Dockerfile does not have health check #3290
Comments
|
Using HEALTHCHECK CMD curl -fs http://localhost:3000 -o /dev/null || exit 1 |
|
Unfortunately, it's not that straightforward. AGH's initial HTTP API port is 3000, but the user can change it. In fact, the port that we currently propose by default is 80. And people can change it in the config file. We could include some sort of a script that would read the config file and use that value, but definitely not in this release cycle. |
|
I have used following healthcheck in my compose file. Port 53 is most important for me (as I am not using DoH). |
|
DNS server is not working until the initial setup is finished |
|
Seems like a separate script is needed to accomplish this. |
|
I made something to do exactly that. Checks for the Setup to be done and if so, which port is configured for bind_port. https://github.com/lolgast1987/adguard-unbound/blob/master/files/healthcheck.sh |
|
Can we at least accept to use maybe 53 port with nslookup or dig to do a basic health check? I'd like to send a pull request for it if it's acceptable. We could have some further improvement later, when the more complete and complex idea came up? |
|
My current healthcheck config using docker-compose: https://github.com/PeterDaveHello/dnslow.me/blob/master/docker-compose.yml#L9-L14 healthcheck:
test: nslookup www.google.com || exit 1
timeout: 5s
interval: 60s
start_period: 10s
retries: 1 |
|
For those of us using DNS-over-HTTPS, what is the best option here? |
https://github.com/PeterDaveHello/dnslow.me-uptime/blob/master/.upptimerc.yml#L8 You can use http get method to perform a query like https://dnslow.me/dns-query?dns=AAABAAABAAAAAAABBmRuc2xvdwJtZQAAAQABAAApAgAAAAAAAFoADABWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA |
|
What in the world is the random string of letters in the ?dns= query and how do I construct it myself? |
It's not random, I just do it the lazy way, use any DoH client to send a http get query to a https server, then you can find it in the access log. |
|
Another example to perform |
|
As an example: Node Red docker container uses healthcheck.... |
Merge in DNS/adguard-home from 3290-docker-healthcheck to master Updates #3290. Squashed commit of the following: commit 3ac8f26 Merge: bc17565 0df3260 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Mar 27 01:09:03 2023 +0500 Merge branch 'master' into 3290-docker-healthcheck commit bc17565 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Sun Mar 26 18:04:08 2023 +0500 all: fix script commit e150fee Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Sun Mar 26 17:18:12 2023 +0500 all: imp naming commit 26b6448 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Sun Mar 26 03:13:47 2023 +0500 all: support https web commit b5c09ce Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Sat Mar 25 20:03:45 2023 +0500 all: imp scripts fmt, naming commit 8c3798c Merge: e33b0c5 fb7b8bb Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Sat Mar 25 00:25:38 2023 +0500 Merge branch 'master' into 3290-docker-healthcheck commit e33b0c5 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Fri Mar 24 16:47:26 2023 +0500 all: fix docs commit 57bfd89 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Fri Mar 24 16:44:40 2023 +0500 dnsforward: add special-use domain handling commit f04ae13 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Fri Mar 24 16:05:10 2023 +0500 all: imp code commit 32f150f Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Fri Mar 24 04:19:10 2023 +0500 all: mv Dockerfile, log changes commit a094a44 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Fri Mar 24 04:04:27 2023 +0500 all: finish scripts, imp names commit 4db0d0e Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Thu Mar 23 18:33:47 2023 +0500 docker: add script and awk program
Merge in DNS/adguard-home from 5642-fix-healthcheck-ssl to master Updates #5642. Updates #3290. Squashed commit of the following: commit c457ecb Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Mar 27 15:35:32 2023 +0500 docker: imp docs commit fddabb9 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Mar 27 15:18:22 2023 +0500 docker: skip ssl check
|
Hello again, @agneevX, and everyone here. The latest edge build now implements the healthcheck via Dockerfile. Could you please check if it works for you? |
|
@EugeneOne1 |
|
@stavros-k, thanks for the feedback. Actually, the current implementation expects the port Are there any other issues happened? |
|
@EugeneOne1 I haven't noticed anything else yet. But currently working on adding it as an app to TrueNAS SCALE. I'll let you know if I find anything |
If the health check status showing unhealthy, it will produce a lot of zombie process. e.g. all above zombie process was found after upgrading the edge container at 19:01 by watchtower. Thank you! |
|
@leo15dev, what exact version are you using? We've investigated the case and have some assumptions. The Docker container runs the command specified by the However, we've only been able to reproduce this "process zombification" requesting the web UI by |
AdGuard Home, version v0.108.0-a.493+2eb3bf6e I run it behind the nginx reverse proxy. But in Encryption settings -> HTTPS port , I set it to 443. Because I assigned an independent docker network for AdGuard Home container. And in docker-compose.yaml, I do not expose any port. tls: Thak you! |
|
@leo15dev, well, it shouldn't be the case, since the health check script runs inside the same container it checks. Since the |
still producd the the zombies process. 2023/03/31 19:00:43.655326 [info] AdGuard Home, version v0.108.0-a.493+2eb3bf6e root 2495058 0.0 0.0 0 0 ? Z 19:01 0:00 [ssl_client] Same in 2023/03/31 23:00:37.289831 [info] AdGuard Home, version v0.108.0-a.494+1731ce9c root 2726031 0.0 0.0 0 0 ? Z 23:01 0:00 [ssl_client] Thank you! |
Merge in DNS/adguard-home from 3290-kill-zombies to master Updates #3290. Squashed commit of the following: commit 3e06260 Merge: 5aa7aa4 1731ce9 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Fri Mar 31 20:04:04 2023 +0500 Merge branch 'master' into 3290-kill-zombies commit 5aa7aa4 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Fri Mar 31 16:38:00 2023 +0500 docker: add doc commit 52a0b67 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Fri Mar 31 14:41:41 2023 +0500 docker: add init emulator
|
I think AdGuard Home, version v0.108.0-a.495+f191cb07 fixed it, thank you! |
|
@leo15dev, great, thanks for your help. I suppose, the issue can be closed for now. Please feel free to open new ones for faced problems. |
|
I sort of regret creating this issue as I've learnt over time that Docker healthchecks create unexpected issues and do more harm than good.
I therefore ask that this feature be removed or that docs be updated to mention issues with this and how it can interfere with something as critical as DNS. |
This is apparently hard to find an answer to, but I found your question via Google when I had the same question, so here's the answer for anyone who needs it. It seems Adguard doesn't take a name/type parameter. But here's how to craft the DOMAIN="example.com" python3 -c "import os, dns.message, requests, base64; req = dns.message.make_query(os.environ['DOMAIN'], 'A', id=0).to_wire(); print(base64.urlsafe_b64encode(req).decode('utf-8').rstrip('='))"Note that the response will be binary, so do not use with curl and output to a terminal. Interpreting the response can also be done in Python, example here (use (reference re padding and id: here and on) |
and others
Continuation of #1426
There's no health check for Docker images.
This is how Pi-hole does it:
HEALTHCHECK CMD dig +norecurse +retry=0 @127.0.0.1 pi.hole || exit 1The text was updated successfully, but these errors were encountered: