Merge pull request #1668 from SkynetLabs/make-ip-check-in-healthcheck-more-reliable

make ip check in health checks more reliable
This commit is contained in:
Karol Wypchło 2022-02-08 16:18:46 +01:00 committed by GitHub
commit 442b91f74d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 2418 additions and 24 deletions

View File

@ -0,0 +1,23 @@
name: Test - packages/health-check
on:
pull_request:
paths:
- packages/health-check/**
defaults:
run:
working-directory: packages/health-check
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v2
with:
node-version: 16.x
- run: yarn
- run: yarn jest

View File

@ -7,10 +7,10 @@ WORKDIR /usr/app
ENV PATH="/usr/app/bin:${PATH}"
# schedule critical checks to run every 5 minutes (any failures will disable server)
RUN echo '*/5 * * * * /usr/app/bin/cli run critical > /dev/stdout' >> /etc/crontabs/root
RUN echo '*/5 * * * * source /etc/environment ; /usr/app/bin/cli run critical >> /proc/1/fd/1' >> /etc/crontabs/root
# schedule extended checks to run on every hour (optional checks, report only)
RUN echo '0 * * * * /usr/app/bin/cli run extended > /dev/stdout' >> /etc/crontabs/root
RUN echo '0 * * * * source /etc/environment ; /usr/app/bin/cli run extended >> /proc/1/fd/1' >> /etc/crontabs/root
COPY package.json yarn.lock ./
@ -23,16 +23,18 @@ COPY bin bin
EXPOSE 3100
ENV NODE_ENV production
# 1. start dnsmasq in the background with:
# 1. get public server ip and save it in /etc/environment (passed to cron tasks as env variable)
# 2. start dnsmasq in the background with:
# - alias PORTAL_DOMAIN with current server ip so it overrides potential load balancer request
# - default docker nameserver 127.0.0.11 for any other request
# 2. replace docker nameserver with dnsmasq nameserver in /etc/resolv.conf
# 3. start crond in the background to schedule periodic health checks
# 4. start the health-check api service
# 3. replace docker nameserver with dnsmasq nameserver in /etc/resolv.conf
# 4. start crond in the background to schedule periodic health checks
# 5. start the health-check api service
CMD [ "sh", "-c", \
"serverip=$(node src/whatismyip.js) ; \
dnsmasq --no-resolv --log-facility=/var/log/dnsmasq.log --address=/$PORTAL_DOMAIN/$serverip --server=127.0.0.11 ; \
echo \"$(sed 's/127.0.0.11/127.0.0.1/' /etc/resolv.conf)\" > /etc/resolv.conf ; \
crond ; \
"export serverip=$(node src/whatismyip.js) && \
echo \"export serverip=${serverip}\" >> /etc/environment && \
dnsmasq --no-resolv --log-facility=/var/log/dnsmasq.log --address=/$PORTAL_DOMAIN/$serverip --server=127.0.0.11 && \
echo \"$(sed 's/127.0.0.11/127.0.0.1/' /etc/resolv.conf)\" > /etc/resolv.conf && \
crond && \
node src/index.js" \
]

View File

@ -18,6 +18,7 @@
"yargs": "^17.3.1"
},
"devDependencies": {
"jest": "^27.5.0",
"prettier": "^2.5.1"
}
}

View File

@ -1,13 +1,28 @@
const got = require("got");
const { ipCheckService, ipRegex } = require("../utils");
const getCurrentAddress = async () => {
// use serverip env variable when available (set via Dockerfile)
if (process.env.serverip) {
if (ipRegex.test(process.env.serverip)) return process.env.serverip;
// log error to console for future reference but do not break
console.log(`Environment variable serverip contains invalid ip: "${process.env.serverip}"`);
}
try {
const { body } = await got("http://whatismyip.akamai.com");
if (body) return body;
throw new Error("whatismyip.akamai.com responded with empty body");
const { body } = await got(`http://${ipCheckService}`);
if (ipRegex.test(body)) {
console.info(`Server public ip: ${body} (source: ${ipCheckService})`);
return body;
}
throw new Error(`${ipCheckService} responded with invalid ip: "${body}"`);
} catch (error) {
console.log(error.message);
return "-- error fetching ip address from whatismyip.akamai.com --";
console.log(error.message); // log error to console for future reference
return null;
}
};
@ -15,7 +30,8 @@ module.exports = async function middleware() {
const ip = await getCurrentAddress();
return (check) => {
if (check.ip && check.ip !== ip) {
// check only if current ip and check ip are provided
if (ip && check.ip && check.ip !== ip) {
check.up = false;
check.errors = check.errors ?? [];
check.errors.push({

View File

@ -42,4 +42,10 @@ server.listen(port, host, (error) => {
if (error) throw error;
console.info(`Server listening at http://${host}:${port} (NODE_ENV: ${process.env.NODE_ENV})`);
const { ipRegex } = require("./utils");
if (ipRegex.test(process.env.serverip)) {
console.info(`Server public ip: ${process.env.serverip}`);
}
});

View File

@ -1,4 +1,7 @@
const got = require("got");
const ipCheckService = "whatismyip.akamai.com";
const ipRegex = new RegExp(
`^(?:25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]\\d|\\d)(?:\\.(?:25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]\\d|\\d)){3}$`
);
/**
* Get the time between start and now in milliseconds
@ -60,6 +63,8 @@ function getAuthCookie() {
if (!password) throw new Error("ACCOUNTS_TEST_USER_PASSWORD cannot be empty");
async function authenticate() {
const got = require("got");
try {
// authenticate with given test user credentials
const response = await got.post(`${process.env.SKYNET_DASHBOARD_URL}/api/login`, {
@ -114,4 +119,6 @@ module.exports = {
ensureValidJSON,
getAuthCookie,
isPortalModuleEnabled,
ipCheckService,
ipRegex,
};

View File

@ -0,0 +1,19 @@
describe("ipRegex", () => {
const { ipRegex } = require("./utils");
test("should test true for valid ip", () => {
expect(ipRegex.test("8.8.8.8")).toEqual(true);
expect(ipRegex.test("127.0.0.1")).toEqual(true);
expect(ipRegex.test("192.168.0.1")).toEqual(true);
expect(ipRegex.test("10.10.10.10")).toEqual(true);
expect(ipRegex.test("135.124.12.47")).toEqual(true);
});
test("should test false for invalid ip", () => {
expect(ipRegex.test("888.8.8.8")).toEqual(false);
expect(ipRegex.test("....")).toEqual(false);
expect(ipRegex.test(null)).toEqual(false);
expect(ipRegex.test("foo")).toEqual(false);
expect(ipRegex.test("")).toEqual(false);
});
});

View File

@ -1,13 +1,18 @@
const http = require("http");
const { ipCheckService, ipRegex } = require("./utils");
const request = http.request({ host: "whatismyip.akamai.com" }, (response) => {
const request = http.request({ host: ipCheckService }, (response) => {
response.on("data", (data) => {
process.stdout.write(data);
if (ipRegex.test(data)) {
process.stdout.write(data);
} else {
throw new Error(`${ipCheckService} responded with invalid ip: "${data}"`);
}
});
});
request.on("error", (error) => {
console.error(error);
throw error; // throw error to exit with code 1
});
request.end();

File diff suppressed because it is too large Load Diff