HEALTHCHECK Instructions in Dockerfile

 Hello Guys in this post I wish to explore more intresting instructions HEALTHCHECK which can be used in Dockerfile. 

The most common requirement for any real-time projects monitoring using a side-car container which could run in parallel and try to check the process or application URL check or container reachability using ping command etc. 

Dockerfie instruction HEALTHCHECK

In Dockerfile we can have HEALTHCHECK instruction that allows us to know the condition of an application test runs as expected or not, when a container runs this will be returns a status as healthy, unhealthy based on the HEALTHCHECK command exit code. If the exit code 0 then returns healthy otherwise unhealthy.

HEALTHCHECK [options] CMD [health check command]

Example:

HEALTHCHECK --interval=3s CMD ping c1 172.17.0.2

here are the Healthcheck options 

1.  --interval=time in sec (duration 30s is default)
2.  --timeout=time in sec (duration 30s is default)
3.  --start-period=time in sec (duration 0s is default)
4.  --retries=3 () default 3 

Let's jump into experiment mode:

docker run -dt --name main-target busybox sh; docker ps 
docker inspect main-target

More specific

To get only IPaddress of a containter use the following format option:

alias dcip="docker inspect \
 -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' "
ipdc main-target

Note: when you define the alias for ipdc important point don't miss space at the of the line.
Guys, here is glimpse of 'ping' command exit code:

ping -c1 google.com ; echo $?
ping -c1 shekhar.com ; echo $?

Observe that exit codes values, if a website exits returns 0 if not non-zero.

Get the main-target container IPAddress from the docker inspect command output. Now we will create a Dockerfile with the following code:

#File: Dockerfile
FROM busybox 
LABEL AUTHOR Pavan Deverakonda
HEALTHCHECK --interval=5s CMD ping -c 1 172.17.0.2

Note: You could find the IP from previous docker inspect command.

Let's call this image as monitor

docker build -t monitor .
docker run -dt --name monping monitor; docker ps

Observe the STATUS column for corresponding containers.

alias s="docker inspect -f '{{json .State}}' "
s monping |jq

docker inspect output filter with jq for HEALTHCHECK

USECASE 2: HEALTHCHECK for web applications

Let's see the 'curl' command usage in general

The following command returns HTML content which may be multiple lines

curl http://devopshunter.blog.com/test

Let's make this command usage in minimal way using -f or --fail options in curl command:

# Fail in silently single liner 
curl http://devopshunter.blog.com/test.txt -f

curl command with --fail or -f option

Run a container with a healthcheck command using. A Linux command that checks http uri using `curl` that returns HTML code or HTTP code as per the web applicaiton availability.

docker run -dt --name health-con \
 --health-cmd "curl --fail http://localhost" busybox 

Here we have not used any HEALTHCHECK options, so it will try to check by running health-cmd 30sec interval 3 retries and timeout for each as 30sec. that means after 2 minutes you can get the health status as 'unhealthy'. Because busybox don't run any web server inside the container.
We can check the health status of self container or other container which is accessable. Otherwise if it shared a network with other container which is running a web server.

#File: Dockerfile
FROM busybox 
LABEL AUTHOR Pavan Deverakonda
HEALTHCHECK --interval=5s CMD curl --fail http://localhost

Build the monitoring image that contains HEALTHCHECK instruction.

  
docker build -t moncurl .
docker images

For now we will test the same busybox container - unhealthy status.

docker run -dt --name moncurl-con moncurl sh
# Check the container health 
watch docker ps
  

#cleanup
docker rm -v -f health-con 

Now let's see the interval option how it will impact a container health:

docker run -dt --name health-con  --health-cmd "curl --fail http://localhost" --health-interval=3s busybox
watch docker ps 

My observation - at 0s(when container started) healthcheck starts after 3s test it, retries 3 times that means 3times 3s = 9s you will get the health status changed.

USECASE 3: HEALTHCHECK with Interval and Retries options

We can run a container to check the health with options interval and retries together as: 

 UNHEALTHY

docker run -dt --name health-con3 --health-cmd "curl -f http://localhost" --health-interval=3s --health-retries=1 busybox 
watch docker ps

HEALTHY

docker run -dt --name health-con3 --health-cmd "curl -f http://localhost" --health-interval=3s --health-retries=1 nginx 
watch docker ps

healthy status

Let's build a Healthcheck image

  
#File: Dockerfile
FROM nginx
LABEL AUTHOR Pavan Deverakonda
HEALTHCHECK --interval=5s --timeout=3s CMD curl --fail http://localhost || exit 1
EXPOSE 80

Now build the image

docker build -t moncurl:2 .
docker images

create the container with that image:

docker run -dt --name health-con2 moncurl:2 sh 

Please comment and share with your friends!

