-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
healthcheck #1270
Comments
i want to know |
bump |
Hello, |
@didjcodt could you please paste the sample. I am getting error; tried multiple ways |
Example:
What kind of error do you have? Can you paste the logs? |
@didjcodt This is the error |
Did you setup any authentication method (like username/password) or are you filtering based of a clientid maybe? |
Yes. I have created a password file. Below is my conf file:
|
So that means your probe also needs a username/password :) |
So this is the problem I have created the pwfile which is having a username and password. If I pass that in healthcheck it will expose it. There should have been a healtcheck for which authentication was not required |
I think it should be possible to configure another listener that only listen to localhost and have Something like this (very untested config)
then you could use mosquitto sub as a probe check without password: |
Still nothing for this? I don't need great security (though I'm not really sure why that's an issue as a healthcheck runs on the container's CLI ) but I have found a few things online... none of which work version: "3"
services:
mosquitto:
image: eclipse-mosquitto
container_name: mosquitto
user: 1000:1000
environment:
- PUID=1000 #optional
- PGID=1000 #optional
- TZ=America/Phoenix
ports:
- 1883:1883
#- 9001:9001
volumes:
- /docker/homeassistant/mqtt/mosquitto/config:/mosquitto/config
- /docker/homeassistant/mqtt/mosquitto/data:/mosquitto/data
- /docker/log/var/log/mosquitto:/mosquitto/log
- /docker/log/var/log:/var/log:rw
- /etc/localtime:/etc/localtime:ro
restart: always
healthcheck:
#test: ["mosquitto_sub", "-h", "localhost", "-p", "1883", "-t", "test", "-C", "1"] #Stuck [Running]
# test: ["CMD-SHELL", "timeout -t 5 mosquitto_sub -t '$$SYS/#' -C 1 | grep -v Error || exit 1"] #Stuck [Starting] but runs. Becomes [Unhealthy] after 7-8 minutes
test: ["CMD-SHELL", "mosquitto_sub -h localhost -t test -C 1"] #stuck [starting] but runs & logs active. Becomes [Unhealthy] after 5-12 minutes (7-8 typical)
interval: 30s
timeout: 10s
retries: 5
start_period: 20s
#security_opt:
# - no-new-privileges:true
labels:
- "com.centurylinklabs.watchtower.scope=dockerhub"
Looking through things I think the best solution is going to be to add a sh -c date | mosquitto_pub -h localhost -t healthcheck -l -r --quiet --repeat 999999 --repeat-delay 60 hoping that it'd update the timecheck every minute, but that sadly didn't work. healthcheck:
#test: ["mosquitto_sub", "-h", "localhost", "-p", "1883", "-t", "healthcheck", "-C", "1"] #Stuck [Running] with no healthcheck status
# test: ["CMD-SHELL", "timeout -t 5 mosquitto_sub -t '$$SYS/#' -C 1 | grep -v Error || exit 1"] #Stuck [Starting] but runs. Becomes [Unhealthy] after 7-8 minutes
# test: ["CMD-SHELL", "mosquitto_sub -h localhost -t healthcheck -C 1"] #stuck [starting] but runs & logs active. Becomes [Unhealthy] after 5-12 minutes (7-8 typical)
#test: ["sh", "-c", "date | mosquitto_pub -h localhost -t healthcheck -l"] # Publishes date & time to "healthcheck" topic
#test: ["mosquitto_sub", "-h", "localhost", "-t", "healthcheck", "-C", "1"]
#test: ["mosquitto_sub", "-h", "localhost", "-p", "1883", "-t", "healthcheck", "-C", "1", "-W", "5"]
test: ["sh", "-c", "mosquitto_sub -h localhost -C 1 -t healthcheck | grep ."] #Stuck [Running] with no healthcheck status
interval: 30s
timeout: 10s
retries: 5
start_period: 20s |
This seems to work for me...
|
Thanks. This seems to work for me too. I don't know why I didn't find this when I searched, found a bunch of things similar, but not this EDIT: Although when I try it in the CLI I get / $ mosquitto_sub -t $$SYS/# -C 1 -i healthcheck -W 3
Timed out
/ $ |
note that try |
Ah, so it's escaped with the 2nd $ or something like that. That makes sense / $ mosquitto_sub -t '$SYS/#' -C 1 -i healthcheck1 -W 3
mosquitto version 2.0.15
/ $ So it's just a test if it shows a non-null value when version is requested? I mean, it works & shows as |
if you turn on verbose logging in the broker, you should see some logs about healthcheck making subscriptions. if you add the if you still isn't convinced, you could try edit the topic and not push anything to it.. does it still show as healthy? If really want to go the extra step, you could write a simple program to connect, subscribe to some topic and push on the same, then wait for it to arrive and measure the time difference. this way you test the whole chain and get an idea of how much work the broker is doing. this obviously involves creating your own container with the supplied test program. |
Ah. So it's subscribing to a topic, alright, that should be good then. I've just seen too many homemade "healthchecks" that don't actually check the health of the container that I'm always skeptical until I know what it's doing |
If you have a separate listener on a non-standard port, you also have to specify the port in your healthcheck, ie:
|
I am wondering: mosquitto_sub is probably part of the mosquitto package. If I want to test the mosquitto container, I have to install mosquitto on the host system as well ? |
No, because the test is executing within the container, not on the host. Would not make sense otherwise. |
The way Docker HealtChecks work is by running a test essentially in a CLI inside the container. You can have a healtchcheck check to see if a page is reachable, if a link goes to an actual page or even more complex if a link goes to a page that contains certain words, but you can only do those things if the tools to do so are installed inside the container. Oftentimes checks do things like check to see if this page is reachable & larger than some number of KB. What this HelatchCheck is doing is, in the CLI of the container, subscribing to a message thread. If that thread doesn't have anything in it it determines that the container is not healthy. But everything is happening inside the OS of the container. There are certain containers that are designed to test if a thing on your local machine is present, but that is usually done via BIND MOUNTS or by pinging the machine over the network, in either case your machine only needs to be running docker, which is required for it to be running the docker container, & have the variables set for the container in the Docker-Compose or the command used to start the container |
The only annoyance with this is that the logs get filled by:
Unfortunately, Mosquitto doesn't support per-listener logging configuration, otherwise I would've disabled logging for the localhost listener. I tried using grep to filter out those logs: command: ['/bin/sh', '-c', '/usr/sbin/mosquitto -c /mosquitto/config/mosquitto.conf 2>&1 | grep -v -E "^.*:[ ]New connection from 127\\.0\\.0\\.1:[0-9]+ on port 1880\\.$"'] However, grep would buffer the output and when stopped SIGTERM would not be propagated to mosquitto (since it was called though a shell) resulting in container being killed instead with lost logs. |
In that case having it's default HealtchCheck time be an hour could be an option. It's less quick to notice problems, but having an hourly log entry doesn't seem bad to me |
Just an FYI, made a docker image that adds a PS. Not yet well tested. |
does anyone have a healthcheck to check the container, or is it in the container? how to use in docker-compose
The text was updated successfully, but these errors were encountered: