【Docker】Docker Compose服务依赖与健康检查

在这里插入图片描述

docker compose环境变量

为增加安全性，在前面的python例子中增加redis的密码校验，密码从环境变量中获取：

from flask import Flask
from redis import StrictRedis
import os
import socketapp = Flask(__name__)
redis = StrictRedis(host=os.environ.get('REDIS_HOST', '127.0.0.1'),port=6379, password=os.environ.get('REDIS_PASS'))@app.route('/')
def hello():redis.incr('hits')return f"Hello Container World! I have been seen {redis.get('hits').decode('utf-8')} times and my hostname is {socket.gethostname()}.\n"

对前面的docker-compose.yml进行修改如下：

version: "3.3"services:flask-demo:build:context: .dockerfile: Dockerfileimage: flask-demo:latestenvironment:- REDIS_HOST=redis-server- REDIS_PASS=${REDIS_PASSWORD}networks:- demo-networkports:- 8080:5000redis-server:image: redis:latestcommand: redis-server --requirepass ${REDIS_PASSWORD}networks:- demo-networknetworks:demo-network:

在工程目录下新建.env文件，将环境变量配置好：

REDIS_PASS=abc

启动服务：

$ docker-compose up -d
Creating network "app3_demo-network" with the default driver
Creating app3_redis-server_1 ... done
Creating app3_flask-demo_1   ... done

参考文档：https://docs.docker.com/compose/environment-variables/

docker compose健康检查

Dockerfile healthcheck： https://docs.docker.com/engine/reference/builder/#healthcheck

docker compose：https://docs.docker.com/compose/compose-file/compose-file-v3/#healthcheck

健康检查是容器运行状态的高级检查，主要是检查容器所运行的进程是否能正常的对外提供“服务”，比如一个数据库容器，我们不光需要这个容器是up的状态，我们还要求这个容器的数据库进程能够正常对外提供服务，这就是所谓的健康检查。

容器的健康检查

容器本身有一个健康检查的功能，但是需要在Dockerfile里定义，或者在执行docker container run的时候，通过下面的一些参数指定：

--health-cmd string              Command to run to check health
--health-interval duration       Time between running the check(ms|s|m|h) (default 0s)
--health-retries int             Consecutive failures needed toreport unhealthy
--health-start-period duration   Start period for the container toinitialize before startinghealth-retries countdown(ms|s|m|h) (default 0s)
--health-timeout duration        Maximum time to allow one check to

下面我们对前面的flask例子增加健康检查，主要是在Dockerfile中增加HEALTHCHECK指令：

FROM python:3.9.5-slimRUN pip install flask redis && \apt-get update && \apt-get install -y curl && \groupadd -r flask && useradd -r -g flask flask && \mkdir /src && \chown -R flask:flask /srcUSER flaskCOPY app.py /src/app.pyWORKDIR /srcENV FLASK_APP=app.py REDIS_HOST=redisEXPOSE 5000HEALTHCHECK --interval=30s --timeout=3s \CMD curl -f http://localhost:5000/ || exit 1CMD ["flask", "run", "-h", "0.0.0.0"]

上面Dockerfili里的HEALTHCHECK就是定义了一个健康检查。会每隔30秒检查一次，如果失败就会退出，退出代码是1。

构建flask-demo镜像，并启动容器：

$ docker build -t flask-demo .$ docker network create mynetwork
b3958a0cb961ddcc856c7e0458bc10489c456727f6061d1f9dc23e7e264741ae$ docker container run --rm -d --name flask-demo --network=mynetwork --env REDIS_PASS=abc --env REDIS_HOST=redis flask-demo
e761d19949b9e3284471864101ec196807fc6145431903f4041e04daf950fa86$ docker container ps
CONTAINER ID   IMAGE        COMMAND                  CREATED         STATUS                            PORTS      NAMES
e761d19949b9   flask-demo   "flask run -h 0.0.0.0"   8 seconds ago   Up 8 seconds (health: starting)   5000/tcp   flask-demo

启动容器后查看容器状态未health: starting。

因为此时没有启动redis服务，所以无法访问http://localhost:5000/，经过3次检查后发现一直是不通的，然后health的状态会从starting变为unhealthy：

$ docker container ps
CONTAINER ID   IMAGE        COMMAND                  CREATED         STATUS                     PORTS      NAMES
e761d19949b9   flask-demo   "flask run -h 0.0.0.0"   2 minutes ago   Up 2 minutes (unhealthy)   5000/tcp   flask-demo

也可以通过docker container inspect查看其中有关health的详情：

"Health": {"Status": "unhealthy","FailingStreak": 4,"Log": [{"Start": "2023-10-09T14:17:51.7014803+08:00","End": "2023-10-09T14:17:54.7023591+08:00","ExitCode": -1,"Output": "Health check exceeded timeout (3s)"},{"Start": "2023-10-09T14:18:24.7095286+08:00","End": "2023-10-09T14:18:27.7099692+08:00","ExitCode": -1,"Output": "Health check exceeded timeout (3s)"},{"Start": "2023-10-09T14:18:57.7264309+08:00","End": "2023-10-09T14:19:00.7267289+08:00","ExitCode": -1,"Output": "Health check exceeded timeout (3s)"},{"Start": "2023-10-09T14:19:30.7443718+08:00","End": "2023-10-09T14:19:33.7444952+08:00","ExitCode": -1,"Output": "Health check exceeded timeout (3s)"}]
}

