rke/services/healthcheck.go

package services

import (
	"context"
	"crypto/tls"
	"fmt"
	"io/ioutil"
	"net/http"
	"strconv"
	"strings"
	"time"

	"github.com/rancher/rke/docker"
	"github.com/rancher/rke/hosts"
	"github.com/rancher/rke/log"
	"github.com/rancher/rke/pki"
	"github.com/rancher/rke/pki/cert"
	"github.com/sirupsen/logrus"
)

const (
	HealthzAddress   = "localhost"
	HealthzEndpoint  = "/healthz"
	HTTPProtoPrefix  = "http://"
	HTTPSProtoPrefix = "https://"
)

func runHealthcheck(ctx context.Context, host *hosts.Host, serviceName string, localConnDialerFactory hosts.DialerFactory, url string, certMap map[string]pki.CertificatePKI) error {
	log.Infof(ctx, "[healthcheck] Start Healthcheck on service [%s] on host [%s]", serviceName, host.Address)
	var x509Pair tls.Certificate

	port, err := getPortFromURL(url)
	if err != nil {
		return err
	}
	if serviceName == KubeAPIContainerName {
		certificate := cert.EncodeCertPEM(certMap[pki.KubeAPICertName].Certificate)
		key := cert.EncodePrivateKeyPEM(certMap[pki.KubeAPICertName].Key)
		x509Pair, err = tls.X509KeyPair(certificate, key)
		if err != nil {
			return err
		}
	}
	client, err := getHealthCheckHTTPClient(host, port, localConnDialerFactory, &x509Pair)
	if err != nil {
		return fmt.Errorf("Failed to initiate new HTTP client for service [%s] for host [%s]: %v", serviceName, host.Address, err)
	}
	for retries := 0; retries < 10; retries++ {
		if err = getHealthz(client, serviceName, host.Address, url); err != nil {
			logrus.Debugf("[healthcheck] %v", err)
			time.Sleep(5 * time.Second)
			continue
		}
		log.Infof(ctx, "[healthcheck] service [%s] on host [%s] is healthy", serviceName, host.Address)
		return nil
	}
	logrus.Debug("Checking container logs")
	containerLog, _, logserr := docker.GetContainerLogsStdoutStderr(ctx, host.DClient, serviceName, "1", false)
	containerLog = strings.TrimSuffix(containerLog, "\n")
	if logserr != nil {
		return fmt.Errorf("Failed to verify healthcheck for service [%s]: %v", serviceName, logserr)
	}
	return fmt.Errorf("Failed to verify healthcheck: %v, log: %v", err, containerLog)
}

func getHealthCheckHTTPClient(host *hosts.Host, port int, localConnDialerFactory hosts.DialerFactory, x509KeyPair *tls.Certificate) (*http.Client, error) {
	host.LocalConnPort = port
	var factory hosts.DialerFactory
	if localConnDialerFactory == nil {
		factory = hosts.LocalConnFactory
	} else {
		factory = localConnDialerFactory
	}
	dialer, err := factory(host)
	if err != nil {
		return nil, fmt.Errorf("Failed to create a dialer for host [%s]: %v", host.Address, err)
	}
	tlsConfig := &tls.Config{InsecureSkipVerify: true}
	if x509KeyPair != nil {
		tlsConfig = &tls.Config{
			InsecureSkipVerify: true,
			Certificates:       []tls.Certificate{*x509KeyPair},
		}
	}
	return &http.Client{
		Transport: &http.Transport{
			Dial:            dialer,
			TLSClientConfig: tlsConfig,
		},
	}, nil
}

func getHealthz(client *http.Client, serviceName, hostAddress, url string) error {
	resp, err := client.Get(url)
	if err != nil {
		return fmt.Errorf("Failed to check %s for service [%s] on host [%s]: %v", url, serviceName, hostAddress, err)
	}
	if resp.StatusCode != http.StatusOK {
		statusBody, _ := ioutil.ReadAll(resp.Body)
		return fmt.Errorf("Service [%s] is not healthy on host [%s]. Response code: [%d], response body: %s", serviceName, hostAddress, resp.StatusCode, statusBody)
	}
	return nil
}

func getPortFromURL(url string) (int, error) {
	port := strings.Split(strings.Split(url, ":")[2], "/")[0]
	intPort, err := strconv.Atoi(port)
	if err != nil {
		return 0, err
	}
	return intPort, nil
}
Add healtcheck for services components Integrate healthcheck with each service 2017-12-19 22:18:27 +00:00			`package services`

