Merge 4807195416 into a20eece2d5

Add healthchecks

README.md

@@ -109,3 +109,15 @@ A GitHub Action builds both `misp-core` and `misp-modules` images automatically
 -   `misp-core:${commit-sha1}[0:7]` and `misp-modules:${commit-sha1}[0:7]` where `${commit-sha1}` is the commit hash triggering the build
 -   `misp-core:latest` and `misp-modules:latest` in order to track the latest builds available 
 -   `misp-core:${CORE_TAG}` and `misp-modules:${MODULES_TAG}` reflecting the underlying version of MISP and MISP modules (as specified inside the `template.env` file at build time)
+
+## Running without docker-compose
+
+On Ubuntu 20.04 with docker 25.0.4 an issue can happen where the workers are not restarted once they are gracefully exited. This results in a log message like the following:
+
+`Mar 11 13:37:42 misp01 docker[12345]: 2024-03-11 13:37:42,503 INFO spawnerr: unknown error making dispatchers for 'default_00': EACCES`
+
+This is caused by a bug in moby (https://github.com/moby/moby/issues/31243). A workaround for this situation is to expose a TTY to the container. This can be done in the following way:
+- Run the container with the `--tty` flag
+- Add the `www-data` user to the `tty` group: `usermod -G tty www-data`
+
+More information can be found in https://github.com/MISP/misp-docker/issues/25

core/files/configure_misp.sh

@@ -103,6 +103,7 @@ set_up_oidc() {
     fi
 
     # Check required variables
+    # OIDC_ISSUER may be empty
     check_env_vars OIDC_PROVIDER_URL OIDC_CLIENT_ID OIDC_CLIENT_SECRET OIDC_ROLES_PROPERTY OIDC_ROLES_MAPPING OIDC_DEFAULT_ORG
 
     sudo -u www-data php /var/www/MISP/tests/modify_config.php modify "{
@@ -114,6 +115,7 @@ set_up_oidc() {
     sudo -u www-data php /var/www/MISP/tests/modify_config.php modify "{
         \"OidcAuth\": {
             \"provider_url\": \"${OIDC_PROVIDER_URL}\",
+            ${OIDC_ISSUER:+\"issuer\": \"${OIDC_ISSUER}\",}
             \"client_id\": \"${OIDC_CLIENT_ID}\",
             \"client_secret\": \"${OIDC_CLIENT_SECRET}\",
             \"roles_property\": \"${OIDC_ROLES_PROPERTY}\",

docker-compose.yml

@@ -13,6 +13,12 @@ services:
 
   redis:
     image: valkey/valkey:7.2
+    healthcheck:
+      test: valkey-cli ping || exit 1
+      interval: 2s
+      timeout: 1s
+      retries: 3
+      start_period: 30s
 
   db:
     # We use MariaDB because it supports ARM and has the expected collations
@@ -27,6 +33,12 @@ services:
       - mysql_data:/var/lib/mysql
     cap_add:
       - SYS_NICE  # CAP_SYS_NICE Prevent runaway mysql log
+    healthcheck:
+      test: mysqladmin --user=$$MYSQL_USER --password=$$MYSQL_PASSWORD status
+      interval: 2s
+      timeout: 1s
+      retries: 3
+      start_period: 30s
 
   misp-core:
     image: ghcr.io/misp/misp-docker/misp-core:latest
@@ -46,8 +58,16 @@ services:
           - PYPI_CYBOX_VERSION=${PYPI_CYBOX_VERSION}
           - PYPI_PYMISP_VERSION=${PYPI_PYMISP_VERSION}
     depends_on:
-      - redis
-      - db
+      redis:
+        condition: service_healthy
+      db:
+        condition: service_healthy
+    healthcheck:
+      test: curl -ks https://localhost/users/login > /dev/null || exit 1
+      interval: 2s
+      timeout: 1s
+      retries: 3
+      start_period: 30s
     ports:
       - "80:80"
       - "443:443"
@@ -138,7 +158,8 @@ services:
     environment:
       - "REDIS_BACKEND=redis"
     depends_on:
-      - redis
+      redis:
+        condition: service_healthy
 
 volumes:
     mysql_data:

template.env

@@ -2,7 +2,7 @@
 # Build-time variables
 ##
 
-CORE_TAG=v2.4.190
+CORE_TAG=v2.4.191
 MODULES_TAG=v2.4.188
 PHP_VER=20190902
 LIBFAUP_COMMIT=3a26d0a