Red Hat SummitMicroShift is Technology Preview software only.
For more information about the support scope of Red Hat Technology Preview software, see Technology Preview Support Scope.Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.
Chapter 3. The greenboot health check
Greenboot is the generic health check framework for the systemd service on RPM-OSTree-based systems. The microshift-greenboot RPM and greenboot-default-health-checks are optional RPM packages you can install. Greenboot is used to assess system health and automate a rollback to the last healthy state in the event of software trouble.
This health check framework is especially useful when you need to check for software problems and perform system rollbacks on edge devices where direct serviceability is either limited or non-existent. When health check scripts are installed and configured, health checks run every time the system starts.
Using greenboot can reduce your risk of being locked out of edge devices during updates and prevent a significant interruption of service if an update fails. When a failure is detected, the system boots into the last known working configuration using the rpm-ostree rollback capability.
A MicroShift health check script is included in the microshift-greenboot RPM. The greenboot-default-health-checks RPM includes health check scripts verifying that DNS and ostree services are accessible. You can also create your own health check scripts based on the workloads you are running. You can write one that verifies that an application has started, for example.
Rollback is not possible in the case of an update failure on a system not using OSTree. This is true even though health checks might run.
3.1. How greenboot uses directories to run scripts
Health check scripts run from four /etc/greenboot directories. These scripts run in alphabetical order. Keep this in mind when you configure the scripts for your workloads.
When the system starts, greenboot runs the scripts in the required.d and wanted.d directories. Depending on the outcome of those scripts, greenboot continues the startup or attempts a rollback as follows:
-
System as expected: When all of the scripts in the
required.ddirectory are successful, greenboot runs any scripts present in the/etc/greenboot/green.ddirectory. -
System trouble: If any of the scripts in the
required.ddirectory fail, greenboot runs any prerollback scripts present in thered.ddirectory, then restarts the system.
Greenboot redirects script and health check output to the system log. When you are logged in, a daily message provides the overall system health output.
3.1.1. Greenboot directories details
Returning a nonzero exit code from any script means that script has failed. Greenboot restarts the system a few times to retry the scripts before attempting to roll back to the previous version.
/etc/greenboot/check/required.dcontains the health checks that must not fail.-
If the scripts fail, greenboot retries them three times by default. You can configure the number of retries in the
/etc/greenboot/greenboot.conffile by setting theGREENBOOT_MAX_BOOTSparameter to the desired number of retries. - After all retries fail, greenboot automatically initiates a rollback if one is available. If a rollback is not available, the system log output shows that manual intervention is required.
-
The
40_microshift_running_check.shhealth check script for MicroShift is installed into this directory.
-
If the scripts fail, greenboot retries them three times by default. You can configure the number of retries in the
/etc/greenboot/check/wanted.dcontains health scripts that are allowed to fail without causing the system to be rolled back.- If any of these scripts fail, greenboot logs the failure but does not initiate a rollback.
-
/etc/greenboot/green.dcontains scripts that run after greenboot has declared the start successful. -
/etc/greenboot/red.dcontains scripts that run after greenboot has declared the startup as failed, including the40_microshift_pre_rollback.shprerollback script. This script is executed right before a system rollback. The script performs MicroShift pod and OVN-Kubernetes cleanup to avoid potential conflicts after the system is rolled back to a previous version.
3.2. The MicroShift health script
The 40_microshift_running_check.sh health check script only performs validation of core MicroShift services. Install your customized workload validation scripts in the greenboot directories to ensure successful application operations after system updates. Scripts run in alphabetical order.
MicroShift health checks are listed in the following table:
| Validation | Pass | Fail |
|---|---|---|
|
Check that the script runs with | Next |
|
|
Check that the | Next |
|
|
Wait for the | Next |
|
| Wait for Kubernetes API health endpoints to be working and receiving traffic | Next |
|
| Wait for any pod to start | Next |
|
| For each core namespace, wait for images to be pulled | Next |
|
| For each core namespace, wait for pods to be ready | Next |
|
| For each core namespace, check if pods are not restarting |
|
|
3.2.1. Validation wait period
The wait period in each validation is five minutes by default. After the wait period, if the validation has not succeeded, it is declared a failure. This wait period is incrementally increased by the base wait period after each boot in the verification loop.
-
You can override the base-time wait period by setting the
MICROSHIFT_WAIT_TIMEOUT_SECenvironment variable in the/etc/greenboot/greenboot.confconfiguration file. For example, you can change the wait time to three minutes by resetting the value to 180 seconds, such asMICROSHIFT_WAIT_TIMEOUT_SEC=180.
3.3. Enabling systemd journal service data persistency
The default configuration of the systemd journal service stores the data in the volatile /run/log/journal directory. To persist system logs across system starts and restarts, you must enable log persistence and set limits on the maximal journal data size.
Procedure
Make the directory by running the following command:
sudo mkdir -p /etc/systemd/journald.conf.d
$ sudo mkdir -p /etc/systemd/journald.conf.dCopy to Clipboard Copied! Toggle word wrap Toggle overflow Create the configuration file by running the following command:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Edit the configuration file values for your size requirements.
3.4. Updates and third-party workloads
Health checks are especially useful after an update. You can examine the output of greenboot health checks and determine whether the update was declared valid. This health check can help you determine if the system is working properly.
Health check scripts for updates are installed into the /etc/greenboot/check/required.d directory and are automatically executed during each system start. Exiting scripts with a nonzero status means the system start is declared as failed.
Wait until after an update is declared valid before starting third-party workloads. If a rollback is performed after workloads start, you can lose data. Some third-party workloads create or update data on a device before an update is complete. Upon rollback, the file system reverts to its state before the update.
3.5. Checking the results of an update
After a successful start, greenboot sets the variable boot_success= to 1 in GRUB. You can view the overall status of system health checks after an update in the system log by using the following procedure.
Procedure
To access the overall status of system health checks, run the following command:
sudo grub2-editenv - list | grep ^boot_success
$ sudo grub2-editenv - list | grep ^boot_successCopy to Clipboard Copied! Toggle word wrap Toggle overflow
Example output for a successful system start
boot_success=1
boot_success=13.6. Accessing health check output in the system log
You can manually access the output of health checks in the system log by using the following procedure.
Procedure
To access the results of a health check, run the following command:
sudo journalctl -o cat -u greenboot-healthcheck.service
$ sudo journalctl -o cat -u greenboot-healthcheck.serviceCopy to Clipboard Copied! Toggle word wrap Toggle overflow
Example output of a failed health check
3.7. Accessing prerollback health check output in the system log
You can access the output of health check scripts in the system log. For example, check the results of a prerollback script using the following procedure.
Procedure
To access the results of a prerollback script, run the following command:
sudo journalctl -o cat -u redboot-task-runner.service
$ sudo journalctl -o cat -u redboot-task-runner.serviceCopy to Clipboard Copied! Toggle word wrap Toggle overflow
Example output of a prerollback script
3.8. Checking updates with a health script
Access the output of health check scripts in the system log after an update by using the following procedure.
Procedure
To access the result of update checks, run the following command:
sudo grub2-editenv - list | grep ^boot_success
$ sudo grub2-editenv - list | grep ^boot_successCopy to Clipboard Copied! Toggle word wrap Toggle overflow
Example output for a successful update
boot_success=1
boot_success=1
If your command returns boot_success=0, either the greenboot health check is still running, or the update is a failure.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}