+    listening: true
+process:
+  kopano-dagent:
+    running: true
--- a/core/goss/gateway/goss.yaml
+++ b/core/goss/gateway/goss.yaml
@ -0,0 +1,3 @@
+process:
+  kopano-gateway:
+    running: true
--- a/core/goss/gateway/goss_wait.yaml
+++ b/core/goss/gateway/goss_wait.yaml
@ -0,0 +1,3 @@
+process:
+  kopano-gateway:
+    running: true
--- a/core/goss/grapi/goss.yaml
+++ b/core/goss/grapi/goss.yaml
@ -0,0 +1,7 @@
+file:
+  /var/run/kopano/grapi:
+    exists: true
+    mode: "0755"
+    owner: kapi
+    group: kopano
+    filetype: directory
--- a/core/goss/grapi/goss_wait.yaml
+++ b/core/goss/grapi/goss_wait.yaml
@ -0,0 +1,7 @@
+file:
+  /var/run/kopano/grapi:
+    exists: true
+    mode: "0755"
+    owner: kapi
+    group: kopano
+    filetype: directory
--- a/core/goss/ical/goss.yaml
+++ b/core/goss/ical/goss.yaml
@ -0,0 +1,3 @@
+process:
+  kopano-ical:
+    running: true
--- a/core/goss/ical/goss_wait.yaml
+++ b/core/goss/ical/goss_wait.yaml
@ -0,0 +1,3 @@
+process:
+  kopano-ical:
+    running: true
--- a/core/goss/kapi/goss.yaml
+++ b/core/goss/kapi/goss.yaml
@ -0,0 +1,3 @@
+process:
+  kapid:
+    running: true
--- a/core/goss/kapi/goss_wait.yaml
+++ b/core/goss/kapi/goss_wait.yaml
@ -0,0 +1,3 @@
+process:
+  kapid:
+    running: true
--- a/core/goss/monitor/goss.yaml
+++ b/core/goss/monitor/goss.yaml
@ -0,0 +1,3 @@
+process:
+  kopano-monitor:
+    running: true
--- a/core/goss/monitor/goss_wait.yaml
+++ b/core/goss/monitor/goss_wait.yaml
@ -0,0 +1,3 @@
+process:
+  kopano-monitor:
+    running: true
--- a/core/goss/search/goss.yaml
+++ b/core/goss/search/goss.yaml
@ -0,0 +1,9 @@
+file:
+  /var/run/kopano/search.sock:
+    exists: true
+    mode: "0700"
+    size: 0
+    owner: kopano
+    group: kopano
+    filetype: socket
+    contains: []
--- a/core/goss/search/goss_wait.yaml
+++ b/core/goss/search/goss_wait.yaml
@ -0,0 +1,9 @@
+file:
+  /var/run/kopano/search.sock:
+    exists: true
+    mode: "0700"
+    size: 0
+    owner: kopano
+    group: kopano
+    filetype: socket
+    contains: []
--- a/core/goss/server/goss.yaml
+++ b/core/goss/server/goss.yaml
@ -0,0 +1,33 @@
+file:
+  /kopano/data/attachments/0:
+    exists: true
+    mode: "0750"
+    owner: kopano
+    group: kopano
+    filetype: directory
+  /run/kopano/prio.sock:
+    exists: true
+    mode: "0660"
+    owner: kopano
+    group: kopano
+    filetype: socket
+  /run/kopano/server.pid:
+    exists: true
+    mode: "0644"
+    owner: kopano
+    group: kopano
+    filetype: file
+  /run/kopano/server.sock:
+    exists: true
+    mode: "0666"
+    owner: kopano
+    group: kopano
+    filetype: socket
+http:
+  http://localhost:236:
+    status: 405
+    timeout: 5000
+  https://localhost:237:
+    status: 405
+    allow-insecure: true
+    timeout: 5000
--- a/core/goss/server/goss_wait.yaml
+++ b/core/goss/server/goss_wait.yaml
@ -0,0 +1,11 @@
+port:
+  tcp6:236:
+    listening: true
+file:
+  /run/kopano/server.pid:
+    exists: true
+    mode: "0644"
+    owner: kopano
+    group: kopano
+    filetype: file
+
--- a/core/goss/spooler/goss.yaml
+++ b/core/goss/spooler/goss.yaml
@ -0,0 +1,3 @@
+process:
+  kopano-spooler:
+    running: true
--- a/core/goss_server.yaml
+++ b/core/goss_server.yaml
@ -1,3 +0,0 @@
-port:
-  tcp6:236:
-    listening: true
--- a/core/goss_wait.yaml
+++ b/core/goss_wait.yaml
@ -1,3 +0,0 @@
-port:
-  tcp6:236:
-    listening: true
--- a/core/healthcheck.sh
+++ b/core/healthcheck.sh
@ -1,5 +1,14 @@
 #!/bin/bash