			`import (`
Add context.Context to everything and also make logging pluggable 2018-01-09 22:10:56 +00:00			`"context"`
Add healtcheck for services components Integrate healthcheck with each service 2017-12-19 22:18:27 +00:00			`"crypto/tls"`
			`"fmt"`
			`"io/ioutil"`
			`"net/http"`
Add GenetatePlan() and use it internally 2018-02-13 00:47:56 +00:00			`"strconv"`
			`"strings"`
Add healtcheck for services components Integrate healthcheck with each service 2017-12-19 22:18:27 +00:00			`"time"`

Get latest logline if healthcheck fails 2018-05-21 18:11:11 +00:00			`"github.com/rancher/rke/docker"`
Add healtcheck for services components Integrate healthcheck with each service 2017-12-19 22:18:27 +00:00			`"github.com/rancher/rke/hosts"`
Add context.Context to everything and also make logging pluggable 2018-01-09 22:10:56 +00:00			`"github.com/rancher/rke/log"`
Secure kubelet port access 2018-03-12 19:04:28 +00:00			`"github.com/rancher/rke/pki"`
Update to new certs package since latest k8s dropped it 2019-08-19 17:53:15 +00:00			`"github.com/rancher/rke/pki/cert"`
Add healtcheck for services components Integrate healthcheck with each service 2017-12-19 22:18:27 +00:00			`"github.com/sirupsen/logrus"`
			`)`

			`const (`
			`HealthzAddress = "localhost"`
			`HealthzEndpoint = "/healthz"`
			`HTTPProtoPrefix = "http://"`
			`HTTPSProtoPrefix = "https://"`
			`)`

Secure kubelet port access 2018-03-12 19:04:28 +00:00			`func runHealthcheck(ctx context.Context, host *hosts.Host, serviceName string, localConnDialerFactory hosts.DialerFactory, url string, certMap map[string]pki.CertificatePKI) error {`
Add context.Context to everything and also make logging pluggable 2018-01-09 22:10:56 +00:00			`log.Infof(ctx, "[healthcheck] Start Healthcheck on service [%s] on host [%s]", serviceName, host.Address)`
Secure kubelet port access 2018-03-12 19:04:28 +00:00			`var x509Pair tls.Certificate`

Add GenetatePlan() and use it internally 2018-02-13 00:47:56 +00:00			`port, err := getPortFromURL(url)`
			`if err != nil {`
			`return err`
			`}`
Fix healthcheck when RBAC is disabled 2018-05-01 00:25:52 +00:00			`if serviceName == KubeAPIContainerName {`
			`certificate := cert.EncodeCertPEM(certMap[pki.KubeAPICertName].Certificate)`
			`key := cert.EncodePrivateKeyPEM(certMap[pki.KubeAPICertName].Key)`
			`x509Pair, err = tls.X509KeyPair(certificate, key)`
			`if err != nil {`
			`return err`
			`}`
			`}`
Secure kubelet port access 2018-03-12 19:04:28 +00:00			`client, err := getHealthCheckHTTPClient(host, port, localConnDialerFactory, &x509Pair)`
Add healtcheck for services components Integrate healthcheck with each service 2017-12-19 22:18:27 +00:00			`if err != nil {`
Add dind mode to rke 2018-07-10 19:21:27 +00:00			`return fmt.Errorf("Failed to initiate new HTTP client for service [%s] for host [%s]: %v", serviceName, host.Address, err)`
Add healtcheck for services components Integrate healthcheck with each service 2017-12-19 22:18:27 +00:00			`}`
Increase healthcheck timeout to 50 seconds per service 2018-01-09 21:09:41 +00:00			`for retries := 0; retries < 10; retries++ {`
Add GenetatePlan() and use it internally 2018-02-13 00:47:56 +00:00			`if err = getHealthz(client, serviceName, host.Address, url); err != nil {`
Add healtcheck for services components Integrate healthcheck with each service 2017-12-19 22:18:27 +00:00			`logrus.Debugf("[healthcheck] %v", err)`
			`time.Sleep(5 * time.Second)`
			`continue`
			`}`
Add context.Context to everything and also make logging pluggable 2018-01-09 22:10:56 +00:00			`log.Infof(ctx, "[healthcheck] service [%s] on host [%s] is healthy", serviceName, host.Address)`
Add healtcheck for services components Integrate healthcheck with each service 2017-12-19 22:18:27 +00:00			`return nil`
			`}`
Get latest logline if healthcheck fails 2018-05-21 18:11:11 +00:00			`logrus.Debug("Checking container logs")`
refactor etcd restoration process 2018-11-24 10:18:24 +00:00			`containerLog, _, logserr := docker.GetContainerLogsStdoutStderr(ctx, host.DClient, serviceName, "1", false)`
Fix local port check 2018-07-21 07:14:45 +00:00			`containerLog = strings.TrimSuffix(containerLog, "\n")`
Get latest logline if healthcheck fails 2018-05-21 18:11:11 +00:00			`if logserr != nil {`
Add etcd snapshot fix and more log messages to certificate bundle Add function to collect stdout and stderr logs from containers 2018-07-18 20:44:55 +00:00			`return fmt.Errorf("Failed to verify healthcheck for service [%s]: %v", serviceName, logserr)`
Get latest logline if healthcheck fails 2018-05-21 18:11:11 +00:00			`}`
			`return fmt.Errorf("Failed to verify healthcheck: %v, log: %v", err, containerLog)`
Add healtcheck for services components Integrate healthcheck with each service 2017-12-19 22:18:27 +00:00			`}`