Ansible 11 The uri module with examples

 Hey DevSecOps Automation specialist, Welcome back to the DevOps Hunter blog. In this post, I made it for learning more about all possible parameters that we can use when an application validation is done with the Ansible 'uri' module. 

Why uri module?

Web Application returns status HTTPCode 200 for success, 404 for failures, and also for 503 for Server internal issues. When you work on the restart of a web application we need to know the status of the application to proceed with the next move. So this uri module is most important for reboot and restart of web applications using ansible.

The uri module parameters

Supported parameters include: attributes, backup, body, body_format, client_cert, client_key, content, creates, delimiter, dest, directory_mode, follow, follow_redirects, force, force_basic_auth, group, headers, http_agent, method, mode, owner, regexp, remote_src, removes, return_content, selevel, serole, setype, seuser, src, status_code, timeout, unix_socket, unsafe_writes, url, url_password, url_username, use_proxy, validate_certs

The Ansible uri module return the following parameters while working with given URL

headers add headers to your requests

body - insert a body in your request 

body_format - format of the body in JSON or raw

creates - doesnot run the task if a file exists

dest: where to create the new file 

follow_redirects - when https redirects to http returns 301 

force_basic_auth - you need to provide username, password to chedk url

method - REST api possible methods it will supports GET POST DELETE PUT HEAD PATCH TRACE 

Prerequisites

Ansible installed and managed nodes with application up and running

Alternatively, application test URL we can take this blog URL as well.

Usecase 1: Let's check out blog URL does the Ansible uri module can test?

- name: Check public domain URL
  hosts: localhost
  gather_facts: no
  tasks:
  - name: uri
    uri:
      url: https://devopshunter.blogspot.com
      method: GET
      validate_certs: False

Execute the playbook as

ansible-playbook urlcheck.yml

Usecase 2: Now we can test our project related application urls with the following playbook

- name: test apache url
  hosts: web
  gather_facts: no
  tasks:
  - name: uri
    uri:
      url: http://{{ansible_host}}
      method: GET
      validate_certs: False
      status_code: 200

Testing the above web application testing test run as follows:
Image

Ansible uri module with GET method and status_code checking

Usecase 3: Checking for the multiple status code values 200, 201, 301

- name: Check status code public domain URL
  hosts: localhost
  gather_facts: no
  tasks:
    - name: Check uri in 200,201,301
      uri:
        url: https://httpbin.org/status/500
        method: POST
        status_code: [200,201,301]
        validate_certs: False

Execute the play and check what does 

ansible-playbook uri_multi_status_code.yml

Image: 

Ansible uri module multiple status code

Usecase 4: Getting the content of the given url

- name: Check content
  hosts: db
  gather_facts: no
  tasks:
  - name: Show content of a given uri
    uri:
      url: http://httpbin.org/get
      return_content: yes
      method: GET
    register: __content

  - name: debug
    debug:
      var: __content.content

Execute play as follows:

ansible-playbook check_content.yml

Image

Content of given url usibng ansible uri module

Usecase 5: HTTP Application return body

# Filename uri_body.yml
- name: Get the body of the url
  hosts: db
  gather_facts: false
  tasks:
  - name: Get the status, url from body from uri
    uri:
      url: http://httpbin.org/get
      method: GET
      return_content: yes
      validate_certs: False
      body_format: json
    register: __body
  - name: debug status, url
    debug:
      var: __body.status, __body.json.url
  - name: debug json block
    debug:
      var: __body.json

Execute play as follows:

ansible-playbook uri_body.yml

Note that URL passed here is the test URL, whereas in projects we need to pass this value of web applications that provide the REST service that can be used with the HTTP Get request object.

Ansible uri module example to get body parameter

Usecase 6: Basic authentication with user and password  parameters passing

# File: uri_basic_auth.yml
- name: Get the body of the url
  hosts: localhost
  gather_facts: false
  tasks:
  - name: uri module using user password
    uri:
      url: https://httpbin.org/basic-auth/vybhava/technologies
      user: "vybhava"
      password: "technologies"
      method: GET
      validate_certs: False  
  

Execution

ansible-playbook uri_basic_auth.yml

Image

Ansible uri module basic auth parameters user, password

interesting facts:

Basic auth testing on browser 

Have fun and enjoy experimenting with this uri module.

Good references on the get_url module