Docker's health detection mechanism

Docker's health detection mechanism

For containers, the simplest health check is the process-level health check, which verifies whether the process is alive. Docker Daemon automatically monitors the PID1 process in the container. If the restart policy is specified in the docker run command, the terminated container can be automatically restarted according to the policy. In many practical scenarios, using only process-level health check mechanisms is far from enough. For example, although the container process is still running, it cannot continue to respond to user requests due to application deadlock. Such problems cannot be discovered through process monitoring.

Usually, in order to prevent the container from being unable to automatically start after power failure or abnormal shutdown, we can add

--restart=always

For example

[root@aliyun ~]# docker run --restart=always -d --name blog -d -v /www:/www -v /wwwlogs:/var/log/wwwlogs -p 65423:65422 -p 80:80 -p 443:443 677
7714a84063ee6d405c80b891254bba0e5930f5d271c5ad76cfd6e2f0058d8056

In this way, the container can be restarted automatically, but sometimes the program enters a deadlock state or an infinite loop state, the application process does not exit, but the container can no longer provide services. Before 1.12, Docker would not detect this state of the container and would not reschedule it, resulting in some containers being unable to provide services but still accepting user requests.

Since 1.12, Docker has provided the HEALTHCHECK instruction, which specifies a line of command to determine whether the service status of the container's main process is still normal, thereby more realistically reflecting the actual status of the container.

When the HEALTHCHECK instruction is specified in an image, the container is started with it. The initial status is starting. After the HEALTHCHECK instruction check succeeds, it changes to healthy. If it fails a certain number of times in a row, it changes to unhealthy.

HEALTHCHECK supports the following options:

  • –interval=<interval>: The interval between two health checks, the default is 30 seconds;
  • –timeout=<duration>: The timeout period for the health check command to run. If this time period is exceeded, the health check is considered a failure. The default time is 30 seconds.
  • –retries=<number>: After a specified number of consecutive failures, the container status is considered unhealthy. The default is 3 times. Like CMD and ENTRYPOINT, HEALTHCHECK can only appear once. If multiple entries are given, only the last one will take effect.

The command following HEALTHCHECK [option] CMD has the same format as ENTRYPOINT, which can be divided into shell format and exec format. The return value of the command determines whether the health check is successful or not: 0: success; 1: failure; 2: reserved, do not use this value.

Let's look at this dockerfile file

FROM centos
LABEL maintainer "awen Email: <[email protected]>"
WORKDIR /opt/

COPY CentOS7-Base-163.repo /etc/yum.repos.d/CentOS-Base.repo
COPY nginx /etc/init.d/nginx

ENV NGINX_V=1.13.5 \
  OPENSSL_V=1.0.2l \
  PCRE_V=8.41 \
  ZLIB_V=1.2.11 

RUN yum -y update \
  && yum -y install openssh-server openssl gcc gcc-c++ pcre-devel openssl-devel zlib-devel wget make perl tar net-tools \
  && wget -c -4 https://nginx.org/download/nginx-$NGINX_V.tar.gz \
  && wget -c -4 https://www.openssl.org/source/openssl-$OPENSSL_V.tar.gz \
  && wget -c -4 ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-$PCRE_V.tar.gz \
  && wget -c -4 http://zlib.net/zlib-$ZLIB_V.tar.gz \
  && groupadd -r www && useradd -r -g www www \
  && tar zxvf zlib-$ZLIB_V.tar.gz \
  && cd zlib-$ZLIB_V \
  && ./configure \
  && make \
  && make install \
  && cd /opt \
  && tar zxvf pcre-$PCRE_V.tar.gz \
  && cd pcre-$PCRE_V \
  && ./configure \
  && make \
  && make install \
  && cd /opt \
  && tar zxvf openssl-$OPENSSL_V.tar.gz \
  && tar zxvf nginx-$NGINX_V.tar.gz \
  && cd nginx-$NGINX_V \
  && ./configure --prefix=/usr/local/nginx --user=www --group=www --with-pcre=/opt/pcre-$PCRE_V --with-http_ssl_module --with-zlib=/opt/zlib-$ZLIB_V --with-openssl=/opt/openssl-$OPENSSL_V --with-http_v2_module --with-http_ssl_module \
  && make \
  && make install \
  && rm -rf /opt/* \
  && mkdir -p /usr/local/nginx/ssl \
  && mkdir -p /usr/local/nginx/conf/vhost \
  && mkdir -p /var/log/wwwlogs/ \
  && mkdir -p /www/ \
  && ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' \
  && ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' \
  && ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' \
  && ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N '' \
  && echo "RSAAuthentication yes" >> /etc/ssh/sshd_config \
  && echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config \
  && sed -i "s/PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config \
  && sed -i "s/UsePAM yes/UsePAM no/g" /etc/ssh/sshd_config \
  && sed -i "s/#Port 22/Port 65422/g" /etc/ssh/sshd_config \
  && yum clean all \
  && mkdir /var/run/sshd \
  && chmod +x /etc/init.d/nginx \
  && rm -rf /root/*.cfg \
  && echo "Asia/Shanghai" > /etc/localtime