Secure kubelet port access 2018-03-12 19:04:28 +00:00			`func getHealthCheckHTTPClient(host hosts.Host, port int, localConnDialerFactory hosts.DialerFactory, x509KeyPair tls.Certificate) (*http.Client, error) {`
Handle add/remove for etcd nodes Handle adding more than one etcd at once 2018-01-11 01:00:14 +00:00			`host.LocalConnPort = port`
Add healtcheck for services components Integrate healthcheck with each service 2017-12-19 22:18:27 +00:00			`var factory hosts.DialerFactory`
Handle add/remove for etcd nodes Handle adding more than one etcd at once 2018-01-11 01:00:14 +00:00			`if localConnDialerFactory == nil {`
			`factory = hosts.LocalConnFactory`
Add healtcheck for services components Integrate healthcheck with each service 2017-12-19 22:18:27 +00:00			`} else {`
Handle add/remove for etcd nodes Handle adding more than one etcd at once 2018-01-11 01:00:14 +00:00			`factory = localConnDialerFactory`
Add healtcheck for services components Integrate healthcheck with each service 2017-12-19 22:18:27 +00:00			`}`
			`dialer, err := factory(host)`
			`if err != nil {`
			`return nil, fmt.Errorf("Failed to create a dialer for host [%s]: %v", host.Address, err)`
			`}`
Secure kubelet port access 2018-03-12 19:04:28 +00:00			`tlsConfig := &tls.Config{InsecureSkipVerify: true}`
			`if x509KeyPair != nil {`
			`tlsConfig = &tls.Config{`
			`InsecureSkipVerify: true,`
			`Certificates: []tls.Certificate{*x509KeyPair},`
			`}`
			`}`
Add healtcheck for services components Integrate healthcheck with each service 2017-12-19 22:18:27 +00:00			`return &http.Client{`
			`Transport: &http.Transport{`
			`Dial: dialer,`
Secure kubelet port access 2018-03-12 19:04:28 +00:00			`TLSClientConfig: tlsConfig,`
Add healtcheck for services components Integrate healthcheck with each service 2017-12-19 22:18:27 +00:00			`},`
			`}, nil`
			`}`

Add GenetatePlan() and use it internally 2018-02-13 00:47:56 +00:00			`func getHealthz(client *http.Client, serviceName, hostAddress, url string) error {`
			`resp, err := client.Get(url)`
Add healtcheck for services components Integrate healthcheck with each service 2017-12-19 22:18:27 +00:00			`if err != nil {`
Add GenetatePlan() and use it internally 2018-02-13 00:47:56 +00:00			`return fmt.Errorf("Failed to check %s for service [%s] on host [%s]: %v", url, serviceName, hostAddress, err)`
Add healtcheck for services components Integrate healthcheck with each service 2017-12-19 22:18:27 +00:00			`}`
			`if resp.StatusCode != http.StatusOK {`
			`statusBody, _ := ioutil.ReadAll(resp.Body)`
Show host in error message for service unhealthy 2018-03-30 15:38:39 +00:00			`return fmt.Errorf("Service [%s] is not healthy on host [%s]. Response code: [%d], response body: %s", serviceName, hostAddress, resp.StatusCode, statusBody)`
Add healtcheck for services components Integrate healthcheck with each service 2017-12-19 22:18:27 +00:00			`}`
			`return nil`
			`}`
Add GenetatePlan() and use it internally 2018-02-13 00:47:56 +00:00
			`func getPortFromURL(url string) (int, error) {`
			`port := strings.Split(strings.Split(url, ":")[2], "/")[0]`
			`intPort, err := strconv.Atoi(port)`
			`if err != nil {`
			`return 0, err`
			`}`
			`return intPort, nil`
			`}`