timesketch
timesketch copied to clipboard
Published
20 hours ago •
google
google
Deployment Script Assumes Healthcheck for Timesketch Web exists
Quick Summary
- Expected: User Created if the script branch is chosen
- Actual: User not created due to an error:
template parsing error: template: :1:8: executing "" at <.State.Health.Status>: map has no entry for key "Health"
Description
When creating a new user from the deployment script, it will fail.The following is an extract from the deployment script found at https://github.com/google/timesketch/blob/master/contrib/deploy_timesketch.sh
read -p "Would you like to create a new timesketch user? [Y/n] (default:no)" CREATE_USER
if [ "$CREATE_USER" != "${CREATE_USER#[Yy]}" ] ;then
read -p "Please provide a new username: " NEWUSERNAME
if [ ! -z "$NEWUSERNAME" ] ;then
until [ "`docker inspect -f {{.State.Health.Status}} timesketch-web`"=="healthy" ]; do
sleep 1;
done;
docker compose exec timesketch-web tsctl create-user "$NEWUSERNAME" && echo "user created"
fi
fi
Running the above portion of the script will end in failure:
root@dev-reg:~/tmp# bash poc-bug-ts.sh
Would you like to create a new timesketch user? [Y/n] (default:no)y
Please provide a new username: test
template parsing error: template: :1:8: executing "" at <.State.Health.Status>: map has no entry for key "Health"
no configuration file provided: not found
Note: Due to the setup we run, we have an ID prepended to each container name. The container name was obviously modified from
timesketch-webto000001-timesketch-web. This should not change any functionality of the script, but probably should be mentioned.
The script attempts to wait for the health status to be healthy before running the user add command. Running the command for inspect fails:
root@dev-reg:~/tmp# docker inspect -f {{.State.Health.Status}} 000001-timesketch-web
template parsing error: template: :1:8: executing "" at <.State.Health.Status>: map has no entry for key "Health"
Taking a look at the output of the full docker inspect timesketch-web you cannot find anything at the path State.Health.Status. Grep'ing for Health also does not reveal anything.
root@dev-reg ~/tmp# docker inspect 000001-timesketch-web
[
{
"Id": "5f85d969b21953c6bb489ad1a2938e5713ebae9811f731d0f1f171d81fc37080",
"Created": "2024-04-18T23:45:13.407106676Z",
"Path": "/docker-entrypoint.sh",
"Args": [
"timesketch-web"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 1787794,
"ExitCode": 0,
"Error": "",
"StartedAt": "2024-04-19T07:44:49.368588826Z",
"FinishedAt": "2024-04-19T07:44:39.672499715Z"
},
This is probably a result of the Dockerfile or docker-compose.yml not having a HEALTHCHECK entry, since if this were the case, you would have an inspect in the style of:
FROM debian
HEALTHCHECK CMD echo "0"
ENTRYPOINT sleep 1000
root@dev-reg ~/i/tmp# docker inspect modest_pare
[
{
"Id": "83343db796db1af51b0aac92c7f44acb40eebba7bf9d38fca5e4576cec25942a",
"Created": "2024-04-24T12:20:51.808391283Z",
"Path": "/bin/sh",
"Args": [
"-c",
"sleep 1000"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 2331540,
"ExitCode": 0,
"Error": "",
"StartedAt": "2024-04-24T12:20:54.981875921Z",
"FinishedAt": "0001-01-01T00:00:00Z",
"Health": {
"Status": "healthy",
"FailingStreak": 0,
"Log": [
{
"Start": "2024-04-24T14:21:25.294551509+02:00",
"End": "2024-04-24T14:21:25.419596749+02:00",
"ExitCode": 0,
"Output": "0\n"
}
]
}
},
System Information
Docker PS
root@dev-reg:~/tmp# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
03276e649248 nginx:1.19.3-alpine "/docker-entrypoint.…" 5 days ago Up 5 days 0.0.0.0:20001->80/tcp, 0.0.0.0:10001->443/tcp 000001-nginx
185ebfbb1849 postgres:13.0-alpine "docker-entrypoint.s…" 5 days ago Up 5 days 5432/tcp 000001-postgres
5f85d969b219 us-docker.pkg.dev/osdfir-registry/timesketch/timesketch:latest "/docker-entrypoint.…" 5 days ago Up 5 days 000001-timesketch-web
ae889feeec28 us-docker.pkg.dev/osdfir-registry/timesketch/timesketch:latest "/docker-entrypoint.…" 5 days ago Up 5 days 000001-timesketch-worker
770b0b74c959 opensearchproject/opensearch:2.9.0 "./opensearch-docker…" 5 days ago Up 5 days 9200/tcp, 9300/tcp, 9600/tcp, 9650/tcp 000001-opensearch
789b2e9a5f66 redis:6.0.8-alpine "docker-entrypoint.s…" 5 days ago Up 5 days 6379/tcp 000001-redis
08cf1bdf5600 us-docker.pkg.dev/osdfir-registry/timesketch/timesketch:latest "/docker-entrypoint.…" 5 days ago Up 5 days 000001-timesketch-web-legacy
Versions
root@dev-reg:~/tmp# docker compose version
Docker Compose version v2.24.7
root@dev-reg:~/tmp# docker version
Client: Docker Engine - Community
Version: 25.0.4
API version: 1.44
Go version: go1.21.8
Git commit: 1a576c5
Built: Wed Mar 6 16:32:13 2024
OS/Arch: linux/amd64
Context: default
Server: Docker Engine - Community
Engine:
Version: 25.0.4
API version: 1.44 (minimum version 1.24)
Go version: go1.21.8
Git commit: 061aa95
Built: Wed Mar 6 16:32:13 2024
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.28
GitCommit: ae07eda36dd25f8a1b98dfbf587313b99c0190bb
runc:
Version: 1.1.12
GitCommit: v1.1.12-0-g51d5e94
docker-init:
Version: 0.19.0
GitCommit: de40ad0
Uname
root@dev-reg:~/tmp# uname -a
Linux dev-reg 5.10.0-27-amd64 #1 SMP Debian 5.10.205-2 (2023-12-31) x86_64 GNU/Linux
MISC Info that might be helpful
- https://lumigo.io/container-monitoring/docker-health-check-a-practical-guide/
- https://docs.docker.com/reference/dockerfile/#healthcheck
- https://docs.docker.com/compose/compose-file/compose-file-v3/#healthcheck
