Commit e1339d94 authored by Achilleas Pipinellis's avatar Achilleas Pipinellis

Update health check docs

parent d9ed329b
...@@ -6,7 +6,7 @@ ...@@ -6,7 +6,7 @@
be deprecated in GitLab 9.1. Read more in the [old behavior](#old-behavior) be deprecated in GitLab 9.1. Read more in the [old behavior](#old-behavior)
section. section.
- [Access token](#access-token) has been deprecated in GitLab 9.4 - [Access token](#access-token) has been deprecated in GitLab 9.4
in favor of [IP Whitelist](#ip-whitelist) in favor of [IP whitelist](#ip-whitelist)
GitLab provides liveness and readiness probes to indicate service health and GitLab provides liveness and readiness probes to indicate service health and
reachability to required services. These probes report on the status of the reachability to required services. These probes report on the status of the
...@@ -14,106 +14,123 @@ database connection, Redis connection, and access to the filesystem. These ...@@ -14,106 +14,123 @@ database connection, Redis connection, and access to the filesystem. These
endpoints [can be provided to schedulers like Kubernetes][kubernetes] to hold endpoints [can be provided to schedulers like Kubernetes][kubernetes] to hold
traffic until the system is ready or restart the container as needed. traffic until the system is ready or restart the container as needed.
## IP Whitelist ## IP whitelist
To access monitoring resources the client IP needs to be included in the whitelist. To access monitoring resources, the client IP needs to be included in a whitelist.
To add or remove hosts or IP ranges from the list you can edit `gitlab.rb` or `gitlab.yml`. You can add single hosts or use IP ranges.
Example whitelist configuration: **For Omnibus installations**
```yaml
monitoring:
ip_whitelist:
- 127.0.0.0/8 # by default only local IPs are allowed to access monitoring resources
```
## Access Token (Deprecated) 1. Open `/etc/gitlab/gitlab.rb` and add or uncomment the following:
An access token needs to be provided while accessing the probe endpoints. The current ```ruby
accepted token can be found under the **Admin area ➔ Monitoring ➔ Health check** gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8']
(`admin/health_check`) page of your GitLab instance. ```
![access token](img/health_check_token.png) 1. Save the file and [reconfigure] GitLab for the changes to take effect.
The access token can be passed as a URL parameter: ---
``` **For installations from source**
https://gitlab.example.com/-/readiness?token=ACCESS_TOKEN
```
which will then provide a report of system health in JSON format: 1. Edit `config/gitlab.yml`:
``` ```yaml
{ monitoring:
"db_check": { ip_whitelist:
"status": "ok" - 127.0.0.0/8 # by default only local IPs are allowed to access monitoring resources
}, ```
"redis_check": {
"status": "ok" 1. Save the file and [restart] GitLab for the changes to take effect.
},
"fs_shards_check": {
"status": "ok",
"labels": {
"shard": "default"
}
}
}
```
## Using the Endpoint [reconfigure]: ../../../administration/gitlab_restart.md#omnibus-gitlab-reconfigure
[restart]: ../../../administration/gitlab_restart.md#installations-from-source
## Using the endpoint
With default whitelist settings, the probes can be accessed from localhost: With default whitelist settings, the probes can be accessed from localhost:
- `http://localhost/-/readiness` - `http://localhost/-/readiness`
- `http://localhost/-/liveness` - `http://localhost/-/liveness`
## Status which will then provide a report of system health in JSON format.
On failure, the endpoint will return a `500` HTTP status code. On success, the endpoint Readiness example output:
will return a valid successful HTTP status code, and a `success` message.
## Old behavior ```
{
"queues_check" : {
"status" : "ok"
},
"redis_check" : {
"status" : "ok"
},
"shared_state_check" : {
"status" : "ok"
},
"fs_shards_check" : {
"labels" : {
"shard" : "default"
},
"status" : "ok"
},
"db_check" : {
"status" : "ok"
},
"cache_check" : {
"status" : "ok"
}
}
```
>**Notes:** Liveness example output:
- Liveness and readiness probes were [introduced][ce-10416] in GitLab 9.1.
- The `health_check` endpoint was [introduced][ce-3888] in GitLab 8.8 and will
be deprecated in GitLab 9.1. Read more in the [old behavior](#old-behavior)
section.
GitLab provides a health check endpoint for uptime monitoring on the `health_check` web ```
endpoint. The health check reports on the overall system status based on the status of {
the database connection, the state of the database migrations, and the ability to write "fs_shards_check" : {
and access the cache. This endpoint can be provided to uptime monitoring services like "status" : "ok"
[Pingdom][pingdom], [Nagios][nagios-health], and [NewRelic][newrelic-health]. },
"cache_check" : {
"status" : "ok"
},
"db_check" : {
"status" : "ok"
},
"redis_check" : {
"status" : "ok"
},
"queues_check" : {
"status" : "ok"
},
"shared_state_check" : {
"status" : "ok"
}
}
```
Once you have the [access token](#access-token) or your client IP is [whitelisted](#ip-whitelist), ## Status
health information can be retrieved as plain text, JSON, or XML using the `health_check` endpoint:
- `https://gitlab.example.com/health_check?token=ACCESS_TOKEN` On failure, the endpoint will return a `500` HTTP status code. On success, the endpoint
- `https://gitlab.example.com/health_check.json?token=ACCESS_TOKEN` will return a valid successful HTTP status code, and a `success` message.
- `https://gitlab.example.com/health_check.xml?token=ACCESS_TOKEN`
You can also ask for the status of specific services: ## Access token (Deprecated)
- `https://gitlab.example.com/health_check/cache.json?token=ACCESS_TOKEN` >**Note:**
- `https://gitlab.example.com/health_check/database.json?token=ACCESS_TOKEN` Access token has been deprecated in GitLab 9.4
- `https://gitlab.example.com/health_check/migrations.json?token=ACCESS_TOKEN` in favor of [IP whitelist](#ip-whitelist)
For example, the JSON output of the following health check: An access token needs to be provided while accessing the probe endpoints. The current
accepted token can be found under the **Admin area ➔ Monitoring ➔ Health check**
(`admin/health_check`) page of your GitLab instance.
```bash ![access token](img/health_check_token.png)
curl --header "TOKEN: ACCESS_TOKEN" https://gitlab.example.com/health_check.json
```
would be like: The access token can be passed as a URL parameter:
``` ```
{"healthy":true,"message":"success"} https://gitlab.example.com/-/readiness?token=ACCESS_TOKEN
``` ```
On failure, the endpoint will return a `500` HTTP status code. On success, the endpoint
will return a valid successful HTTP status code, and a `success` message. Ideally your
uptime monitoring should look for the success message.
[ce-10416]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/10416 [ce-10416]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/10416
[ce-3888]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3888 [ce-3888]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3888
[pingdom]: https://www.pingdom.com [pingdom]: https://www.pingdom.com
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment