From d867cde10e1a60bc085a6fd5fb49f4044c9a82e6 Mon Sep 17 00:00:00 2001 From: Sunny Yip Date: Wed, 14 Jun 2023 15:53:54 -0400 Subject: [PATCH] use docker compose healthcheck Signed-off-by: Sunny Yip --- .env | 2 - Makefile | 1 - docker-compose.yml | 98 +++++++++++++----------------- dockerfiles/Dockerfile.guac-cont | 2 +- dockerfiles/Dockerfile.healthcheck | 2 - 5 files changed, 42 insertions(+), 63 deletions(-) delete mode 100644 dockerfiles/Dockerfile.healthcheck diff --git a/.env b/.env index 51a2409977..211633764c 100644 --- a/.env +++ b/.env @@ -1,5 +1,3 @@ GUAC_IMAGE=local-organic-guac #GUAC_IMAGE=ghcr.io/guacsec/guac:v0.1.0 -GUAC_HEALTH_IMAGE=local-healthcheck -#GUAC_HEALTH_IMAGE=ghcr.io/guacsec/healthcheck:v0.1.0 GUAC_API_PORT=8080 diff --git a/Makefile b/Makefile index d00fb6cf24..9747ced81f 100644 --- a/Makefile +++ b/Makefile @@ -99,7 +99,6 @@ generate: .PHONY: container container: check-docker-tool-check $(CONTAINER) build -f dockerfiles/Dockerfile.guac-cont -t local-organic-guac . - $(CONTAINER) build -f dockerfiles/Dockerfile.healthcheck -t local-healthcheck . # To run the service, run `make container` and then `make service` diff --git a/docker-compose.yml b/docker-compose.yml index dbd423c17c..5709e5f4bd 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -16,7 +16,7 @@ services: # restart: on-failure nats: - image: "nats:2.9.14" + image: "nats:2.9.17-alpine" command: "--config /config/nats/js.conf -m 8222" ports: - "4222:4222" @@ -25,29 +25,12 @@ services: volumes: - ./container_files/nats:/config/nats restart: on-failure - - # Due to the following issues, we have another container to perform the healthcheck - # - # TODO(lumjjb): I attempted to do health check for neo4j as well, but - # the service running via neo4j status is not a good indication of if - # the service is ready for incoming requests. - # TODO(lumjjb): no good way right now to do a healtcheck for nats-server since - # it doesn't have utilities within it to perform the check from the container - # itself. - service-health-1: - image: $GUAC_HEALTH_IMAGE - stdin_open: true - tty: true - command: - - /bin/bash - - -c - - | - echo "checking-for-services"; - until curl -I http://nats:8222 > /dev/null 2>&1; do sleep 5; done; - echo "nats-up"; - # Neo4j is turned down for now since we are currently only using the in memory backend - # until curl -I http://neo4j:7474> /dev/null 2>&1; do sleep 5; done; - # echo "neo4j-up"; + healthcheck: + test: ["CMD", "wget", "--spider", "http://localhost:8222/healthz"] + interval: 10s + timeout: 10s + retries: 3 + start_period: 5s guac-collectsub: image: $GUAC_IMAGE @@ -57,10 +40,16 @@ services: ports: - "2782:2782" depends_on: - service-health-1: - condition: service_completed_successfully + nats: + condition: service_healthy volumes: - ./container_files/guac:/guac + healthcheck: + test: ["CMD", "wget", "--spider", "http://localhost:2782"] + interval: 10s + timeout: 10s + retries: 3 + start_period: 5s guac-graphql: image: $GUAC_IMAGE @@ -68,32 +57,18 @@ services: working_dir: /guac restart: on-failure depends_on: - service-health-1: - condition: service_completed_successfully + nats: + condition: service_healthy ports: - "$GUAC_API_PORT:8080" volumes: - ./container_files/guac:/guac - - # GUAC ingestor and oci collector are dependent on the collectsub service to be up - service-health-2: - image: $GUAC_HEALTH_IMAGE - stdin_open: true - tty: true - command: - - /bin/bash - - -c - - | - echo "checking-for-services"; - until nc -z guac-collectsub 2782 > /dev/null 2>&1; do sleep 5; done; - echo "guac collectsub up"; - until curl -I http://guac-graphql:8080/query > /dev/null 2>&1; do sleep 5; done; - echo "graphql up"; - - depends_on: - service-health-1: - condition: service_completed_successfully - + healthcheck: + test: ["CMD", "wget", "--spider", "http://localhost:8080"] + interval: 10s + timeout: 10s + retries: 3 + start_period: 5s guac-ingestor: image: $GUAC_IMAGE @@ -101,22 +76,26 @@ services: working_dir: /guac restart: on-failure depends_on: - service-health-2: - condition: service_completed_successfully + guac-collectsub: + condition: service_healthy + guac-graphql: + condition: service_healthy volumes: - ./container_files/guac:/guac - oci-collector: image: $GUAC_IMAGE command: "/opt/guac/guaccollect image" working_dir: /guac restart: on-failure depends_on: - service-health-2: - condition: service_completed_successfully + guac-collectsub: + condition: service_healthy + guac-graphql: + condition: service_healthy volumes: - ./container_files/guac:/guac + depsdev-collector: image: $GUAC_IMAGE command: "/opt/guac/guaccollect deps_dev" @@ -125,17 +104,22 @@ services: environment: - DEPS_DEV_APIKEY depends_on: - service-health-2: - condition: service_completed_successfully + guac-collectsub: + condition: service_healthy + guac-graphql: + condition: service_healthy volumes: - ./container_files/guac:/guac + osv-certifier: image: $GUAC_IMAGE command: "/opt/guac/guacone certifier osv" working_dir: /guac restart: on-failure depends_on: - service-health-2: - condition: service_completed_successfully + guac-collectsub: + condition: service_healthy + guac-graphql: + condition: service_healthy volumes: - ./container_files/guac:/guac diff --git a/dockerfiles/Dockerfile.guac-cont b/dockerfiles/Dockerfile.guac-cont index 51b7e7309b..2f19311f59 100644 --- a/dockerfiles/Dockerfile.guac-cont +++ b/dockerfiles/Dockerfile.guac-cont @@ -5,6 +5,6 @@ RUN rm -rf bin/ && make build FROM docker.io/library/ubuntu:22.04 RUN apt update -RUN apt install -y ca-certificates +RUN apt install -y ca-certificates wget WORKDIR /root COPY --from=builder /go/src/github.com/guacsec/guac/bin/ /opt/guac/ diff --git a/dockerfiles/Dockerfile.healthcheck b/dockerfiles/Dockerfile.healthcheck deleted file mode 100644 index c0125bc441..0000000000 --- a/dockerfiles/Dockerfile.healthcheck +++ /dev/null @@ -1,2 +0,0 @@ -FROM docker.io/library/ubuntu:22.04 -RUN apt update && apt install -y curl netcat