Docker's health detection mechanism

For containers, the simplest health check is the process-level health check, which verifies whether the process is alive. Docker Daemon automatically monitors the PID1 process in the container. If the restart policy is specified in the docker run command, the terminated container can be automatically restarted according to the policy. In many practical scenarios, using only process-level health check mechanisms is far from enough. For example, although the container process is still running, it cannot continue to respond to user requests due to application deadlock. Such problems cannot be discovered through process monitoring.

Usually, in order to prevent the container from being unable to automatically start after power failure or abnormal shutdown, we can add

--restart=always

For example

[root@aliyun ~]# docker run --restart=always -d --name blog -d -v /www:/www -v /wwwlogs:/var/log/wwwlogs -p 65423:65422 -p 80:80 -p 443:443 677
7714a84063ee6d405c80b891254bba0e5930f5d271c5ad76cfd6e2f0058d8056

In this way, the container can be restarted automatically, but sometimes the program enters a deadlock state or an infinite loop state, the application process does not exit, but the container can no longer provide services. Before 1.12, Docker would not detect this state of the container and would not reschedule it, resulting in some containers being unable to provide services but still accepting user requests.

Since 1.12, Docker has provided the HEALTHCHECK instruction, which specifies a line of command to determine whether the service status of the container's main process is still normal, thereby more realistically reflecting the actual status of the container.

When the HEALTHCHECK instruction is specified in an image, the container is started with it. The initial status is starting. After the HEALTHCHECK instruction check succeeds, it changes to healthy. If it fails a certain number of times in a row, it changes to unhealthy.

HEALTHCHECK supports the following options:

–interval=<interval>: The interval between two health checks, the default is 30 seconds;
–timeout=<duration>: The timeout period for the health check command to run. If this time period is exceeded, the health check is considered a failure. The default time is 30 seconds.
–retries=<number>: After a specified number of consecutive failures, the container status is considered unhealthy. The default is 3 times. Like CMD and ENTRYPOINT, HEALTHCHECK can only appear once. If multiple entries are given, only the last one will take effect.

The command following HEALTHCHECK [option] CMD has the same format as ENTRYPOINT, which can be divided into shell format and exec format. The return value of the command determines whether the health check is successful or not: 0: success; 1: failure; 2: reserved, do not use this value.

Let's look at this dockerfile file

FROM centos
LABEL maintainer "awen Email: <[email protected]>"
WORKDIR /opt/

COPY CentOS7-Base-163.repo /etc/yum.repos.d/CentOS-Base.repo
COPY nginx /etc/init.d/nginx

ENV NGINX_V=1.13.5 \
  OPENSSL_V=1.0.2l \
  PCRE_V=8.41 \
  ZLIB_V=1.2.11 

RUN yum -y update \
  && yum -y install openssh-server openssl gcc gcc-c++ pcre-devel openssl-devel zlib-devel wget make perl tar net-tools \
  && wget -c -4 https://nginx.org/download/nginx-$NGINX_V.tar.gz \
  && wget -c -4 https://www.openssl.org/source/openssl-$OPENSSL_V.tar.gz \
  && wget -c -4 ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-$PCRE_V.tar.gz \
  && wget -c -4 http://zlib.net/zlib-$ZLIB_V.tar.gz \
  && groupadd -r www && useradd -r -g www www \
  && tar zxvf zlib-$ZLIB_V.tar.gz \
  && cd zlib-$ZLIB_V \
  && ./configure \
  && make \
  && make install \
  && cd /opt \
  && tar zxvf pcre-$PCRE_V.tar.gz \
  && cd pcre-$PCRE_V \
  && ./configure \
  && make \
  && make install \
  && cd /opt \
  && tar zxvf openssl-$OPENSSL_V.tar.gz \
  && tar zxvf nginx-$NGINX_V.tar.gz \
  && cd nginx-$NGINX_V \
  && ./configure --prefix=/usr/local/nginx --user=www --group=www --with-pcre=/opt/pcre-$PCRE_V --with-http_ssl_module --with-zlib=/opt/zlib-$ZLIB_V --with-openssl=/opt/openssl-$OPENSSL_V --with-http_v2_module --with-http_ssl_module \
  && make \
  && make install \
  && rm -rf /opt/* \
  && mkdir -p /usr/local/nginx/ssl \
  && mkdir -p /usr/local/nginx/conf/vhost \
  && mkdir -p /var/log/wwwlogs/ \
  && mkdir -p /www/ \
  && ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' \
  && ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' \
  && ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' \
  && ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N '' \
  && echo "RSAAuthentication yes" >> /etc/ssh/sshd_config \
  && echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config \
  && sed -i "s/PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config \
  && sed -i "s/UsePAM yes/UsePAM no/g" /etc/ssh/sshd_config \
  && sed -i "s/#Port 22/Port 65422/g" /etc/ssh/sshd_config \
  && yum clean all \
  && mkdir /var/run/sshd \
  && chmod +x /etc/init.d/nginx \
  && rm -rf /root/*.cfg \
  && echo "Asia/Shanghai" > /etc/localtime


