-
Notifications
You must be signed in to change notification settings - Fork 1
/
healthz
executable file
·81 lines (74 loc) · 2.43 KB
/
healthz
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
#!/bin/ash
# A script that checks the health of the application
# container. The script is passed two arguments:
# * A path to a file
# * An expected MD5 hash
# If the hash of the file contents does not match
# the expected hash, the script SIGKILLs all
# processes in the application container.
# A function to generate a magic file name where
# the file name is a random UUID.
create_magic_file_name() {
magic_file=$1
magic_dir=$(dirname $magic_file)
mkdir -p $magic_dir
# Generate a random file name and store the name in
# the file /magic/magic_constant
magic_file_name=$(cat /proc/sys/kernel/random/uuid)
touch /$magic_dir/$magic_file_name
echo $magic_file_name > $magic_file
}
# This function returns all PIDs for processes that
# are not running in the sidecar container. The script
# works by checking for the existence of a file
# /magic/<UUID> on the file path. That path exists
# on the sidecar container (since this script creates
# it) but doesn't exist in the application container.
# If the file /proc/<PID>/root/magic/<UUID> doesn't
# exist, the process PID is a process running in
# the application container.
get_pids_for_monitored_container() {
magic_dir=$(dirname $1)
magic_file_name=$magic_dir/$(cat $1)
# Loop over all processes except PID 1.
for p in $(ps -A -o pid= | tr -d " " | grep -v ^1$)
do
if ls /proc/$p/root >/dev/null 2>&1
then
# If the path doesn't exist, the process is
# running in the application container.
if [ ! -f /proc/$p/root$magic_file_name ]
then
echo $p
fi
fi
done
}
# The entry point to the script.
if [ $# != 2 ]
then
echo "Usage: $0 <path_to_file> <expected_md5_hash_of_file>"
exit 1
fi
FILE_TO_MONITOR=$1
MD5SUM=$2
# If we don't have a file with a magic (UUID) name,
# then create one.
MAGIC_CONSTANT_DIR=/magic
MAGIC_CONSTANT_FILE=$MAGIC_CONSTANT_DIR/magic_constant
if [ ! -e $MAGIC_CONSTANT_FILE ]
then
create_magic_file_name $MAGIC_CONSTANT_FILE
fi
# Find all PIDs in the monitored container.
pids=$(get_pids_for_monitored_container $MAGIC_CONSTANT_FILE)
for p in $pids
do
# If the checksum is wrong, the container has been corrupted and we'll kill all
# processes to crash the container.
if [ "$(md5sum /proc/$p/root/$FILE_TO_MONITOR | awk '{print $1}')" != "$MD5SUM" ]
then
echo "Killing process $p..."
kill -KILL $p
fi
done