angular-cn/aio/aio-builds-setup/dockerbuild/scripts-sh/health-check.sh

#!/bin/bash
# Using `+e` so that all checks are run and we get a complete report (even if some checks failed).
set +e -u -o pipefail


# Variables
exitCode=0


# Helpers
function checkCert {
  local certPath=$1

  if [[ ! -f "$certPath" ]]; then
    echo "Certificate '$certPath' does not exist. Skipping expiration check..."
    return
  fi

  openssl x509 -checkend 0 -in "$certPath" -noout > /dev/null
  reportStatus "Certificate '$certPath'"

  if [[ $? -ne 0 ]]; then
    echo "  [WARN]"
    echo "  If you did not provide the certificate explicitly, try running the"
    echo "  'docker build' command again with the '--no-cache' option to generate"
    echo "  a new self-signed certificate."
  fi
}

function reportStatus {
  local lastExitCode=$?

  echo "$1: $([[ $lastExitCode -eq 0 ]] && echo OK || echo NOT OK)"
  [[ $lastExitCode -eq 0 ]] || exitCode=1

  return $lastExitCode
}


# Check services
services=(
  rsyslog
  cron
  nginx
  pm2-root
)
for s in ${services[@]}; do
  service $s status > /dev/null
  reportStatus "Service '$s'"
done


# Check SSL/TLS certificates expiration
certs=(
  "$AIO_LOCALCERTS_DIR/$AIO_DOMAIN_NAME.crt"
  "$TEST_AIO_LOCALCERTS_DIR/$TEST_AIO_DOMAIN_NAME.crt"
)
for c in ${certs[@]}; do
  checkCert $c
done


# Check servers
origins=(
  http://$AIO_PREVIEW_SERVER_HOSTNAME:$AIO_PREVIEW_SERVER_PORT
  http://$AIO_NGINX_HOSTNAME:$AIO_NGINX_PORT_HTTP
  https://$AIO_NGINX_HOSTNAME:$AIO_NGINX_PORT_HTTPS
)
for o in ${origins[@]}; do
  curl --fail --silent $o/health-check > /dev/null
  reportStatus "Server '$o'"
done


# Check resolution of external URLs
origins=(
  https://google.com
)
for o in ${origins[@]}; do
  curl --fail --silent $o > /dev/null
  reportStatus "External URL '$o'"
done


# Exit
exit $exitCode
ci(aio): add initial implementation for aio-builds setup 2017-02-06 20:40:28 +02:00			`#!/bin/bash`
refactor(aio): enable `-u` flag on preview server scripts 2017-06-20 00:30:06 +03:00			# Using `+e` so that all checks are run and we get a complete report (even if some checks failed).
			`set +e -u -o pipefail`
ci(aio): add initial implementation for aio-builds setup 2017-02-06 20:40:28 +02:00

			`# Variables`
			`exitCode=0`


			`# Helpers`
test(docs-infra): check TLS certificates as part of preview server's health check (#36837) In order to ease local development, self-signed SSL/TLS certificates are created when building the preview server Docker image. These certificates are valid for 365 days. Thus, it is possible for an old certificate to be re-used past its expiration date due to Docker's caching intermediate layers. Previously, this would lead to hard-to-debug failures in the `aio-health-check` and `aio-verify-setup` checks. Even after finding out that the failures were caused by an expired certificate, it was not obvious why that would be the case. This commit adds an additional check to the `aio-health-check` command that checks the certificates' expiration dates. This helps surface such errors. It also prints a more helpful message, prompting the user to build the Docker image with the `--no-cache` option to fix the problem with self-signed certificates. PR Close #36837 2020-05-02 16:14:09 +03:00			`function checkCert {`
			`local certPath=$1`

			`if [[ ! -f "$certPath" ]]; then`
			`echo "Certificate '$certPath' does not exist. Skipping expiration check..."`
			`return`
			`fi`

			`openssl x509 -checkend 0 -in "$certPath" -noout > /dev/null`
			`reportStatus "Certificate '$certPath'"`

			`if [[ $? -ne 0 ]]; then`
			`echo " [WARN]"`
			`echo " If you did not provide the certificate explicitly, try running the"`
			`echo " 'docker build' command again with the '--no-cache' option to generate"`
			`echo " a new self-signed certificate."`
			`fi`
			`}`