COPY ssl/* /usr/local/nginx/ssl/ 
COPY vhost/* /usr/local/nginx/conf/vhost/
COPY nginx.conf /usr/local/nginx/conf/
COPY ssh/* /root/.ssh/


VOLUME ["/www","/var/log/wwwlogs","/usr/local/nginx/ssl","/usr/local/nginx/conf/vhost"]

EXPOSE 65422 80 443

HEALTHCHECK CMD curl -fs http://localhost/ || exit 1
ENTRYPOINT /etc/init.d/nginx start && chown -R www:www /var/log/wwwlogs/ && /usr/sbin/sshd -D

in

HEALTHCHECK CMD curl -fs http://localhost/ || exit 1

It is the added health monitoring configuration, then compiled and started. Checking the process will find that its status is starting

[root@aliyun ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7714a84063ee 677 "/bin/sh -c '/etc/ini" 3 seconds ago Up 2 seconds (health: starting) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:65423->65422/tcp blog

Wait a moment and you will find that its status is healthy

[root@aliyun ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7714a84063ee 677 "/bin/sh -c '/etc/ini" About a minute ago Up About a minute (healthy) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:65423->65422/tcp blog

We can view the status of the last three times through inspect

[root@aliyun ~]# docker inspect --format '{{json .State.Health}}' blog | python -m json.tool
{
  "FailingStreak": 0,
  "Log": [
    {
      "End": "2017-10-11T11:15:27.516562686+08:00",
      "ExitCode": 0,
      "Output": "<html>\r\n<head><title>301 Moved Permanently</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>301 Moved Permanently</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n",
      "Start": "2017-10-11T11:15:27.470554485+08:00"
    },
    {
      "End": "2017-10-11T11:15:57.563377729+08:00",
      "ExitCode": 0,
      "Output": "<html>\r\n<head><title>301 Moved Permanently</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>301 Moved Permanently</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n",
      "Start": "2017-10-11T11:15:57.516690754+08:00"
    },
    {
      "End": "2017-10-11T11:16:27.609685416+08:00",
      "ExitCode": 0,
      "Output": "<html>\r\n<head><title>301 Moved Permanently</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>301 Moved Permanently</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n",
      "Start": "2017-10-11T11:16:27.563533362+08:00"
    },
    {
      "End": "2017-10-11T11:16:57.654441173+08:00",
      "ExitCode": 0,
      "Output": "<html>\r\n<head><title>301 Moved Permanently</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>301 Moved Permanently</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n",
      "Start": "2017-10-11T11:16:57.609810588+08:00"
    },
    {
      "End": "2017-10-11T11:17:27.701113019+08:00",
      "ExitCode": 0,
      "Output": "<html>\r\n<head><title>301 Moved Permanently</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>301 Moved Permanently</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n",
      "Start": "2017-10-11T11:17:27.654580727+08:00"
    }
  ],
  "Status": "healthy"
}

If the health check fails continuously for more than the number of retries, the status changes to (unhealthy).

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.

You may also be interested in:
  • Docker uses busybox to create a base image
  • Architecture and component description of docker private library Harbor
  • Methods and steps for Etcd distributed deployment based on Docker
  • Docker-compose one-click deployment of gitlab Chinese version method steps
  • Sample code for deploying Spring-boot project with Docker
  • How to modify the default network segment of Docker0 bridge in Docker
  • Docker container deployment attempt - multi-container communication (node+mongoDB+nginx)
  • Can Docker become the next "Linux"?
  • How to deploy gitlab using Docker-compose
  • Detailed steps for quick installation of openshift

<<:  How to solve the problem that MySQL cannot start because it cannot create PID

>>:  Simple implementation of handheld barrage function + text shaking special effects code based on JS

Recommend

How to introduce scss into react project

First download the dependencies yarn add sass-loa...

Vue basics MVVM, template syntax and data binding

Table of contents 1. Vue Overview Vue official we...

How to use Vue to implement CSS transitions and animations

Table of contents 1. The difference between trans...

Tutorial on installing and configuring remote login to MySQL under Ubuntu

This article shares the MySQL installation and co...

The most common declaration merge in TS (interface merge)

Table of contents 1. Merge interface 1.1 Non-func...

MySQL column to row conversion, method of merging fields (must read)

Data Sheet: Column to row: using max(case when th...

Summary of two methods to implement vue printing function

Method 1: Install the plugin via npm 1. Install n...

SQL query for users who have logged in for at least n consecutive days

Take 3 consecutive days as an example, using the ...

CSS style to center the HTML tag in the browser

CSS style: Copy code The code is as follows: <s...

Docker compose deploys SpringBoot project to connect to MySQL and the pitfalls encountered

Earlier, we used Docker to simply deploy the Spri...

How to configure two-way certificate verification on nginx proxy server

Generate a certificate chain Use the script to ge...

Example code for implementing ellipse trajectory rotation using CSS3

Recently, the following effects need to be achiev...

Markup validation for doctype

But recently I found that using this method will c...

Linux kernel device driver system call notes

/**************************** * System call******...

In-depth analysis of MySQL lock blocking

In daily maintenance, threads are often blocked, ...