COPY ssl/* /usr/local/nginx/ssl/ 
COPY vhost/* /usr/local/nginx/conf/vhost/
COPY nginx.conf /usr/local/nginx/conf/
COPY ssh/* /root/.ssh/


VOLUME ["/www","/var/log/wwwlogs","/usr/local/nginx/ssl","/usr/local/nginx/conf/vhost"]

EXPOSE 65422 80 443

HEALTHCHECK CMD curl -fs http://localhost/ || exit 1
ENTRYPOINT /etc/init.d/nginx start && chown -R www:www /var/log/wwwlogs/ && /usr/sbin/sshd -D

HEALTHCHECK CMD curl -fs http://localhost/ || exit 1

It is the added health monitoring configuration, then compiled and started. Checking the process will find that its status is starting

[root@aliyun ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7714a84063ee 677 "/bin/sh -c '/etc/ini" 3 seconds ago Up 2 seconds (health: starting) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:65423->65422/tcp blog

Wait a moment and you will find that its status is healthy

[root@aliyun ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7714a84063ee 677 "/bin/sh -c '/etc/ini" About a minute ago Up About a minute (healthy) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:65423->65422/tcp blog

We can view the status of the last three times through inspect

[root@aliyun ~]# docker inspect --format '{{json .State.Health}}' blog | python -m json.tool
{
  "FailingStreak": 0,
  "Log": [
    {
      "End": "2017-10-11T11:15:27.516562686+08:00",
      "ExitCode": 0,
      "Output": "<html>\r\n<head><title>301 Moved Permanently</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>301 Moved Permanently</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n",
      "Start": "2017-10-11T11:15:27.470554485+08:00"
    },
    {
      "End": "2017-10-11T11:15:57.563377729+08:00",
      "ExitCode": 0,
      "Output": "<html>\r\n<head><title>301 Moved Permanently</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>301 Moved Permanently</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n",
      "Start": "2017-10-11T11:15:57.516690754+08:00"
    },
    {
      "End": "2017-10-11T11:16:27.609685416+08:00",
      "ExitCode": 0,
      "Output": "<html>\r\n<head><title>301 Moved Permanently</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>301 Moved Permanently</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n",
      "Start": "2017-10-11T11:16:27.563533362+08:00"
    },
    {
      "End": "2017-10-11T11:16:57.654441173+08:00",
      "ExitCode": 0,
      "Output": "<html>\r\n<head><title>301 Moved Permanently</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>301 Moved Permanently</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n",
      "Start": "2017-10-11T11:16:57.609810588+08:00"
    },
    {
      "End": "2017-10-11T11:17:27.701113019+08:00",
      "ExitCode": 0,
      "Output": "<html>\r\n<head><title>301 Moved Permanently</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>301 Moved Permanently</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n",
      "Start": "2017-10-11T11:17:27.654580727+08:00"
    }
  ],
  "Status": "healthy"
}

If the health check fails continuously for more than the number of retries, the status changes to (unhealthy).

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.

You may also be interested in:

Docker uses busybox to create a base image
Architecture and component description of docker private library Harbor
Methods and steps for Etcd distributed deployment based on Docker
Docker-compose one-click deployment of gitlab Chinese version method steps
Sample code for deploying Spring-boot project with Docker
How to modify the default network segment of Docker0 bridge in Docker
Docker container deployment attempt - multi-container communication (node+mongoDB+nginx)
Can Docker become the next "Linux"?
How to deploy gitlab using Docker-compose
Detailed steps for quick installation of openshift

<<: How to solve the problem that MySQL cannot start because it cannot create PID

>>: Simple implementation of handheld barrage function + text shaking special effects code based on JS