ci(aio): add initial implementation for aio-builds setup 2017-02-06 20:40:28 +02:00			`function reportStatus {`
			`local lastExitCode=$?`
test(docs-infra): check TLS certificates as part of preview server's health check (#36837) In order to ease local development, self-signed SSL/TLS certificates are created when building the preview server Docker image. These certificates are valid for 365 days. Thus, it is possible for an old certificate to be re-used past its expiration date due to Docker's caching intermediate layers. Previously, this would lead to hard-to-debug failures in the `aio-health-check` and `aio-verify-setup` checks. Even after finding out that the failures were caused by an expired certificate, it was not obvious why that would be the case. This commit adds an additional check to the `aio-health-check` command that checks the certificates' expiration dates. This helps surface such errors. It also prints a more helpful message, prompting the user to build the Docker image with the `--no-cache` option to fix the problem with self-signed certificates. PR Close #36837 2020-05-02 16:14:09 +03:00
ci(aio): add initial implementation for aio-builds setup 2017-02-06 20:40:28 +02:00			`echo "$1: $([[ $lastExitCode -eq 0 ]] && echo OK \|\| echo NOT OK)"`
			`[[ $lastExitCode -eq 0 ]] \|\| exitCode=1`
test(docs-infra): check TLS certificates as part of preview server's health check (#36837) In order to ease local development, self-signed SSL/TLS certificates are created when building the preview server Docker image. These certificates are valid for 365 days. Thus, it is possible for an old certificate to be re-used past its expiration date due to Docker's caching intermediate layers. Previously, this would lead to hard-to-debug failures in the `aio-health-check` and `aio-verify-setup` checks. Even after finding out that the failures were caused by an expired certificate, it was not obvious why that would be the case. This commit adds an additional check to the `aio-health-check` command that checks the certificates' expiration dates. This helps surface such errors. It also prints a more helpful message, prompting the user to build the Docker image with the `--no-cache` option to fix the problem with self-signed certificates. PR Close #36837 2020-05-02 16:14:09 +03:00
			`return $lastExitCode`
ci(aio): add initial implementation for aio-builds setup 2017-02-06 20:40:28 +02:00			`}`


			`# Check services`
			`services=(`
			`rsyslog`
			`cron`
			`nginx`
build(aio): upgrade to latest and pin major pm2 version 2017-03-02 00:05:59 +02:00			`pm2-root`
ci(aio): add initial implementation for aio-builds setup 2017-02-06 20:40:28 +02:00			`)`
			`for s in ${services[@]}; do`
			`service $s status > /dev/null`
			`reportStatus "Service '$s'"`
			`done`


test(docs-infra): check TLS certificates as part of preview server's health check (#36837) In order to ease local development, self-signed SSL/TLS certificates are created when building the preview server Docker image. These certificates are valid for 365 days. Thus, it is possible for an old certificate to be re-used past its expiration date due to Docker's caching intermediate layers. Previously, this would lead to hard-to-debug failures in the `aio-health-check` and `aio-verify-setup` checks. Even after finding out that the failures were caused by an expired certificate, it was not obvious why that would be the case. This commit adds an additional check to the `aio-health-check` command that checks the certificates' expiration dates. This helps surface such errors. It also prints a more helpful message, prompting the user to build the Docker image with the `--no-cache` option to fix the problem with self-signed certificates. PR Close #36837 2020-05-02 16:14:09 +03:00			`# Check SSL/TLS certificates expiration`
			`certs=(`
			`"$AIO_LOCALCERTS_DIR/$AIO_DOMAIN_NAME.crt"`
			`"$TEST_AIO_LOCALCERTS_DIR/$TEST_AIO_DOMAIN_NAME.crt"`
			`)`
			`for c in ${certs[@]}; do`
			`checkCert $c`
			`done`


ci(aio): add initial implementation for aio-builds setup 2017-02-06 20:40:28 +02:00			`# Check servers`
			`origins=(`
ci(docs-infra): rename 'upload-server' to 'preview-server' The server no longer has files uploaded to it. Instead it is more accurate to refer to it as dealing with "previews" of PRs. 2018-08-15 13:47:45 +01:00			`http://$AIO_PREVIEW_SERVER_HOSTNAME:$AIO_PREVIEW_SERVER_PORT`
ci(aio): add initial implementation for aio-builds setup 2017-02-06 20:40:28 +02:00			`http://$AIO_NGINX_HOSTNAME:$AIO_NGINX_PORT_HTTP`
			`https://$AIO_NGINX_HOSTNAME:$AIO_NGINX_PORT_HTTPS`
			`)`
			`for o in ${origins[@]}; do`
			`curl --fail --silent $o/health-check > /dev/null`
			`reportStatus "Server '$o'"`
			`done`


feat(aio): check resolution of external URLs in HEALTHCHECK 2017-02-27 11:38:22 +02:00			`# Check resolution of external URLs`
			`origins=(`
			`https://google.com`
			`)`
			`for o in ${origins[@]}; do`
			`curl --fail --silent $o > /dev/null`
			`reportStatus "External URL '$o'"`
			`done`


ci(aio): add initial implementation for aio-builds setup 2017-02-06 20:40:28 +02:00			`# Exit`
			`exit $exitCode`