root: add docker-native healthcheck for web and celery

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-10-05 20:45:18 +02:00
parent c47ab4f1fc
commit aee58c8d53
3 changed files with 19 additions and 4 deletions

View file

@ -80,8 +80,12 @@ COPY ./lifecycle/ /lifecycle
COPY --from=builder /work/authentik /authentik-proxy COPY --from=builder /work/authentik /authentik-proxy
USER authentik USER authentik
ENV TMPDIR /dev/shm/ ENV TMPDIR /dev/shm/
ENV PYTHONUNBUFFERED 1 ENV PYTHONUNBUFFERED 1
ENV prometheus_multiproc_dir /dev/shm/ ENV prometheus_multiproc_dir /dev/shm/
ENV PATH "/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/lifecycle" ENV PATH "/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/lifecycle"
HEALTHCHECK --interval=30s --timeout=30s --start-period=60s --retries=3 CMD [ "/lifecycle/ak healthcheck" ]
ENTRYPOINT [ "/lifecycle/ak" ] ENTRYPOINT [ "/lifecycle/ak" ]

View file

@ -59,14 +59,14 @@ class MetricsView(View):
class LiveView(View): class LiveView(View):
"""View for liveness probe, always returns Http 201""" """View for liveness probe, always returns Http 204"""
def dispatch(self, request: HttpRequest) -> HttpResponse: def dispatch(self, request: HttpRequest) -> HttpResponse:
return HttpResponse(status=201) return HttpResponse(status=204)
class ReadyView(View): class ReadyView(View):
"""View for readiness probe, always returns Http 201, unless sql or redis is down""" """View for readiness probe, always returns Http 204, unless sql or redis is down"""
def dispatch(self, request: HttpRequest) -> HttpResponse: def dispatch(self, request: HttpRequest) -> HttpResponse:
try: try:
@ -79,4 +79,4 @@ class ReadyView(View):
redis_conn.ping() redis_conn.ping()
except RedisError: except RedisError:
return HttpResponse(status=503) return HttpResponse(status=503)
return HttpResponse(status=201) return HttpResponse(status=204)

View file

@ -26,10 +26,14 @@ function check_if_root {
chpst -u authentik:$GROUP env HOME=/authentik $1 chpst -u authentik:$GROUP env HOME=/authentik $1
} }
MODE_FILE="/tmp/authentik-mode"
if [[ "$1" == "server" ]]; then if [[ "$1" == "server" ]]; then
echo "server" > $MODE_FILE
python -m lifecycle.migrate python -m lifecycle.migrate
/authentik-proxy /authentik-proxy
elif [[ "$1" == "worker" ]]; then elif [[ "$1" == "worker" ]]; then
echo "worker" > $MODE_FILE
check_if_root "celery -A authentik.root.celery worker --autoscale 3,1 -E -B -s /tmp/celerybeat-schedule -Q authentik,authentik_scheduled,authentik_events" check_if_root "celery -A authentik.root.celery worker --autoscale 3,1 -E -B -s /tmp/celerybeat-schedule -Q authentik,authentik_scheduled,authentik_events"
elif [[ "$1" == "backup" ]]; then elif [[ "$1" == "backup" ]]; then
python -m manage dbbackup --clean python -m manage dbbackup --clean
@ -42,6 +46,13 @@ elif [[ "$1" == "test" ]]; then
touch /unittest.xml touch /unittest.xml
chown authentik:authentik /unittest.xml chown authentik:authentik /unittest.xml
check_if_root "python -m manage test authentik" check_if_root "python -m manage test authentik"
elif [[ "$1" == "healthcheck" ]]; then
mode=$(cat $MODE_FILE)
if [[ $mode == "server "]]; then
curl --user-agent "authentik Healthcheck" -I http://localhost:9000/-/health/ready/
elif [[ $mode == "worker" ]]; then
celery -A authentik.root.celery inspect ping -d celery@$HOSTNAME
fi
else else
python -m manage "$@" python -m manage "$@"
fi fi