-set -ex
+set -e
+
+case "$SERVICE_TO_START" in
+server|dagent|gateway|ical|grapi|kapi|monitor|search|spooler)
+	goss -g /kopano/goss/"$SERVICE_TO_START"/goss.yaml validate --format json_oneline
+	;;
+*)
+	echo "This service still needs a proper check"
+	;;
+esac

 exit 0
--- a/core/start-service.sh
+++ b/core/start-service.sh
@ -10,6 +10,7 @@ if [ ! -e /kopano/"$SERVICE_TO_START".py ]; then
 	exit 1
 fi

+# TODO this needs fixing as now apt update is always salled (since the value is at least "")
 [ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && apt update
 [ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && for installpkg in $(echo "$ADDITIONAL_KOPANO_PACKAGES" | tr -d '"'); do
 	# shellcheck disable=SC2016 disable=SC2086
@ -86,7 +87,7 @@ grapi)
 	unset "${!KCCONF_@}"
 	exec kopano-grapi serve
 	;;
-kapid)
+kapi)
 	if [ "$KCCONF_KAPID_INSECURE" = "yes" ]; then
 		dockerize \
 		-skip-tls-verify \
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -142,7 +142,7 @@ services:
    networks:
      - kopano-net
      - ldap-net
-    #dns: 1.1.1.1  # using Google DNS can lead to lookup errors uncomment this option and
+    # dns: 1.1.1.1  # using Google DNS can lead to lookup errors uncomment this option and
    # set to the ip of a trusted dns service (Cloudflare is given as an example).
    # See https://github.com/zokradonh/kopano-docker/issues/52 for more information.
    cap_add:
@ -293,7 +293,7 @@ services:
      - kopanossl/:/kopano/ssl
      - kopanosocket/:/run/kopano
    environment:
-      - SERVICE_TO_START=kapid
+      - SERVICE_TO_START=kapi
      - TZ=${TZ}
      - KCCONF_KAPID_LOG_LEVEL=DEBUG
      - KCCONF_KAPID_OIDC_ISSUER_IDENTIFIER=https://${FQDN}
--- a/webapp/Dockerfile
+++ b/webapp/Dockerfile
@ -65,6 +65,7 @@ RUN \
    && rm -rf /var/cache/apt /var/lib/apt/lists

 COPY start.sh /kopano/start.sh
+COPY goss* /goss/

 ENV LANG en_US.UTF-8

@ -72,3 +73,6 @@ WORKDIR /kopano/path

 ENTRYPOINT ["/usr/bin/dumb-init", "--"]
 CMD [ "/kopano/start.sh" ]
+
+HEALTHCHECK --interval=1m --timeout=10s \
+    CMD goss -g /goss/goss.yaml validate --format json_oneline
--- a/webapp/goss.yaml
+++ b/webapp/goss.yaml
@ -1,8 +1,9 @@
-port:
-  tcp6:9080:
-    listening: true
 process:
  kwebd:
    running: true
  php-fpm7.0:
    running: true
+http:
+  http://localhost:9080/webapp:
+    status: 200
+    timeout: 5000