A PHP fpm Health Check script
With the ascension of containerized applications it becomes more and more useful to have a php-fpm healthcheck
.
This POSIX compliant sh script gets php-fpm status page using cgi-fcgi
tool, parses it's outcome and allows you to choose a metric which you want to check one, a ping mode is also available which only makes sure php-fpm is answering.
Motivation
Previously at work we had Docker containers containing both php-fpm
and Nginx
processes, while they were managed by another process being Supervisord or s6 overlay for instance.
One good example is this image from Ric Harvey
It works really well, but I wanted to achieve a few other things like using the official images and its release cycle, logs belonging to their own processes, not mixed, I didn't like to rely on Supervisord since I had bad experiences in the past with it, and other things related to the "Docker way", I'm not saying it's perfect but I wanted some of those things.
Now comes the php-fpm
healthcheck part, while having in place a healthcheck which requested an url in the application asking if it was alive, it was indirectly testing the whole chain, Nginx -> php-fpm -> application
, and now I had the chance to test still the whole chain via nginx but also monitor how busy and stable is php-fpm
, if you check its /status
page it has quite some useful information, so why not monitor on it? For instance you could make a container unhealthy after a certain amount of requests, or if the queue is too long and even slow requests, and that's what this script tries to achieve!
Good news is that you can still do it even using the mixed container approach, but I wanted to take a time to explain why I came to do it like this now! The advantage in my opinion is that having separate containers you have a better grasp on where the problem is laying and you can restart only what's failing, not the whole, also avoiding Supervisord to restart it for you since you are already behind a container orchestration tool.
Installation
Enable php-fpm status page
On you php-fpm pool configuration add: pm.status_path = /status
For instance on the official php image you can alter the file /usr/local/etc/php-fpm.d/zz-docker.conf
More about PHP fpm pool configuration
Requirements
The script is POSIX sh but also uses some tools from your operating system, being:
- cgi-fcgi
- sed
- tail
- grep
In case you're using alpine you only need to make sure you have installed busybox
and fcgi
packages.
See a simple Dockerfile based on the official PHP image
Download
wget -O /usr/local/bin/php-fpm-healthcheck \
https://raw.githubusercontent.com/renatomefi/php-fpm-healthcheck/master/php-fpm-healthcheck \
&& chmod +x /usr/local/bin/php-fpm-healthcheck
Update
wget -O $(which php-fpm-healthcheck) \
https://raw.githubusercontent.com/renatomefi/php-fpm-healthcheck/master/php-fpm-healthcheck \
&& chmod +x $(which php-fpm-healthcheck)
Manually
You can always of course manually download and maintain the file, as long as you follow the MIT License
Usage
Ping mode
If you're aiming only to make sure php-fpm is alive and answering to requests you can:
$ php-fpm-healthcheck
$ echo $?
0
Or with verbose
to see php-fpm status output:
$ php-fpm-healthcheck -v
Trying to connect to php-fpm via: localhost:9000/status
php-fpm status output:
pool: www
process manager: dynamic
start time: 11/Sep/2018:10:47:06 +0000
start since: 436
accepted conn: 1
listen queue: 0
max listen queue: 0
listen queue len: 0
idle processes: 1
active processes: 1
total processes: 2
max active processes: 1
max children reached: 0
slow requests: 0
$ echo $?
0
Metric mode
Let's say you want to fail our healthcheck after your fpm has handled more than 3000
requests:
$ php-fpm-healthcheck --accepted-conn=3000
$ echo $?
0
And you can also check if you have more than 10
processes in the queue:
$ php-fpm-healthcheck --accepted-conn=3000 --listen-queue=10
$ echo $?
0
How a failing metric looks like
$ php-fpm-healthcheck --accepted-conn=1
'accepted conn' value '6' is greater than expected '1'
$ echo $?
1
Connection via socket or another host
You can simply specify FCGI_CONNECT
variable with your connection uri:
$ FCGI_CONNECT=/var/run/php-fpm.sock php-fpm-healthcheck
$ echo $?
0
Alternative status page path
Since v0.5.0
While the default status page path is /status
, you can replace it in your php-fpm configuration, in order to change
also in the script in you can specify FCGI_STATUS_PATH
env var within your connection uri:
$ FCGI_STATUS_PATH=/custom-status-path php-fpm-healthcheck -v
Trying to connect to php-fpm via: localhost:9000/custom-status-path
...
$ echo $?
0
Docker example
You can use HEALTHCHECK
command on Dockerfile
to define the health of your
container. According to Docker Docs,
possible return values are 0
for success, 1
to unhealthy and 2
is reserved
and we must not use this exit code.
HEALTHCHECK --interval=5s --timeout=1s \
CMD php-fpm-healthcheck || exit 1
Kubernetes example
More and more people are looking for health checks on kubernetes for php-fpm, here is an example of livenessProbe and readinessProbe:
livenessProbe
# PodSpec: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.10/#podspec-v1-core
spec:
containers:
- name: "php-fpm"
livenessProbe:
exec:
command:
- php-fpm-healthcheck
- --listen-queue=10 # fails if there are more than 10 processes waiting in the fpm queue
- --accepted-conn=5000 # fails after fpm has served more than 5k requests, this will force the pod to reset, use with caution
initialDelaySeconds: 0
periodSeconds: 10
readinessProbe
# PodSpec: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.10/#podspec-v1-core
spec:
containers:
- name: "php-fpm"
readinessProbe:
exec:
command:
- php-fpm-healthcheck # a simple ping since this means it's ready to handle traffic
initialDelaySeconds: 1
periodSeconds: 5
Docker HEALTHCHECK
command is ignored on Kubernetes and you must define it
using pod specifications.
Why POSIX sh
Most of the containers contain limited software installed, using POSIX sh aims to be compatible with most of the OS images around.
Author
Made with love by Renato Mefi
Distributed under MIT License