此时再启动redis服务，注意设置访问redis的密码：

$ docker container run --rm -d --network=mynetwork --name redis redis redis-server --requirepass abc
985cd32adbffd0d631a5a193c25903d704ddf08fb9a06f65a8e05af601a2ad77$ docker container ps
CONTAINER ID   IMAGE        COMMAND                  CREATED              STATUS                   PORTS      NAMES
985cd32adbff   redis        "docker-entrypoint.s…"   About a minute ago   Up About a minute        6379/tcp   redis
e761d19949b9   flask-demo   "flask run -h 0.0.0.0"   8 minutes ago        Up 8 minutes (healthy)   5000/tcp   flask-demo

经过几秒钟，我们的flask-demo变成了healthy。

docker-compose健康检查

在上面的例子基础上删除Dockerfile中的心跳检测。

在docker-compose.yml中增加健康检查的配置：

version: "3.8"services:flask-demo:build:context: .dockerfile: Dockerfileimage: flask-demo:latestenvironment:- REDIS_HOST=redis-server- REDIS_PASS=${REDIS_PASS}healthcheck:test: ["CMD", "curl", "-f", "http://localhost:5000"]interval: 30stimeout: 3sretries: 3start_period: 40snetworks:- demo-networkports:- 8080:5000redis-server:image: redis:latestcommand: redis-server --requirepass ${REDIS_PASS}networks:- demo-networknetworks:demo-network:

构建镜像并启动：

$ docker-compose up -d --build$ docker-compose psName                      Command                  State                        Ports
--------------------------------------------------------------------------------------------------------------
app5_flask-demo_1     flask run -h 0.0.0.0             Up (healthy)   0.0.0.0:8080->5000/tcp,:::8080->5000/tcp
app5_redis-server_1   docker-entrypoint.sh redis ...   Up             6379/tcp

可以通过修改docker-compose.yml文件中密码来测试容器状态为Up (unhealthy)的情况。

docker compose服务依赖

如果服务之间的启动有依赖顺序，可以使用depends_on来配置。

version: "3.8"services:flask-demo:build:context: .dockerfile: Dockerfileimage: flask-demo:latestenvironment:- REDIS_HOST=redis-server- REDIS_PASS=${REDIS_PASS}healthcheck:test: ["CMD", "curl", "-f", "http://localhost:5000"]interval: 30stimeout: 3sretries: 3start_period: 40sdepends_on:- redis-servernetworks:- demo-networkports:- 8080:5000redis-server:image: redis:latestcommand: redis-server --requirepass ${REDIS_PASS}networks:- demo-networknetworks:demo-network:

上面的例子配置了flask-demo依赖redis-server，在启动的时候会先启动redis-server，然后在启动flask-demo：

$ docker-compose up -d
Creating network "app6_demo-network" with the default driver
Creating app6_redis-server_1 ... done
Creating app6_flask-demo_1   ... done

服务依赖与健康检查的结合

这里再引入nginx来更好的演示服务依赖与健康检查的结合。

version: "3.8"services:flask-demo:build:context: .dockerfile: Dockerfileimage: flask-demo:latestenvironment:- REDIS_HOST=redis-server- REDIS_PASS=${REDIS_PASS}healthcheck:test: ["CMD", "curl", "-f", "http://localhost:5000"]interval: 30stimeout: 3sretries: 3start_period: 40sdepends_on:- redis-servernetworks:- backend- frontendredis-server:image: redis:latestcommand: redis-server --requirepass ${REDIS_PASS}networks:- backendnginx:image: nginx:stable-alpineports:- 8000:80depends_on:flask-demo:condition: service_healthyvolumes:- ./nginx.conf:/etc/nginx/conf.d/default.conf:ro- ./log/nginx:/var/log/nginxnetworks:- frontendnetworks:backend:frontend:

nginx.conf文件的内容如下：

server {listen  80 default_server;location / {proxy_pass http://flask-demo:5000;}
}

启动服务，可以发现nginx在flask-demo启动后并健康检查通过后才启动。

$ docker-compose up -d
Creating network "app7_backend" with the default driver
Creating network "app7_frontend" with the default driver
Creating app7_redis-server_1 ... done
Creating app7_flask-demo_1   ... done
Creating app7_nginx_1        ... done$ docker-compose psName                      Command                  State                      Ports
----------------------------------------------------------------------------------------------------------
app7_flask-demo_1     flask run -h 0.0.0.0             Up (healthy)   5000/tcp
app7_nginx_1          /docker-entrypoint.sh ngin ...   Up             0.0.0.0:8000->80/tcp,:::8000->80/tcp
app7_redis-server_1   docker-entrypoint.sh redis ...   Up             6379/tcp